From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dev-bounces@dpdk.org>
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id AA08542616;
	Fri, 22 Sep 2023 10:12:19 +0200 (CEST)
Received: from mails.dpdk.org (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id 8C611402BF;
	Fri, 22 Sep 2023 10:12:19 +0200 (CEST)
Received: from mail-qt1-f181.google.com (mail-qt1-f181.google.com
 [209.85.160.181])
 by mails.dpdk.org (Postfix) with ESMTP id 66BE14013F
 for <dev@dpdk.org>; Fri, 22 Sep 2023 10:12:18 +0200 (CEST)
Received: by mail-qt1-f181.google.com with SMTP id
 d75a77b69052e-417fa15f1f9so1008361cf.1
 for <dev@dpdk.org>; Fri, 22 Sep 2023 01:12:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=bytedance.com; s=google; t=1695370338; x=1695975138; darn=dpdk.org;
 h=content-transfer-encoding:to:subject:message-id:date:from
 :in-reply-to:references:mime-version:from:to:cc:subject:date
 :message-id:reply-to;
 bh=b9bw7jF+9Fee6h/tC9wCqHS43oEOaLaPy73vcdspu94=;
 b=IaJP+EhHR7db8DBKtR6x0sD2mNopSlQM6eGzBFPnpaJ5C3cPRYnJipL/iMDEz+VEF3
 xHQg4hpUgp6qCbUufM7oFeLFg0IbguOdmUMxHN8bCAzOd0mzLGyD5yANgYW9QPkH/1Hk
 Ux3gHegaOCptQBCUEmHlxSberoyzK399GhvWNT4AMH7kaRWJiceYKHEiCVp1vu3CbP0O
 Xz6Bl6BJS3teu9CKzaQ9WKy4AMehSLSuAnAYpwGhcHXfGzmDmHF2d6qzAFd0cbYt3A31
 aVBOwsZTamcoVd9bsFORIa9pcshyuAbR1+CMJkLKepQl7NmKYutCDGv3/qESdf392fkJ
 y+vA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1695370338; x=1695975138;
 h=content-transfer-encoding:to:subject:message-id:date:from
 :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=b9bw7jF+9Fee6h/tC9wCqHS43oEOaLaPy73vcdspu94=;
 b=R7GuW3YFUV8F7ATWUQrc3IaYTfSEEfsfJtvgi4n8ORrnjoaW7dm0484EXDTi7dL5ki
 3FuUdobnat2fapz/OKIhXZr4TIH9zeaKmA2IF0/PXKeZKT515ze60mgNTfeQ2k7HOvkf
 svHRCxyMQL8josZxkK6DIUZ+UR6DeCjxz1H5gC+A7TJBlKqZ/W+t4WxNI9hzwo8azmT+
 8HzZeT2jeIdAW9D+zVFvifvFFEab7PUW/VoHk4gdxOyDlYQTNjSsXYMZ8wjYBeyzuvXd
 3ufN8pMZFUANukiwxF1Xc3EZpln02zCp3SuZRKS1pGpXasl+XxidDIFnnUkzgTwkhgmf
 nmMA==
X-Gm-Message-State: AOJu0YyovvwJ6B1lQ3Kv9jI9tSKjYwekj0C1jkGk87MRaMWXGE4vMOql
 zu3kMcO/tuYMpRLVIZzJeEdfaAB9asNsTPkOylM+NA==
X-Google-Smtp-Source: AGHT+IGbi1R3mDmyiWTDORR5NtTJh2FEMEnpwGvgHZ+ud/jSP3By3mEOM8tzrwFmVuGD18NOY39GIiK+eb1L5yugWzc=
X-Received: by 2002:ac8:5a06:0:b0:416:ea40:6e84 with SMTP id
 n6-20020ac85a06000000b00416ea406e84mr8223319qta.2.1695370337749; Fri, 22 Sep
 2023 01:12:17 -0700 (PDT)
MIME-Version: 1.0
References: <20230912090415.48709-1-changfengnan@bytedance.com>
In-Reply-To: <20230912090415.48709-1-changfengnan@bytedance.com>
From: Fengnan Chang <changfengnan@bytedance.com>
Date: Fri, 22 Sep 2023 16:12:06 +0800
Message-ID: <CAPFOzZstVpa=Ypqq36dCwJh0ooKYu9EK9ku04mko-a1257tGwQ@mail.gmail.com>
Subject: Re: [PATCH] eal: fix modify data area after memset
To: anatoly.burakov@intel.com, dev@dpdk.org, xuemingl@mellanox.com
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org

ping

Fengnan Chang <changfengnan@bytedance.com> =E4=BA=8E2023=E5=B9=B49=E6=9C=88=
12=E6=97=A5=E5=91=A8=E4=BA=8C 17:05=E5=86=99=E9=81=93=EF=BC=9A
>
> Let's look at this path:
> malloc_elem_free
>    ->malloc_elem_join_adjacent_free
>       ->join_elem(elem, elem->next)
>
> 0. cur elem's pad > 0
> 1. data area memset in malloc_elem_free first.
