malloc: fix pad erasing

Previously, when joining adjacent free elements, we were erasing
trailer and header, but did not erase the padding. Fix this by
accounting for padding on erase, and do not erase padding twice
by adjusting data pointer and data len to not include padding.

Fixes: bb372060dad4 ("malloc: make heap a doubly-linked list")
Cc: stable@dpdk.org
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>

diff --git a/lib/librte_eal/common/malloc_elem.c b/lib/librte_eal/common/malloc_elem.c
index 9bfe9b9b4f73025d0b6a3aa099405d1a6e788253..944587bc53b77e9f2e9194669e0fe4e0e4065070 100644 (file)
--- a/lib/librte_eal/common/malloc_elem.c
+++ b/lib/librte_eal/common/malloc_elem.c
@@ -386,16 +386,18 @@ malloc_elem_join_adjacent_free(struct malloc_elem *elem)
        if (elem->next != NULL && elem->next->state == ELEM_FREE &&
                        next_elem_is_adjacent(elem)) {
                void *erase;
+               size_t erase_len;
 
                /* we will want to erase the trailer and header */
                erase = RTE_PTR_SUB(elem->next, MALLOC_ELEM_TRAILER_LEN);
+               erase_len = MALLOC_ELEM_OVERHEAD + elem->next->pad;
 
                /* remove from free list, join to this one */
                malloc_elem_free_list_remove(elem->next);
                join_elem(elem, elem->next);
 
-               /* erase header and trailer */
-               memset(erase, 0, MALLOC_ELEM_OVERHEAD);
+               /* erase header, trailer and pad */
+               memset(erase, 0, erase_len);
        }
 
        /*
@@ -406,9 +408,11 @@ malloc_elem_join_adjacent_free(struct malloc_elem *elem)
                        prev_elem_is_adjacent(elem)) {
                struct malloc_elem *new_elem;
                void *erase;
+               size_t erase_len;
 
                /* we will want to erase trailer and header */
                erase = RTE_PTR_SUB(elem, MALLOC_ELEM_TRAILER_LEN);
+               erase_len = MALLOC_ELEM_OVERHEAD + elem->pad;
 
                /* remove from free list, join to this one */
                malloc_elem_free_list_remove(elem->prev);
@@ -416,8 +420,8 @@ malloc_elem_join_adjacent_free(struct malloc_elem *elem)
                new_elem = elem->prev;
                join_elem(new_elem, elem);
 
-               /* erase header and trailer */
-               memset(erase, 0, MALLOC_ELEM_OVERHEAD);
+               /* erase header, trailer and pad */
+               memset(erase, 0, erase_len);
 
                elem = new_elem;
        }
@@ -436,8 +440,8 @@ malloc_elem_free(struct malloc_elem *elem)
        void *ptr;
        size_t data_len;
 
-       ptr = RTE_PTR_ADD(elem, sizeof(*elem));
-       data_len = elem->size - MALLOC_ELEM_OVERHEAD;
+       ptr = RTE_PTR_ADD(elem, MALLOC_ELEM_HEADER_LEN + elem->pad);
+       data_len = elem->size - elem->pad - MALLOC_ELEM_OVERHEAD;
 
        elem = malloc_elem_join_adjacent_free(elem);