[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen master] Coverity: Improve model for {, un}map_domain_page()



commit 18dca1410d4120cb276028e400efa045c5c8a972
Author:     Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
AuthorDate: Mon Jan 6 13:26:28 2020 +0000
Commit:     Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
CommitDate: Mon Jan 6 17:22:17 2020 +0000

    Coverity: Improve model for {,un}map_domain_page()
    
    The first attempt resulted in several "Free of address-of
    expression (BAD_FREE)" issues, because of code which relies on the fact that
    any pointer in the same page is ok to pass to unmap_domain_page()
    
    Model this property to remove the issues.
    
    Coverity IDs: 1135356 113536{0,1} 1401300 141809{0,1} 1438864
    Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
    Acked-by: Jan Beulich <jbeulich@xxxxxxxx>
---
 misc/coverity/model.c | 22 ++++++++++++++++------
 1 file changed, 16 insertions(+), 6 deletions(-)

diff --git a/misc/coverity/model.c b/misc/coverity/model.c
index bd62566a0d..1ec3fe8673 100644
--- a/misc/coverity/model.c
+++ b/misc/coverity/model.c
@@ -82,21 +82,31 @@ void xfree(void *va)
  * allocation of exactly 1 page.
  *
  * map_domain_page() never fails. (It will BUG() before returning NULL)
- *
- * TODO: work out how to correctly model the behaviour that this function will
- * only ever return page aligned pointers.
  */
 void *map_domain_page(unsigned long mfn)
 {
-    return __coverity_alloc__(PAGE_SIZE);
+    unsigned long ptr = (unsigned long)__coverity_alloc__(PAGE_SIZE);
+
+    /*
+     * Expressing the alignment of the memory allocation isn't possible.  As a
+     * substitute, tell Coverity to ignore any path where ptr isn't page
+     * aligned.
+     */
+    if ( ptr & ~PAGE_MASK )
+        __coverity_panic__();
+
+    return (void *)ptr;
 }
 
 /*
- * unmap_domain_page() will unmap a page.  Model it as a free().
+ * unmap_domain_page() will unmap a page.  Model it as a free().  Any *va
+ * within the page is valid to pass.
  */
 void unmap_domain_page(const void *va)
 {
-    __coverity_free__(va);
+    unsigned long ptr = (unsigned long)va & PAGE_MASK;
+
+    __coverity_free__((void *)ptr);
 }
 
 /*
--
generated by git-patchbot for /home/xen/git/xen.git#master

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/xen-changelog

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.