From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <arybchenko@solarflare.com>
Received: from dispatch1-us1.ppe-hosted.com (dispatch1-us1.ppe-hosted.com
 [148.163.129.52]) by dpdk.org (Postfix) with ESMTP id AA1745920
 for <dev@dpdk.org>; Thu, 19 Jul 2018 19:09:38 +0200 (CEST)
X-Virus-Scanned: Proofpoint Essentials engine
Received: from webmail.solarflare.com (uk.solarflare.com [193.34.186.16])
 (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mx1-us4.ppe-hosted.com (Proofpoint Essentials ESMTP Server) with ESMTPS id
 91D0FBC006D; Thu, 19 Jul 2018 17:09:37 +0000 (UTC)
Received: from [192.168.1.16] (85.187.13.33) by ukex01.SolarFlarecom.com
 (10.17.10.4) with Microsoft SMTP Server (TLS) id 15.0.1044.25; Thu, 19 Jul
 2018 18:09:32 +0100
To: Stephen Hemminger <stephen@networkplumber.org>, <dev@dpdk.org>
References: <20180719162029.30962-1-stephen@networkplumber.org>
From: Andrew Rybchenko <arybchenko@solarflare.com>
Message-ID: <4faebdb0-e03a-dc9e-adb2-1b9374c5a000@solarflare.com>
Date: Thu, 19 Jul 2018 20:09:27 +0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
 Thunderbird/52.9.1
MIME-Version: 1.0
In-Reply-To: <20180719162029.30962-1-stephen@networkplumber.org>
Content-Type: text/plain; charset="utf-8"; format=flowed
Content-Transfer-Encoding: 7bit
Content-Language: en-US
X-Originating-IP: [85.187.13.33]
X-ClientProxiedBy: ocex03.SolarFlarecom.com (10.20.40.36) To
 ukex01.SolarFlarecom.com (10.17.10.4)
X-TM-AS-Product-Ver: SMEX-11.0.0.1191-8.100.1062-23978.003
X-TM-AS-Result: No--7.878400-0.000000-31
X-TM-AS-User-Approved-Sender: Yes
X-TM-AS-User-Blocked-Sender: No
X-MDID: 1532020178-ASHQWk9XE8BZ
Subject: Re: [dpdk-dev] [RFC v2] mem: poison memory when freed
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Jul 2018 17:09:40 -0000

On 19.07.2018 19:20, Stephen Hemminger wrote:
> DPDK malloc library allows broken programs to work because
> the semantics of zmalloc and malloc are the same.
>
> This patch enables a  more secure model which will catch
> (and crash) programs that reuse memory already freed if
> RTE_MALLOC_DEBUG is enabled.
>
> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
> ---
>
> v2
>    - keep original behavior unless RTE_MALLOC_DEBUG is enabled.
>
>   lib/librte_eal/common/malloc_elem.c | 17 ++++++++++++++---
>   lib/librte_eal/common/rte_malloc.c  |  8 +++++++-
>   2 files changed, 21 insertions(+), 4 deletions(-)
>
> diff --git a/lib/librte_eal/common/malloc_elem.c b/lib/librte_eal/common/malloc_elem.c
> index efcb82677198..6fc63c53a75d 100644
> --- a/lib/librte_eal/common/malloc_elem.c
> +++ b/lib/librte_eal/common/malloc_elem.c
> @@ -23,6 +23,16 @@
>   #include "malloc_elem.h"
>   #include "malloc_heap.h"
>   
> +/* If debugging is enabled, freed memory is set to poison value
> + * to catch buggy programs. Otherwise, freed memory is zerod
> + * to avoid having to zero in zmalloc
> + */
> +#ifdef RTE_MALLOC_DEBUG
> +#define MALLOC_POISON	       0x6b
> +#else
> +#define MALLOC_POISON	       0
> +#endif
> +
>   size_t
>   malloc_elem_find_max_iova_contig(struct malloc_elem *elem, size_t align)
>   {
> @@ -476,7 +486,7 @@ malloc_elem_join_adjacent_free(struct malloc_elem *elem)
>   		join_elem(elem, elem->next);
>   
>   		/* erase header, trailer and pad */
> -		memset(erase, 0, erase_len);
> +		memset(erase, MALLOC_POISON, erase_len);
>   	}
>   
>   	/*
> @@ -500,7 +510,7 @@ malloc_elem_join_adjacent_free(struct malloc_elem *elem)
>   		join_elem(new_elem, elem);
>   
>   		/* erase header, trailer and pad */
> -		memset(erase, 0, erase_len);
> +		memset(erase, MALLOC_POISON, erase_len);
>   
>   		elem = new_elem;
>   	}
> @@ -531,7 +541,8 @@ malloc_elem_free(struct malloc_elem *elem)
>   	/* decrease heap's count of allocated elements */
>   	elem->heap->alloc_count--;
>   
> -	memset(ptr, 0, data_len);
> +	/* poison memory */
> +	memset(ptr, MALLOC_POISON, data_len);
>   
>   	return elem;
>   }
> diff --git a/lib/librte_eal/common/rte_malloc.c b/lib/librte_eal/common/rte_malloc.c
> index b51a6d111bde..ed253149bb6b 100644
> --- a/lib/librte_eal/common/rte_malloc.c
> +++ b/lib/librte_eal/common/rte_malloc.c
> @@ -70,7 +70,13 @@ rte_malloc(const char *type, size_t size, unsigned align)
>   void *
>   rte_zmalloc_socket(const char *type, size_t size, unsigned align, int socket)
>   {
> -	return rte_malloc_socket(type, size, align, socket);
> +	void *ptr = rte_malloc_socket(type, size, align, socket);
> +
> +#ifndef RTE_MALLOC_DEBUG

It should be #ifdef above.

> +	if (ptr != NULL)
> +		memset(ptr, 0, size);
> +#endif
> +	return ptr;
>   }
>   
>   /*