Xen project Mailing List

Re: [Xen-devel] [PATCH RFC] xen/common: Do not tolerate xmalloc(0, ...)

To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

From: Tim Deegan <tim@xxxxxxx>

Date: Thu, 9 Apr 2015 11:56:35 +0100

Cc: Stefano Stabellini <stefano.stabellini@xxxxxxxxxx>, Keir Fraser <keir@xxxxxxx>, Ian Campbell <ian.campbell@xxxxxxxxxx>, Jan Beulich <JBeulich@xxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxx>

Delivery-date: Thu, 09 Apr 2015 10:56:54 +0000

List-id: Xen developer discussion <xen-devel.lists.xen.org>

At 16:57 +0100 on 31 Mar (1427821072), Andrew Cooper wrote: > Currently, _xmalloc() supports zero-sized allocations by returning a sentinel > poisoned pointer. > > I posit that there are no legitimate situation for any code in the hypervisor > to make a zero sized allocation. > > Furthermore, the sentinel value will pass a NULL pointer check, and > introduces an unnecessary security risk if it is accidentally used. > > Instead, turn a zero-sized allocation into a clean fatal error. I think this code is better as it is now. malloc-style allocators typically allow zero-sized allocations so code that expects it to work isn't unreasonable. And even if we audited all callers and remembered to catch this in new code, we might inherit some next time we import code from linux, since AFAICT the linux allocators allow it. The poisoned pointer we have right now will DTRT in a pretty obvious way if it's actually dereferenced, so I think we're OK there -- that is, I don't see a security risk other than DoS, and this patch wouldn't fix the DoS. Cheers, Tim. _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.