From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) by dpdk.org (Postfix) with ESMTP id 515842BC9 for ; Thu, 19 Jul 2018 11:54:40 +0200 (CEST) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga105.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 19 Jul 2018 02:54:38 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.51,374,1526367600"; d="scan'208";a="73666564" Received: from aburakov-mobl.ger.corp.intel.com (HELO [10.237.220.102]) ([10.237.220.102]) by fmsmga001.fm.intel.com with ESMTP; 19 Jul 2018 02:54:27 -0700 To: Stephen Hemminger , sergio.gonzalez.monroy@intel.com Cc: dev@dpdk.org References: <20180718214434.608-1-stephen@networkplumber.org> From: "Burakov, Anatoly" Message-ID: <027b9080-edfb-8d4e-8adc-26d93ea32cd6@intel.com> Date: Thu, 19 Jul 2018 10:54:26 +0100 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: <20180718214434.608-1-stephen@networkplumber.org> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Subject: Re: [dpdk-dev] [RFC] mem: poison memory when freed X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Jul 2018 09:54:40 -0000 On 18-Jul-18 10:44 PM, Stephen Hemminger wrote: > DPDK malloc library allows broken programs to work because > the semantics of zmalloc and malloc are the same. > > This patch changes to a more secure model which will catch > (and crash) programs that reuse memory already freed. > > This supersedes earlier changes to zero memory on free and > avoid zeroing memory in zmalloc. > > Signed-off-by: Stephen Hemminger > --- > lib/librte_eal/common/malloc_elem.c | 5 ++++- > lib/librte_eal/common/rte_malloc.c | 6 +++++- > 2 files changed, 9 insertions(+), 2 deletions(-) > > diff --git a/lib/librte_eal/common/malloc_elem.c b/lib/librte_eal/common/malloc_elem.c > index efcb82677198..62cc0b385c0c 100644 > --- a/lib/librte_eal/common/malloc_elem.c > +++ b/lib/librte_eal/common/malloc_elem.c > @@ -23,6 +23,8 @@ > #include "malloc_elem.h" > #include "malloc_heap.h" > > +#define MALLOC_POISON 0x6b /**< Free memory. */ > + > size_t > malloc_elem_find_max_iova_contig(struct malloc_elem *elem, size_t align) > { > @@ -531,7 +533,8 @@ malloc_elem_free(struct malloc_elem *elem) > /* decrease heap's count of allocated elements */ > elem->heap->alloc_count--; > > - memset(ptr, 0, data_len); > + /* poison memory */ > + memset(ptr, MALLOC_POISON, data_len); Looking at the merits of this patch, this is not quite enough. We also join adjacent malloc elements and erase their headers, so you will also need to adjust memsets in malloc_elem_join_adjacent_free(). > > return elem; > } > diff --git a/lib/librte_eal/common/rte_malloc.c b/lib/librte_eal/common/rte_malloc.c > index b51a6d111bde..b33c936fd491 100644 > --- a/lib/librte_eal/common/rte_malloc.c > +++ b/lib/librte_eal/common/rte_malloc.c > @@ -70,7 +70,11 @@ rte_malloc(const char *type, size_t size, unsigned align) > void * > rte_zmalloc_socket(const char *type, size_t size, unsigned align, int socket) > { > - return rte_malloc_socket(type, size, align, socket); > + void *ptr = rte_malloc_socket(type, size, align, socket); > + > + if (ptr != NULL) > + memset(ptr, 0, size); > + return ptr; > } > > /* > -- Thanks, Anatoly