xen/arm: Directly return NULL if Xen fails to allocate domain struct

Message ID 1391206965-25727-1-git-send-email-julien.grall@linaro.org
State Accepted
Headers show

Commit Message

Julien Grall Jan. 31, 2014, 10:22 p.m.
The current implementation of alloc_domain_struct, dereference the newly
allocated pointer even if the allocation has failed.

Signed-off-by: Julien Grall <julien.grall@linaro.org>

---

This is a bug fix for Xen 4.4. Without this patch if Xen run out of
memory, it will segfault because it's trying to dereference a NULL
pointer.
---
 xen/arch/arm/domain.c |    6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

Comments

Ian Campbell Feb. 4, 2014, 3:50 p.m. | #1
On Fri, 2014-01-31 at 22:22 +0000, Julien Grall wrote:
> The current implementation of alloc_domain_struct, dereference the newly
> allocated pointer even if the allocation has failed.
> 
> Signed-off-by: Julien Grall <julien.grall@linaro.org>

Acked + applied. thanks.
> 
> ---
> 
> This is a bug fix for Xen 4.4. Without this patch if Xen run out of
> memory, it will segfault because it's trying to dereference a NULL
> pointer.

In general you need to CC George for this sort of thing. I've applied it
this time since I think it is an uncontroversial fix.

Patch

diff --git a/xen/arch/arm/domain.c b/xen/arch/arm/domain.c
index 635a9a4..c279a27 100644
--- a/xen/arch/arm/domain.c
+++ b/xen/arch/arm/domain.c
@@ -409,8 +409,10 @@  struct domain *alloc_domain_struct(void)
     struct domain *d;
     BUILD_BUG_ON(sizeof(*d) > PAGE_SIZE);
     d = alloc_xenheap_pages(0, 0);
-    if ( d != NULL )
-        clear_page(d);
+    if ( d == NULL )
+        return NULL;
+
+    clear_page(d);
     d->arch.grant_table_gpfn = xmalloc_array(xen_pfn_t, max_nr_grant_frames);
     return d;
 }