From: Hugo Lefeuvre <hugo.lefeuvre@manchester.ac.uk>
Date: Sun, 16 Apr 2023 09:57:44 +0000 (+0200)
Subject: plat/xen: Fix unchecked uk_palloc() value in x86/mm.c
X-Git-Tag: RELEASE-0.13.0~34
X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=275429893d983ff13d9874b310b4566c254631fe;p=unikraft%2Funikraft.git

plat/xen: Fix unchecked uk_palloc() value in x86/mm.c

The return value of uk_palloc is not checked in _arch_init_p2m.

Allocation failure at that point should never happen, but it's not a
reason not to check.

At this stage, in the event of a failure, we should probably abort the
boot altogether.

This bug was detected using the following Coccinelle spatch:

    @call@
    expression ptr;
    position p;
    @@

    ptr@p = uk_palloc(...);

    @ok@
    expression ptr;
    position call.p;
    @@

    ptr@p = uk_palloc(...);
    ... when != ptr
    (
     (ptr == NULL || ...)
    |
     (ptr != NULL || ...)
    )

    @depends on !ok@
    expression ptr;
    position call.p;
    @@

    ptr@p = uk_palloc(...);
    + if (ptr == NULL) return;

Signed-off-by: Hugo Lefeuvre <hugo.lefeuvre@manchester.ac.uk>
Reviewed-by: Stefan Jumarea <stefanjumarea02@gmail.com>
Approved-by: Simon Kuenzer  <simon@unikraft.io>
Tested-by: Unikraft CI <monkey@unikraft.io>
GitHub-Closes: #839
---

diff --git a/plat/xen/x86/mm.c b/plat/xen/x86/mm.c
index 5c5348641..f4b7d1a09 100644
--- a/plat/xen/x86/mm.c
+++ b/plat/xen/x86/mm.c
@@ -651,9 +651,13 @@ void _arch_init_p2m(struct uk_alloc *a)
 		UK_CRASH("Error: Too many pfns.\n");
 
 	l3_list = uk_palloc(a, 1);
+	if (l3_list == NULL)
+		UK_CRASH("Error: Cannot allocate l3_list.\n");
 	for (pfn = 0; pfn < max_pfn; pfn += P2M_ENTRIES) {
 		if (!(pfn % (P2M_ENTRIES * P2M_ENTRIES))) {
 			l2_list = uk_palloc(a, 1);
+			if (l2_list == NULL)
+				UK_CRASH("Error: Cannot allocate l2_list.\n");
 			l3_list[L3_P2M_IDX(pfn)] = virt_to_mfn(l2_list);
 			l2_list_pages[L3_P2M_IDX(pfn)] = l2_list;
 		}