From: Bruce Richardson <bruce.richardson@intel.com>
To: "Van Haaren, Harry" <harry.van.haaren@intel.com>
Cc: Akhil Goyal <akhil.goyal@nxp.com>,
"De Lara Guarch, Pablo" <pablo.de.lara.guarch@intel.com>,
"Zhang, Roy Fan" <roy.fan.zhang@intel.com>,
"dev@dpdk.org" <dev@dpdk.org>,
"stable@dpdk.org" <stable@dpdk.org>
Subject: Re: [dpdk-dev] [PATCH 1/2] crypto/scheduler: set null pointer after freeing
Date: Fri, 27 Apr 2018 14:09:52 +0100 [thread overview]
Message-ID: <20180427130952.GA102852@bricha3-MOBL.ger.corp.intel.com> (raw)
In-Reply-To: <E923DB57A917B54B9182A2E928D00FA65E052FF7@IRSMSX101.ger.corp.intel.com>
On Fri, Apr 27, 2018 at 12:37:08PM +0000, Van Haaren, Harry wrote:
> > From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Akhil Goyal
> > Sent: Friday, April 27, 2018 12:59 PM
> > To: De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>; Akhil Goyal
> > <akhil.goyal@nxp.com>; Zhang, Roy Fan <roy.fan.zhang@intel.com>
> > Cc: dev@dpdk.org; stable@dpdk.org
> > Subject: Re: [dpdk-dev] [PATCH 1/2] crypto/scheduler: set null pointer after
> > freeing
> >
> > Hi Pablo,
> >
> > On 4/27/2018 5:06 PM, De Lara Guarch, Pablo wrote:
> > > Hi Akhil,
> > >
> > >> -----Original Message-----
> > >> From: Akhil Goyal [mailto:akhil.goyal@nxp.com]
> > >> Sent: Friday, April 27, 2018 9:47 AM
> > >> To: De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>; Zhang, Roy Fan
> > >> <roy.fan.zhang@intel.com>
> > >> Cc: dev@dpdk.org; stable@dpdk.org
> > >> Subject: Re: [dpdk-dev] [PATCH 1/2] crypto/scheduler: set null pointer
> > after
> > >> freeing
> > >>
> > >> Hi Pablo,
> > >>
> > >> On 4/26/2018 8:39 PM, Pablo de Lara wrote:
> > >>> When freeing memory, pointers should be set to NULL, to avoid memory
> > >>> corruption/segmentation faults.
> > >>
> > >> Shouldn't this be handled in the rte_free itself. A lot of other driver are
> > also not
> > >> setting null after rte_free.
> > >> This would require change at a lot of places if this is not handled in
> > rte_free.
> > >>
> > >
> > > The glibc function "free" works the same way. Users are responsible for
> > > setting to NULL these pointers (because sometimes, it is not necessary to do
> > such thing).
> > Yes it is correct but rte_free is custom free API in DPDK which can be
> > modified or we can have a safer API rte_free_safe which can set the
> > pointer to null.
> > >
> > > Anyway, in case we still wanted to change it, we would need to pass a
> > pointer
> > > to a pointer in rte_free, which would imply an API breakage.
>
>
> Actually there is an alternative solution, by creating a macro like so;
>
> #define rte_free(x) do {
> rte_free_(x); /* call the real implementation, now with _ */
> x = NULL;
> } while (0)
>
> This is not an ABI break if symbol versioning is used for rte_free().
>
> It is an API change however - not that the calling code has to change,
> but rather that the effect of rte_free() changes transparently.
>
> I'm not sure what the correct thing to do is in this case - just pointing
> out that this is another possible solution.
>
>
> > I think if the community agrees, we can add this change may be in next
> > releases.
>
> +1 to discuss this with the community, regardless of the implementation :)
>
>
I really don't think this change is necessary. I think having rte_free
behave as libc free is fine.
However, if we want to add a new API called rte_free_and_null(void **x),
I could be ok with that, though I'd be somewhat dubious of its necessity.
Static analysis tools should be able to pick up use-after-free errors,
though we may need to provide metadata to the tools in some form indicating
that rte_free is a free-ing function.
/Bruce
next prev parent reply other threads:[~2018-04-27 13:09 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-04-26 15:09 Pablo de Lara
2018-04-26 15:09 ` [dpdk-dev] [PATCH 2/2] crypto/scheduler: fix memory leak Pablo de Lara
2018-05-08 12:45 ` Zhang, Roy Fan
2018-05-08 15:53 ` De Lara Guarch, Pablo
2018-04-27 8:47 ` [dpdk-dev] [PATCH 1/2] crypto/scheduler: set null pointer after freeing Akhil Goyal
2018-04-27 11:36 ` De Lara Guarch, Pablo
2018-04-27 11:58 ` Akhil Goyal
2018-04-27 12:37 ` Van Haaren, Harry
2018-04-27 13:09 ` Bruce Richardson [this message]
2018-05-08 11:28 ` Zhang, Roy Fan
2018-05-08 15:53 ` De Lara Guarch, Pablo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180427130952.GA102852@bricha3-MOBL.ger.corp.intel.com \
--to=bruce.richardson@intel.com \
--cc=akhil.goyal@nxp.com \
--cc=dev@dpdk.org \
--cc=harry.van.haaren@intel.com \
--cc=pablo.de.lara.guarch@intel.com \
--cc=roy.fan.zhang@intel.com \
--cc=stable@dpdk.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).