<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.2900.5848" name=GENERATOR></HEAD>
<BODY>
<DIV><FONT face=Arial size=2>According to WinDDK, "calling
ExAllocatePoolWithTag with memory size == 0 will result in pool header
wastage"<BR>In addition, verifier with low mem simulation will crash when
calling the mentioned function with memory size == 0<BR>This patch fixes
this problem by replacing unsafe call with appropriate macro<BR>signed-off by:
Alexander Naslednikov (xalex at mellanox.co.il)</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial size=2>Index:
D:/windows/MLNX_WinOF_trunk/ulp/sdp/kernel/SdpGenUtils.cpp<BR>===================================================================<BR>---
D:/windows/MLNX_WinOF_trunk/ulp/sdp/kernel/SdpGenUtils.cpp (revision
4987)<BR>+++
D:/windows/MLNX_WinOF_trunk/ulp/sdp/kernel/SdpGenUtils.cpp (revision
4992)<BR>@@ -372,14 +372,22
@@<BR> return
WSAEINVAL;
<BR> }<BR> }<BR>+class ZeroSizePool {<BR>+}
szPool;<BR> <BR> void* __cdecl operator new(size_t n ) throw()
{<BR>+<BR>+ //From WinDDK: "Avoid calling with memory size == 0. Doing so
will result in pool header wastage"<BR>+ // Verifier with low mem
simulation will crash with memory size == 0 <BR>+ if (n
==0)<BR>+ return &szPool;<BR> ASSERT(n !=
0x30);<BR> return ExAllocatePoolWithTag(NonPagedPool ,
n, GLOBAL_ALLOCATION_TAG);<BR> }<BR> <BR> void __cdecl operator
delete(void* p) {<BR>- ExFreePoolWithTag(p,
GLOBAL_ALLOCATION_TAG);<BR>+ if (p != &szPool)<BR>+
ExFreePoolWithTag(p,
GLOBAL_ALLOCATION_TAG);<BR> }<BR> <BR> void* __cdecl operator
new(size_t n, void *addr ) throw() {<BR>Index:
D:/windows/MLNX_WinOF_trunk/core/winmad/kernel/wm_driver.c<BR>===================================================================<BR>---
D:/windows/MLNX_WinOF_trunk/core/winmad/kernel/wm_driver.c (revision
4987)<BR>+++
D:/windows/MLNX_WinOF_trunk/core/winmad/kernel/wm_driver.c (revision
4992)<BR>@@ -238,8 +238,8 @@<BR> attr =
NULL;<BR> goto out;<BR> }<BR>-<BR>- attr =
ExAllocatePoolWithTag(PagedPool, size, 'acmw');<BR>+ <BR>+ attr =
ExAllocatePoolWithTagSafeEx(PagedPool, size, 'acmw');<BR> if (attr ==
NULL) {<BR> goto out;<BR> }<BR>@@ -269,7 +269,8
@@<BR> }<BR> <BR> size = sizeof(WM_IB_PORT) *
attr->num_ports;<BR>- pDevice->pPortArray =
ExAllocatePoolWithTag(PagedPool, size,
'pimw');<BR>+ <BR>+ pDevice->pPortArray =
ExAllocatePoolWithTagSafeEx(PagedPool, size, 'pimw') ;<BR> if
(pDevice->pPortArray == NULL) {<BR> status =
STATUS_NO_MEMORY;<BR> goto out;<BR>Index:
D:/windows/MLNX_WinOF_trunk/core/winverbs/kernel/wv_device.c<BR>===================================================================<BR>---
D:/windows/MLNX_WinOF_trunk/core/winverbs/kernel/wv_device.c (revision
4987)<BR>+++
D:/windows/MLNX_WinOF_trunk/core/winverbs/kernel/wv_device.c (revision
4992)<BR>@@ -178,8 +178,8 @@<BR> attr =
NULL;<BR> goto out;<BR> }<BR>-<BR>- attr =
