From: Stephen Hemminger <stephen@networkplumber.org>
To: dev@dpdk.org
Cc: Stephen Hemminger <stephen@networkplumber.org>
Subject: [dpdk-dev] [RFC v2] mem: poison memory when freed
Date: Thu, 19 Jul 2018 09:20:29 -0700 [thread overview]
Message-ID: <20180719162029.30962-1-stephen@networkplumber.org> (raw)
DPDK malloc library allows broken programs to work because
the semantics of zmalloc and malloc are the same.
This patch enables a more secure model which will catch
(and crash) programs that reuse memory already freed if
RTE_MALLOC_DEBUG is enabled.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
---
v2
- keep original behavior unless RTE_MALLOC_DEBUG is enabled.
lib/librte_eal/common/malloc_elem.c | 17 ++++++++++++++---
lib/librte_eal/common/rte_malloc.c | 8 +++++++-
2 files changed, 21 insertions(+), 4 deletions(-)
diff --git a/lib/librte_eal/common/malloc_elem.c b/lib/librte_eal/common/malloc_elem.c
index efcb82677198..6fc63c53a75d 100644
--- a/lib/librte_eal/common/malloc_elem.c
+++ b/lib/librte_eal/common/malloc_elem.c
@@ -23,6 +23,16 @@
#include "malloc_elem.h"
#include "malloc_heap.h"
+/* If debugging is enabled, freed memory is set to poison value
+ * to catch buggy programs. Otherwise, freed memory is zerod
+ * to avoid having to zero in zmalloc
+ */
+#ifdef RTE_MALLOC_DEBUG
+#define MALLOC_POISON 0x6b
+#else
+#define MALLOC_POISON 0
+#endif
+
size_t
malloc_elem_find_max_iova_contig(struct malloc_elem *elem, size_t align)
{
@@ -476,7 +486,7 @@ malloc_elem_join_adjacent_free(struct malloc_elem *elem)
join_elem(elem, elem->next);
/* erase header, trailer and pad */
- memset(erase, 0, erase_len);
+ memset(erase, MALLOC_POISON, erase_len);
}
/*
@@ -500,7 +510,7 @@ malloc_elem_join_adjacent_free(struct malloc_elem *elem)
join_elem(new_elem, elem);
/* erase header, trailer and pad */
- memset(erase, 0, erase_len);
+ memset(erase, MALLOC_POISON, erase_len);
elem = new_elem;
}
@@ -531,7 +541,8 @@ malloc_elem_free(struct malloc_elem *elem)
/* decrease heap's count of allocated elements */
elem->heap->alloc_count--;
- memset(ptr, 0, data_len);
+ /* poison memory */
+ memset(ptr, MALLOC_POISON, data_len);
return elem;
}
diff --git a/lib/librte_eal/common/rte_malloc.c b/lib/librte_eal/common/rte_malloc.c
index b51a6d111bde..ed253149bb6b 100644
--- a/lib/librte_eal/common/rte_malloc.c
+++ b/lib/librte_eal/common/rte_malloc.c
@@ -70,7 +70,13 @@ rte_malloc(const char *type, size_t size, unsigned align)
void *
rte_zmalloc_socket(const char *type, size_t size, unsigned align, int socket)
{
- return rte_malloc_socket(type, size, align, socket);
+ void *ptr = rte_malloc_socket(type, size, align, socket);
+
+#ifndef RTE_MALLOC_DEBUG
+ if (ptr != NULL)
+ memset(ptr, 0, size);
+#endif
+ return ptr;
}
/*
--
2.18.0
next reply other threads:[~2018-07-19 16:20 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-07-19 16:20 Stephen Hemminger [this message]
2018-07-19 17:08 ` Andrew Rybchenko
2018-07-19 17:09 ` Andrew Rybchenko
2018-07-20 13:09 ` Burakov, Anatoly
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180719162029.30962-1-stephen@networkplumber.org \
--to=stephen@networkplumber.org \
--cc=dev@dpdk.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).