From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp-fw-33001.amazon.com (smtp-fw-33001.amazon.com [207.171.190.10]) by dpdk.org (Postfix) with ESMTP id 60DF0271 for ; Thu, 8 Jun 2017 21:13:10 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209; t=1496949191; x=1528485191; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version; bh=OjWw6EA+qn1k2ngFKsE9fmg7ovG2MzBRGxE+Dwkoli4=; b=Xe6V//zXK/bCYjA/gRakd5UImSVX0FFy5GoBlzxVBXA8HyBXO9fcdXQq 8Tg3WfPTGOlIFeij88kxDJ2phWdNpJDT8NWPtE2pB0TlMe5ecy03WnDmE CGOCHXuHCcZj92CXvGQjADaY/VVsvtyP2VXbqGZh4jratIAyRQElI27ok o=; X-IronPort-AV: E=Sophos;i="5.39,315,1493683200"; d="scan'208";a="673832706" Received: from sea19-co-svc-lb5-vlan3.sea.amazon.com (HELO email-inbound-relay-71003.iad55.amazon.com) ([10.47.22.166]) by smtp-border-fw-out-33001.sea14.amazon.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 08 Jun 2017 19:12:57 +0000 Received: from EX13MTAUWC001.ant.amazon.com (iad55-ws-svc-p15-lb9-vlan3.iad.amazon.com [10.40.159.166]) by email-inbound-relay-71003.iad55.amazon.com (8.14.7/8.14.7) with ESMTP id v58JCjBw030579 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 8 Jun 2017 19:12:50 GMT Received: from EX13d09UWC004.ant.amazon.com (10.43.162.114) by EX13MTAUWC001.ant.amazon.com (10.43.162.135) with Microsoft SMTP Server (TLS) id 15.0.1104.5; Thu, 8 Jun 2017 19:12:50 +0000 Received: from EX13MTAUEB001.ant.amazon.com (10.43.60.96) by EX13d09UWC004.ant.amazon.com (10.43.162.114) with Microsoft SMTP Server (TLS) id 15.0.1104.5; Thu, 8 Jun 2017 19:12:50 +0000 Received: from dev-dsk-lavignen-2a-i-6727e5bf.us-west-2.amazon.com (172.22.103.204) by mail-relay.amazon.com (10.43.60.129) with Microsoft SMTP Server id 15.0.1104.5 via Frontend Transport; Thu, 8 Jun 2017 19:12:48 +0000 Received: by dev-dsk-lavignen-2a-i-6727e5bf.us-west-2.amazon.com (Postfix, from userid 3314725) id 8C62484682; Thu, 8 Jun 2017 19:12:48 +0000 (UTC) From: Jamie Lavigne To: CC: , Jamie Lavigne Date: Thu, 8 Jun 2017 19:12:17 +0000 Message-ID: <1496949137-8106-1-git-send-email-lavignen@amazon.com> X-Mailer: git-send-email 2.7.3.AMZN In-Reply-To: <1496189818-2307-1-git-send-email-lavignen@amazon.com> References: <1496189818-2307-1-git-send-email-lavignen@amazon.com> MIME-Version: 1.0 Content-Type: text/plain Precedence: Bulk Subject: [dpdk-dev] [PATCH v3] mem: fix malloc_elem resize with padding X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Jun 2017 19:13:10 -0000 Currently when a malloc_elem is split after resizing, any padding present in the elem is ignored. This causes the resized elem to be too small when padding is present, and user data can overwrite the beginning of the following malloc_elem. Solve this by including the size of the padding when computing where to split the malloc_elem. Fixes: af75078fece3 ("first public release") Signed-off-by: Jamie Lavigne --- lib/librte_eal/common/malloc_elem.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/lib/librte_eal/common/malloc_elem.c b/lib/librte_eal/common/malloc_elem.c index 42568e1..08516af 100644 --- a/lib/librte_eal/common/malloc_elem.c +++ b/lib/librte_eal/common/malloc_elem.c @@ -314,17 +314,16 @@ malloc_elem_free(struct malloc_elem *elem) int malloc_elem_resize(struct malloc_elem *elem, size_t size) { - const size_t new_size = size + MALLOC_ELEM_OVERHEAD; + const size_t new_size = size + elem->pad + MALLOC_ELEM_OVERHEAD; /* if we request a smaller size, then always return ok */ - const size_t current_size = elem->size - elem->pad; - if (current_size >= new_size) + if (elem->size >= new_size) return 0; struct malloc_elem *next = RTE_PTR_ADD(elem, elem->size); rte_spinlock_lock(&elem->heap->lock); if (next ->state != ELEM_FREE) goto err_return; - if (current_size + next->size < new_size) + if (elem->size + next->size < new_size) goto err_return; /* we now know the element fits, so remove from free list, @@ -333,7 +332,7 @@ malloc_elem_resize(struct malloc_elem *elem, size_t size) elem_free_list_remove(next); join_elem(elem, next); - if (elem->size - new_size >= MIN_DATA_SIZE + MALLOC_ELEM_OVERHEAD){ + if (elem->size - new_size >= MIN_DATA_SIZE + MALLOC_ELEM_OVERHEAD) { /* now we have a big block together. Lets cut it down a bit, by splitting */ struct malloc_elem *split_pt = RTE_PTR_ADD(elem, new_size); split_pt = RTE_PTR_ALIGN_CEIL(split_pt, RTE_CACHE_LINE_SIZE); -- 2.7.3.AMZN