ExAllocatePoolWithTag(PagedPool, size, 'acvw');<BR>+ <BR>+ attr =
ExAllocatePoolWithTagSafeEx(PagedPool, size, 'acvw');<BR> if (attr ==
NULL) {<BR> goto out;<BR> }<BR>@@ -210,7 +210,7
@@<BR> pDevice->PortCount =
attr->num_ports;<BR> ExFreePoolWithTag(attr,
'acvw');<BR> <BR>- pDevice->pPorts =
ExAllocatePoolWithTag(NonPagedPool, sizeof(WV_PORT)
*<BR>+ pDevice->pPorts = ExAllocatePoolWithTagSafeEx(NonPagedPool,
sizeof(WV_PORT)
*<BR> pDevice->PortCount,
'cpvw');<BR> if (pDevice->pPorts == NULL)
{<BR> return STATUS_NO_MEMORY;<BR>Index:
D:/windows/MLNX_WinOF_trunk/core/complib/kernel/cl_memory_osd.c<BR>===================================================================<BR>---
D:/windows/MLNX_WinOF_trunk/core/complib/kernel/cl_memory_osd.c (revision
4987)<BR>+++
D:/windows/MLNX_WinOF_trunk/core/complib/kernel/cl_memory_osd.c (revision
4992)<BR>@@ -38,6 +38,7 @@<BR> IN const
size_t size,<BR> IN const boolean_t pageable
)<BR> {<BR>+<BR> if( pageable
)<BR> {<BR> CL_ASSERT( KeGetCurrentIrql() <
DISPATCH_LEVEL );<BR>@@ -46,7 +47,7
@@<BR> else<BR> {<BR> CL_ASSERT(
KeGetCurrentIrql() <= DISPATCH_LEVEL );<BR>- return(
ExAllocatePoolWithTag( NonPagedPool, size, 'virp' ) );<BR>+ return(
ExAllocatePoolWithTagSafeEx( NonPagedPool, size, 'virp' )
);<BR> }<BR> }<BR> <BR>Index:
D:/windows/MLNX_WinOF_trunk/core/bus/kernel/bus_port_mgr.c<BR>===================================================================<BR>---
D:/windows/MLNX_WinOF_trunk/core/bus/kernel/bus_port_mgr.c (revision
4987)<BR>+++
D:/windows/MLNX_WinOF_trunk/core/bus/kernel/bus_port_mgr.c (revision
4992)<BR>@@ -1599,7 +1599,7 @@<BR> dev_id_size =
p_ext->pdo.p_pdo_device_info->device_id_size;<BR> <BR> /*
Device ID is "IBA\SID_<sid> where <sid> is the IO device Service ID.
*/<BR>- p_string = ExAllocatePoolWithTag( NonPagedPool, dev_id_size, 'vedq'
);<BR>+ p_string = ExAllocatePoolWithTagSafeEx( NonPagedPool, dev_id_size,
'vedq' );<BR> if( !p_string
)<BR> {<BR> BUS_TRACE_EXIT( BUS_DBG_ERROR,<BR>@@
-1635,7 +1635,7 @@<BR> <BR> dev_id_size =
p_ext->pdo.p_pdo_device_info->hardware_id_size;<BR> <BR>- p_string
= ExAllocatePoolWithTag( NonPagedPool, dev_id_size, 'ihqp' );<BR>+ p_string
= ExAllocatePoolWithTagSafeEx( NonPagedPool, dev_id_size, 'ihqp'
);<BR> if( !p_string
)<BR> {<BR> BUS_TRACE_EXIT( BUS_DBG_ERROR,<BR>@@
-1669,8 +1669,8 @@<BR> p_ext =
(bus_port_ext_t*)p_dev_obj->DeviceExtension;<BR> <BR> dev_id_size
=
p_ext->pdo.p_pdo_device_info->compatible_id_size;<BR>-<BR>- p_string
= ExAllocatePoolWithTag( NonPagedPool, dev_id_size, 'ihqp'
);<BR>+ <BR>+ p_string = ExAllocatePoolWithTagSafeEx( NonPagedPool,
dev_id_size, 'ihqp' );<BR> if( !p_string
)<BR> {<BR> BUS_TRACE_EXIT( BUS_DBG_ERROR,<BR>@@
-1753,9 +1753,8 @@<BR> return
STATUS_NO_SUCH_DEVICE;<BR> }<BR> <BR>+ p_string =
ExAllocatePoolWithTagSafeEx( NonPagedPool,
p_ext->pdo.p_pdo_device_info->description_size, 'edqp'
);<BR> <BR>- p_string = ExAllocatePoolWithTag( NonPagedPool,
p_ext->pdo.p_pdo_device_info->description_size, 'edqp'
);<BR>-<BR> if( !p_string
)<BR> {<BR> BUS_TRACE_EXIT( BUS_DBG_ERROR,<BR>Index:
D:/windows/MLNX_WinOF_trunk/core/iou/kernel/iou_ioc_mgr.c<BR>===================================================================<BR>---
D:/windows/MLNX_WinOF_trunk/core/iou/kernel/iou_ioc_mgr.c (revision
4987)<BR>+++
D:/windows/MLNX_WinOF_trunk/core/iou/kernel/iou_ioc_mgr.c (revision
4992)<BR>@@ -952,8 +952,9
@@<BR> {<BR> <BR> dev_id_size =
(p_ext->pdo.p_pdo_device_info)->device_id_size;<BR>- p_string =
ExAllocatePoolWithTag( NonPagedPool, dev_id_size, 'didq'
);<BR> <BR>+ p_string = ExAllocatePoolWithTagSafeEx(
NonPagedPool, dev_id_size, 'didq' );<BR>+<BR> if( !p_string
)<BR> {<BR> IOU_PRINT_EXIT(
TRACE_LEVEL_ERROR, IOU_DBG_ERROR,<BR>@@ -1027,7 +1028,7
@@<BR> {<BR> hw_id_size =
p_ext->pdo.p_pdo_device_info->hardware_id_size;<BR> <BR>- p_string
= ExAllocatePoolWithTag( NonPagedPool, hw_id_size, 'ihqi'
);<BR>+ p_string = ExAllocatePoolWithTagSafeEx( NonPagedPool,
hw_id_size, 'ihqi' );<BR> if( !p_string
)<BR> {<BR> IOU_PRINT_EXIT(
TRACE_LEVEL_ERROR, IOU_DBG_ERROR,<BR>@@ -1142,9 +1143,9
@@<BR> {<BR> <BR> compat_id_size =
p_ext->pdo.p_pdo_device_info->compatible_id_size;<BR>+ <BR>+ p_string
= ExAllocatePoolWithTagSafeEx( NonPagedPool, compat_id_size, 'icqi'
);<BR> <BR>- p_string = ExAllocatePoolWithTag( NonPagedPool,
compat_id_size, 'icqi' );<BR>-<BR> if( !p_string
)<BR> {<BR> IOU_PRINT_EXIT(
TRACE_LEVEL_ERROR, IOU_DBG_ERROR,<BR>@@ -1302,7 +1303,7
@@<BR> <BR> if ( p_ext->pdo.p_pdo_device_info )
<BR> {<BR>- p_string = ExAllocatePoolWithTag(
NonPagedPool, p_ext->pdo.p_pdo_device_info->description_size,
<BR>+ p_string = ExAllocatePoolWithTagSafeEx( NonPagedPool,
p_ext->pdo.p_pdo_device_info->description_size,
<BR> 'edqi' );<BR> if(
!p_string )<BR> {<BR>Index:
D:/windows/MLNX_WinOF_trunk/inc/complib/cl_memory.h<BR>===================================================================<BR>---
D:/windows/MLNX_WinOF_trunk/inc/complib/cl_memory.h (revision 4987)<BR>+++
D:/windows/MLNX_WinOF_trunk/inc/complib/cl_memory.h (revision 4992)<BR>@@
-919,6 +919,21 @@<BR> /*<BR> * Define allocation macro.<BR>
*/<BR>+<BR>+/* From WinDDK: "Avoid calling ExAllocatePoolWithTag with
memory size == 0. <BR>+ Doing so will result in pool header wastage"<BR>+
Verifier with low mem simulation will crash with memory size ==
0<BR>+*/<BR>+#define ExAllocatePoolWithTagSafeEx( pageable, size, tag )
\<BR>+ (size == 0 ? NULL : ExAllocatePoolWithTag(pageable,
size, tag))<BR>+<BR>+#define ExAllocatePoolWithTagSafeExNonPaged(size, tag )
\<BR>+ (size == 0 ? NULL : ExAllocatePoolWithTag(NonPagedPool,
size, tag )) <BR>+ <BR>+#define
ExAllocatePoolWithTagSafeExPaged(size, tag ) \<BR>+ (size
== 0 ? NULL : ExAllocatePoolWithTag(PagedPool, size, tag
))<BR>+<BR>+<BR> #if defined( CL_TRACK_MEM )<BR> <BR> #define
cl_malloc( a ) \<BR>Index:
D:/windows/MLNX_WinOF_trunk/etc/kernel/index_list.c<BR>===================================================================<BR>---
D:/windows/MLNX_WinOF_trunk/etc/kernel/index_list.c (revision 4987)<BR>+++
D:/windows/MLNX_WinOF_trunk/etc/kernel/index_list.c (revision 4992)<BR>@@
-28,7 +28,9 @@<BR> */<BR> <BR> #include
"index_list.h"<BR>+#include
<complib/cl_memory.h><BR> <BR>+<BR> INDEX_ENTRY
EmptyList;<BR> <BR> static BOOLEAN IndexListGrow(INDEX_LIST
*pIndexList)<BR>@@ -37,7 +39,8 @@<BR> SIZE_T size,
i;<BR> <BR> size = pIndexList->Size + (PAGE_SIZE /
sizeof(INDEX_ENTRY));<BR>- array = ExAllocatePoolWithTag(NonPagedPool, size
* sizeof(INDEX_ENTRY), 'xdni');<BR>+ <BR>+ array =
ExAllocatePoolWithTagSafeEx(NonPagedPool, size * sizeof(INDEX_ENTRY),
'xdni');<BR> if (array == NULL) {<BR> return
FALSE;<BR> }<BR>Index:
D:/windows/MLNX_WinOF_trunk/hw/mlx4/kernel/inc/l2w_memory.h<BR>===================================================================<BR>---
D:/windows/MLNX_WinOF_trunk/hw/mlx4/kernel/inc/l2w_memory.h (revision
4987)<BR>+++
D:/windows/MLNX_WinOF_trunk/hw/mlx4/kernel/inc/l2w_memory.h (revision
4992)<BR>@@ -86,13 +86,13 @@<BR> ASSERT(bsize);<BR> switch
(gfp_mask) {<BR> case GFP_ATOMIC:<BR>- ptr =
ExAllocatePoolWithTag( NonPagedPool, bsize, MT_TAG_ATOMIC
);<BR>+ ptr = ExAllocatePoolWithTagSafeEx( NonPagedPool, bsize,
MT_TAG_ATOMIC );<BR> break;<BR> case
GFP_KERNEL:<BR>- ptr = ExAllocatePoolWithTag( NonPagedPool,
bsize, MT_TAG_KERNEL );<BR>+ ptr = ExAllocatePoolWithTagSafeEx(
NonPagedPool, bsize, MT_TAG_KERNEL
);<BR> break;<BR> case
GFP_HIGHUSER:<BR>- ptr = ExAllocatePoolWithTag( NonPagedPool,
bsize, MT_TAG_HIGH );<BR>+ ptr = ExAllocatePoolWithTagSafeEx(
NonPagedPool, bsize, MT_TAG_HIGH
);<BR> break;<BR> default:<BR> cl_dbg_out("kmalloc:
unsupported flag %d\n", gfp_mask);<BR>Index:
D:/windows/MLNX_WinOF_trunk/hw/mthca/kernel/mt_memory.h<BR>===================================================================<BR>---
D:/windows/MLNX_WinOF_trunk/hw/mthca/kernel/mt_memory.h (revision
4987)<BR>+++
D:/windows/MLNX_WinOF_trunk/hw/mthca/kernel/mt_memory.h (revision
4992)<BR>@@ -52,13 +52,13 @@<BR> MT_ASSERT( KeGetCurrentIrql() <=
DISPATCH_LEVEL );<BR> switch (gfp_mask) {<BR> case
GFP_ATOMIC:<BR>- ptr = ExAllocatePoolWithTag( NonPagedPool,
bsize, MT_TAG_ATOMIC );<BR>+ ptr = ExAllocatePoolWithTagSafeEx(
NonPagedPool, bsize, MT_TAG_ATOMIC
);<BR> break;<BR> case
GFP_KERNEL:<BR>- ptr = ExAllocatePoolWithTag( NonPagedPool,
bsize, MT_TAG_KERNEL );<BR>+ ptr = ExAllocatePoolWithTagSafeEx(
NonPagedPool, bsize, MT_TAG_KERNEL
);<BR> break;<BR> case
GFP_HIGHUSER:<BR>- ptr = ExAllocatePoolWithTag( NonPagedPool,
bsize, MT_TAG_HIGH );<BR>+ ptr = ExAllocatePoolWithTagSafeEx(
NonPagedPool, bsize, MT_TAG_HIGH
);<BR> break;<BR> default:<BR> cl_dbg_out("kmalloc:
unsupported flag %d\n", gfp_mask);<BR></FONT></DIV></BODY></HTML>