LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for June 20, 2013

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Linux 2.6.30 exploit posted

Linux 2.6.30 exploit posted

Posted Jul 17, 2009 15:48 UTC (Fri) by clugstj (subscriber, #4020)
In reply to: Linux 2.6.30 exploit posted by trasz
Parent article: Linux 2.6.30 exploit posted

"C" says that once you dereference a null pointer, all bets are off. UNIX says that you get a SIG_SEGV signal that can't be restarted. So, the GCC optimization is for usermode code only.

(Log in to post comments)

Linux 2.6.30 exploit posted

Posted Jul 17, 2009 16:09 UTC (Fri) by bluebirch (guest, #58264) [Link]

I don't understand why the optimisation should be wrong for kernel code. It doesn't violate the "all bets are off".

Linux 2.6.30 exploit posted

Posted Jul 17, 2009 17:11 UTC (Fri) by clugstj (subscriber, #4020) [Link]

True, but since the kernel developers expect a certain thing to happen when a null pointer is dereferenced, they were caught unaware of the effect of the optimization. (my guess)

Linux 2.6.30 exploit posted

Posted Jul 17, 2009 21:01 UTC (Fri) by stevenb (guest, #11536) [Link]

Then kernel folks should use -fno-delete-null-pointer-checks.

Linux 2.6.30 exploit posted

Posted Jul 21, 2009 7:23 UTC (Tue) by xoddam (subscriber, #2322) [Link]

As I understand it, that option would also prevent the optimisation in the case where the pointer's value can be determined not to be NULL at compile time, eg. by having already passed such a test in all callers.

But it's *fine* to remove a test and its consequent if the result can be determined by the compiler. It's not that we don't want the compiler to optimise, it's that this particular optimisation removes a *necessary* check whose result was *not* known at compile time.

(YES, the pointer was dereferenced already so the program's behaviour is -- if the test is true -- already UNDEFINED and it's no-one's fault but the programmer's if he's eaten by a sea serpent. But the dereference does not actually prove that the pointer is not null, so IMO the compiler is not justified in removing this test without a warning).

I'm not asking the compiler to warn every time it removes dead code. I'm asking for the compiler not to assume that a pointer value is valid, and thus that tests for its validity are dead code, once it has been dereferenced.

Coders are human, not gods. Compilers are not gods either, merely tools for coders.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds