From: Linus Torvalds <firstname.lastname@example.org>
Subject: Re: SLUB: Return ZERO_SIZE_PTR for kmalloc(0)
Date: Sat, 02 Jun 2007 02:55:35 UTC
On Fri, 1 Jun 2007, Christoph Lameter wrote:
> - if (!x)
> + if (x <= ZERO_SIZE_PTR)
Btw, this is _not_ safe.
A number of gcc versions have done signed arithmetic on pointers. It's
insane and stupid, but it happens, and it so happens to work on
architectures where the point where the sign changes over is not a valid
On x86, doing signed arithmetic on pointers is a clear and unambiguous
_bug_ (because a C object really _can_ start in "positive" space and end
in "negative" pointer space), but I think some gcc versions did it there
On some other architectures, like x86-64, the virtual memory around the
magic switch-over point is not mappable, so a C object cannot validly
straddle the area where positive overflows into negative, and as such a
compiler _could_ consider pointers to be signed (although I really don't
see the point).
So when I suggested the uglier
if ((unsigned long)x <= 16)
I really did mean to use that ugly cast.. Yours is prettier, but sadly,
yours is simply not safe: a signed comparison might end up making _all_
kernel pointers trigger that test.