[PATCH v2 16/16] eal: add alloc_function attribute to rte_malloc

[Stephen Hemminger <stephen@networkplumber.org>]

Use the GCC function attribute to detect cases where
memory is allocated with rte_malloc and freed incorrectly
with libc version of free (and vice versa). Also will detect
some other pointer mismatches.

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
---
 doc/guides/rel_notes/release_24_11.rst |  8 ++++
 lib/eal/include/rte_malloc.h           | 55 +++++++++++++++-----------
 2 files changed, 40 insertions(+), 23 deletions(-)

diff --git a/doc/guides/rel_notes/release_24_11.rst b/doc/guides/rel_notes/release_24_11.rst
index 0ff70d9057..f27a37eac4 100644
--- a/doc/guides/rel_notes/release_24_11.rst
+++ b/doc/guides/rel_notes/release_24_11.rst
@@ -55,6 +55,14 @@ New Features
      Also, make sure to start the actual text at the margin.
      =======================================================
 
+* **Hardened rte_malloc and related functions.**
+
+  * Added function attributes to  ``rte_malloc`` and similar functions
+    that can catch some obvious bugs at compile time (with GCC 11.0 or later).
+    Examples: calling ``free()`` on pointer that was allocated with ``rte_malloc``
+    (and vice versa); freeing the same pointer twice in the same routine;
+    freeing an object that was not created by allocation; etc.
+
 
 Removed Items
 -------------
diff --git a/lib/eal/include/rte_malloc.h b/lib/eal/include/rte_malloc.h
index cf3c174022..c7af96fcba 100644
--- a/lib/eal/include/rte_malloc.h
+++ b/lib/eal/include/rte_malloc.h
@@ -31,6 +31,22 @@ struct rte_malloc_socket_stats {
 	size_t heap_allocsz_bytes; /**< Total allocated bytes on heap */
 };
 
+
+/**
+ * Frees the memory space pointed to by the provided pointer.
+ *
+ * This pointer must have been returned by a previous call to
+ * rte_malloc(), rte_zmalloc(), rte_calloc() or rte_realloc(). The behaviour of
+ * rte_free() is undefined if the pointer does not match this requirement.
+ *
+ * If the pointer is NULL, the function does nothing.
+ *
+ * @param ptr
+ *   The pointer to memory to be freed.
+ */
+void
+rte_free(void *ptr);
+
 /**
  * This function allocates memory from the huge-page area of memory. The memory
  * is not cleared. In NUMA systems, the memory allocated resides on the same
@@ -55,7 +71,8 @@ struct rte_malloc_socket_stats {
 void *
 rte_malloc(const char *type, size_t size, unsigned align)
 	__rte_alloc_size(2)
-	__rte_alloc_align(3);
+	__rte_alloc_align(3)
+	__rte_alloc_func(rte_free, 1);
 
 /**
  * Allocate zeroed memory from the heap.
@@ -83,7 +100,8 @@ rte_malloc(const char *type, size_t size, unsigned align)
 void *
 rte_zmalloc(const char *type, size_t size, unsigned align)
 	__rte_alloc_size(2)
-	__rte_alloc_align(3);
+	__rte_alloc_align(3)
+	__rte_alloc_func(rte_free, 1);
 
 /**
  * Replacement function for calloc(), using huge-page memory. Memory area is
@@ -111,7 +129,8 @@ rte_zmalloc(const char *type, size_t size, unsigned align)
 void *
 rte_calloc(const char *type, size_t num, size_t size, unsigned align)
 	__rte_alloc_size(2, 3)
-	__rte_alloc_align(4);
+	__rte_alloc_align(4)
+	__rte_alloc_func(rte_free, 1);
 
 /**
  * Replacement function for realloc(), using huge-page memory. Reserved area
@@ -136,7 +155,8 @@ rte_calloc(const char *type, size_t num, size_t size, unsigned align)
 void *
 rte_realloc(void *ptr, size_t size, unsigned int align)
 	__rte_alloc_size(2)
-	__rte_alloc_align(3);
+	__rte_alloc_align(3)
+	__rte_alloc_func(rte_free, 1);
 
 /**
  * Replacement function for realloc(), using huge-page memory. Reserved area
@@ -163,7 +183,8 @@ rte_realloc(void *ptr, size_t size, unsigned int align)
 void *
 rte_realloc_socket(void *ptr, size_t size, unsigned int align, int socket)
 	__rte_alloc_size(2)
-	__rte_alloc_align(3);
+	__rte_alloc_align(3)
+	__rte_alloc_func(rte_free, 1);
 
 /**
  * This function allocates memory from the huge-page area of memory. The memory
@@ -191,7 +212,8 @@ rte_realloc_socket(void *ptr, size_t size, unsigned int align, int socket)
 void *
 rte_malloc_socket(const char *type, size_t size, unsigned align, int socket)
 	__rte_alloc_size(2)
-	__rte_alloc_align(3);
+	__rte_alloc_align(3)
+	__rte_alloc_func(rte_free, 1);
 
 /**
  * Allocate zeroed memory from the heap.
@@ -221,7 +243,8 @@ rte_malloc_socket(const char *type, size_t size, unsigned align, int socket)
 void *
 rte_zmalloc_socket(const char *type, size_t size, unsigned align, int socket)
 	__rte_alloc_size(2)
-	__rte_alloc_align(3);
+	__rte_alloc_align(3)
+	__rte_alloc_func(rte_free, 1);
 
 /**
  * Replacement function for calloc(), using huge-page memory. Memory area is
@@ -251,22 +274,8 @@ rte_zmalloc_socket(const char *type, size_t size, unsigned align, int socket)
 void *
 rte_calloc_socket(const char *type, size_t num, size_t size, unsigned align, int socket)
 	__rte_alloc_size(2, 3)
-	__rte_alloc_align(4);
-
-/**
- * Frees the memory space pointed to by the provided pointer.
- *
- * This pointer must have been returned by a previous call to
- * rte_malloc(), rte_zmalloc(), rte_calloc() or rte_realloc(). The behaviour of
- * rte_free() is undefined if the pointer does not match this requirement.
- *
- * If the pointer is NULL, the function does nothing.
- *
- * @param ptr
- *   The pointer to memory to be freed.
- */
-void
-rte_free(void *ptr);
+	__rte_alloc_align(4)
+	__rte_alloc_func(rte_free, 1);
 
 /**
  * If malloc debug is enabled, check a memory block for header
-- 
2.45.2