Xen project Mailing List

[Xen-devel] [PATCH RFC] xen/common: Do not tolerate xmalloc(0, ...)

From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Date: Tue, 31 Mar 2015 16:57:52 +0100

Cc: Keir Fraser <keir@xxxxxxx>, Ian Campbell <ian.campbell@xxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Tim Deegan <tim@xxxxxxx>, Stefano Stabellini <stefano.stabellini@xxxxxxxxxx>, Jan Beulich <JBeulich@xxxxxxxx>

Delivery-date: Tue, 31 Mar 2015 15:57:59 +0000

List-id: Xen developer discussion <xen-devel.lists.xen.org>

Currently, _xmalloc() supports zero-sized allocations by returning a sentinel poisoned pointer. I posit that there are no legitimate situation for any code in the hypervisor to make a zero sized allocation. Furthermore, the sentinel value will pass a NULL pointer check, and introduces an unnecessary security risk if it is accidentally used. Instead, turn a zero-sized allocation into a clean fatal error. Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> CC: Keir Fraser <keir@xxxxxxx> CC: Jan Beulich <JBeulich@xxxxxxxx> CC: Ian Campbell <ian.campbell@xxxxxxxxxx> CC: Stefano Stabellini <stefano.stabellini@xxxxxxxxxx> CC: Tim Deegan <tim@xxxxxxx> --- This is RFC to gauge opinion, and because the amount of testing it has had is "works on my box", which I admit is not much for a change of this nature. --- xen/common/xmalloc_tlsf.c | 12 ++---------- xen/include/asm-x86/config.h | 3 --- 2 files changed, 2 insertions(+), 13 deletions(-) diff --git a/xen/common/xmalloc_tlsf.c b/xen/common/xmalloc_tlsf.c index b13317e..519dfbb 100644 --- a/xen/common/xmalloc_tlsf.c +++ b/xen/common/xmalloc_tlsf.c @@ -563,21 +563,13 @@ static void tlsf_init(void) /* * xmalloc() */ - -#ifndef ZERO_BLOCK_PTR -/* Return value for zero-size allocation, distinguished from NULL. */ -#define ZERO_BLOCK_PTR ((void *)-1L) -#endif - void *_xmalloc(unsigned long size, unsigned long align) { void *p = NULL; u32 pad; ASSERT(!in_irq()); - - if ( !size ) - return ZERO_BLOCK_PTR; + BUG_ON(size == 0); ASSERT((align & (align - 1)) == 0); if ( align < MEM_ALIGN ) @@ -617,7 +609,7 @@ void xfree(void *p) { struct bhdr *b; - if ( p == NULL || p == ZERO_BLOCK_PTR ) + if ( p == NULL ) return; ASSERT(!in_irq()); diff --git a/xen/include/asm-x86/config.h b/xen/include/asm-x86/config.h index 3569753..591f20b 100644 --- a/xen/include/asm-x86/config.h +++ b/xen/include/asm-x86/config.h @@ -94,9 +94,6 @@ /* Primary stack is restricted to 8kB by guard pages. */ #define PRIMARY_STACK_SIZE 8192 -/* Return value for zero-size _xmalloc(), distinguished from NULL. */ -#define ZERO_BLOCK_PTR ((void *)0xBAD0BAD0BAD0BAD0UL) - /* Override include/xen/list.h to make these non-canonical addresses. */ #define LIST_POISON1 ((void *)0x0100100100100100UL) #define LIST_POISON2 ((void *)0x0200200200200200UL) -- 1.7.10.4 _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.