From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dev-bounces@dpdk.org>
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id D188E45A50;
	Sat, 28 Sep 2024 18:49:58 +0200 (CEST)
Received: from mails.dpdk.org (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id 2EAC840A7A;
	Sat, 28 Sep 2024 18:48:52 +0200 (CEST)
Received: from mail-pj1-f42.google.com (mail-pj1-f42.google.com
 [209.85.216.42]) by mails.dpdk.org (Postfix) with ESMTP id 67B9E40673
 for <dev@dpdk.org>; Sat, 28 Sep 2024 18:48:40 +0200 (CEST)
Received: by mail-pj1-f42.google.com with SMTP id
 98e67ed59e1d1-2e06f5d4bc7so2775953a91.2
 for <dev@dpdk.org>; Sat, 28 Sep 2024 09:48:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=networkplumber-org.20230601.gappssmtp.com; s=20230601; t=1727542119;
 x=1728146919; darn=dpdk.org; 
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:from:to:cc:subject:date
 :message-id:reply-to;
 bh=R8Ok1+kq8bi6yHExAh8y81w0B9yxmLJ61X/1EwvijG0=;
 b=arvwDYY32TRMO7oNesERqDIfhALo5TyJDrGaAUHa2czwLVYemEkOQwE/6Zo/98vdBK
 SEkAxvgbLcZmN6ChgpKe3tlv0zNAhWYJJpkgCZEZxqY9BS6HkU/OtT3xp05F/YZaZS6x
 fNBdF8DpdU0Dw+IUtoSkGptdnhRha6DvBFX6M94smOXY5SoOjLA6sT5qPN+oY/LMktNz
 JIFdEmwOa2xqV3eEgb3IuyUbUXot1vqY4pEuaBMrRSY+5FGc7LdxPgjbR9XC5Jtml8ZC
 Izh+PekhpBbh3Mh5HaXOQuGzDDkhtZpdHYz+NtNR1u+JZXa7sUbEk24qFPILV7noFJyz
 u30w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1727542119; x=1728146919;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=R8Ok1+kq8bi6yHExAh8y81w0B9yxmLJ61X/1EwvijG0=;
 b=TidhsPuJkjlverWFj2iZoTkfX6jy9H6p85syuvKl5YjJfmOakguNN3Z67YFBUlULRU
 hDlcBnMieQt6eITPQ9dzaynpDxODhgj9V8JP2Lavk5EJu2U2U3gget5ZECVHM0kngfpK
 GovycNymkK27hClYLwxzno/FD8BuZD8Q1k88VU9W06hnIdY2lRbQ+CHTCiOIxUYTe5RO
 pdJEyvTTrYAUcwOtSUMdcA4vJOBiHchafvKW8BgHQeu9eBKHJMz0cDX75lICA2kISefY
 1/t7mgO7ZqetcaPsgxHiw4l/PEKNQNYEzPf1uTTVpqfaveVa/yJwFoGnS6k7GxIODduC
 c4zg==
X-Gm-Message-State: AOJu0YwnDBHe37rc04diIqdC2EZU3JlMZ3cpbWbt9vVQ/2S7HhTVTRSc
 k4WgG7JrYhHVwDchkWzxpPMuDJJABPzUYPv0gFyAJgsTbGQta49PdEYgoV62jA6wv8BCIvP9E2g
 D
X-Google-Smtp-Source: AGHT+IGgyL903meO4QX42v9HMy5W+ZQN7yML0o2XcRsgWcSU352kJq6I0ZMT34XjHl6Nw/pJnEKSqw==
X-Received: by 2002:a17:90b:d98:b0:2d3:d063:bdb6 with SMTP id
 98e67ed59e1d1-2e0b89a2d65mr8409498a91.4.1727542119545; 
 Sat, 28 Sep 2024 09:48:39 -0700 (PDT)
Received: from hermes.local (204-195-96-226.wavecable.com. [204.195.96.226])
 by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-20b37e47c7dsm28854015ad.216.2024.09.28.09.48.38
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Sat, 28 Sep 2024 09:48:39 -0700 (PDT)
From: Stephen Hemminger <stephen@networkplumber.org>
To: dev@dpdk.org
Cc: Stephen Hemminger <stephen@networkplumber.org>,
 Anatoly Burakov <anatoly.burakov@intel.com>,
 Tyler Retzlaff <roretzla@linux.microsoft.com>
Subject: [PATCH v2 16/16] eal: add alloc_function attribute to rte_malloc
Date: Sat, 28 Sep 2024 09:47:24 -0700
Message-ID: <20240928164814.861933-17-stephen@networkplumber.org>
X-Mailer: git-send-email 2.45.2
In-Reply-To: <20240928164814.861933-1-stephen@networkplumber.org>
References: <20240927204742.546164-1-stephen@networkplumber.org>
 <20240928164814.861933-1-stephen@networkplumber.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org

Use the GCC function attribute to detect cases where
memory is allocated with rte_malloc and freed incorrectly
with libc version of free (and vice versa). Also will detect
some other pointer mismatches.

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
---
 doc/guides/rel_notes/release_24_11.rst |  8 ++++
 lib/eal/include/rte_malloc.h           | 55 +++++++++++++++-----------
 2 files changed, 40 insertions(+), 23 deletions(-)

diff --git a/doc/guides/rel_notes/release_24_11.rst b/doc/guides/rel_notes/release_24_11.rst
index 0ff70d9057..f27a37eac4 100644
--- a/doc/guides/rel_notes/release_24_11.rst
+++ b/doc/guides/rel_notes/release_24_11.rst
@@ -55,6 +55,14 @@ New Features
      Also, make sure to start the actual text at the margin.
      =======================================================
 
+* **Hardened rte_malloc and related functions.**
+
+  * Added function attributes to  ``rte_malloc`` and similar functions
+    that can catch some obvious bugs at compile time (with GCC 11.0 or later).
+    Examples: calling ``free()`` on pointer that was allocated with ``rte_malloc``
+    (and vice versa); freeing the same pointer twice in the same routine;
+    freeing an object that was not created by allocation; etc.
+
 
 Removed Items
 -------------
diff --git a/lib/eal/include/rte_malloc.h b/lib/eal/include/rte_malloc.h
index cf3c174022..c7af96fcba 100644
--- a/lib/eal/include/rte_malloc.h
+++ b/lib/eal/include/rte_malloc.h
@@ -31,6 +31,22 @@ struct rte_malloc_socket_stats {
 	size_t heap_allocsz_bytes; /**< Total allocated bytes on heap */
 };
 
+
+/**
+ * Frees the memory space pointed to by the provided pointer.
+ *
+ * This pointer must have been returned by a previous call to
+ * rte_malloc(), rte_zmalloc(), rte_calloc() or rte_realloc(). The behaviour of
+ * rte_free() is undefined if the pointer does not match this requirement.
+ *
+ * If the pointer is NULL, the function does nothing.
+ *
+ * @param ptr
+ *   The pointer to memory to be freed.
+ */
+void
+rte_free(void *ptr);
+
 /**
  * This function allocates memory from the huge-page area of memory. The memory
  * is not cleared. In NUMA systems, the memory allocated resides on the same
@@ -55,7 +71,8 @@ struct rte_malloc_socket_stats {
 void *
 rte_malloc(const char *type, size_t size, unsigned align)
 	__rte_alloc_size(2)
-	__rte_alloc_align(3);
+	__rte_alloc_align(3)
+	__rte_alloc_func(rte_free, 1);
 
 /**
  * Allocate zeroed memory from the heap.
@@ -83,7 +100,8 @@ rte_malloc(const char *type, size_t size, unsigned align)
 void *
 rte_zmalloc(const char *type, size_t size, unsigned align)
 	__rte_alloc_size(2)
-	__rte_alloc_align(3);
+	__rte_alloc_align(3)
+	__rte_alloc_func(rte_free, 1);
 
 /**
  * Replacement function for calloc(), using huge-page memory. Memory area is
@@ -111,7 +129,8 @@ rte_zmalloc(const char *type, size_t size, unsigned align)
 void *
 rte_calloc(const char *type, size_t num, size_t size, unsigned align)
 	__rte_alloc_size(2, 3)
-	__rte_alloc_align(4);
+	__rte_alloc_align(4)
+	__rte_alloc_func(rte_free, 1);
 
 /**
  * Replacement function for realloc(), using huge-page memory. Reserved area
@@ -136,7 +155,8 @@ rte_calloc(const char *type, size_t num, size_t size, unsigned align)
 void *
 rte_realloc(void *ptr, size_t size, unsigned int align)
 	__rte_alloc_size(2)
-	__rte_alloc_align(3);
+	__rte_alloc_align(3)
+	__rte_alloc_func(rte_free, 1);
 
 /**
  * Replacement function for realloc(), using huge-page memory. Reserved area
@@ -163,7 +183,8 @@ rte_realloc(void *ptr, size_t size, unsigned int align)
 void *
 rte_realloc_socket(void *ptr, size_t size, unsigned int align, int socket)
 	__rte_alloc_size(2)
-	__rte_alloc_align(3);
+	__rte_alloc_align(3)
+	__rte_alloc_func(rte_free, 1);
 
 /**
  * This function allocates memory from the huge-page area of memory. The memory
@@ -191,7 +212,8 @@ rte_realloc_socket(void *ptr, size_t size, unsigned int align, int socket)
 void *
 rte_malloc_socket(const char *type, size_t size, unsigned align, int socket)
 	__rte_alloc_size(2)
-	__rte_alloc_align(3);
+	__rte_alloc_align(3)
+	__rte_alloc_func(rte_free, 1);
 
 /**
  * Allocate zeroed memory from the heap.
@@ -221,7 +243,8 @@ rte_malloc_socket(const char *type, size_t size, unsigned align, int socket)
 void *
 rte_zmalloc_socket(const char *type, size_t size, unsigned align, int socket)
 	__rte_alloc_size(2)
-	__rte_alloc_align(3);
+	__rte_alloc_align(3)
+	__rte_alloc_func(rte_free, 1);
 
 /**
  * Replacement function for calloc(), using huge-page memory. Memory area is
@@ -251,22 +274,8 @@ rte_zmalloc_socket(const char *type, size_t size, unsigned align, int socket)
 void *
 rte_calloc_socket(const char *type, size_t num, size_t size, unsigned align, int socket)
 	__rte_alloc_size(2, 3)
-	__rte_alloc_align(4);
-
-/**
- * Frees the memory space pointed to by the provided pointer.
- *
- * This pointer must have been returned by a previous call to
- * rte_malloc(), rte_zmalloc(), rte_calloc() or rte_realloc(). The behaviour of
- * rte_free() is undefined if the pointer does not match this requirement.
- *
- * If the pointer is NULL, the function does nothing.
- *
- * @param ptr
- *   The pointer to memory to be freed.
- */
-void
-rte_free(void *ptr);
+	__rte_alloc_align(4)
+	__rte_alloc_func(rte_free, 1);
 
 /**
  * If malloc debug is enabled, check a memory block for header
-- 
2.45.2