From: Julien Grall <jgr...@amazon.com> Since commit 1aac966e24e9 "xen: support RAM at addresses 0 and 4096", bits_to_zone() will never return 0 and it is expected that we have minimum 2 zones.
Therefore the check in alloc_domheap_pages() is unnecessary and can be removed. However, for sanity, it is replaced with an ASSERT(). Also take the opportunity to check atbuild time that NR_ZONES is minimum 2. This bug was discovered and resolved using Coverity Static Analysis Security Testing (SAST) by Synopsys, Inc. Signed-off-by: Julien Grall <jgr...@amazon.com> --- xen/common/page_alloc.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/xen/common/page_alloc.c b/xen/common/page_alloc.c index 1744e6faa5c4..68e47d963842 100644 --- a/xen/common/page_alloc.c +++ b/xen/common/page_alloc.c @@ -457,6 +457,12 @@ static long total_avail_pages; static DEFINE_SPINLOCK(heap_lock); static long outstanding_claims; /* total outstanding claims by all domains */ +static void __init __maybe_unused build_assertions(void) +{ + /* Zone 0 is reserved for Xen, so we at least need two zones to function.*/ + BUILD_BUG_ON(NR_ZONES < 2); +} + unsigned long domain_adjust_tot_pages(struct domain *d, long pages) { long dom_before, dom_after, dom_claimed, sys_before, sys_after; @@ -2340,8 +2346,9 @@ struct page_info *alloc_domheap_pages( bits = domain_clamp_alloc_bitsize(memflags & MEMF_no_owner ? NULL : d, bits ? : (BITS_PER_LONG+PAGE_SHIFT)); - if ( (zone_hi = min_t(unsigned int, bits_to_zone(bits), zone_hi)) == 0 ) - return NULL; + + zone_hi = min_t(unsigned int, bits_to_zone(bits), zone_hi); + ASSERT(zone_hi != 0); if ( memflags & MEMF_no_owner ) memflags |= MEMF_no_refcount; -- 2.17.1