From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id A0D7EA0C4E; Thu, 10 Jun 2021 11:12:39 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 2034B4067C; Thu, 10 Jun 2021 11:12:39 +0200 (CEST) Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) by mails.dpdk.org (Postfix) with ESMTP id 91EFD4003C for ; Thu, 10 Jun 2021 11:12:37 +0200 (CEST) IronPort-SDR: iGSj5wfhvq5ZYGvmgXHJ0yrbcSjt/N2zSvVMokKPjFQa1w61HLp/klFIhlLuW56v0pWPD+k/Fi dCgDBNySXTOg== X-IronPort-AV: E=McAfee;i="6200,9189,10010"; a="192373363" X-IronPort-AV: E=Sophos;i="5.83,263,1616482800"; d="scan'208";a="192373363" Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by orsmga101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 10 Jun 2021 02:12:29 -0700 IronPort-SDR: pHioV+qtf03GxO7AvCK0LwsEh1BzryHU2WvknjXYosUOFCuwdtE3xctFFyvarxzZSNZ6UBP/b9 dl4CzR4vlA6A== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.83,263,1616482800"; d="scan'208";a="470195250" Received: from fmsmsx602.amr.corp.intel.com ([10.18.126.82]) by fmsmga004.fm.intel.com with ESMTP; 10 Jun 2021 02:12:28 -0700 Received: from fmsmsx612.amr.corp.intel.com (10.18.126.92) by fmsmsx602.amr.corp.intel.com (10.18.126.82) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.4; Thu, 10 Jun 2021 02:12:28 -0700 Received: from fmsmsx604.amr.corp.intel.com (10.18.126.84) by fmsmsx612.amr.corp.intel.com (10.18.126.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.4; Thu, 10 Jun 2021 02:12:28 -0700 Received: from FMSEDG603.ED.cps.intel.com (10.1.192.133) by fmsmsx604.amr.corp.intel.com (10.18.126.84) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.4 via Frontend Transport; Thu, 10 Jun 2021 02:12:27 -0700 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (104.47.55.168) by edgegateway.intel.com (192.55.55.68) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2242.4; Thu, 10 Jun 2021 02:12:27 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=TdDeFq8rkigtmgMFLnQDLFjeMKF3HmnB5+CQ9BHao1urqR+9OzSBl23pGItvXZ6pUVkIObq/+7oFRqtW0TXIoMAwKva74sMgc93X3BfHZwFxNNwnsEhuE+FG86bec6HdvUTztSBTJhBlL59WZrsqDJS755HnepadRpk7GzEiZo8BT62LfhClN6sSGRjsP21wko9cN1DwydjP3Rq8/9FVhjxf1f2FACmewl2PnSo1+k+Xl0VQHMx8pUREXz6WIZufnQWvHMl6ahaxbWMUODGBhDQO3xxxjhExuih6KIKeVbK+b913gOccEyAJI+AxJJZgD1CSX0alnlUjyMo6cfEwWg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9xAaKmcEy48ea5K523kdYQ01VQB+3PT8wG/13yPrfFY=; b=WQ4fvuA6gDE7TI4v+kSApHv5Du2G4fFpHj5+sfFH3wi9xkDjWazdkmfMZJFXk1nP24n+OnPvMPAtkG/90BW+dYmLqp/qLV+xYuPNVc0a4aTIu5RYQLzf8boZmjbW45lyg18CYDNKZDaWD8OqpOQ5OA/v/xRYYoxxTVQCW6yESgqtz2hPenDXcC+WKO1i8XCrx1VwpS4QiR8b827Hjj1bvXIF3e2R72yPBktGTHQSkUbclHsQj0HY4USTyHDd3B+/n7GsKwqjpTggtyqt5f2Orur8c3h5Jy1D3o8Wh1Crv01GMiHVdN8YyjDBrnE2pSfRP/y3c3kbjzZ+VqA0zFH71g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9xAaKmcEy48ea5K523kdYQ01VQB+3PT8wG/13yPrfFY=; b=WSkndNp47oIyEaT0eClnMa6AOZTox803PPnWNWS5y24voAfOmyVIXfah54mvCSKtY9S2QaD3KOtdctXqw0GqIij68D/YPrx77NN0FPXZ8MNbib41oSTZuHZNSFF1ue66asso8eUe1EzA0JjAmMfLaZ/GxFvD1E//Edt0trCEGao= Received: from DM6PR11MB4491.namprd11.prod.outlook.com (2603:10b6:5:204::19) by DM5PR11MB1628.namprd11.prod.outlook.com (2603:10b6:4:c::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4219.22; Thu, 10 Jun 2021 09:12:24 +0000 Received: from DM6PR11MB4491.namprd11.prod.outlook.com ([fe80::15ed:b4f4:540e:ea0c]) by DM6PR11MB4491.namprd11.prod.outlook.com ([fe80::15ed:b4f4:540e:ea0c%7]) with mapi id 15.20.4195.030; Thu, 10 Jun 2021 09:12:24 +0000 From: "Ananyev, Konstantin" To: "Peng, ZhihongX" , "Burakov, Anatoly" , "stephen@networkplumber.org" CC: "dev@dpdk.org" , "Lin, Xueqin" , "Peng, ZhihongX" Thread-Topic: [dpdk-dev] [RFC] porting AddressSanitizer feature to DPDK Thread-Index: AQHXXbgW7KBl04AyBUuVw1HGOeDGoqsM8zxA Date: Thu, 10 Jun 2021 09:12:24 +0000 Message-ID: References: <20210610051352.48493-1-zhihongx.peng@intel.com> In-Reply-To: <20210610051352.48493-1-zhihongx.peng@intel.com> Accept-Language: en-GB, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-product: dlpe-windows dlp-reaction: no-action dlp-version: 11.5.1.3 authentication-results: intel.com; dkim=none (message not signed) header.d=none;intel.com; dmarc=none action=none header.from=intel.com; x-originating-ip: [109.255.184.192] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 2fd495ec-f7fe-48f5-6b9a-08d92befdc82 x-ms-traffictypediagnostic: DM5PR11MB1628: x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:9508; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: ikGU3SQ+HcqRpJCfCBjcEQEnJDH87qBqaqCDH4TNzLLc4+Uek2/bwfY2A7icwQtLS3U+s2Pe/uVAWivBC+SuBS0H0RV3scRpSuujCy5jwiazqa3Q/QYpJ3X00Gn+Z/el4AOqTd93q2LpkV6Njx4XLmRVzk8HFjNPVLuRXMJxzAF/NUogi6bF+QqRCQqJICON0GAZ7oxrkNKL8crWkx+i5laSaw4XFLa6LjeQFrlOZ4EE2nTfToflHFJZ8C/NuLg1KxBnY1dqKmyL7wRWU/Uq8ciPb7U0ozAUEcRXVHx9NAKxRYa/oWhbvhqpM/hK7/wSxqC6hWsrV72H55+Dz5ehEOqqzSTPPIk6NmHOKEH7u0A/w34ZorE15iglYdfwXEziacLIX3WqUL5bhp0nTwwQw2ADyGUl3XQPmemmaJYQhJWLEKiYC56i/lhs1Px7J3nY1CV7Yoqp171GLEv/xUP9slVjtKubtwMrmSh6hGkoeKxMStSqOqfCMYfP15tVbd2pMeleOkCADif7HQYuVCENGb9Wh26JQSENg0Az0Ls/OiejZ5ejLZuvShUdgTQQhVB+l92Ej8wYu0SJN0saBaLGU9NUQ/GtWm5QeEAvCaZPH1UfYwG3Hl6aY5aJMed+K/p4nmt5NNqb1j8EghHCK6NOnO+7fop//hEyor2VgI87ju0zzCLxs2gC1cWqm3XltQBwhFritLFmD+ipitwWVgBuREWDQvEYnoq/jnq+SHq3fxoXj61DqvtNoL42bVX2s3vvgYTYOxxpJVjuIsOkYB5dBg== x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR11MB4491.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(376002)(346002)(39860400002)(366004)(136003)(396003)(55016002)(52536014)(26005)(478600001)(316002)(38100700002)(2906002)(6506007)(66556008)(64756008)(66476007)(55236004)(4326008)(9686003)(8676002)(66946007)(30864003)(71200400001)(66446008)(76116006)(186003)(83380400001)(8936002)(5660300002)(86362001)(33656002)(122000001)(7696005)(54906003)(107886003)(110136005)(49343001); DIR:OUT; SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?OjD/if+rTHYK7H47Yl6eF8cXlxC72YUF/MSIsa284pxMiHTZJemOVJwFC+dm?= =?us-ascii?Q?2zXsujLz1EudPFDzwq6ZRofAXBHEQuKCBwzAhgdKF2YJJh/oIPH5mh7+7Bb2?= =?us-ascii?Q?41XlElU1wgjKzzPtjiuDQ44ecNcsH+YGHTYBRRTTfnSqYiCM0EU4V69QUKuC?= =?us-ascii?Q?DD68h2RYK2ZE53/5+SyosLU2qM6YLKc9bNPqmcXt8CYpb+dmQvz8rJDRxrXv?= =?us-ascii?Q?y3sX5IHoRa+2OhoHGU0qJL1cHFpxBuNGc4r+ciBq2ZzADMuevuge5CMPQNB/?= =?us-ascii?Q?lsEdhd4JyCs9QDTlCZFDXVT/uYLpQpFnXt/uaiXRol60tdjuCxuuqOGT5Tb0?= =?us-ascii?Q?aQIr8jy4LfeGZbJfM8zADV1bENPyid7ULg85vPeYil/CgHql8Lq+B8VWN86j?= =?us-ascii?Q?emJArhAjXX7rsOY8X6+6/o0Wp/KbWNiXF0zxbmuLTuF9zudckm96PJsoZ0H6?= =?us-ascii?Q?tS5GQWdn/EgL450gEt715mbqHdfscVXJdK8cvH2KG+0hQ1g8n4Px4Ln8wz+e?= =?us-ascii?Q?8r9grR+S32Ul4cePdAf5hk+59fbL04rkcxgCrDHbJpP5SgGsoyBPfKO6EGH3?= =?us-ascii?Q?Tdg0ljRHoixaJOG53UpC35J4/TnrylOVrmnGdTnwtehIwYdY9MpqUuyV5Isr?= =?us-ascii?Q?uD0/AOifpd9sCL6pe/4xJ9IehlJgDJ/kTr5ahgW+dKf3OCw+rw604AgzpVyF?= =?us-ascii?Q?lQf2G85Boovs64RjIXsFla8QZFg8YGMv1LKYdRIaibn9vvYoqIPbvWmG/e+h?= =?us-ascii?Q?86MNJwffijzRqXQhBJ+fqLg7lRdJdGT6A57n02/C9LjuLfAbwkrnRSu2wUPk?= =?us-ascii?Q?SXAS0UKb0CEra3oX5qgCeZanHWpi5RuJH/u8flCl3NUD2UIDl4cY0CgAwk4Z?= =?us-ascii?Q?x+nHv2yJfFi4uzrfiKJ3HdIFpkc+7Y6V3G7rmps9Q+Zhf6SsW+jluHVMnQM0?= =?us-ascii?Q?tOcC8kyPCoypFBva4gxn0WYk4o8D8g0uV7jHVy3wtIBeN4MpyrStDE/Fzldc?= =?us-ascii?Q?k43OAJrvu0/l9OkZHB4ReAXdQ6N5SxcMmJcra3blCSvKc664F76mIP1aBX6p?= =?us-ascii?Q?cQhmXI0UCrPdymir9z9Nb8BE0tlq5f9MqvEjLrFHvCuI6Ovc6Z6O4WeN/VRF?= =?us-ascii?Q?pVkN3jVTxnHJ4hKTj9qcfzhjEejI9kqlywEHnAOvNM6pH7Rk1L9RsV/aIMIG?= =?us-ascii?Q?hEnzvwh1RueJOE+ljhWCKZabDvc6aCy8cHxaR0uFnAM7q/bLh+Qz0/SOJIRm?= =?us-ascii?Q?pnc+btKkVM4dmxxHAp2JYq9hfd1X+xWcV5CCZIr4x5DF8HpBs6KtKcuio0Oz?= =?us-ascii?Q?iITDtcmxi3PbwdYgC26+NGvI?= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: DM6PR11MB4491.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 2fd495ec-f7fe-48f5-6b9a-08d92befdc82 X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Jun 2021 09:12:24.4629 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: fFRoU8JWm4oOr+WEOs4ERrfRZQ63zZ/hM8nmeJTtWa5GbE7Rwu0cOhur50ceNR+ZDEPRL5RREfr2l1LUqvDrjamHExp/GA4vaFZ0lTxupq8= X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR11MB1628 X-OriginatorOrg: intel.com Subject: Re: [dpdk-dev] [RFC] porting AddressSanitizer feature to DPDK X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" >=20 > From: Zhihong Peng >=20 > AddressSanitizer (ASan) is a google memory error detect > standard tool. It could help to detect use-after-free and > {heap,stack,global}-buffer overflow bugs in C/C++ programs, > print detailed error information when error happens, large > improve debug efficiency. >=20 > By referring to its implementation algorithm > (https://github.com/google/sanitizers/wiki/AddressSanitizerAlgorithm), > ported heap-buffer-overflow and use-after-freefunctions to dpdk. >=20 > Here is an example of heap-buffer-overflow bug: > ...... > char *p =3D rte_zmalloc(NULL, 7, 0); > p[7] =3D 'a'; > ...... >=20 > Here is an example of use-after-free bug: > ...... > char *p =3D rte_zmalloc(NULL, 7, 0); > rte_free(p); > *p =3D 'a'; > ...... >=20 > If you want to use this feature, > you need to use the following compilation options: > -Dc_args=3D'-DRTE_MALLOC_ASAN' > -Db_lundef=3Dfalse -Db_sanitize=3Daddress >=20 > Signed-off-by: Xueqin Lin > Signed-off-by: Zhihong Peng > --- > lib/eal/common/malloc_elem.c | 33 +++++++- > lib/eal/common/malloc_elem.h | 141 ++++++++++++++++++++++++++++++++++- > lib/eal/common/malloc_heap.c | 19 +++++ > lib/eal/common/rte_malloc.c | 6 ++ > 4 files changed, 197 insertions(+), 2 deletions(-) >=20 > diff --git a/lib/eal/common/malloc_elem.c b/lib/eal/common/malloc_elem.c > index c2c9461f1..4a146b1b9 100644 > --- a/lib/eal/common/malloc_elem.c > +++ b/lib/eal/common/malloc_elem.c > @@ -446,6 +446,9 @@ malloc_elem_alloc(struct malloc_elem *elem, size_t si= ze, unsigned align, > struct malloc_elem *new_free_elem =3D > RTE_PTR_ADD(new_elem, size + MALLOC_ELEM_OVERHEAD); >=20 > +#ifdef RTE_MALLOC_ASAN > + asan_clear_split_alloczone(new_free_elem); > +#endif Here and everywhere: Instead of polluting code with all these ifdefs, I think it would be better to move all these asan_*() functions into a sepa= rate *.h. And have all these ifdefs inside it. Something like that: asan.h: #ifdef RTE_MALLOC_ASAN static inline void asan_clear_split_alloczone(...)=20 { /* actual code */ } .... #else /* dummy one */ static inline void asan_clear_split_alloczone(...) { } ... #endif > split_elem(elem, new_free_elem); > malloc_elem_free_list_insert(new_free_elem); >=20 > @@ -458,6 +461,9 @@ malloc_elem_alloc(struct malloc_elem *elem, size_t si= ze, unsigned align, > elem->state =3D ELEM_BUSY; > elem->pad =3D old_elem_size; >=20 > +#ifdef RTE_MALLOC_ASAN > + asan_clear_alloczone(elem); > +#endif > /* put a dummy header in padding, to point to real element header */ > if (elem->pad > 0) { /* pad will be at least 64-bytes, as everything > * is cache-line aligned */ > @@ -475,7 +481,13 @@ malloc_elem_alloc(struct malloc_elem *elem, size_t s= ize, unsigned align, > * Re-insert original element, in case its new size makes it > * belong on a different list. > */ > +#ifdef RTE_MALLOC_ASAN > + asan_clear_split_alloczone(new_elem); > +#endif > split_elem(elem, new_elem); > +#ifdef RTE_MALLOC_ASAN > + asan_clear_alloczone(new_elem); > +#endif > new_elem->state =3D ELEM_BUSY; > malloc_elem_free_list_insert(elem); >=20 > @@ -601,6 +613,9 @@ malloc_elem_hide_region(struct malloc_elem *elem, voi= d *start, size_t len) > if (next && next_elem_is_adjacent(elem)) { > len_after =3D RTE_PTR_DIFF(next, hide_end); > if (len_after >=3D MALLOC_ELEM_OVERHEAD + MIN_DATA_SIZE) { > +#ifdef RTE_MALLOC_ASAN > + asan_clear_split_alloczone(hide_end); > +#endif > /* split after */ > split_elem(elem, hide_end); >=20 > @@ -615,6 +630,9 @@ malloc_elem_hide_region(struct malloc_elem *elem, voi= d *start, size_t len) > if (prev && prev_elem_is_adjacent(elem)) { > len_before =3D RTE_PTR_DIFF(hide_start, elem); > if (len_before >=3D MALLOC_ELEM_OVERHEAD + MIN_DATA_SIZE) { > +#ifdef RTE_MALLOC_ASAN > + asan_clear_split_alloczone(hide_start); > +#endif > /* split before */ > split_elem(elem, hide_start); >=20 > @@ -628,6 +646,9 @@ malloc_elem_hide_region(struct malloc_elem *elem, voi= d *start, size_t len) > } > } >=20 > +#ifdef RTE_MALLOC_ASAN > + asan_clear_alloczone(elem); > +#endif > remove_elem(elem); > } >=20 > @@ -641,8 +662,12 @@ malloc_elem_resize(struct malloc_elem *elem, size_t = size) > const size_t new_size =3D size + elem->pad + MALLOC_ELEM_OVERHEAD; >=20 > /* if we request a smaller size, then always return ok */ > - if (elem->size >=3D new_size) > + if (elem->size >=3D new_size) { > +#ifdef RTE_MALLOC_ASAN > + asan_clear_alloczone(elem); > +#endif > return 0; > + } >=20 > /* check if there is a next element, it's free and adjacent */ > if (!elem->next || elem->next->state !=3D ELEM_FREE || > @@ -661,9 +686,15 @@ malloc_elem_resize(struct malloc_elem *elem, size_t = size) > /* now we have a big block together. Lets cut it down a bit, by splitt= ing */ > struct malloc_elem *split_pt =3D RTE_PTR_ADD(elem, new_size); > split_pt =3D RTE_PTR_ALIGN_CEIL(split_pt, RTE_CACHE_LINE_SIZE); > +#ifdef RTE_MALLOC_ASAN > + asan_clear_split_alloczone(split_pt); > +#endif > split_elem(elem, split_pt); > malloc_elem_free_list_insert(split_pt); > } > +#ifdef RTE_MALLOC_ASAN > + asan_clear_alloczone(elem); > +#endif > return 0; > } >=20 > diff --git a/lib/eal/common/malloc_elem.h b/lib/eal/common/malloc_elem.h > index a1e5f7f02..d0d8bbb48 100644 > --- a/lib/eal/common/malloc_elem.h > +++ b/lib/eal/common/malloc_elem.h > @@ -36,10 +36,20 @@ struct malloc_elem { > uint64_t header_cookie; /* Cookie marking start of data */ > /* trailer cookie at start + size */ > #endif > +#ifdef RTE_MALLOC_ASAN > + size_t user_size; > + uint64_t asan_cookie[2]; /*must be next to header_cookie*/ > +#endif > } __rte_cache_aligned; >=20 > +static const unsigned MALLOC_ELEM_HEADER_LEN =3D sizeof(struct malloc_el= em); > + > #ifndef RTE_MALLOC_DEBUG > +#ifdef RTE_MALLOC_ASAN > +static const unsigned MALLOC_ELEM_TRAILER_LEN =3D RTE_CACHE_LINE_SIZE; > +#else > static const unsigned MALLOC_ELEM_TRAILER_LEN =3D 0; > +#endif >=20 > /* dummy function - just check if pointer is non-null */ > static inline int > @@ -90,9 +100,138 @@ malloc_elem_cookies_ok(const struct malloc_elem *ele= m) >=20 > #endif >=20 > -static const unsigned MALLOC_ELEM_HEADER_LEN =3D sizeof(struct malloc_el= em); > #define MALLOC_ELEM_OVERHEAD (MALLOC_ELEM_HEADER_LEN + MALLOC_ELEM_TRAIL= ER_LEN) >=20 > +#ifdef RTE_MALLOC_ASAN > + > +#define ASAN_SHADOW_GRAIN_SIZE 8 > +#define ASAN_MEM_FREE_FLAG 0xfd > +#define ASAN_MEM_REDZONE_FLAG 0xfa > +#define ASAN_MEM_TO_SHADOW(mem) (((mem) >> 3) + 0x00007fff8000) > + > +#if defined(__clang__) > +__attribute__((no_sanitize("address", "hwaddress"))) > +#else > +__attribute__((no_sanitize_address)) > +#endif > +static inline void > +asan_set_shadow(void *addr, char val) > +{ > + *(char *)addr =3D val; > +} > + > +static inline void > +asan_set_zone(void *ptr, size_t len, uint32_t val) > +{ > + size_t offset; > + char *shadow; > + size_t zone_len =3D len / ASAN_SHADOW_GRAIN_SIZE; > + if (len % ASAN_SHADOW_GRAIN_SIZE !=3D 0) > + zone_len +=3D 1; > + > + for (size_t i =3D 0; i < zone_len; i++) { > + offset =3D i * ASAN_SHADOW_GRAIN_SIZE; > + shadow =3D (char *)ASAN_MEM_TO_SHADOW(((int64_t)ptr + offset)); > + asan_set_shadow(shadow, val); > + } > +} > + > +/* > + * When the memory is released, the release mark is > + * set in the corresponding range of the shadow area. > + */ > +static inline void > +asan_set_freezone(void *ptr, size_t size) > +{ > + asan_set_zone(ptr, size, ASAN_MEM_FREE_FLAG); > +} > + > +/* > + * When the memory is allocated, memory state must set accessible. > + */ > +static inline void > +asan_clear_alloczone(struct malloc_elem *elem) > +{ > + asan_set_zone((void *)elem, elem->size, 0x0); > +} > + > +static inline void > +asan_clear_split_alloczone(struct malloc_elem *elem) > +{ > + void *ptr =3D RTE_PTR_SUB(elem, MALLOC_ELEM_TRAILER_LEN); > + asan_set_zone(ptr, MALLOC_ELEM_OVERHEAD, 0x0); > +} > + > +/* > + * When the memory is allocated, the memory boundary is > + * marked in the corresponding range of the shadow area. > + */ > +static inline void > +asan_set_redzone(struct malloc_elem *elem, size_t user_size) > +{ > + uint64_t ptr; > + char *shadow; > + if (elem !