From: "Burakov, Anatoly" <anatoly.burakov@intel.com>
To: Stephen Hemminger <stephen@networkplumber.org>,
sergio.gonzalez.monroy@intel.com
Cc: dev@dpdk.org
Subject: Re: [dpdk-dev] [RFC] mem: poison memory when freed
Date: Thu, 19 Jul 2018 10:54:26 +0100 [thread overview]
Message-ID: <027b9080-edfb-8d4e-8adc-26d93ea32cd6@intel.com> (raw)
In-Reply-To: <20180718214434.608-1-stephen@networkplumber.org>
On 18-Jul-18 10:44 PM, Stephen Hemminger wrote:
> DPDK malloc library allows broken programs to work because
> the semantics of zmalloc and malloc are the same.
>
> This patch changes to a more secure model which will catch
> (and crash) programs that reuse memory already freed.
>
> This supersedes earlier changes to zero memory on free and
> avoid zeroing memory in zmalloc.
>
> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
> ---
> lib/librte_eal/common/malloc_elem.c | 5 ++++-
> lib/librte_eal/common/rte_malloc.c | 6 +++++-
> 2 files changed, 9 insertions(+), 2 deletions(-)
>
> diff --git a/lib/librte_eal/common/malloc_elem.c b/lib/librte_eal/common/malloc_elem.c
> index efcb82677198..62cc0b385c0c 100644
> --- a/lib/librte_eal/common/malloc_elem.c
> +++ b/lib/librte_eal/common/malloc_elem.c
> @@ -23,6 +23,8 @@
> #include "malloc_elem.h"
> #include "malloc_heap.h"
>
> +#define MALLOC_POISON 0x6b /**< Free memory. */
> +
> size_t
> malloc_elem_find_max_iova_contig(struct malloc_elem *elem, size_t align)
> {
> @@ -531,7 +533,8 @@ malloc_elem_free(struct malloc_elem *elem)
> /* decrease heap's count of allocated elements */
> elem->heap->alloc_count--;
>
> - memset(ptr, 0, data_len);
> + /* poison memory */
> + memset(ptr, MALLOC_POISON, data_len);
Looking at the merits of this patch, this is not quite enough. We also
join adjacent malloc elements and erase their headers, so you will also
need to adjust memsets in malloc_elem_join_adjacent_free().
>
> return elem;
> }
> diff --git a/lib/librte_eal/common/rte_malloc.c b/lib/librte_eal/common/rte_malloc.c
> index b51a6d111bde..b33c936fd491 100644
> --- a/lib/librte_eal/common/rte_malloc.c
> +++ b/lib/librte_eal/common/rte_malloc.c
> @@ -70,7 +70,11 @@ rte_malloc(const char *type, size_t size, unsigned align)
> void *
> rte_zmalloc_socket(const char *type, size_t size, unsigned align, int socket)
> {
> - return rte_malloc_socket(type, size, align, socket);
> + void *ptr = rte_malloc_socket(type, size, align, socket);
> +
> + if (ptr != NULL)
> + memset(ptr, 0, size);
> + return ptr;
> }
>
> /*
>
--
Thanks,
Anatoly
prev parent reply other threads:[~2018-07-19 9:54 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-07-18 21:44 Stephen Hemminger
2018-07-19 9:03 ` Burakov, Anatoly
2018-07-19 9:46 ` Bruce Richardson
2018-07-19 9:54 ` Burakov, Anatoly [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=027b9080-edfb-8d4e-8adc-26d93ea32cd6@intel.com \
--to=anatoly.burakov@intel.com \
--cc=dev@dpdk.org \
--cc=sergio.gonzalez.monroy@intel.com \
--cc=stephen@networkplumber.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).