From e43a9f52b7ff1758a34662030d6fa78ff9313d59 Mon Sep 17 00:00:00 2001 From: Anatoly Burakov Date: Thu, 31 May 2018 18:05:40 +0100 Subject: [PATCH] malloc: fix pad erasing Previously, when joining adjacent free elements, we were erasing trailer and header, but did not erase the padding. Fix this by accounting for padding on erase, and do not erase padding twice by adjusting data pointer and data len to not include padding. Fixes: bb372060dad4 ("malloc: make heap a doubly-linked list") Cc: stable@dpdk.org Signed-off-by: Anatoly Burakov --- lib/librte_eal/common/malloc_elem.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/lib/librte_eal/common/malloc_elem.c b/lib/librte_eal/common/malloc_elem.c index 9bfe9b9b4f..944587bc53 100644 --- a/lib/librte_eal/common/malloc_elem.c +++ b/lib/librte_eal/common/malloc_elem.c @@ -386,16 +386,18 @@ malloc_elem_join_adjacent_free(struct malloc_elem *elem) if (elem->next != NULL && elem->next->state == ELEM_FREE && next_elem_is_adjacent(elem)) { void *erase; + size_t erase_len; /* we will want to erase the trailer and header */ erase = RTE_PTR_SUB(elem->next, MALLOC_ELEM_TRAILER_LEN); + erase_len = MALLOC_ELEM_OVERHEAD + elem->next->pad; /* remove from free list, join to this one */ malloc_elem_free_list_remove(elem->next); join_elem(elem, elem->next); - /* erase header and trailer */ - memset(erase, 0, MALLOC_ELEM_OVERHEAD); + /* erase header, trailer and pad */ + memset(erase, 0, erase_len); } /* @@ -406,9 +408,11 @@ malloc_elem_join_adjacent_free(struct malloc_elem *elem) prev_elem_is_adjacent(elem)) { struct malloc_elem *new_elem; void *erase; + size_t erase_len; /* we will want to erase trailer and header */ erase = RTE_PTR_SUB(elem, MALLOC_ELEM_TRAILER_LEN); + erase_len = MALLOC_ELEM_OVERHEAD + elem->pad; /* remove from free list, join to this one */ malloc_elem_free_list_remove(elem->prev); @@ -416,8 +420,8 @@ malloc_elem_join_adjacent_free(struct malloc_elem *elem) new_elem = elem->prev; join_elem(new_elem, elem); - /* erase header and trailer */ - memset(erase, 0, MALLOC_ELEM_OVERHEAD); + /* erase header, trailer and pad */ + memset(erase, 0, erase_len); elem = new_elem; } @@ -436,8 +440,8 @@ malloc_elem_free(struct malloc_elem *elem) void *ptr; size_t data_len; - ptr = RTE_PTR_ADD(elem, sizeof(*elem)); - data_len = elem->size - MALLOC_ELEM_OVERHEAD; + ptr = RTE_PTR_ADD(elem, MALLOC_ELEM_HEADER_LEN + elem->pad); + data_len = elem->size - elem->pad - MALLOC_ELEM_OVERHEAD; elem = malloc_elem_join_adjacent_free(elem); -- 2.20.1