=3D NULL) { > + if (elem->state !=3D ELEM_PAD) > + elem =3D RTE_PTR_ADD(elem, elem->pad); > + > + elem->user_size =3D user_size; > + > + /* Set mark before the start of the allocated memory */ > + ptr =3D (uint64_t)RTE_PTR_ADD(elem, MALLOC_ELEM_HEADER_LEN) > + - ASAN_SHADOW_GRAIN_SIZE; > + shadow =3D (char *)ASAN_MEM_TO_SHADOW(ptr); > + asan_set_shadow(shadow, ASAN_MEM_REDZONE_FLAG); > + shadow =3D (char *)ASAN_MEM_TO_SHADOW(ptr > + - ASAN_SHADOW_GRAIN_SIZE); > + asan_set_shadow(shadow, ASAN_MEM_REDZONE_FLAG); > + > + /* Set mark after the end of the allocated memory */ > + ptr =3D (uint64_t)RTE_PTR_ADD(elem, MALLOC_ELEM_HEADER_LEN > + + elem->user_size); > + shadow =3D (char *)ASAN_MEM_TO_SHADOW(ptr); > + uint32_t val =3D (ptr % ASAN_SHADOW_GRAIN_SIZE); > + val =3D (val =3D=3D 0) ? ASAN_MEM_REDZONE_FLAG : val; > + asan_set_shadow(shadow, val); > + shadow =3D (char *)ASAN_MEM_TO_SHADOW(ptr > + + ASAN_SHADOW_GRAIN_SIZE); > + asan_set_shadow(shadow, ASAN_MEM_REDZONE_FLAG); > + } > +} > + > +/* > + * When the memory is released, the mark of the memory boundary > + * in the corresponding range of the shadow area is cleared. > + */ > +static inline void > +asan_clear_redzone(struct malloc_elem *elem) > +{ > + uint64_t ptr; > + char *shadow; > + if (elem !=3D NULL) { > + elem =3D RTE_PTR_ADD(elem, elem->pad); > + > + /* Clear mark before the start of the allocated memory */ > + ptr =3D (uint64_t)RTE_PTR_ADD(elem, MALLOC_ELEM_HEADER_LEN) > + - ASAN_SHADOW_GRAIN_SIZE; > + shadow =3D (char *)ASAN_MEM_TO_SHADOW(ptr); > + asan_set_shadow(shadow, 0x00); > + shadow =3D (char *)ASAN_MEM_TO_SHADOW(ptr > + - ASAN_SHADOW_GRAIN_SIZE); > + asan_set_shadow(shadow, 0x00); > + > + /* Clear mark after the end of the allocated memory */ > + ptr =3D (uint64_t)RTE_PTR_ADD(elem, MALLOC_ELEM_HEADER_LEN > + + elem->user_size); > + shadow =3D (char *)ASAN_MEM_TO_SHADOW(ptr); > + asan_set_shadow(shadow, 0x00); > + shadow =3D (char *)ASAN_MEM_TO_SHADOW(ptr > + + ASAN_SHADOW_GRAIN_SIZE); > + asan_set_shadow(shadow, 0x00); > + } > +} > +#endif > + > /* > * Given a pointer to the start of a memory block returned by malloc, ge= t > * the actual malloc_elem header for that block. > diff --git a/lib/eal/common/malloc_heap.c b/lib/eal/common/malloc_heap.c > index ee400f38e..6d39549d3 100644 > --- a/lib/eal/common/malloc_heap.c > +++ b/lib/eal/common/malloc_heap.c > @@ -238,6 +238,9 @@ heap_alloc(struct malloc_heap *heap, const char *type= __rte_unused, size_t