From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 311ACA0548; Mon, 20 Sep 2021 12:04:05 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 992EE40DF7; Mon, 20 Sep 2021 12:04:04 +0200 (CEST) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mails.dpdk.org (Postfix) with ESMTP id 73EF040DF5 for ; Mon, 20 Sep 2021 12:04:02 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1632132241; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=BxuX2mVay+x52XXdySzXWTNnE6+alsibMGOCUhht0HU=; b=SS0EiwLHh0aluX1FQdomtgxpxPoDlcjzr9pN/ycud4j7Rag/Hf0QDUZ8fIro9fdEHXfVR7 u631/UmFC+Qg+Amf5zWCyzfz9d97C66QJIP0lqZzhHWoyRCgN2GslrlJGgvoyE3UOtq/CL 5C/6La8VeUA/r01PrIslShupxVSVg3s= Received: from mail-lf1-f70.google.com (mail-lf1-f70.google.com [209.85.167.70]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-254-otll3huWMuS_pUOxZt7NlA-1; Mon, 20 Sep 2021 06:03:59 -0400 X-MC-Unique: otll3huWMuS_pUOxZt7NlA-1 Received: by mail-lf1-f70.google.com with SMTP id g4-20020a19ac04000000b003eb3973e4e2so11852436lfc.17 for ; Mon, 20 Sep 2021 03:03:59 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=BxuX2mVay+x52XXdySzXWTNnE6+alsibMGOCUhht0HU=; b=kv1tSRGI5sE2IJ5Cq3A2qjmL2YPQTNJzwsfXA9OUdhNY3oXn+G+dfn9qKDfICtFAEM PeG2IdS1fwdHSa1WhZ+87Y32bXYnegcyxzk0Fc33I6S+vgkjUhcpjEkGPqdl53G56BJ/ vAhumykYJIWy8hTardy+uHNRwd17B6qTa+SqCpdEsXOPEaq34ohpoz+K9s/lioCbS7iV SmqGqyrS/4C/ptQFJDV2MyUk/QyVogEVlmm/r2RIluCJZo00puF3o7jRoCnlLiEeWk6/ I1REPt2gif/OzcTjZJsb8eQdt7GjeNARtA3r3gHLpHjm7BjxE2qy+gAcCV+IV/kRxtDI I1bA== X-Gm-Message-State: AOAM530YDjEFCtz8aRevCvm9VrTL9QjbuKfkSIUnWdYlx9ia3r7qsYq4 hINKuI0XU/bmPI1VYdvcDzTBbqiRbUmcLCpNsatQQaLpQ4dsACCfp+qy8w7Bd9JnPyinDTeigp+ rmy+X1U+/l57dL5LvAU0= X-Received: by 2002:a2e:91d4:: with SMTP id u20mr15530711ljg.81.1632132237366; Mon, 20 Sep 2021 03:03:57 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwNTfaJkUF0+estJNEiKgkWHfHWt5luW9iQnClYKOhw46rMYq66kcHAEZlz+eo6od4GIDSnJQUInTDiUuwSVu4= X-Received: by 2002:a2e:91d4:: with SMTP id u20mr15530683ljg.81.1632132236818; Mon, 20 Sep 2021 03:03:56 -0700 (PDT) MIME-Version: 1.0 References: <20210916013843.342366-1-zhihongx.peng@intel.com> <20210918074155.872358-1-zhihongx.peng@intel.com> In-Reply-To: <20210918074155.872358-1-zhihongx.peng@intel.com> From: David Marchand Date: Mon, 20 Sep 2021 12:03:45 +0200 Message-ID: To: Zhihong Peng Cc: "Burakov, Anatoly" , "Ananyev, Konstantin" , Stephen Hemminger , dev , Xueqin Lin Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=dmarchan@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Subject: Re: [dpdk-dev] [PATCH v3] Enable AddressSanitizer feature on DPDK X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" On Sat, Sep 18, 2021 at 9:51 AM wrote: > > From: Zhihong Peng - The title is too vague. I am not sure what the best title is, but my current idea is: mem: instrument allocator with ASan - This is a nice feature that must be announced in the release notes. - How should we spell it? Asan ? ASAN ? ASan ? Please update devtools/words-case.txt and fix inconsistencies in this patch= . > > AddressSanitizer (ASan) is a google memory error detect > standard tool. It could help to detect use-after-free and > {heap,stack,global}-buffer overflow bugs in C/C++ programs, > print detailed error information when error happens, large > improve debug efficiency. > > By referring to its implementation algorithm > (https://github.com/google/sanitizers/wiki/AddressSanitizerAlgorithm), > enable heap-buffer-overflow and use-after-free functions on dpdk. > DPDK ASAN function currently only supports on Linux x86_64. If you don't intend to update other arches, at least explain in the commitlog what should be done: so that other arches know what to do to add support. > > Here is an example of heap-buffer-overflow bug: > ...... > char *p =3D rte_zmalloc(NULL, 7, 0); > p[7] =3D 'a'; > ...... > > Here is an example of use-after-free bug: > ...... > char *p =3D rte_zmalloc(NULL, 7, 0); > rte_free(p); > *p =3D 'a'; > ...... > > If you want to use this feature, > you need to add below compilation options when compiling code: > -Dbuildtype=3Ddebug -Db_lundef=3Dfalse -Db_sanitize=3Daddress ASAN is triggered by -Db_sanitize=3Daddress, it is the only *needed* option= afaiu. > "-Dbuildtype=3Ddebug": Display code information when coredump occurs > in the program. In ASan context, there is no coredump. ASan displays a backtrace which is easier to read when debug symbols are available. You can suggest building with debug, but this is *not needed*. > "-Db_lundef=3Dfalse": It is enabled by default, and needs to be > disabled when using asan. This is an issue with meson and clang. Tweaking b_lundef is needed with clang, gcc looks fine. But still, on RHEL with gcc, I need to install libasan. Maybe we can add libasan at a requirement at project level, did you try it? > > Signed-off-by: Xueqin Lin > Signed-off-by: Zhihong Peng > --- > doc/guides/prog_guide/asan.rst | 130 ++++++++++++++++++++++ > doc/guides/prog_guide/index.rst | 1 + > lib/eal/common/malloc_elem.c | 26 ++++- > lib/eal/common/malloc_elem.h | 184 +++++++++++++++++++++++++++++++- > lib/eal/common/malloc_heap.c | 12 +++ > lib/eal/common/rte_malloc.c | 9 +- > lib/pipeline/rte_swx_pipeline.c | 4 +- This change on pipeline has no explanation, and looks out of place wrt to current change. > 7 files changed, 359 insertions(+), 7 deletions(-) > create mode 100644 doc/guides/prog_guide/asan.rst > > diff --git a/doc/guides/prog_guide/asan.rst b/doc/guides/prog_guide/asan.= rst > new file mode 100644 > index 0000000000..a0589d9b8a > --- /dev/null > +++ b/doc/guides/prog_guide/asan.rst > @@ -0,0 +1,130 @@ > +.. Copyright (c) <2021>, Intel Corporation > + All rights reserved. > + > +Memory error detect standard tool - AddressSanitizer(Asan) > +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D > + > +AddressSanitizer (ASan) is a google memory error detect > +standard tool. It could help to detect use-after-free and > +{heap,stack,global}-buffer overflow bugs in C/C++ programs, > +print detailed error information when error happens, large > +improve debug efficiency. > + > +By referring to its implementation algorithm > +(https://github.com/google/sanitizers/wiki/AddressSanitizerAlgorithm), > +enabled heap-buffer-overflow and use-after-free functions on dpdk. > +DPDK ASAN function currently only supports on Linux x86_64. > + > +AddressSanitizer is a part of LLVM(3.1+)and GCC(4.8+). > + > +Example heap-buffer-overflow error > +---------------------------------- > + > +Following error was reported when Asan was enabled:: > + > + Applied 9 bytes of memory, but accessed the 10th byte of memory, > + so heap-buffer-overflow appeared. > + > +Below code results in this error:: > + > + char *p =3D rte_zmalloc(NULL, 9, 0); > + if (!p) { > + printf("rte_zmalloc error."); > + return -1; > + } > + p[9] =3D 'a'; > + > +The error log:: > + > + =3D=3D49433=3D=3DERROR: AddressSanitizer: heap-buffer-overflow on ad= dress 0x7f773fafa249 at pc 0x5556b13bdae4 bp 0x7ffeb4965e40 sp 0x7ffeb4965e= 30 WRITE of size 1 at 0x7f773fafa249 thread T0 > + #0 0x5556b13bdae3 in asan_heap_buffer_overflow ../app/test/test_asan= _heap_buffer_overflow.c:25 > + #1 0x5556b043e9d4 in cmd_autotest_parsed ../app/test/commands.c:71 > + #2 0x5556b1cdd4b0 in cmdline_parse ../lib/cmdline/cmdline_parse.c:29= 0 > + #3 0x5556b1cd8987 in cmdline_valid_buffer ../lib/cmdline/cmdline.c:2= 6 > + #4 0x5556b1ce477a in rdline_char_in ../lib/cmdline/cmdline_rdline.c:= 421 > + #5 0x5556b1cd923e in cmdline_in ../lib/cmdline/cmdline.c:149 > + #6 0x5556b1cd9769 in cmdline_interact ../lib/cmdline/cmdline.c:223 > + #7 0x5556b045f53b in main ../app/test/test.c:234 > + #8 0x7f7f1eba90b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.s= o.6+0x270b2) > + #9 0x5556b043e70d in _start (/home/pzh/yyy/x86_64-native-linuxapp-gc= c/app/test/dpdk-test+0x7ce70d) > + > + Address 0x7f773fafa249 is a wild pointer. > + SUMMARY: AddressSanitizer: heap-buffer-overflow ../app/test/test_asa= n_heap_buffer_overflow.c:25 in asan_heap_buffer_overflow > + Shadow bytes around the buggy address: > + 0x0fef67f573f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > + 0x0fef67f57400: fa fa 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > + 0x0fef67f57410: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > + 0x0fef67f57420: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > + 0x0fef67f57430: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > + =3D>0x0fef67f57440: 00 00 00 00 00 00 fa fa 00[01]fa 00 00 00 00 00 > + 0x0fef67f57450: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > + 0x0fef67f57460: 00 00 00 00 00 00 fa fa 00 00 00 00 00 00 00 00 > + 0x0fef67f57470: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > + 0x0fef67f57480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > + > +Example use-after-free error > +---------------------------- > + > +Following error was reported when Asan was enabled:: > + > + Applied for 9 bytes of memory, and accessed the first byte after > + released, so heap-use-after-free appeared. > + > +Below code results in this error:: > + > + char *p =3D rte_zmalloc(NULL, 9, 0); > + if (!p) { > + printf("rte_zmalloc error."); > + return -1; > + } > + rte_free(p); > + *p =3D 'a'; > + > +The error log:: > + > + =3D=3D49478=3D=3DERROR: AddressSanitizer: heap-use-after-free on add= ress 0x7fe2ffafa240 at pc 0x56409b084bc8 bp 0x7ffef62c57d0 sp 0x7ffef62c57c= 0 WRITE of size 1 at 0x7fe2ffafa240 thread T0 > + #0 0x56409b084bc7 in asan_use_after_free ../app/test/test_asan_use_a= fter_free.c:26 > + #1 0x56409a1059d4 in cmd_autotest_parsed ../app/test/commands.c:71 > + #2 0x56409b9a44b0 in cmdline_parse ../lib/cmdline/cmdline_parse.c:29= 0 > + #3 0x56409b99f987 in cmdline_valid_buffer ../lib/cmdline/cmdline.c:2= 6 > + #4 0x56409b9ab77a in rdline_char_in ../lib/cmdline/cmdline_rdline.c:= 421 > + #5 0x56409b9a023e in cmdline_in ../lib/cmdline/cmdline.c:149 > + #6 0x56409b9a0769 in cmdline_interact ../lib/cmdline/cmdline.c:223 > + #7 0x56409a12653b in main ../app/test/test.c:234 > + #8 0x7feafafc20b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.s= o.6+0x270b2) > + #9 0x56409a10570d in _start (/home/pzh/yyy/x86_64-native-linuxapp-gc= c/app/test/dpdk-test+0x7ce70d) > + > + Address 0x7fe2ffafa240 is a wild pointer. > + SUMMARY: AddressSanitizer: heap-use-after-free ../app/test/test_asan= _use_after_free.c:26 in asan_use_after_free > + Shadow bytes around the buggy address: > + 0x0ffcdff573f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > + 0x0ffcdff57400: fa fa 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > + 0x0ffcdff57410: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > + 0x0ffcdff57420: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > + 0x0ffcdff57430: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > + =3D>0x0ffcdff57440: 00 00 00 00 00 00 00 00[fd]fd fd fd fd fd fd fd > + 0x0ffcdff57450: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > + 0x0ffcdff57460: 00 00 00 00 00 00 fa fa 00 00 00 00 00 00 00 00 > + 0x0ffcdff57470: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > + 0x0ffcdff57480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > + 0x0ffcdff57490: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > + > +Usage > +----- > + > +meson build > +^^^^^^^^^^^ > + > +To enable Asan in meson build system, use following meson build command: > + > +Example usage:: > + > + meson build -Dbuildtype=3Ddebug -Db_lundef=3Dfalse -Db_sanitize=3Daddre= ss > + ninja -C build > + > +.. Note:: > + > + a) The issue of asan wild pointer is that dpdk asan tool is not fully = adapted to google asan. > + For example: Address 0x7fe2ffafa240 is a wild pointer. I can't understand what the "wild pointer" means in this context. This comment belongs to the traces in the section before. > + b) Centos8 needs to install libasan separately. See my previous comment on b_lundef. > + c) If the program uses cmdline, when a memory bug occurs, need to exec= ute the "stty echo" command. Yes, this is annoying when executing failing unit tests. That is something to handle better in the cmdline library, maybe in the fut= ure. Like "wild pointer", I don't think this comment belongs here. > diff --git a/doc/guides/prog_guide/index.rst b/doc/guides/prog_guide/inde= x.rst > index 2dce507f46..df8a4b93e1 100644 > --- a/doc/guides/prog_guide/index.rst > +++ b/doc/guides/prog_guide/index.rst > @@ -71,3 +71,4 @@ Programmer's Guide > lto > profile_app > glossary > + asan > diff --git a/lib/eal/common/malloc_elem.c b/lib/eal/common/malloc_elem.c > index c2c9461f1d..bdd20a162e 100644 > --- a/lib/eal/common/malloc_elem.c > +++ b/lib/eal/common/malloc_elem.c > @@ -446,6 +446,8 @@ malloc_elem_alloc(struct malloc_elem *elem, size_t si= ze, unsigned align, > struct malloc_elem *new_free_elem =3D > RTE_PTR_ADD(new_elem, size + MALLOC_ELEM_= OVERHEAD); > > + asan_clear_split_alloczone(new_free_elem); > + > split_elem(elem, new_free_elem); > malloc_elem_free_list_insert(new_free_elem); > > @@ -458,6 +460,8 @@ malloc_elem_alloc(struct malloc_elem *elem, size_t si= ze, unsigned align, > elem->state =3D ELEM_BUSY; > elem->pad =3D old_elem_size; > > + asan_clear_alloczone(elem); > + > /* put a dummy header in padding, to point to real elemen= t header */ > if (elem->pad > 0) { /* pad will be at least 64-bytes, as= everything > * is cache-line aligned */ > @@ -470,12 +474,18 @@ malloc_elem_alloc(struct malloc_elem *elem, size_t = size, unsigned align, > return new_elem; > } > > + asan_clear_split_alloczone(new_elem); > + > /* we are going to split the element in two. The original element > * remains free, and the new element is the one allocated. > * Re-insert original element, in case its new size makes it > * belong on a different list. > */ > + > split_elem(elem, new_elem); > + > + asan_clear_alloczone(new_elem); > + > new_elem->state =3D ELEM_BUSY; > malloc_elem_free_list_insert(elem); > > @@ -601,6 +611,8 @@ malloc_elem_hide_region(struct malloc_elem *elem, voi= d *start, size_t len) > if (next && next_elem_is_adjacent(elem)) { > len_after =3D RTE_PTR_DIFF(next, hide_end); > if (len_after >=3D MALLOC_ELEM_OVERHEAD + MIN_DATA_SIZE) = { > + asan_clear_split_alloczone(hide_end); > + > /* split after */ > split_elem(elem, hide_end); > > @@ -615,6 +627,8 @@ malloc_elem_hide_region(struct malloc_elem *elem, voi= d *start, size_t len) > if (prev && prev_elem_is_adjacent(elem)) { > len_before =3D RTE_PTR_DIFF(hide_start, elem); > if (len_before >=3D MALLOC_ELEM_OVERHEAD + MIN_DATA_SIZE)= { > + asan_clear_split_alloczone(hide_start); > + > /* split before */ > split_elem(elem, hide_start); > > @@ -628,6 +642,8 @@ malloc_elem_hide_region(struct malloc_elem *elem, voi= d *start, size_t len) > } > } > > + asan_clear_alloczone(elem); > + > remove_elem(elem); > } > > @@ -641,8 +657,10 @@ malloc_elem_resize(struct malloc_elem *elem, size_t = size) > const size_t new_size =3D size + elem->pad + MALLOC_ELEM_OVERHEAD= ; > > /* if we request a smaller size, then always return ok */ > - if (elem->size >=3D new_size) > + if (elem->size >=3D new_size) { > + asan_clear_alloczone(elem); > return 0; > + } > > /* check if there is a next element, it's free and adjacent */ > if (!elem->next || elem->next->state !=3D ELEM_FREE || > @@ -661,9 +679,15 @@ malloc_elem_resize(struct malloc_elem *elem, size_t = size) > /* now we have a big block together. Lets cut it down a b= it, by splitting */ > struct malloc_elem *split_pt =3D RTE_PTR_ADD(elem, new_si= ze); > split_pt =3D RTE_PTR_ALIGN_CEIL(split_pt, RTE_CACHE_LINE_= SIZE); > + > + asan_clear_split_alloczone(split_pt); > + > split_elem(elem, split_pt); > malloc_elem_free_list_insert(split_pt); > } > + > + asan_clear_alloczone(elem); > + > return 0; > } > > diff --git a/lib/eal/common/malloc_elem.h b/lib/eal/common/malloc_elem.h > index a1e5f7f02c..01a739f2ea 100644 > --- a/lib/eal/common/malloc_elem.h > +++ b/lib/eal/common/malloc_elem.h > @@ -7,6 +7,14 @@ > > #include > > +#ifdef __SANITIZE_ADDRESS__ > +#define RTE_MALLOC_ASAN > +#elif defined(__has_feature) > +# if __has_feature(address_sanitizer) > +#define RTE_MALLOC_ASAN > +# endif > +#endif > + > #define MIN_DATA_SIZE (RTE_CACHE_LINE_SIZE) > > /* dummy definition of struct so we can use pointers to it in malloc_ele= m struct */ > @@ -36,10 +44,20 @@ struct malloc_elem { > uint64_t header_cookie; /* Cookie marking start of data *= / > /* trailer cookie at start + size= */ > #endif > +#ifdef RTE_MALLOC_ASAN > + size_t user_size; > + uint64_t asan_cookie[2]; /*must be next to header_cookie*/ Fix coding style for comment please. > +#endif > } __rte_cache_aligned; > > +static const unsigned int MALLOC_ELEM_HEADER_LEN =3D sizeof(struct mallo= c_elem); > + > #ifndef RTE_MALLOC_DEBUG > -static const unsigned MALLOC_ELEM_TRAILER_LEN =3D 0; > +#ifdef RTE_MALLOC_ASAN > +static const unsigned int MALLOC_ELEM_TRAILER_LEN =3D RTE_CACHE_LINE_SIZ= E; > +#else > +static const unsigned int MALLOC_ELEM_TRAILER_LEN; > +#endif > > /* dummy function - just check if pointer is non-null */ > static inline int > @@ -55,7 +73,7 @@ set_trailer(struct malloc_elem *elem __rte_unused){ } > > > #else > -static const unsigned MALLOC_ELEM_TRAILER_LEN =3D RTE_CACHE_LINE_SIZE; > +static const unsigned int MALLOC_ELEM_TRAILER_LEN =3D RTE_CACHE_LINE_SIZ= E; > > #define MALLOC_HEADER_COOKIE 0xbadbadbadadd2e55ULL /**< Header cookie.= */ > #define MALLOC_TRAILER_COOKIE 0xadd2e55badbadbadULL /**< Trailer cookie= .*/ > @@ -90,9 +108,169 @@ malloc_elem_cookies_ok(const struct malloc_elem *ele= m) > > #endif > > -static const unsigned MALLOC_ELEM_HEADER_LEN =3D sizeof(struct malloc_el= em); > #define MALLOC_ELEM_OVERHEAD (MALLOC_ELEM_HEADER_LEN + MALLOC_ELEM_TRAIL= ER_LEN) > > +#ifdef RTE_MALLOC_ASAN > + > +#define ASAN_SHADOW_GRAIN_SIZE 8 > +#define ASAN_MEM_FREE_FLAG 0xfd > +#define ASAN_MEM_REDZONE_FLAG 0xfa > +#define ASAN_MEM_TO_SHADOW(mem) (((mem) >> 3) + 0x00007fff8000) > + > +#if defined(__clang__) > +__attribute__((no_sanitize("address", "hwaddress"))) > +#else > +__attribute__((no_sanitize_address)) > +#endif This attribute is only used here, I am ok with leaving this as is. If later it is needed elsewhere, we'll have to define a new attribute wrapper in rte_common.h. > +static inline void > +asan_set_shadow(void *addr, char val) > +{ > + *(char *)addr =3D val; > +} > + > +static inline void > +asan_set_zone(void *ptr, size_t len, uint32_t val) > +{ > + size_t offset; > + char *shadow; > + size_t zone_len =3D len / ASAN_SHADOW_GRAIN_SIZE; + size_t i; + to separate declarations from code. > + if (len % ASAN_SHADOW_GRAIN_SIZE !=3D 0) > + zone_len +=3D 1; > + > + for (size_t i =3D 0; i < zone_len; i++) { + for (i =3D 0; i < zone_len; i++) { That's to fix build issue: In file included from ../lib/eal/common/malloc_mp.c:16:0: ../lib/eal/common/malloc_elem.h: In function =E2=80=98asan_set_zone=E2=80= =99: ../lib/eal/common/malloc_elem.h:140:2: error: =E2=80=98for=E2=80=99 loop in= itial declarations are only allowed in C99 mode for (size_t i =3D 0; i < zone_len; i++) { ^ ../lib/eal/common/malloc_elem.h:140:2: note: use option -std=3Dc99 or -std=3Dgnu99 to compile your code > + offset =3D i * ASAN_SHADOW_GRAIN_SIZE; > + shadow =3D (char *)ASAN_MEM_TO_SHADOW(((int64_t)ptr + off= set)); > + asan_set_shadow(shadow, val); > + } > +} > + > +/* > + * When the memory is released, the release mark is > + * set in the corresponding range of the shadow area. > + */ > +static inline void > +asan_set_freezone(void *ptr, size_t size) > +{ > + asan_set_zone(ptr, size, ASAN_MEM_FREE_FLAG); > +} > + > +/* > + * When the memory is allocated, memory state must set as accessible. > + */ > +static inline void > +asan_clear_alloczone(struct malloc_elem *elem) > +{ > + asan_set_zone((void *)elem, elem->size, 0x0); > +} > + > +static inline void > +asan_clear_split_alloczone(struct malloc_elem *elem) > +{ > + void *ptr =3D RTE_PTR_SUB(elem, MALLOC_ELEM_TRAILER_LEN); > + asan_set_zone(ptr, MALLOC_ELEM_OVERHEAD, 0x0); > +} > + > +/* > + * When the memory is allocated, the memory boundary is > + * marked in the corresponding range of the shadow area. > + */ > +static inline void > +asan_set_redzone(struct malloc_elem *elem, size_t user_size) > +{ > + uint64_t ptr; > + char *shadow; > + if (elem !=3D NULL) { > + if (elem->state !=3D ELEM_PAD) > + elem =3D RTE_PTR_ADD(elem, elem->pad); > + > + elem->user_size =3D user_size; > + > + /* Set mark before the start of the allocated memory */ > + ptr =3D (uint64_t)RTE_PTR_ADD(elem, MALLOC_ELEM_HEADER_LE= N) > + - ASAN_SHADOW_GRAIN_SIZE; > + shadow =3D (char *)ASAN_MEM_TO_SHADOW(ptr); > + asan_set_shadow(shadow, ASAN_MEM_REDZONE_FLAG); > + shadow =3D (char *)ASAN_MEM_TO_SHADOW(ptr > + - ASAN_SHADOW_GRAIN_SIZE); > + asan_set_shadow(shadow, ASAN_MEM_REDZONE_FLAG); > + > + /* Set mark after the end of the allocated memory */ > + ptr =3D (uint64_t)RTE_PTR_ADD(elem, MALLOC_ELEM_HEADER_LE= N > + + elem->user_size); > + shadow =3D (char *)ASAN_MEM_TO_SHADOW(ptr); > + uint32_t val =3D (ptr % ASAN_SHADOW_GRAIN_SIZE); > + val =3D (val =3D=3D 0) ? ASAN_MEM_REDZONE_FLAG : val; > + asan_set_shadow(shadow, val); > + shadow =3D (char *)ASAN_MEM_TO_SHADOW(ptr > + + ASAN_SHADOW_GRAIN_SIZE); > + asan_set_shadow(shadow, ASAN_MEM_REDZONE_FLAG); > + } > +} > + > +/* > + * When the memory is released, the mark of the memory boundary > + * in the corresponding range of the shadow area is cleared. > + */ > +static inline void > +asan_clear_redzone(struct malloc_elem *elem) > +{ > + uint64_t ptr; > + char *shadow; > + if (elem !=3D NULL) { > + elem =3D RTE_PTR_ADD(elem, elem->pad); > + > + /* Clear mark before the start of the allocated memory */ > + ptr =3D (uint64_t)RTE_PTR_ADD(elem, MALLOC_ELEM_HEADER_LE= N) > + - ASAN_SHADOW_GRAIN_SIZE; > + shadow =3D (char *)ASAN_MEM_TO_SHADOW(ptr); > + asan_set_shadow(shadow, 0x00); > + shadow =3D (char *)ASAN_MEM_TO_SHADOW(ptr > + - ASAN_SHADOW_GRAIN_SIZE); > + asan_set_shadow(shadow, 0x00); > + > + /* Clear mark after the end of the allocated memory */ > + ptr =3D (uint64_t)RTE_PTR_ADD(elem, MALLOC_ELEM_HEADER_LE= N > + + elem->user_size); > + shadow =3D (char *)ASAN_MEM_TO_SHADOW(ptr); > + asan_set_shadow(shadow, 0x00); > + shadow =3D (char *)ASAN_MEM_TO_SHADOW(ptr > + + ASAN_SHADOW_GRAIN_SIZE); > + asan_set_shadow(shadow, 0x00); > + } > +} > + > +static inline size_t > +old_malloc_size(struct malloc_elem *elem) > +{ > + if (elem->state !=3D ELEM_PAD) > + elem =3D RTE_PTR_ADD(elem, elem->pad); > + > + return elem->user_size; > +} > +#else > +static inline void > +asan_set_freezone(void *ptr __rte_unused, size_t size __rte_unused) { } > + > +static inline void > +asan_clear_alloczone(struct malloc_elem *elem __rte_unused) { } > + > +static inline void > +asan_clear_split_alloczone(struct malloc_elem *elem __rte_unused) { } > + > +static inline void > +asan_set_redzone(struct malloc_elem *elem __rte_unused, > + size_t user_size __rte_unused) { = } > + > +static inline void > +asan_clear_redzone(struct malloc_elem *elem __rte_unused) { } > + > +static inline size_t > +old_malloc_size(struct malloc_elem *elem) > +{ > + return elem->size - elem->pad - MALLOC_ELEM_OVERHEAD; > +} > +#endif > + > /* > * Given a pointer to the start of a memory block returned by malloc, ge= t > * the actual malloc_elem header for that block. > diff --git a/lib/eal/common/malloc_heap.c b/lib/eal/common/malloc_heap.c > index ee400f38ec..775d6789df 100644 > --- a/lib/eal/common/malloc_heap.c > +++ b/lib/eal/common/malloc_heap.c > @@ -237,6 +237,7 @@ heap_alloc(struct malloc_heap *heap, const char *type= __rte_unused, size_t size, > unsigned int flags, size_t align, size_t bound, bool cont= ig) > { > struct malloc_elem *elem; > + size_t user_size =3D size; > > size =3D RTE_CACHE_LINE_ROUNDUP(size); > align =3D RTE_CACHE_LINE_ROUNDUP(align); > @@ -250,6 +251,8 @@ heap_alloc(struct malloc_heap *heap, const char *type= __rte_unused, size_t size, > > /* increase heap's count of allocated elements */ > heap->alloc_count++; > + > + asan_set_redzone(elem, user_size); > } > > return elem =3D=3D NULL ? NULL : (void *)(&elem[1]); > @@ -270,6 +273,8 @@ heap_alloc_biggest(struct malloc_heap *heap, const ch= ar *type __rte_unused, > > /* increase heap's count of allocated elements */ > heap->alloc_count++; > + > + asan_set_redzone(elem, size); > } > > return elem =3D=3D NULL ? NULL : (void *)(&elem[1]); > @@ -841,6 +846,8 @@ malloc_heap_free(struct malloc_elem *elem) > if (!malloc_elem_cookies_ok(elem) || elem->state !=3D ELEM_BUSY) > return -1; > > + asan_clear_redzone(elem); > + > /* elem may be merged with previous element, so keep heap address= */ > heap =3D elem->heap; > msl =3D elem->msl; > @@ -848,6 +855,9 @@ malloc_heap_free(struct malloc_elem *elem) > > rte_spinlock_lock(&(heap->lock)); > > + void *asan_ptr =3D RTE_PTR_ADD(elem, MALLOC_ELEM_HEADER_LEN + ele= m->pad); > + size_t asan_data_len =3D elem->size - MALLOC_ELEM_OVERHEAD - elem= ->pad; > + > /* mark element as free */ > elem->state =3D ELEM_FREE; > > @@ -1001,6 +1011,8 @@ malloc_heap_free(struct malloc_elem *elem) > > rte_mcfg_mem_write_unlock(); > free_unlock: > + asan_set_freezone(asan_ptr, asan_data_len); > + > rte_spinlock_unlock(&(heap->lock)); > return ret; > } > diff --git a/lib/eal/common/rte_malloc.c b/lib/eal/common/rte_malloc.c > index 9d39e58c08..d0bec26920 100644 > --- a/lib/eal/common/rte_malloc.c > +++ b/lib/eal/common/rte_malloc.c > @@ -162,6 +162,8 @@ rte_calloc(const char *type, size_t num, size_t size,= unsigned align) > void * > rte_realloc_socket(void *ptr, size_t size, unsigned int align, int socke= t) > { > + size_t user_size; > + > if (ptr =3D=3D NULL) > return rte_malloc_socket(NULL, size, align, socket); > > @@ -171,6 +173,8 @@ rte_realloc_socket(void *ptr, size_t size, unsigned i= nt align, int socket) > return NULL; > } > > + user_size =3D size; > + > size =3D RTE_CACHE_LINE_ROUNDUP(size), align =3D RTE_CACHE_LINE_R= OUNDUP(align); > > /* check requested socket id and alignment matches first, and if = ok, > @@ -181,6 +185,9 @@ rte_realloc_socket(void *ptr, size_t size, unsigned i= nt align, int socket) > RTE_PTR_ALIGN(ptr, align) =3D=3D ptr && > malloc_heap_resize(elem, size) =3D=3D 0) { > rte_eal_trace_mem_realloc(size, align, socket, ptr); > + > + asan_set_redzone(elem, user_size); > + > return ptr; > } > > @@ -192,7 +199,7 @@ rte_realloc_socket(void *ptr, size_t size, unsigned i= nt align, int socket) > if (new_ptr =3D=3D NULL) > return NULL; > /* elem: |pad|data_elem|data|trailer| */ > - const size_t old_size =3D elem->size - elem->pad - MALLOC_ELEM_OV= ERHEAD; > + const size_t old_size =3D old_malloc_size(elem); > rte_memcpy(new_ptr, ptr, old_size < size ? old_size : size); > rte_free(ptr); > > diff --git a/lib/pipeline/rte_swx_pipeline.c b/lib/pipeline/rte_swx_pipel= ine.c > index 8eb978a30c..aaa0107d02 100644 > --- a/lib/pipeline/rte_swx_pipeline.c > +++ b/lib/pipeline/rte_swx_pipeline.c > @@ -6340,7 +6340,7 @@ instr_meter_translate(struct rte_swx_pipeline *p, > return 0; > } > > - CHECK(0, EINVAL); > + return -EINVAL; > } > > static inline struct meter * > @@ -8025,7 +8025,7 @@ instr_translate(struct rte_swx_pipeline *p, > instr, > data); > > - CHECK(0, EINVAL); > + return -EINVAL; > } > > static struct instruction_data * > -- > 2.25.1 > --=20 David Marchand