> 2. next elem is free, try to join cur elem and next.
> 3. in join_elem, try to modify inner->size, this address had
> memset in step 1, it casue the content of addrees become non-zero.
>
> If user call rte_zmalloc, and pick this elem, it can't get all
> zero'd memory.
>
> Fixes: 2808a12cc053 (malloc: fix memory element size in case of padding)
> Signed-off-by: Fengnan Chang <changfengnan@bytedance.com>
> ---
>  lib/eal/common/malloc_elem.c | 10 +++++-----
>  1 file changed, 5 insertions(+), 5 deletions(-)
>
> diff --git a/lib/eal/common/malloc_elem.c b/lib/eal/common/malloc_elem.c
> index 619c040aa3..93a23fa8d4 100644
> --- a/lib/eal/common/malloc_elem.c
> +++ b/lib/eal/common/malloc_elem.c
> @@ -492,7 +492,7 @@ malloc_elem_alloc(struct malloc_elem *elem, size_t si=
ze, unsigned align,
>   * be contiguous in memory.
>   */
>  static inline void
> -join_elem(struct malloc_elem *elem1, struct malloc_elem *elem2)
> +join_elem(struct malloc_elem *elem1, struct malloc_elem *elem2, bool upd=
ate_inner)
>  {
>         struct malloc_elem *next =3D elem2->next;
>         elem1->size +=3D elem2->size;
> @@ -502,7 +502,7 @@ join_elem(struct malloc_elem *elem1, struct malloc_el=
em *elem2)
>                 elem1->heap->last =3D elem1;
>         elem1->next =3D next;
>         elem1->dirty |=3D elem2->dirty;
> -       if (elem1->pad) {
> +       if (elem1->pad && update_inner) {
>                 struct malloc_elem *inner =3D RTE_PTR_ADD(elem1, elem1->p=
ad);
>                 inner->size =3D elem1->size - elem1->pad;
>         }
> @@ -526,7 +526,7 @@ malloc_elem_join_adjacent_free(struct malloc_elem *el=
em)
>
>                 /* remove from free list, join to this one */
>                 malloc_elem_free_list_remove(elem->next);
> -               join_elem(elem, elem->next);
> +               join_elem(elem, elem->next, false);
>
>                 /* erase header, trailer and pad */
>                 memset(erase, MALLOC_POISON, erase_len);
> @@ -550,7 +550,7 @@ malloc_elem_join_adjacent_free(struct malloc_elem *el=
em)
>                 malloc_elem_free_list_remove(elem->prev);
>
>                 new_elem =3D elem->prev;
> -               join_elem(new_elem, elem);
> +               join_elem(new_elem, elem, false);
>
>                 /* erase header, trailer and pad */
>                 memset(erase, MALLOC_POISON, erase_len);
> @@ -683,7 +683,7 @@ malloc_elem_resize(struct malloc_elem *elem, size_t s=
ize)
>          * join the two
>          */
>         malloc_elem_free_list_remove(elem->next);
> -       join_elem(elem, elem->next);
> +       join_elem(elem, elem->next, true);
>
>         if (elem->size - new_size >=3D MIN_DATA_SIZE + MALLOC_ELEM_OVERHE=
AD) {
>                 /* now we have a big block together. Lets cut it down a b=
it, by splitting */
> --
> 2.20.1
>