From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dev-bounces@dpdk.org>
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id EC59DA0542;
	Sat,  8 Oct 2022 14:05:05 +0200 (CEST)
Received: from [217.70.189.124] (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id 4B0A742BE9;
	Sat,  8 Oct 2022 14:04:23 +0200 (CEST)
Received: from szxga02-in.huawei.com (szxga02-in.huawei.com [45.249.212.188])
 by mails.dpdk.org (Postfix) with ESMTP id D7BD842BAD
 for <dev@dpdk.org>; Sat,  8 Oct 2022 14:04:13 +0200 (CEST)
Received: from dggpeml500024.china.huawei.com (unknown [172.30.72.54])
 by szxga02-in.huawei.com (SkyGuard) with ESMTP id 4Ml3ch2XChzHv1G;
 Sat,  8 Oct 2022 19:59:16 +0800 (CST)
Received: from localhost.localdomain (10.67.165.24) by
 dggpeml500024.china.huawei.com (7.185.36.10) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2375.31; Sat, 8 Oct 2022 20:04:12 +0800
From: Chengwen Feng <fengchengwen@huawei.com>
To: <david.marchand@redhat.com>, <mb@smartsharesystems.com>,
 <anatoly.burakov@intel.com>, <dmitry.kozliuk@gmail.com>,
 <jerinjacobk@gmail.com>, <hofors@lysator.liu.se>
CC: <thomas@monjalon.net>, <dev@dpdk.org>
Subject: [PATCH v7 09/10] memarea: detect memory corruption based on magic
Date: Sat, 8 Oct 2022 11:58:32 +0000
Message-ID: <20221008115833.29247-10-fengchengwen@huawei.com>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20221008115833.29247-1-fengchengwen@huawei.com>
References: <20220721044648.6817-1-fengchengwen@huawei.com>
 <20221008115833.29247-1-fengchengwen@huawei.com>
MIME-Version: 1.0
Content-Type: text/plain
X-Originating-IP: [10.67.165.24]
X-ClientProxiedBy: dggems706-chm.china.huawei.com (10.3.19.183) To
 dggpeml500024.china.huawei.com (7.185.36.10)
X-CFilter-Loop: Reflected
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org

This patch provides lightweight mechanism for detecting memory
corruption which based on magic field in each element node.

Signed-off-by: Chengwen Feng <fengchengwen@huawei.com>
---
 lib/memarea/memarea_private.h |  2 ++
 lib/memarea/rte_memarea.c     | 29 ++++++++++++++++++++++++++---
 2 files changed, 28 insertions(+), 3 deletions(-)

diff --git a/lib/memarea/memarea_private.h b/lib/memarea/memarea_private.h
index 08735ca81f..4f5393e6f9 100644
--- a/lib/memarea/memarea_private.h
+++ b/lib/memarea/memarea_private.h
@@ -7,10 +7,12 @@
 
 #include <rte_memarea.h>
 
+#define MEMAREA_ELEM_MAGIC_NUM		0xbeef1234
 #define MEMAREA_FREE_ELEM_COOKIE	0xFFFFFFFF
 
 struct memarea_elem {
 	size_t   size;
+	uint32_t magic;
 	uint32_t cookie;
 	int32_t  refcnt; /* Non-zero indicates that it has been allocated */
 	TAILQ_ENTRY(memarea_elem) elem_node;
diff --git a/lib/memarea/rte_memarea.c b/lib/memarea/rte_memarea.c
index f95f89b6ec..2983a36801 100644
--- a/lib/memarea/rte_memarea.c
+++ b/lib/memarea/rte_memarea.c
@@ -135,6 +135,7 @@ rte_memarea_create(const struct rte_memarea_param *init)
 	ma->top_addr = RTE_PTR_ADD(addr, init->total_sz - 1);
 	elem = addr;
 	elem->size = init->total_sz - sizeof(struct memarea_elem);
+	elem->magic = MEMAREA_ELEM_MAGIC_NUM;
 	elem->cookie = MEMAREA_FREE_ELEM_COOKIE;
 	elem->refcnt = 0;
 	TAILQ_INSERT_TAIL(&ma->elem_list, elem, elem_node);
@@ -192,6 +193,7 @@ memarea_add_node(struct rte_memarea *ma, struct memarea_elem *elem, size_t need_
 	new_elem = (struct memarea_elem *)RTE_PTR_ADD(elem, sizeof(struct memarea_elem) +
 							    align_size);
 	new_elem->size = elem->size - align_size - sizeof(struct memarea_elem);
+	new_elem->magic = MEMAREA_ELEM_MAGIC_NUM;
 	new_elem->cookie = MEMAREA_FREE_ELEM_COOKIE;
 	new_elem->refcnt = 0;
 	TAILQ_INSERT_AFTER(&ma->elem_list, elem, new_elem, elem_node);
@@ -219,6 +221,8 @@ rte_memarea_alloc(struct rte_memarea *ma, size_t size, uint32_t cookie)
 
