* [dpdk-dev] [PATCH v2] mem: poison memory when freed
@ 2019-02-16 1:50 Stephen Hemminger
2019-03-27 10:26 ` Thomas Monjalon
0 siblings, 1 reply; 3+ messages in thread
From: Stephen Hemminger @ 2019-02-16 1:50 UTC (permalink / raw)
To: dev; +Cc: Stephen Hemminger
DPDK malloc library allows broken programs to work because
the semantics of zmalloc and malloc are the same.
This patch enables a more secure model which will catch
(and crash) programs that reuse memory already freed if
RTE_MALLOC_DEBUG is enabled.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Acked-by: Andrew Rybchenko <arybchenko@solarflare.com>
Reviewed-by: Anatoly Burakov <anatoly.burakov@intel.com>
---
v2 -- fix #ifdef to get correct semantics, and add more comments
lib/librte_eal/common/malloc_elem.c | 18 +++++++++++++++---
lib/librte_eal/common/rte_malloc.c | 13 ++++++++++++-
2 files changed, 27 insertions(+), 4 deletions(-)
diff --git a/lib/librte_eal/common/malloc_elem.c b/lib/librte_eal/common/malloc_elem.c
index d54a528ed653..658c9b5b7993 100644
--- a/lib/librte_eal/common/malloc_elem.c
+++ b/lib/librte_eal/common/malloc_elem.c
@@ -23,6 +23,17 @@
#include "malloc_elem.h"
#include "malloc_heap.h"
+/*
+ * If debugging is enabled, freed memory is set to poison value
+ * to catch buggy programs. Otherwise, freed memory is set to zero
+ * to avoid having to zero in zmalloc
+ */
+#ifdef RTE_MALLOC_DEBUG
+#define MALLOC_POISON 0x6b
+#else
+#define MALLOC_POISON 0
+#endif
+
size_t
malloc_elem_find_max_iova_contig(struct malloc_elem *elem, size_t align)
{
@@ -494,7 +505,7 @@ malloc_elem_join_adjacent_free(struct malloc_elem *elem)
join_elem(elem, elem->next);
/* erase header, trailer and pad */
- memset(erase, 0, erase_len);
+ memset(erase, MALLOC_POISON, erase_len);
}
/*
@@ -518,7 +529,7 @@ malloc_elem_join_adjacent_free(struct malloc_elem *elem)
join_elem(new_elem, elem);
/* erase header, trailer and pad */
- memset(erase, 0, erase_len);
+ memset(erase, MALLOC_POISON, erase_len);
elem = new_elem;
}
@@ -549,7 +560,8 @@ malloc_elem_free(struct malloc_elem *elem)
/* decrease heap's count of allocated elements */
elem->heap->alloc_count--;
- memset(ptr, 0, data_len);
+ /* poison memory */
+ memset(ptr, MALLOC_POISON, data_len);
return elem;
}
diff --git a/lib/librte_eal/common/rte_malloc.c b/lib/librte_eal/common/rte_malloc.c
index b39de3c99e58..9db8ded73bfc 100644
--- a/lib/librte_eal/common/rte_malloc.c
+++ b/lib/librte_eal/common/rte_malloc.c
@@ -74,7 +74,18 @@ rte_malloc(const char *type, size_t size, unsigned align)
void *
rte_zmalloc_socket(const char *type, size_t size, unsigned align, int socket)
{
- return rte_malloc_socket(type, size, align, socket);
+ void *ptr = rte_malloc_socket(type, size, align, socket);
+
+#ifdef RTE_MALLOC_DEBUG
+ /*
+ * If DEBUG is enabled, then freed memory is marked with poison
+ * value and set to zero on allocation.
+ * If DEBUG is not enabled then memory is already zeroed.
+ */
+ if (ptr != NULL)
+ memset(ptr, 0, size);
+#endif
+ return ptr;
}
/*
--
2.17.1
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [dpdk-dev] [PATCH v2] mem: poison memory when freed
2019-02-16 1:50 [dpdk-dev] [PATCH v2] mem: poison memory when freed Stephen Hemminger
@ 2019-03-27 10:26 ` Thomas Monjalon
2019-03-27 10:26 ` Thomas Monjalon
0 siblings, 1 reply; 3+ messages in thread
From: Thomas Monjalon @ 2019-03-27 10:26 UTC (permalink / raw)
To: Stephen Hemminger; +Cc: dev
16/02/2019 02:50, Stephen Hemminger:
> DPDK malloc library allows broken programs to work because
> the semantics of zmalloc and malloc are the same.
>
> This patch enables a more secure model which will catch
> (and crash) programs that reuse memory already freed if
> RTE_MALLOC_DEBUG is enabled.
>
> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
> Acked-by: Andrew Rybchenko <arybchenko@solarflare.com>
> Reviewed-by: Anatoly Burakov <anatoly.burakov@intel.com>
Applied, thanks
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [dpdk-dev] [PATCH v2] mem: poison memory when freed
2019-03-27 10:26 ` Thomas Monjalon
@ 2019-03-27 10:26 ` Thomas Monjalon
0 siblings, 0 replies; 3+ messages in thread
From: Thomas Monjalon @ 2019-03-27 10:26 UTC (permalink / raw)
To: Stephen Hemminger; +Cc: dev
16/02/2019 02:50, Stephen Hemminger:
> DPDK malloc library allows broken programs to work because
> the semantics of zmalloc and malloc are the same.
>
> This patch enables a more secure model which will catch
> (and crash) programs that reuse memory already freed if
> RTE_MALLOC_DEBUG is enabled.
>
> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
> Acked-by: Andrew Rybchenko <arybchenko@solarflare.com>
> Reviewed-by: Anatoly Burakov <anatoly.burakov@intel.com>
Applied, thanks
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2019-03-27 10:26 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-02-16 1:50 [dpdk-dev] [PATCH v2] mem: poison memory when freed Stephen Hemminger
2019-03-27 10:26 ` Thomas Monjalon
2019-03-27 10:26 ` Thomas Monjalon
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).