@@ -82,21 +82,31 @@ void xfree(void *va)
* allocation of exactly 1 page.
*
* map_domain_page() never fails. (It will BUG() before returning NULL)
- *
- * TODO: work out how to correctly model the behaviour that this function will
- * only ever return page aligned pointers.
*/
void *map_domain_page(unsigned long mfn)
{
- return __coverity_alloc__(PAGE_SIZE);
+ unsigned long ptr = (unsigned long)__coverity_alloc__(PAGE_SIZE);
+
+ /*
+ * Expressing the alignment of the memory allocation isn't possible. As a
+ * substitute, tell Coverity to ignore any path where ptr isn't page
+ * aligned.
+ */
+ if ( ptr & ~PAGE_MASK )
+ __coverity_panic__();
+
+ return (void *)ptr;
}
/*
- * unmap_domain_page() will unmap a page. Model it as a free().
+ * unmap_domain_page() will unmap a page. Model it as a free(). Any *va
+ * within the page is valid to pass.
*/
void unmap_domain_page(const void *va)
{
- __coverity_free__(va);
+ unsigned long ptr = (unsigned long)va & PAGE_MASK;
+
+ __coverity_free__((void *)ptr);
}
/*
The first attempt resulted in several "Free of address-of expression (BAD_FREE)" issues, because of code which relies on the fact that any pointer in the same page is ok to pass to unmap_domain_page() Model this property to remove the issues. Coverity IDs: 1135356 113536{0,1} 1401300 141809{0,1} 1438864 Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> --- CC: George Dunlap <George.Dunlap@eu.citrix.com> CC: Ian Jackson <ian.jackson@citrix.com> CC: Jan Beulich <JBeulich@suse.com> CC: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> CC: Stefano Stabellini <sstabellini@kernel.org> CC: Wei Liu <wl@xen.org> CC: Julien Grall <julien@xen.org> As the only way of testing is to upload a new model, this change matches what I've already done in Snapshot 182435. --- misc/coverity/model.c | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-)