From: Stephen Hemminger <stephen@networkplumber.org>
To: dev@dpdk.org
Cc: Stephen Hemminger <stephen@networkplumber.org>,
Anatoly Burakov <anatoly.burakov@intel.com>,
Tyler Retzlaff <roretzla@linux.microsoft.com>
Subject: [PATCH v2 16/16] eal: add alloc_function attribute to rte_malloc
Date: Sat, 28 Sep 2024 09:47:24 -0700 [thread overview]
Message-ID: <20240928164814.861933-17-stephen@networkplumber.org> (raw)
In-Reply-To: <20240928164814.861933-1-stephen@networkplumber.org>
Use the GCC function attribute to detect cases where
memory is allocated with rte_malloc and freed incorrectly
with libc version of free (and vice versa). Also will detect
some other pointer mismatches.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
---
doc/guides/rel_notes/release_24_11.rst | 8 ++++
lib/eal/include/rte_malloc.h | 55 +++++++++++++++-----------
2 files changed, 40 insertions(+), 23 deletions(-)
diff --git a/doc/guides/rel_notes/release_24_11.rst b/doc/guides/rel_notes/release_24_11.rst
index 0ff70d9057..f27a37eac4 100644
--- a/doc/guides/rel_notes/release_24_11.rst
+++ b/doc/guides/rel_notes/release_24_11.rst
@@ -55,6 +55,14 @@ New Features
Also, make sure to start the actual text at the margin.
=======================================================
+* **Hardened rte_malloc and related functions.**
+
+ * Added function attributes to ``rte_malloc`` and similar functions
+ that can catch some obvious bugs at compile time (with GCC 11.0 or later).
+ Examples: calling ``free()`` on pointer that was allocated with ``rte_malloc``
+ (and vice versa); freeing the same pointer twice in the same routine;
+ freeing an object that was not created by allocation; etc.
+
Removed Items
-------------
diff --git a/lib/eal/include/rte_malloc.h b/lib/eal/include/rte_malloc.h
index cf3c174022..c7af96fcba 100644
--- a/lib/eal/include/rte_malloc.h
+++ b/lib/eal/include/rte_malloc.h
@@ -31,6 +31,22 @@ struct rte_malloc_socket_stats {
size_t heap_allocsz_bytes; /**< Total allocated bytes on heap */
};
+
+/**
+ * Frees the memory space pointed to by the provided pointer.
+ *
+ * This pointer must have been returned by a previous call to
+ * rte_malloc(), rte_zmalloc(), rte_calloc() or rte_realloc(). The behaviour of
+ * rte_free() is undefined if the pointer does not match this requirement.
+ *
+ * If the pointer is NULL, the function does nothing.
+ *
+ * @param ptr
+ * The pointer to memory to be freed.
+ */
+void
+rte_free(void *ptr);
+
/**
* This function allocates memory from the huge-page area of memory. The memory
* is not cleared. In NUMA systems, the memory allocated resides on the same
@@ -55,7 +71,8 @@ struct rte_malloc_socket_stats {
void *
rte_malloc(const char *type, size_t size, unsigned align)
__rte_alloc_size(2)
- __rte_alloc_align(3);
+ __rte_alloc_align(3)
+ __rte_alloc_func(rte_free, 1);
/**
* Allocate zeroed memory from the heap.
@@ -83,7 +100,8 @@ rte_malloc(const char *type, size_t size, unsigned align)
void *
rte_zmalloc(const char *type, size_t size, unsigned align)
__rte_alloc_size(2)
- __rte_alloc_align(3);
+ __rte_alloc_align(3)
+ __rte_alloc_func(rte_free, 1);
/**
* Replacement function for calloc(), using huge-page memory. Memory area is
@@ -111,7 +129,8 @@ rte_zmalloc(const char *type, size_t size, unsigned align)
void *
rte_calloc(const char *type, size_t num, size_t size, unsigned align)
__rte_alloc_size(2, 3)
- __rte_alloc_align(4);
+ __rte_alloc_align(4)
+ __rte_alloc_func(rte_free, 1);
/**
* Replacement function for realloc(), using huge-page memory. Reserved area
@@ -136,7 +155,8 @@ rte_calloc(const char *type, size_t num, size_t size, unsigned align)
void *
rte_realloc(void *ptr, size_t size, unsigned int align)
__rte_alloc_size(2)
- __rte_alloc_align(3);
+ __rte_alloc_align(3)
+ __rte_alloc_func(rte_free, 1);
/**
* Replacement function for realloc(), using huge-page memory. Reserved area
@@ -163,7 +183,8 @@ rte_realloc(void *ptr, size_t size, unsigned int align)
void *
rte_realloc_socket(void *ptr, size_t size, unsigned int align, int socket)
__rte_alloc_size(2)
- __rte_alloc_align(3);
+ __rte_alloc_align(3)
+ __rte_alloc_func(rte_free, 1);
/**
* This function allocates memory from the huge-page area of memory. The memory
@@ -191,7 +212,8 @@ rte_realloc_socket(void *ptr, size_t size, unsigned int align, int socket)
void *
rte_malloc_socket(const char *type, size_t size, unsigned align, int socket)
__rte_alloc_size(2)
- __rte_alloc_align(3);
+ __rte_alloc_align(3)
+ __rte_alloc_func(rte_free, 1);
/**
* Allocate zeroed memory from the heap.
@@ -221,7 +243,8 @@ rte_malloc_socket(const char *type, size_t size, unsigned align, int socket)
void *
rte_zmalloc_socket(const char *type, size_t size, unsigned align, int socket)
__rte_alloc_size(2)
- __rte_alloc_align(3);
+ __rte_alloc_align(3)
+ __rte_alloc_func(rte_free, 1);
/**
* Replacement function for calloc(), using huge-page memory. Memory area is
@@ -251,22 +274,8 @@ rte_zmalloc_socket(const char *type, size_t size, unsigned align, int socket)
void *
rte_calloc_socket(const char *type, size_t num, size_t size, unsigned align, int socket)
__rte_alloc_size(2, 3)
- __rte_alloc_align(4);
-
-/**
- * Frees the memory space pointed to by the provided pointer.
- *
- * This pointer must have been returned by a previous call to
- * rte_malloc(), rte_zmalloc(), rte_calloc() or rte_realloc(). The behaviour of
- * rte_free() is undefined if the pointer does not match this requirement.
- *
- * If the pointer is NULL, the function does nothing.
- *
- * @param ptr
- * The pointer to memory to be freed.
- */
-void
-rte_free(void *ptr);
+ __rte_alloc_align(4)
+ __rte_alloc_func(rte_free, 1);
/**
* If malloc debug is enabled, check a memory block for header
--
2.45.2
prev parent reply other threads:[~2024-09-28 16:49 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-09-27 20:45 [PATCH 00/16] Fix allocation issues and add hardening Stephen Hemminger
2024-09-27 20:45 ` [PATCH 01/16] eal: add function attributes for allocation functions Stephen Hemminger
2024-09-27 22:09 ` David Marchand
2024-09-27 23:10 ` Stephen Hemminger
2024-09-27 20:45 ` [PATCH 02/16] memzone: fix use after free in tracing Stephen Hemminger
2024-09-27 20:45 ` [PATCH 03/16] cryptodev/bcmfs: fix mis-matched free Stephen Hemminger
2024-09-27 20:45 ` [PATCH 04/16] dma/ixd: fix incorrect free function in cleanup Stephen Hemminger
2024-09-27 20:45 ` [PATCH 05/16] event/cnxk: fix pointer mismatch " Stephen Hemminger
2024-09-27 20:45 ` [PATCH 06/16] examples/vhost: fix free function mismatch Stephen Hemminger
2024-09-27 20:45 ` [PATCH 07/16] net/cnxk: fix use-after-free Stephen Hemminger
2024-09-27 20:45 ` [PATCH 08/16] bpf: fix free mismatch if convert fails Stephen Hemminger
2024-09-27 20:45 ` [PATCH 09/16] net/e1000: fix use-after-free Stephen Hemminger
2024-09-27 20:45 ` [PATCH 10/16] net/sfc: fix use-after-free warning messages Stephen Hemminger
2024-09-28 11:52 ` Ivan Malov
2024-09-27 20:45 ` [PATCH 11/16] net/cpfl: fix free of nonheap object Stephen Hemminger
2024-09-27 20:45 ` [PATCH 12/16] raw/ifpga/base: fix use after free Stephen Hemminger
2024-09-27 20:45 ` [PATCH 13/16] common/qat: " Stephen Hemminger
2024-09-27 20:45 ` [PATCH 14/16] drivers/ifpga: fix free function mismatch Stephen Hemminger
2024-09-27 20:45 ` [PATCH 15/16] eal: add alloc_function attribute to rte_malloc Stephen Hemminger
2024-09-27 20:45 ` [PATCH 16/16] mempool: annotate mempool create Stephen Hemminger
2024-09-28 11:49 ` Morten Brørup
2024-09-28 16:47 ` [PATCH v2 00/16] Fix allocation bugs and add malloc hardening Stephen Hemminger
2024-09-28 16:47 ` [PATCH v2 01/16] eal: add function attributes for allocation functions Stephen Hemminger
2024-09-28 16:47 ` [PATCH v2 02/16] memzone: fix use after free in tracing Stephen Hemminger
2024-09-28 16:47 ` [PATCH v2 03/16] cryptodev/bcmfs: fix mis-matched free Stephen Hemminger
2024-09-28 16:47 ` [PATCH v2 04/16] dma/ixd: fix incorrect free function in cleanup Stephen Hemminger
2024-09-28 16:47 ` [PATCH v2 05/16] event/cnxk: fix pointer mismatch " Stephen Hemminger
2024-09-28 16:47 ` [PATCH v2 06/16] examples/vhost: fix free function mismatch Stephen Hemminger
2024-09-28 16:47 ` [PATCH v2 07/16] net/cnxk: fix use-after-free Stephen Hemminger
2024-09-28 16:47 ` [PATCH v2 08/16] bpf: fix free mismatch if convert fails Stephen Hemminger
2024-09-28 16:47 ` [PATCH v2 09/16] net/e1000: fix use-after-free Stephen Hemminger
2024-09-28 16:47 ` [PATCH v2 10/16] net/sfc: fix use-after-free warning messages Stephen Hemminger
2024-09-28 16:47 ` [PATCH v2 11/16] net/cpfl: fix free of nonheap object Stephen Hemminger
2024-09-28 16:47 ` [PATCH v2 12/16] net/nfp: fix duplicate call to rte_free Stephen Hemminger
2024-09-28 16:47 ` [PATCH v2 13/16] raw/ifpga/base: fix use after free Stephen Hemminger
2024-09-28 16:47 ` [PATCH v2 14/16] common/qat: " Stephen Hemminger
2024-09-28 16:47 ` [PATCH v2 15/16] drivers/ifpga: fix free function mismatch Stephen Hemminger
2024-09-28 16:47 ` Stephen Hemminger [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240928164814.861933-17-stephen@networkplumber.org \
--to=stephen@networkplumber.org \
--cc=anatoly.burakov@intel.com \
--cc=dev@dpdk.org \
--cc=roretzla@linux.microsoft.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).