From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id AA08542616; Fri, 22 Sep 2023 10:12:19 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 8C611402BF; Fri, 22 Sep 2023 10:12:19 +0200 (CEST) Received: from mail-qt1-f181.google.com (mail-qt1-f181.google.com [209.85.160.181]) by mails.dpdk.org (Postfix) with ESMTP id 66BE14013F for ; Fri, 22 Sep 2023 10:12:18 +0200 (CEST) Received: by mail-qt1-f181.google.com with SMTP id d75a77b69052e-417fa15f1f9so1008361cf.1 for ; Fri, 22 Sep 2023 01:12:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bytedance.com; s=google; t=1695370338; x=1695975138; darn=dpdk.org; h=content-transfer-encoding:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=b9bw7jF+9Fee6h/tC9wCqHS43oEOaLaPy73vcdspu94=; b=IaJP+EhHR7db8DBKtR6x0sD2mNopSlQM6eGzBFPnpaJ5C3cPRYnJipL/iMDEz+VEF3 xHQg4hpUgp6qCbUufM7oFeLFg0IbguOdmUMxHN8bCAzOd0mzLGyD5yANgYW9QPkH/1Hk Ux3gHegaOCptQBCUEmHlxSberoyzK399GhvWNT4AMH7kaRWJiceYKHEiCVp1vu3CbP0O Xz6Bl6BJS3teu9CKzaQ9WKy4AMehSLSuAnAYpwGhcHXfGzmDmHF2d6qzAFd0cbYt3A31 aVBOwsZTamcoVd9bsFORIa9pcshyuAbR1+CMJkLKepQl7NmKYutCDGv3/qESdf392fkJ y+vA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1695370338; x=1695975138; h=content-transfer-encoding:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=b9bw7jF+9Fee6h/tC9wCqHS43oEOaLaPy73vcdspu94=; b=R7GuW3YFUV8F7ATWUQrc3IaYTfSEEfsfJtvgi4n8ORrnjoaW7dm0484EXDTi7dL5ki 3FuUdobnat2fapz/OKIhXZr4TIH9zeaKmA2IF0/PXKeZKT515ze60mgNTfeQ2k7HOvkf svHRCxyMQL8josZxkK6DIUZ+UR6DeCjxz1H5gC+A7TJBlKqZ/W+t4WxNI9hzwo8azmT+ 8HzZeT2jeIdAW9D+zVFvifvFFEab7PUW/VoHk4gdxOyDlYQTNjSsXYMZ8wjYBeyzuvXd 3ufN8pMZFUANukiwxF1Xc3EZpln02zCp3SuZRKS1pGpXasl+XxidDIFnnUkzgTwkhgmf nmMA== X-Gm-Message-State: AOJu0YyovvwJ6B1lQ3Kv9jI9tSKjYwekj0C1jkGk87MRaMWXGE4vMOql zu3kMcO/tuYMpRLVIZzJeEdfaAB9asNsTPkOylM+NA== X-Google-Smtp-Source: AGHT+IGbi1R3mDmyiWTDORR5NtTJh2FEMEnpwGvgHZ+ud/jSP3By3mEOM8tzrwFmVuGD18NOY39GIiK+eb1L5yugWzc= X-Received: by 2002:ac8:5a06:0:b0:416:ea40:6e84 with SMTP id n6-20020ac85a06000000b00416ea406e84mr8223319qta.2.1695370337749; Fri, 22 Sep 2023 01:12:17 -0700 (PDT) MIME-Version: 1.0 References: <20230912090415.48709-1-changfengnan@bytedance.com> In-Reply-To: <20230912090415.48709-1-changfengnan@bytedance.com> From: Fengnan Chang Date: Fri, 22 Sep 2023 16:12:06 +0800 Message-ID: Subject: Re: [PATCH] eal: fix modify data area after memset To: anatoly.burakov@intel.com, dev@dpdk.org, xuemingl@mellanox.com Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org ping Fengnan Chang =E4=BA=8E2023=E5=B9=B49=E6=9C=88= 12=E6=97=A5=E5=91=A8=E4=BA=8C 17:05=E5=86=99=E9=81=93=EF=BC=9A > > Let's look at this path: > malloc_elem_free > ->malloc_elem_join_adjacent_free > ->join_elem(elem, elem->next) > > 0. cur elem's pad > 0 > 1. data area memset in malloc_elem_free first. > 2. next elem is free, try to join cur elem and next. > 3. in join_elem, try to modify inner->size, this address had > memset in step 1, it casue the content of addrees become non-zero. > > If user call rte_zmalloc, and pick this elem, it can't get all > zero'd memory. > > Fixes: 2808a12cc053 (malloc: fix memory element size in case of padding) > Signed-off-by: Fengnan Chang > --- > lib/eal/common/malloc_elem.c | 10 +++++----- > 1 file changed, 5 insertions(+), 5 deletions(-) > > diff --git a/lib/eal/common/malloc_elem.c b/lib/eal/common/malloc_elem.c > index 619c040aa3..93a23fa8d4 100644 > --- a/lib/eal/common/malloc_elem.c > +++ b/lib/eal/common/malloc_elem.c > @@ -492,7 +492,7 @@ malloc_elem_alloc(struct malloc_elem *elem, size_t si= ze, unsigned align, > * be contiguous in memory. > */ > static inline void > -join_elem(struct malloc_elem *elem1, struct malloc_elem *elem2) > +join_elem(struct malloc_elem *elem1, struct malloc_elem *elem2, bool upd= ate_inner) > { > struct malloc_elem *next =3D elem2->next; > elem1->size +=3D elem2->size; > @@ -502,7 +502,7 @@ join_elem(struct malloc_elem *elem1, struct malloc_el= em *elem2) > elem1->heap->last =3D elem1; > elem1->next =3D next; > elem1->dirty |=3D elem2->dirty; > - if (elem1->pad) { > + if (elem1->pad && update_inner) { > struct malloc_elem *inner =3D RTE_PTR_ADD(elem1, elem1->p= ad); > inner->size =3D elem1->size - elem1->pad; > } > @@ -526,7 +526,7 @@ malloc_elem_join_adjacent_free(struct malloc_elem *el= em) > > /* remove from free list, join to this one */ > malloc_elem_free_list_remove(elem->next); > - join_elem(elem, elem->next); > + join_elem(elem, elem->next, false); > > /* erase header, trailer and pad */ > memset(erase, MALLOC_POISON, erase_len); > @@ -550,7 +550,7 @@ malloc_elem_join_adjacent_free(struct malloc_elem *el= em) > malloc_elem_free_list_remove(elem->prev); > > new_elem =3D elem->prev; > - join_elem(new_elem, elem); > + join_elem(new_elem, elem, false); > > /* erase header, trailer and pad */ > memset(erase, MALLOC_POISON, erase_len); > @@ -683,7 +683,7 @@ malloc_elem_resize(struct malloc_elem *elem, size_t s= ize) > * join the two > */ > malloc_elem_free_list_remove(elem->next); > - join_elem(elem, elem->next); > + join_elem(elem, elem->next, true); > > if (elem->size - new_size >=3D MIN_DATA_SIZE + MALLOC_ELEM_OVERHE= AD) { > /* now we have a big block together. Lets cut it down a b= it, by splitting */ > -- > 2.20.1 >