size, > { > struct malloc_elem *elem; >=20 > +#ifdef RTE_MALLOC_ASAN > + size_t user_size =3D size; > +#endif > size =3D RTE_CACHE_LINE_ROUNDUP(size); > align =3D RTE_CACHE_LINE_ROUNDUP(align); >=20 > @@ -250,6 +253,9 @@ heap_alloc(struct malloc_heap *heap, const char *type= __rte_unused, size_t size, >=20 > /* increase heap's count of allocated elements */ > heap->alloc_count++; > +#ifdef RTE_MALLOC_ASAN > + asan_set_redzone(elem, user_size); > +#endif > } >=20 > return elem =3D=3D NULL ? NULL : (void *)(&elem[1]); > @@ -270,6 +276,9 @@ heap_alloc_biggest(struct malloc_heap *heap, const ch= ar *type __rte_unused, >=20 > /* increase heap's count of allocated elements */ > heap->alloc_count++; > +#ifdef RTE_MALLOC_ASAN > + asan_set_redzone(elem, size); > +#endif > } >=20 > return elem =3D=3D NULL ? NULL : (void *)(&elem[1]); > @@ -841,6 +850,9 @@ malloc_heap_free(struct malloc_elem *elem) > if (!malloc_elem_cookies_ok(elem) || elem->state !=3D ELEM_BUSY) > return -1; >=20 > +#ifdef RTE_MALLOC_ASAN > + asan_clear_redzone(elem); > +#endif > /* elem may be merged with previous element, so keep heap address */ > heap =3D elem->heap; > msl =3D elem->msl; > @@ -848,6 +860,10 @@ malloc_heap_free(struct malloc_elem *elem) >=20 > rte_spinlock_lock(&(heap->lock)); >=20 > +#ifdef RTE_MALLOC_ASAN > + void *asan_ptr =3D RTE_PTR_ADD(elem, MALLOC_ELEM_HEADER_LEN + elem->pad= ); > + size_t asan_data_len =3D elem->size - MALLOC_ELEM_OVERHEAD - elem->pad; > +#endif > /* mark element as free */ > elem->state =3D ELEM_FREE; >=20 > @@ -1001,6 +1017,9 @@ malloc_heap_free(struct malloc_elem *elem) >=20 > rte_mcfg_mem_write_unlock(); > free_unlock: > +#ifdef RTE_MALLOC_ASAN > + asan_set_freezone(asan_ptr, asan_data_len); > +#endif > rte_spinlock_unlock(&(heap->lock)); > return ret; > } > diff --git a/lib/eal/common/rte_malloc.c b/lib/eal/common/rte_malloc.c > index 9d39e58c0..fe70ee938 100644 > --- a/lib/eal/common/rte_malloc.c > +++ b/lib/eal/common/rte_malloc.c > @@ -170,6 +170,9 @@ rte_realloc_socket(void *ptr, size_t size, unsigned i= nt align, int socket) > RTE_LOG(ERR, EAL, "Error: memory corruption detected\n"); > return NULL; > } > +#ifdef RTE_MALLOC_ASAN > + size_t user_size =3D size; > +#endif >=20 > size =3D RTE_CACHE_LINE_ROUNDUP(size), align =3D RTE_CACHE_LINE_ROUNDUP= (align); >=20 > @@ -181,6 +184,9 @@ rte_realloc_socket(void *ptr, size_t size, unsigned i= nt align, int socket) > RTE_PTR_ALIGN(ptr, align) =3D=3D ptr && > malloc_heap_resize(elem, size) =3D=3D 0) { > rte_eal_trace_mem_realloc(size, align, socket, ptr); > +#ifdef RTE_MALLOC_ASAN > + asan_set_redzone(elem, user_size); > +#endif > return ptr; > } >=20 > -- > 2.17.1