 	memarea_lock(ma);
 	TAILQ_FOREACH(elem, &ma->free_list, free_node) {
+		if (unlikely(elem->magic != MEMAREA_ELEM_MAGIC_NUM))
+			break;
 		if (elem->size < size)
 			continue;
 		if (memarea_whether_add_node(elem->size, size))
@@ -251,6 +255,7 @@ memarea_merge_node(struct rte_memarea *ma, struct memarea_elem *curr,
 {
 	curr->size += next->size + sizeof(struct memarea_elem);
 	next->size = 0;
+	next->magic = ~MEMAREA_ELEM_MAGIC_NUM;
 	next->cookie = 0;
 	TAILQ_REMOVE(&ma->elem_list, next, elem_node);
 	if (del_next_from_free)
@@ -293,6 +298,13 @@ rte_memarea_update_refcnt(struct rte_memarea *ma, void *ptr, int16_t value)
 		return;
 
 	memarea_lock(ma);
+	if (unlikely(elem->magic != MEMAREA_ELEM_MAGIC_NUM)) {
+		RTE_LOG(ERR, MEMAREA, "memarea: %s magic: 0x%x check fail!\n",
+			ma->init.name, elem->magic);
+		memarea_unlock(ma);
+		return;
+	}
+
 	if (unlikely(ptr < ma->area_addr || ptr > ma->top_addr)) {
 		rte_memarea_update_refcnt(ma->init.bak_memarea, ptr, value);
 		memarea_unlock(ma);
@@ -346,8 +358,11 @@ memarea_elem_list_num(struct rte_memarea *ma)
 	struct memarea_elem *elem;
 	uint32_t num = 0;
 
-	TAILQ_FOREACH(elem, &ma->elem_list, elem_node)
+	TAILQ_FOREACH(elem, &ma->elem_list, elem_node) {
+		if (elem->magic != MEMAREA_ELEM_MAGIC_NUM)
+			break;
 		num++;
+	}
 
 	return num;
 }
@@ -358,8 +373,11 @@ memarea_free_list_num(struct rte_memarea *ma)
 	struct memarea_elem *elem;
 	uint32_t num = 0;
 
-	TAILQ_FOREACH(elem, &ma->free_list, free_node)
+	TAILQ_FOREACH(elem, &ma->free_list, free_node) {
+		if (elem->magic != MEMAREA_ELEM_MAGIC_NUM)
+			break;
 		num++;
+	}
 
 	return num;
 }
@@ -370,9 +388,14 @@ memarea_dump_all(struct rte_memarea *ma, FILE *f)
 	struct memarea_elem *elem;
 
 	fprintf(f, "  regions:\n");
-	TAILQ_FOREACH(elem, &ma->elem_list, elem_node)
+	TAILQ_FOREACH(elem, &ma->elem_list, elem_node) {
+		if (elem->magic != MEMAREA_ELEM_MAGIC_NUM) {
+			fprintf(f, "    magic: 0x%x check fail!\n", elem->magic);
+			break;
+		}
 		fprintf(f, "    size: 0x%zx cookie: 0x%x refcnt: %d\n",
 			elem->size, elem->cookie, elem->refcnt);
+	}
 }
 
 int
-- 
2.17.1