diff options
| author | Ian Jackson <ian.jackson@eu.citrix.com> | 2012-06-28 18:43:25 +0100 |
|---|---|---|
| committer | Ian Jackson <ian.jackson@eu.citrix.com> | 2012-06-28 18:43:25 +0100 |
| commit | 27e1ccd1db641b4f57c8249a6e4d7492140dd285 (patch) | |
| tree | d7b36cf04a52d929987f26afba33a5dbf8598995 /tools/libxl/libxl_internal.h | |
| parent | 145511d2ce456a6590f28e14e32b7c4cce1c4c69 (diff) | |
| download | xen-27e1ccd1db641b4f57c8249a6e4d7492140dd285.tar.gz xen-27e1ccd1db641b4f57c8249a6e4d7492140dd285.tar.bz2 xen-27e1ccd1db641b4f57c8249a6e4d7492140dd285.zip | |
libxl: Do not pass NULL as gc_opt; introduce NOGC
In 25182:6c3345d7e9d9 the practice of passing NULL to gc-using memory
allocation functions was introduced. However, the arrangements there
were not correct as committed, because the error handling and logging
depends on getting a ctx from the gc - so an allocation error would in
fact result in libxl dereferencing NULL.
Instead, provide a special dummy gc in the ctx, called `nogc_gc'. It
is marked out specially by having alloc_maxsize==-1, which is
otherwise invalid.
Functions which need to actually look into the gc use the new test
function gc_is_real (whose purpose is mainly clarity of the code) to
check whether the gc is the dummy one, and do nothing if it is. And
we provide a helper macro NOGC which uses the in-scope real gc to find
the ctx and hence the dummy gc (and which replaces the previous
#define NOGC NULL).
Change all callers which pass 0 or NULL to an allocation function to
use NOGC or &ctx->nogc_gc, as applicable in the context.
We add a comment near the definition of LIBXL_INIT_GC pointing out
that it isn't any more the only place a libxl__gc struct is
initialised, for the benefit of anyone changing the contents of gc's
in the future.
Also, actually document that libxl__ptr_add is legal with ptr==NULL,
and change a couple of calls not to check for NULL argument.
Reported-by: Bamvor Jian Zhang <bjzhang@suse.com>
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Cc: Bamvor Jian Zhang <bjzhang@suse.com>
Acked-by: Ian Campbell <Ian.Campbell@citrix.com>
Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Diffstat (limited to 'tools/libxl/libxl_internal.h')
| -rw-r--r-- | tools/libxl/libxl_internal.h | 37 |
1 files changed, 23 insertions, 14 deletions
diff --git a/tools/libxl/libxl_internal.h b/tools/libxl/libxl_internal.h index 9ca5c2cb44..14d46d1d83 100644 --- a/tools/libxl/libxl_internal.h +++ b/tools/libxl/libxl_internal.h @@ -277,10 +277,18 @@ struct libxl__poller { int wakeup_pipe[2]; /* 0 means no fd allocated */ }; +struct libxl__gc { + /* mini-GC */ + int alloc_maxsize; /* -1 means this is the dummy non-gc gc */ + void **alloc_ptrs; + libxl_ctx *owner; +}; + struct libxl__ctx { xentoollog_logger *lg; xc_interface *xch; struct xs_handle *xsh; + libxl__gc nogc_gc; const libxl_event_hooks *event_hooks; void *event_hooks_user; @@ -356,13 +364,6 @@ typedef struct { #define PRINTF_ATTRIBUTE(x, y) __attribute__((format(printf, x, y))) -struct libxl__gc { - /* mini-GC */ - int alloc_maxsize; - void **alloc_ptrs; - libxl_ctx *owner; -}; - struct libxl__egc { /* For event-generating functions only. * The egc and its gc may be accessed only on the creating thread. */ @@ -420,6 +421,7 @@ struct libxl__ao { (gc).alloc_ptrs = 0; \ (gc).owner = (ctx); \ } while(0) + /* NB, also, a gc struct ctx->nogc_gc is initialised in libxl_ctx_alloc */ static inline libxl_ctx *libxl__gc_owner(libxl__gc *gc) { @@ -438,13 +440,20 @@ static inline libxl_ctx *libxl__gc_owner(libxl__gc *gc) * All pointers returned by these functions are registered for garbage * collection on exit from the outermost libxl callframe. * - * However, where the argument is stated to be "gc_opt", NULL may be - * passed instead, in which case no garbage collection will occur; the - * pointer must later be freed with free(). This is for memory - * allocations of types (b) and (c). + * However, where the argument is stated to be "gc_opt", &ctx->nogc_gc + * may be passed instead, in which case no garbage collection will + * occur; the pointer must later be freed with free(). (Passing NULL + * for gc_opt is not permitted.) This is for memory allocations of + * types (b) and (c). The convenience macro NOGC should be used where + * possible. + * + * NOGC (and ctx->nogc_gc) may ONLY be used with functions which + * explicitly declare that it's OK. Use with nonconsenting functions + * may result in leaks of those functions' internal allocations on the + * psuedo-gc. */ -/* register @ptr in @gc for free on exit from outermost libxl callframe. */ -_hidden void libxl__ptr_add(libxl__gc *gc_opt, void *ptr); +/* register ptr in gc for free on exit from outermost libxl callframe. */ +_hidden void libxl__ptr_add(libxl__gc *gc_opt, void *ptr /* may be NULL */); /* if this is the outermost libxl callframe then free all pointers in @gc */ _hidden void libxl__free_all(libxl__gc *gc); /* allocate and zero @bytes. (similar to a gc'd malloc(3)+memzero()) */ @@ -2110,7 +2119,7 @@ _hidden const char *libxl__device_model_savefile(libxl__gc *gc, uint32_t domid); #define GC_INIT(ctx) libxl__gc gc[1]; LIBXL_INIT_GC(gc[0],ctx) #define GC_FREE libxl__free_all(gc) #define CTX libxl__gc_owner(gc) -#define NOGC NULL +#define NOGC (&CTX->nogc_gc) /* pass only to consenting functions */ /* Allocation macros all of which use the gc. */ |