Re: [PATCH 5] Fix error handling with malloc, memalign etc. Memalign() can't fail now.

From: Sascha Hauer <s.hauer@pengutronix.de>
To: Krzysztof Halasa <khc@pm.waw.pl>
Cc: barebox@lists.infradead.org
Subject: Re: [PATCH 5] Fix error handling with malloc, memalign etc. Memalign() can't fail now.
Date: Tue, 21 Dec 2010 09:58:53 +0100	[thread overview]
Message-ID: <20101221085853.GW6017@pengutronix.de> (raw)
In-Reply-To: <m3vd2ocax2.fsf@intrepid.localdomain>

On Mon, Dec 20, 2010 at 11:54:49PM +0100, Krzysztof Halasa wrote:
> Fix error handling with malloc, memalign etc. Memalign() can't fail now.
> 
> The idea is to panic() when there is no memory available for normal
> operation. Exception: code which can consume arbitrary amount of RAM
> (example: files allocated in ramfs) must report error instead of
> panic().
> 
> This patch also fixes code which didn't check for NULL from malloc()
> etc.
> 
> Usage: malloc() returns NULL when out of RAM.
> xmalloc(), memalign() always return non-NULL or panic().
> 
> Signed-off-by: Krzysztof Hałasa <khc@pm.waw.pl>
> 
> diff --git a/arch/sandbox/os/common.c b/arch/sandbox/os/common.c
> index 287be0d..8409ca8 100644
> --- a/arch/sandbox/os/common.c
> +++ b/arch/sandbox/os/common.c
> @@ -223,10 +223,7 @@ static int add_image(char *str, char *name)
>  	struct stat s;
>  	char *opt;
>  	int fd, ret;
> -	struct hf_platform_data *hf = malloc(sizeof(struct hf_platform_data));
> -
> -	if (!hf)
> -		return -1;
> +	struct hf_platform_data *hf = xmalloc(sizeof(struct hf_platform_data));
>  
>  	file = strtok(str, ",");
>  	while ((opt = strtok(NULL, ","))) {
> @@ -285,11 +282,7 @@ int main(int argc, char *argv[])
>  	char str[6];
>  	int fdno = 0, envno = 0;
>  
> -	ram = malloc(malloc_size);
> -	if (!ram) {
> -		printf("unable to get malloc space\n");
> -		exit(1);
> -	}
> +	ram = xmalloc(malloc_size);
>  	mem_malloc_init(ram, ram + malloc_size);
>  
>  	while (1) {

Don't change these. This is the file which connects barebox to the host
on sandbox. This is not the barebox malloc but the glibc malloc which is
called here.

> --- a/common/dlmalloc.c
> +++ b/common/dlmalloc.c
> @@ -1,9 +1,9 @@
> -
> +#include <common.h>
>  #include <config.h>
>  #include <malloc.h>
>  #include <string.h>
>  #include <mem_malloc.h>
> -
> +#include <xfuncs.h>
>  #include <stdio.h>
>  #include <module.h>
>  
> @@ -1696,12 +1696,12 @@ void *memalign(size_t alignment, size_t bytes)
>  	long remainder_size;	/* its size */
>  
>  	if ((long) bytes < 0)
> -		return NULL;
> +		panic("memalign: requested %i bytes\n", bytes);
>  
>  	/* If need less alignment than we give anyway, just relay to malloc */
>  
>  	if (alignment <= MALLOC_ALIGNMENT)
> -		return malloc(bytes);
> +		return xmalloc(bytes);
>  
>  	/* Otherwise, ensure that it is at least a minimum chunk size */
>  
> @@ -1711,10 +1711,7 @@ void *memalign(size_t alignment, size_t bytes)
>  	/* Call malloc with worst case padding to hit alignment. */
>  
>  	nb = request2size(bytes);
> -	m = (char*)(malloc (nb + alignment + MINSIZE));
> -
> -	if (!m)
> -		return NULL;	/* propagate failure */
> +	m = (char*)(xmalloc(nb + alignment + MINSIZE));
>  
>  	p = mem2chunk(m);
>  

I think we shouldn't touch memalign but introduce a xmemalign function
instead. The x in the name stresses that the return value doesn't have
to be checked. Also it gives the user a chance explicitely call memalign
if he wishes to.

Sascha

-- 
Pengutronix e.K.                           |                             |
Industrial Linux Solutions                 | http://www.pengutronix.de/  |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox