From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 140E8A0C47; Fri, 11 Jun 2021 06:49:28 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 81DE44067C; Fri, 11 Jun 2021 06:49:27 +0200 (CEST) Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by mails.dpdk.org (Postfix) with ESMTP id 65B764014F for ; Fri, 11 Jun 2021 06:49:25 +0200 (CEST) IronPort-SDR: EPn3g8csbFNaD0gqSKFPPhR1cZB0WhCa1QNqKjcm2oBbNIWwOdzY1cng+PmV/wHoamFRSxKac+ X8Naa5WlGMLA== X-IronPort-AV: E=McAfee;i="6200,9189,10011"; a="205420987" X-IronPort-AV: E=Sophos;i="5.83,265,1616482800"; d="scan'208";a="205420987" Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 10 Jun 2021 21:49:24 -0700 IronPort-SDR: yCAFaj3X2Ac+X+qFpb4Rfs8X9IcynNVClrMQnA7lHKMJ6BkCPZ4VCAPHq10shMPM2kwg66btbx eoaBgsDxuiTA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.83,265,1616482800"; d="scan'208";a="477584389" Received: from orsmsx603.amr.corp.intel.com ([10.22.229.16]) by FMSMGA003.fm.intel.com with ESMTP; 10 Jun 2021 21:49:23 -0700 Received: from orsmsx601.amr.corp.intel.com (10.22.229.14) by ORSMSX603.amr.corp.intel.com (10.22.229.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.4; Thu, 10 Jun 2021 21:49:22 -0700 Received: from orsedg603.ED.cps.intel.com (10.7.248.4) by orsmsx601.amr.corp.intel.com (10.22.229.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.4 via Frontend Transport; Thu, 10 Jun 2021 21:49:22 -0700 Received: from NAM11-DM6-obe.outbound.protection.outlook.com (104.47.57.171) by edgegateway.intel.com (134.134.137.100) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2242.4; Thu, 10 Jun 2021 21:49:22 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=eohhYkyksSskLljguf/s98Z4QhjRcbQg881Rsxn+5iDCr7rWzylGvE3Sf/QZ0YxuK7KE1+1Z3QoR4+SPIATFpWbbgwdedvkQbadAc36NhHvlyPRYEyw+H6WOYR3z3qBl8dVppgL3bXeL3SQeqp/RPr8l/9zovQjgH0YLCuxKwmFKYM/AaIkVo8bpzRIMrDswoIeZUtQ+YaUhIv/7o4XIEzsJVpe7XgqtrpYyhj9n96SojykTrxpPbSmJWW9pLIEmPw57rq1JbptmrhXGgWeTXLwd5JeA7l4NowxuXtLiSri+efFZF516hJJ9T1qxKDiqJYMeDdz72vJUyEgbahEd2w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=6INTRzvjkfe4TFw4JkzZkspfERjPsdgeF0tudyotQ4I=; b=dHT67pDRRvc18g1W/5oNDdHSz90QVYjR0FjmBsLkXMTVmdv+GgDfv1YwDDAkJlriFsq0wbqyVNcMe5y+uCWXOz00laHObx6WvP5oIaXUz6nVfwjCDr1p4TMlp+F0z9zmCsjCRenn/oIXov/c0peU1I3ZANWoWFgKvX0XRirshVyjBbHkRFv64XdjjgGYCuU4NfRACMBwxDLAYrKDCfCxosxc7UTx5T+fNl4BV+XnF0zfeBdD7dz5nRm5I6FE68If+PwbmkAVAKjY64j0jwdF+QU5DK3myB0MoD0bcH6GxLoNIfmcRKTHZnQHK+bPIpDvugp14KP9lgo360vh5psbUQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=6INTRzvjkfe4TFw4JkzZkspfERjPsdgeF0tudyotQ4I=; b=v8gK/zeP7xbyHZBVMZqZ+4U3HVl1NzVXB/9o9cAfpqW4EQ6wv9EiRuRvpb1h9qohx3hqz/OuyLn43XwyoPY0Jf/oMdb2THzXdpq3VHk6/pOiZuy1TYoXNUE8kivkiaAFU2hVG5VfR75BdHwWu4plFnKbNHwlXlhTmHDkjJjNdFw= Received: from BN7PR11MB2658.namprd11.prod.outlook.com (2603:10b6:406:ae::16) by BN6PR11MB3988.namprd11.prod.outlook.com (2603:10b6:405:7c::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4195.26; Fri, 11 Jun 2021 04:49:13 +0000 Received: from BN7PR11MB2658.namprd11.prod.outlook.com ([fe80::152:a489:e4ab:faf3]) by BN7PR11MB2658.namprd11.prod.outlook.com ([fe80::152:a489:e4ab:faf3%5]) with mapi id 15.20.4219.024; Fri, 11 Jun 2021 04:49:13 +0000 From: "Lin, Xueqin" To: "Ananyev, Konstantin" , "Peng, ZhihongX" , "Burakov, Anatoly" , "stephen@networkplumber.org" CC: "dev@dpdk.org" , "Peng, ZhihongX" Thread-Topic: [dpdk-dev] [RFC] porting AddressSanitizer feature to DPDK Thread-Index: AQHXXbgLxn7WkPyP3E6D8H20N7Dp+6sM9gMAgAFIGEA= Date: Fri, 11 Jun 2021 04:49:12 +0000 Message-ID: References: <20210610051352.48493-1-zhihongx.peng@intel.com> In-Reply-To: Accept-Language: en-GB, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-version: 11.5.1.3 dlp-reaction: no-action dlp-product: dlpe-windows authentication-results: intel.com; dkim=none (message not signed) header.d=none;intel.com; dmarc=none action=none header.from=intel.com; x-originating-ip: [192.102.204.51] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 2ea66346-5e6b-4799-4df6-08d92c944283 x-ms-traffictypediagnostic: BN6PR11MB3988: x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:9508; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: BPFYKvS2jF/MoiQ9GcMbzuI8GEuJNKN9F2XmrLDB/PtX3YsLjbQcU2cbK0dYa6o1AQZi4/EpNLV9om34qMuvZGODhi0T5BP4Zc+3RaDv0hjrxGXVJn3PGaPn74rPtlEmYr+lvZ0hSAQyhJPjo5CkoTshy/MHu/rL2WmpnxKKTGUOe8Q0ewjFrTevrPXwTBbEqbXOSbA80odXvWwLEd3Iv0Ax1UDq6KIEs8cv8CQalhyEJQRax8wYQU8Onr5AUhdm3x6v/wCipxFCWnqrLQfp9wZUQ6qvvH2hsTIYOY78wdt4uWczqS4BEf90jqhSDz0YZuaQVLnNTn/lQIuUx73FWEr1vHYkce1K3oy6WAl9VhoA99Ljr2nUHBLSQrK4Ka3oEqq+K6eVtqEC5qji1QlwNt0qmnw0rxi+4XCD9HUVrNHEvSR3/wenRw0ehusGHZtqtvAZ0gjIg/qkFs7M+ACvJHZF3pee/PPMg9EbPWHT9SDxo+o6hb+VjtlqckZsqC3KwmlqTVnChoO+XEPHJGjP1v2fbNvJ+vAScX5MWL8wgmnCa4C/SKNVZEv+qV+ok36W81q5/TGPSlxJHrtce01YtiPl1xljTJz6r5d/RLBImhghbWhvb+04KW2/KeE38DWiQoJLg5bbEH3q6+QujmkpGaoXch6ZEl+4TWVQaINha1UUv9wKk+5EFKddmw4gbYqAY55FVaxIsQgoSjrumWqeHJV2GVlvA7SoYB5PzpzPIyZUcYG/jw/GlWsrDedyz3PIHyGlZAwWuLsUBBJCeUyO6w== x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN7PR11MB2658.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(366004)(39860400002)(376002)(396003)(136003)(346002)(71200400001)(55016002)(7696005)(2906002)(66476007)(76116006)(9686003)(66446008)(26005)(478600001)(52536014)(107886003)(66946007)(83380400001)(5660300002)(64756008)(66556008)(30864003)(53546011)(316002)(186003)(86362001)(110136005)(33656002)(54906003)(38100700002)(8936002)(122000001)(8676002)(4326008)(6506007)(49343001); DIR:OUT; SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?lH4iAz00I50zRFagUB8FI/BQAVPgsafaow4/7FNLsiM6Y0KXh5Q5jRowxO20?= =?us-ascii?Q?Kk0Cn47W3ThoOW0HxzOp0dJzZ3mGXMgy0GzuC/uwG0/MHKFd/6M1WQzO/3dG?= =?us-ascii?Q?f15GmmJPXoyazDWqG+NeaHrKamHIZ7PwBowfPawyCwcwdEkbxI/e4c8YE99G?= =?us-ascii?Q?dbSVmSs/bN8fAa6sMsfqEle9+A4SuVaR3JNcpwEuBLJCXcBup4XDPY9R9BXd?= =?us-ascii?Q?icAzG0SGZZWpX30+iCeiOE6lhveYLAXIKYHd02w2z/hjg2MVJpTVk/BVJXZK?= =?us-ascii?Q?FTEKJbshUuv/CMqFbNHZ93MHQQl5vSBvhrElgoZWjrZJRmffHt8WtS67abxC?= =?us-ascii?Q?8I1bEUffnuAKqqz8z+9DKBK2DK0vEhBcRoXq/gqsUW40fZ1M2OTJFuXZgAX6?= =?us-ascii?Q?kCmDf2ibMIxVjc3v1QAS3RH4WFqppHdy7vwm1RGUGO30lqkWksVwBOALjiJ9?= =?us-ascii?Q?xLmiv2l+AwNI08NVgycFDdlDTdTNwL6rLyLOcOuoHRr8Stj5va9h5eekcu65?= =?us-ascii?Q?PazV/BQVBuSOsLYNcn95WY5KWbOh9teH3xJQuCdzWxkAzJxfQHXvi/RZxXWb?= =?us-ascii?Q?R90dytzmcpsUdOT+dA2Tucyb3YcnEJZnNlTQS4vHoGI6gY7Y0aZj2Bgo8B9S?= =?us-ascii?Q?yf5AdhYUyG4j94bbIu6WAQsASVqFThbvEjaeWvZcktm6a1qvVLSGCEbgeuoB?= =?us-ascii?Q?zPHWWAMJPlBjUsEjfAEQ+X32/vWLRtu0peNFwupkLQgkEwcmhNXasY4ESqLA?= =?us-ascii?Q?KKHi8FJWtPmvG+9+viV5p3EeijShNMWTGtIP7r4gNdZh5JjUyb8yHsWAruoN?= =?us-ascii?Q?ehgknodAEGoeramU320zrSDeOvHmx7aEDml20fF6F3R48OrJvGX6Us2w5CDE?= =?us-ascii?Q?94U2uRSV+4Rs5dItQlbfP1Ar5r39Pa97sOHEip984ILIgugvqFOYsAHDuRqW?= =?us-ascii?Q?GqqaTfePL9lO6hjTdEwncXbECT9uvRJhrSDs6tb1pC2Id+zLc4uiBwQcrKte?= =?us-ascii?Q?d4ZukPvY56+bPhCJKKXNANmaMi7//bTcfGPXUsMsWQYRJUpWjeMzoBTS3tmk?= =?us-ascii?Q?RfpPM8joJGtaL1+2rrrPBeJ44d5rHlWIYdiEWAzDo1KG/hE587gblaYGQP9H?= =?us-ascii?Q?aL+tGfE77XXxfY/GlMWxLG8ttL2kJgaBqmIphN1ZCCPgo2oqrm82Qf+f/PRG?= =?us-ascii?Q?EUXwq7C3Zqi/cbjuIWM9RPmtTUOLDlggOAJrvwdmUGTo8tXT+X9t7hA7haaZ?= =?us-ascii?Q?OKfZ8zNqS20PPwwYwxK3kMIWW4Ijahao6esk0UaZPKg91qiA9tNf3a7OqnLc?= =?us-ascii?Q?BOB1iKU6vymg/WQPLb9WDEzo?= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: BN7PR11MB2658.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 2ea66346-5e6b-4799-4df6-08d92c944283 X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Jun 2021 04:49:13.0240 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: xzfEEttEjfuBgCQmZVsChZyNsPoyEyBomCPk+P5mXrB3q2ge5GtOQwzkb3XGh3WpYLNJEa5hP5IQj77M7uDvOg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR11MB3988 X-OriginatorOrg: intel.com Subject: Re: [dpdk-dev] [RFC] porting AddressSanitizer feature to DPDK X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" > -----Original Message----- > From: Ananyev, Konstantin > Sent: Thursday, June 10, 2021 5:12 PM > To: Peng, ZhihongX ; Burakov, Anatoly > ; stephen@networkplumber.org > Cc: dev@dpdk.org; Lin, Xueqin ; Peng, ZhihongX > > Subject: RE: [dpdk-dev] [RFC] porting AddressSanitizer feature to DPDK >=20 >=20 > > > > From: Zhihong Peng > > > > AddressSanitizer (ASan) is a google memory error detect standard tool. > > It could help to detect use-after-free and {heap,stack,global}-buffer > > overflow bugs in C/C++ programs, print detailed error information when > > error happens, large improve debug efficiency. > > > > By referring to its implementation algorithm > > (https://github.com/google/sanitizers/wiki/AddressSanitizerAlgorithm), > > ported heap-buffer-overflow and use-after-freefunctions to dpdk. > > > > Here is an example of heap-buffer-overflow bug: > > ...... > > char *p =3D rte_zmalloc(NULL, 7, 0); > > p[7] =3D 'a'; > > ...... > > > > Here is an example of use-after-free bug: > > ...... > > char *p =3D rte_zmalloc(NULL, 7, 0); > > rte_free(p); > > *p =3D 'a'; > > ...... > > > > If you want to use this feature, > > you need to use the following compilation options: > > -Dc_args=3D'-DRTE_MALLOC_ASAN' > > -Db_lundef=3Dfalse -Db_sanitize=3Daddress > > > > Signed-off-by: Xueqin Lin > > Signed-off-by: Zhihong Peng > > --- > > lib/eal/common/malloc_elem.c | 33 +++++++- > > lib/eal/common/malloc_elem.h | 141 > ++++++++++++++++++++++++++++++++++- > > lib/eal/common/malloc_heap.c | 19 +++++ > > lib/eal/common/rte_malloc.c | 6 ++ > > 4 files changed, 197 insertions(+), 2 deletions(-) > > > > diff --git a/lib/eal/common/malloc_elem.c > > b/lib/eal/common/malloc_elem.c index c2c9461f1..4a146b1b9 100644 > > --- a/lib/eal/common/malloc_elem.c > > +++ b/lib/eal/common/malloc_elem.c > > @@ -446,6 +446,9 @@ malloc_elem_alloc(struct malloc_elem *elem, > size_t size, unsigned align, > > struct malloc_elem *new_free_elem =3D > > RTE_PTR_ADD(new_elem, size + > MALLOC_ELEM_OVERHEAD); > > > > +#ifdef RTE_MALLOC_ASAN > > + asan_clear_split_alloczone(new_free_elem); > > +#endif >=20 > Here and everywhere: > Instead of polluting code with all these ifdefs, I think it would be bett= er to > move all these asan_*() functions into a separate *.h. > And have all these ifdefs inside it. > Something like that: > asan.h: >=20 > #ifdef RTE_MALLOC_ASAN > static inline void asan_clear_split_alloczone(...) { > /* actual code */ > } > .... > #else > /* dummy one */ > static inline void asan_clear_split_alloczone(...) { } ... > #endif >=20 Good idea, we can improve it in v2, thanks.=20 > > split_elem(elem, new_free_elem); > > malloc_elem_free_list_insert(new_free_elem); > > > > @@ -458,6 +461,9 @@ malloc_elem_alloc(struct malloc_elem *elem, > size_t size, unsigned align, > > elem->state =3D ELEM_BUSY; > > elem->pad =3D old_elem_size; > > > > +#ifdef RTE_MALLOC_ASAN > > + asan_clear_alloczone(elem); > > +#endif > > /* put a dummy header in padding, to point to real element > header */ > > if (elem->pad > 0) { /* pad will be at least 64-bytes, as > everything > > * is cache-line aligned */ @@ -475,7 +481,13 > > @@ malloc_elem_alloc(struct malloc_elem *elem, size_t size, unsigned > align, > > * Re-insert original element, in case its new size makes it > > * belong on a different list. > > */ > > +#ifdef RTE_MALLOC_ASAN > > + asan_clear_split_alloczone(new_elem); > > +#endif > > split_elem(elem, new_elem); > > +#ifdef RTE_MALLOC_ASAN > > + asan_clear_alloczone(new_elem); > > +#endif > > new_elem->state =3D ELEM_BUSY; > > malloc_elem_free_list_insert(elem); > > > > @@ -601,6 +613,9 @@ malloc_elem_hide_region(struct malloc_elem > *elem, void *start, size_t len) > > if (next && next_elem_is_adjacent(elem)) { > > len_after =3D RTE_PTR_DIFF(next, hide_end); > > if (len_after >=3D MALLOC_ELEM_OVERHEAD + MIN_DATA_SIZE) > { > > +#ifdef RTE_MALLOC_ASAN > > + asan_clear_split_alloczone(hide_end); > > +#endif > > /* split after */ > > split_elem(elem, hide_end); > > > > @@ -615,6 +630,9 @@ malloc_elem_hide_region(struct malloc_elem > *elem, void *start, size_t len) > > if (prev && prev_elem_is_adjacent(elem)) { > > len_before =3D RTE_PTR_DIFF(hide_start, elem); > > if (len_before >=3D MALLOC_ELEM_OVERHEAD + > MIN_DATA_SIZE) { > > +#ifdef RTE_MALLOC_ASAN > > + asan_clear_split_alloczone(hide_start); > > +#endif > > /* split before */ > > split_elem(elem, hide_start); > > > > @@ -628,6 +646,9 @@ malloc_elem_hide_region(struct malloc_elem > *elem, void *start, size_t len) > > } > > } > > > > +#ifdef RTE_MALLOC_ASAN > > + asan_clear_alloczone(elem); > > +#endif > > remove_elem(elem); > > } > > > > @@ -641,8 +662,12 @@ malloc_elem_resize(struct malloc_elem *elem, > size_t size) > > const size_t new_size =3D size + elem->pad + > MALLOC_ELEM_OVERHEAD; > > > > /* if we request a smaller size, then always return ok */ > > - if (elem->size >=3D new_size) > > + if (elem->size >=3D new_size) { > > +#ifdef RTE_MALLOC_ASAN > > + asan_clear_alloczone(elem); > > +#endif > > return 0; > > + } > > > > /* check if there is a next element, it's free and adjacent */ > > if (!elem->next || elem->next->state !=3D ELEM_FREE || @@ -661,9 > > +686,15 @@ malloc_elem_resize(struct malloc_elem *elem, size_t size) > > /* now we have a big block together. Lets cut it down a bit, > by splitting */ > > struct malloc_elem *split_pt =3D RTE_PTR_ADD(elem, > new_size); > > split_pt =3D RTE_PTR_ALIGN_CEIL(split_pt, > RTE_CACHE_LINE_SIZE); > > +#ifdef RTE_MALLOC_ASAN > > + asan_clear_split_alloczone(split_pt); > > +#endif > > split_elem(elem, split_pt); > > malloc_elem_free_list_insert(split_pt); > > } > > +#ifdef RTE_MALLOC_ASAN > > + asan_clear_alloczone(elem); > > +#endif > > return 0; > > } > > > > diff --git a/lib/eal/common/malloc_elem.h > > b/lib/eal/common/malloc_elem.h index a1e5f7f02..d0d8bbb48 100644 > > --- a/lib/eal/common/malloc_elem.h > > +++ b/lib/eal/common/malloc_elem.h > > @@ -36,10 +36,20 @@ struct malloc_elem { > > uint64_t header_cookie; /* Cookie marking start of data */ > > /* trailer cookie at start + size */ > > #endif > > +#ifdef RTE_MALLOC_ASAN > > + size_t user_size; > > + uint64_t asan_cookie[2]; /*must be next to header_cookie*/ #endif > > } __rte_cache_aligned; > > > > +static const unsigned MALLOC_ELEM_HEADER_LEN =3D sizeof(struct > malloc_elem); > > + > > #ifndef RTE_MALLOC_DEBUG > > +#ifdef RTE_MALLOC_ASAN > > +static const unsigned MALLOC_ELEM_TRAILER_LEN =3D > RTE_CACHE_LINE_SIZE; > > +#else > > static const unsigned MALLOC_ELEM_TRAILER_LEN =3D 0; > > +#endif > > > > /* dummy function - just check if pointer is non-null */ > > static inline int > > @@ -90,9 +100,138 @@ malloc_elem_cookies_ok(const struct > malloc_elem *elem) > > > > #endif > > > > -static const unsigned MALLOC_ELEM_HEADER_LEN =3D sizeof(struct > malloc_elem); > > #define MALLOC_ELEM_OVERHEAD (MALLOC_ELEM_HEADER_LEN + > MALLOC_ELEM_TRAILER_LEN) > > > > +#ifdef RTE_MALLOC_ASAN > > + > > +#define ASAN_SHADOW_GRAIN_SIZE 8 > > +#define ASAN_MEM_FREE_FLAG 0xfd > > +#define ASAN_MEM_REDZONE_FLAG 0xfa > > +#define ASAN_MEM_TO_SHADOW(mem) (((mem) >> 3) + 0x00007fff8000) > > + > > +#if defined(__clang__) > > +__attribute__((no_sanitize("address", "hwaddress"))) > > +#else > > +__attribute__((no_sanitize_address)) > > +#endif > > +static inline void > > +asan_set_shadow(void *addr, char val) > > +{ > > + *(char *)addr =3D val; > > +} > > + > > +static inline void > > +asan_set_zone(void *ptr, size_t len, uint32_t val) > > +{ > > + size_t offset; > > + char *shadow; > > + size_t zone_len =3D len / ASAN_SHADOW_GRAIN_SIZE; > > + if (len % ASAN_SHADOW_GRAIN_SIZE !=3D 0) > > + zone_len +=3D 1; > > + > > + for (size_t i =3D 0; i < zone_len; i++) { > > + offset =3D i * ASAN_SHADOW_GRAIN_SIZE; > > + shadow =3D (char *)ASAN_MEM_TO_SHADOW(((int64_t)ptr + > offset)); > > + asan_set_shadow(shadow, val); > > + } > > +} > > + > > +/* > > + * When the memory is released, the release mark is > > + * set in the corresponding range of the shadow area. > > + */ > > +static inline void > > +asan_set_freezone(void *ptr, size_t size) > > +{ > > + asan_set_zone(ptr, size, ASAN_MEM_FREE_FLAG); > > +} > > + > > +/* > > + * When the memory is allocated, memory state must set accessible. > > + */ > > +static inline void > > +asan_clear_alloczone(struct malloc_elem *elem) > > +{ > > + asan_set_zone((void *)elem, elem->size, 0x0); > > +} > > + > > +static inline void > > +asan_clear_split_alloczone(struct malloc_elem *elem) > > +{ > > + void *ptr =3D RTE_PTR_SUB(elem, MALLOC_ELEM_TRAILER_LEN); > > + asan_set_zone(ptr, MALLOC_ELEM_OVERHEAD, 0x0); > > +} > > + > > +/* > > + * When the memory is allocated, the memory boundary is > > + * marked in the corresponding range of the shadow area. > > + */ > > +static inline void > > +asan_set_redzone(struct malloc_elem *elem, size_t user_size) > > +{ > > + uint64_t ptr; > > + char *shadow; > > + if (elem !=3D NULL) { > > + if (elem->state !=3D ELEM_PAD) > > + elem =3D RTE_PTR_ADD(elem, elem->pad); > > + > > + elem->user_size =3D user_size; > > + > > + /* Set mark before the start of the allocated memory */ > > + ptr =3D (uint64_t)RTE_PTR_ADD(elem, > MALLOC_ELEM_HEADER_LEN) > > + - ASAN_SHADOW_GRAIN_SIZE; > > + shadow =3D (char *)ASAN_MEM_TO_SHADOW(ptr); > > + asan_set_shadow(shadow, ASAN_MEM_REDZONE_FLAG); > > + shadow =3D (char *)ASAN_MEM_TO_SHADOW(ptr > > + - ASAN_SHADOW_GRAIN_SIZE); > > + asan_set_shadow(shadow, ASAN_MEM_REDZONE_FLAG); > > + > > + /* Set mark after the end of the allocated memory */ > > + ptr =3D (uint64_t)RTE_PTR_ADD(elem, > MALLOC_ELEM_HEADER_LEN > > + + elem->user_size); > > + shadow =3D (char *)ASAN_MEM_TO_SHADOW(ptr); > > + uint32_t val =3D (ptr % ASAN_SHADOW_GRAIN_SIZE); > > + val =3D (val =3D=3D 0) ? ASAN_MEM_REDZONE_FLAG : val; > > + asan_set_shadow(shadow, val); > > + shadow =3D (char *)ASAN_MEM_TO_SHADOW(ptr > > + + ASAN_SHADOW_GRAIN_SIZE); > > + asan_set_shadow(shadow, ASAN_MEM_REDZONE_FLAG); > > + } > > +} > > + > > +/* > > + * When the memory is released, the mark of the memory boundary > > + * in the corresponding range of the shadow area is cleared. > > + */ > > +static inline void > > +asan_clear_redzone(struct malloc_elem *elem) > > +{ > > + uint64_t ptr; > > + char *shadow; > > + if (elem !=3D NULL) { > > + elem =3D RTE_PTR_ADD(elem, elem->pad); > > + > > + /* Clear mark before the start of the allocated memory */ > > + ptr =3D (uint64_t)RTE_PTR_ADD(elem, > MALLOC_ELEM_HEADER_LEN) > > + - ASAN_SHADOW_GRAIN_SIZE; > > + shadow =3D (char *)ASAN_MEM_TO_SHADOW(ptr); > > + asan_set_shadow(shadow, 0x00); > > + shadow =3D (char *)ASAN_MEM_TO_SHADOW(ptr > > + - ASAN_SHADOW_GRAIN_SIZE); > > + asan_set_shadow(shadow, 0x00); > > + > > + /* Clear mark after the end of the allocated memory */ > > + ptr =3D (uint64_t)RTE_PTR_ADD(elem, > MALLOC_ELEM_HEADER_LEN > > + + elem->user_size); > > + shadow =3D (char *)ASAN_MEM_TO_SHADOW(ptr); > > + asan_set_shadow(shadow, 0x00); > > + shadow =3D (char *)ASAN_MEM_TO_SHADOW(ptr > > + + ASAN_SHADOW_GRAIN_SIZE); > > + asan_set_shadow(shadow, 0x00); > > + } > > +} > > +#endif > > + > > /* > > * Given a pointer to the start of a memory block returned by malloc, = get > > * the actual malloc_elem header for that block. > > diff --git a/lib/eal/common/malloc_heap.c > b/lib/eal/common/malloc_heap.c > > index ee400f38e..6d39549d3 100644 > > --- a/lib/eal/common/malloc_heap.c > > +++ b/lib/eal/common/malloc_heap.c > > @@ -238,6 +238,9 @@ heap_alloc(struct malloc_heap *heap, const char > *type __rte_unused, size_t size, > > { > > struct malloc_elem *elem; > > > > +#ifdef RTE_MALLOC_ASAN > > + size_t user_size =3D size; > > +#endif > > size =3D RTE_CACHE_LINE_ROUNDUP(size); > > align =3D RTE_CACHE_LINE_ROUNDUP(align); > > > > @@ -250,6 +253,9 @@ heap_alloc(struct malloc_heap *heap, const char > *type __rte_unused, size_t size, > > > > /* increase heap's count of allocated elements */ > > heap->alloc_count++; > > +#ifdef RTE_MALLOC_ASAN > > + asan_set_redzone(elem, user_size); > > +#endif > > } > > > > return elem =3D=3D NULL ? NULL : (void *)(&elem[1]); > > @@ -270,6 +276,9 @@ heap_alloc_biggest(struct malloc_heap *heap, > const char *type __rte_unused, > > > > /* increase heap's count of allocated elements */ > > heap->alloc_count++; > > +#ifdef RTE_MALLOC_ASAN > > + asan_set_redzone(elem, size); > > +#endif > > } > > > > return elem =3D=3D NULL ? NULL : (void *)(&elem[1]); > > @@ -841,6 +850,9 @@ malloc_heap_free(struct malloc_elem *elem) > > if (!malloc_elem_cookies_ok(elem) || elem->state !=3D ELEM_BUSY) > > return -1; > > > > +#ifdef RTE_MALLOC_ASAN > > + asan_clear_redzone(elem); > > +#endif > > /* elem may be merged with previous element, so keep heap > address */ > > heap =3D elem->heap; > > msl =3D elem->msl; > > @@ -848,6 +860,10 @@ malloc_heap_free(struct malloc_elem *elem) > > > > rte_spinlock_lock(&(heap->lock)); > > > > +#ifdef RTE_MALLOC_ASAN > > + void *asan_ptr =3D RTE_PTR_ADD(elem, MALLOC_ELEM_HEADER_LEN > + elem->pad); > > + size_t asan_data_len =3D elem->size - MALLOC_ELEM_OVERHEAD - > elem->pad; > > +#endif > > /* mark element as free */ > > elem->state =3D ELEM_FREE; > > > > @@ -1001,6 +1017,9 @@ malloc_heap_free(struct malloc_elem *elem) > > > > rte_mcfg_mem_write_unlock(); > > free_unlock: > > +#ifdef RTE_MALLOC_ASAN > > + asan_set_freezone(asan_ptr, asan_data_len); > > +#endif > > rte_spinlock_unlock(&(heap->lock)); > > return ret; > > } > > diff --git a/lib/eal/common/rte_malloc.c b/lib/eal/common/rte_malloc.c > > index 9d39e58c0..fe70ee938 100644 > > --- a/lib/eal/common/rte_malloc.c > > +++ b/lib/eal/common/rte_malloc.c > > @@ -170,6 +170,9 @@ rte_realloc_socket(void *ptr, size_t size, unsigned > int align, int socket) > > RTE_LOG(ERR, EAL, "Error: memory corruption detected\n"); > > return NULL; > > } > > +#ifdef RTE_MALLOC_ASAN > > + size_t user_size =3D size; > > +#endif > > > > size =3D RTE_CACHE_LINE_ROUNDUP(size), align =3D > RTE_CACHE_LINE_ROUNDUP(align); > > > > @@ -181,6 +184,9 @@ rte_realloc_socket(void *ptr, size_t size, unsigned > int align, int socket) > > RTE_PTR_ALIGN(ptr, align) =3D=3D ptr && > > malloc_heap_resize(elem, size) =3D=3D 0) { > > rte_eal_trace_mem_realloc(size, align, socket, ptr); > > +#ifdef RTE_MALLOC_ASAN > > + asan_set_redzone(elem, user_size); > > +#endif > > return ptr; > > } > > > > -- > > 2.17.1