From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id A6416431D8; Sun, 22 Oct 2023 22:22:38 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 3E73D40270; Sun, 22 Oct 2023 22:22:38 +0200 (CEST) Received: from mail-lf1-f52.google.com (mail-lf1-f52.google.com [209.85.167.52]) by mails.dpdk.org (Postfix) with ESMTP id 1AF184026C for ; Sun, 22 Oct 2023 22:22:37 +0200 (CEST) Received: by mail-lf1-f52.google.com with SMTP id 2adb3069b0e04-5079f9ec8d9so3011988e87.0 for ; Sun, 22 Oct 2023 13:22:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1698006156; x=1698610956; darn=dpdk.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:subject:cc:to:from:date:from:to:cc:subject:date :message-id:reply-to; bh=I2r6Y/Axys7glLX6qcIuVoKoaP6VeSfsAlf1CvJbESo=; b=BBMAMrdo4hr79MmggpLo7KIW8i3lDUqHH6zgvgjh6bM+DyYzd5B2pkr/Z42pjqThYm UflGAmIxsu5ElvQWtK56FZyUR+YDNpJc6GT5j0OEmYHO/aAJVkOhO4TmxFY6rkmEF7XZ nDqRXKZHw7U3jj+g04wupDUxDgU+T5Byl+ydoYKLSCd1rU2GHxwmhun4r98D3SO7e8mO pj7/EzIKRdOsqORHDKDIw8xgAVCaxHb9TYTG76MFPjU7oMZABySlnd2xy7CKsw3Ph2Bf /elkAwTKfusg53/3EgytOM+FXnUmTiCq8L7SSzg+OhO0EcDMvBGUGi4GzCgf+bl+J/Il VABg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1698006156; x=1698610956; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:subject:cc:to:from:date:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=I2r6Y/Axys7glLX6qcIuVoKoaP6VeSfsAlf1CvJbESo=; b=Ua2Qe8dUQiiRLQzOLFhphoguK9xZJaZ6vVjeHVa5E/CaMFaA1brrlDcnZBJBMBZC8r wj2Yg88uk/mthYgnNrVUM3ytGW8jmf4dxTOI2hmeFyj1eoXi0f4nWjSQCPetOiuEDqMF P2lFXxyRQJCnxDL8whXFPRkEuXWT/X5kg+w99h1ZPLgpjAGS1U56nbiqi03Sr6pqzBRL zBXMIUWYp9/PXVoXbNbIr6l/9B9bKeGkkMador9iPdKg6ND8KBJBVbTL2xZ7nqaHieOT KKAwzM6KRUM+Ym2sBCdPEcdJjxBYTu7SYVQeCgQUqpIvBqTQlPmlbDNUW+hCvfd1gPbb jqGA== X-Gm-Message-State: AOJu0YwNRLEeEtz+7ZkaWGNgSUnZwM/eJUtipzwzbHTZznS8c+8Iqayq 63Euzzq5hs0RZcIBV/anw9s= X-Google-Smtp-Source: AGHT+IFv8SXBiGndGI4/QbrNvN1+dM24iHbk10CHeXDlNbGpY2uENqTROw9sjWs7w3jD/psk68bYyw== X-Received: by 2002:a05:6512:238a:b0:500:943f:11c9 with SMTP id c10-20020a056512238a00b00500943f11c9mr3326786lfv.3.1698006156305; Sun, 22 Oct 2023 13:22:36 -0700 (PDT) Received: from sovereign (broadband-109-173-110-33.ip.moscow.rt.ru. [109.173.110.33]) by smtp.gmail.com with ESMTPSA id f1-20020a056512360100b004ff725d1a27sm1359307lfs.234.2023.10.22.13.22.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 22 Oct 2023 13:22:35 -0700 (PDT) Date: Sun, 22 Oct 2023 23:22:34 +0300 From: Dmitry Kozlyuk To: Fengnan Chang Cc: anatoly.burakov@intel.com, dev@dpdk.org, xuemingl@mellanox.com Subject: Re: [PATCH] eal: fix modify data area after memset Message-ID: <20231022232234.42168129@sovereign> In-Reply-To: References: <20230912090415.48709-1-changfengnan@bytedance.com> X-Mailer: Claws Mail 3.18.0 (GTK+ 2.24.33; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org 2023-09-22 16:12 (UTC+0800), Fengnan Chang: > ping >=20 > Fengnan Chang =E4=BA=8E2023=E5=B9=B49=E6=9C= =8812=E6=97=A5=E5=91=A8=E4=BA=8C 17:05=E5=86=99=E9=81=93=EF=BC=9A > > > > Let's look at this path: > > malloc_elem_free =20 > > ->malloc_elem_join_adjacent_free > > ->join_elem(elem, elem->next) =20 > > > > 0. cur elem's pad > 0 > > 1. data area memset in malloc_elem_free first. > > 2. next elem is free, try to join cur elem and next. > > 3. in join_elem, try to modify inner->size, this address had > > memset in step 1, it casue the content of addrees become non-zero. > > > > If user call rte_zmalloc, and pick this elem, it can't get all > > zero'd memory. malloc_elem_join_adjacent_free() always calls memset() after join_elem(), for the next and the previous element respectively. How to reproduce this bug?