On 6/23/2023 5:45 PM, Kees Cook wrote:
On Fri, Jun 23, 2023 at 04:09:46PM -0600, Jeffrey Hugo wrote:
Kees, would you please chime in and educate me here? I feel like I'm
missing something important here.
The array_size() family will saturate at SIZE_MAX (rather than potentially
wrapping around). No allocator can fulfil a 18446744073709551615 byte
(18 exabyte) allocation. :) So the NULL return value will (hopefully)
trigger an error path.
Fair enough, that handles the 64-bit usecase. I'm guessing the
assumption is that on a 32-bit usecase where size_t is ~4GB, there won't
actually be 4GB to allocate and things will also fail. So far, so good.
What about a 32-bit system with something like ARM's LPAE (Large
Physical Address Extension) where the host is 32-bit, and so size_t
would be ~4GB (as far as I can tell) but phys_addr_t is larger than
that, and so we can have/access more than 4GB of resources? Lets see,
ignoring that its a 13 year old feature and probably not in circulation
anymore, probably still can't satisfy a 4GB allocation since you'd need
to map all of it to address it, and part of the address space is surely
reserved for other things.
Ok, I think I'm convinced. I'm going to sleep on it, but I suspect all
will still be good early next week.
Thank you for the explanation.
-Jeff
