diff mbox

[dpdk-dev,v3,2/2] eal/malloc: fix RTE malloc element free

Message ID 20170909073319.73174-2-xuemingl@mellanox.com (mailing list archive)
State Accepted, archived
Headers

Checks

Context Check Description
ci/checkpatch success coding style OK
ci/Intel-compilation success Compilation OK

Commit Message

Xueming Li Sept. 9, 2017, 7:33 a.m. UTC 
  malloc_elem_free() is clearing(setting to 0) the trailer cookie when
RTE_MALLOC_DEBUG is enabled. In case of joining free neighbor element,
part of joined memory is not getting cleared due to missing the length
of trailer cookie in the middle.

This patch fixes calculation of free memory length to be cleared in
malloc_elem_free() by including trailer cookie.

Fixes: af75078fece3 ("first public release")

Cc: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
Signed-off-by: Xueming Li <xuemingl@mellanox.com>
---
 lib/librte_eal/common/malloc_elem.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

Comments

Sergio Gonzalez Monroy Sept. 13, 2017, 12:06 p.m. UTC | #1 
On 09/09/2017 08:33, Xueming Li wrote:
> malloc_elem_free() is clearing(setting to 0) the trailer cookie when
> RTE_MALLOC_DEBUG is enabled. In case of joining free neighbor element,
> part of joined memory is not getting cleared due to missing the length
> of trailer cookie in the middle.
>
> This patch fixes calculation of free memory length to be cleared in
> malloc_elem_free() by including trailer cookie.
>
> Fixes: af75078fece3 ("first public release")
>
> Cc: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
> Signed-off-by: Xueming Li <xuemingl@mellanox.com>
> ---

Acked-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
Thomas Monjalon Oct. 9, 2017, 8:56 p.m. UTC | #2 
13/09/2017 14:06, Sergio Gonzalez Monroy:
> On 09/09/2017 08:33, Xueming Li wrote:
> > malloc_elem_free() is clearing(setting to 0) the trailer cookie when
> > RTE_MALLOC_DEBUG is enabled. In case of joining free neighbor element,
> > part of joined memory is not getting cleared due to missing the length
> > of trailer cookie in the middle.
> >
> > This patch fixes calculation of free memory length to be cleared in
> > malloc_elem_free() by including trailer cookie.
> >
> > Fixes: af75078fece3 ("first public release")
> >
> > Cc: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
> > Signed-off-by: Xueming Li <xuemingl@mellanox.com>
> 
> Acked-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>

Applied, thanks
diff mbox

Patch

diff --git a/lib/librte_eal/common/malloc_elem.c b/lib/librte_eal/common/malloc_elem.c
index 150769057..889dffd21 100644
--- a/lib/librte_eal/common/malloc_elem.c
+++ b/lib/librte_eal/common/malloc_elem.c
@@ -275,14 +275,14 @@  malloc_elem_free(struct malloc_elem *elem)
 		return -1;
 
 	rte_spinlock_lock(&(elem->heap->lock));
-	size_t sz = elem->size - sizeof(*elem);
+	size_t sz = elem->size - sizeof(*elem) - MALLOC_ELEM_TRAILER_LEN;
 	uint8_t *ptr = (uint8_t *)&elem[1];
 	struct malloc_elem *next = RTE_PTR_ADD(elem, elem->size);
 	if (next->state == ELEM_FREE){
 		/* remove from free list, join to this one */
 		elem_free_list_remove(next);
 		join_elem(elem, next);
-		sz += sizeof(*elem);
+		sz += (sizeof(*elem) + MALLOC_ELEM_TRAILER_LEN);
 	}
 
 	/* check if previous element is free, if so join with it and return,
@@ -291,8 +291,8 @@  malloc_elem_free(struct malloc_elem *elem)
 	if (elem->prev != NULL && elem->prev->state == ELEM_FREE) {
 		elem_free_list_remove(elem->prev);
 		join_elem(elem->prev, elem);
-		sz += sizeof(*elem);
-		ptr -= sizeof(*elem);
+		sz += (sizeof(*elem) + MALLOC_ELEM_TRAILER_LEN);
+		ptr -= (sizeof(*elem) + MALLOC_ELEM_TRAILER_LEN);
 		elem = elem->prev;
 	}
 	malloc_elem_free_list_insert(elem);