[dpdk-dev] [RFC] mem: poison memory when freed

[Stephen Hemminger]

DPDK malloc library allows broken programs to work because
the semantics of zmalloc and malloc are the same.

This patch changes to a more secure model which will catch
(and crash) programs that reuse memory already freed.

This supersedes earlier changes to zero memory on free and
avoid zeroing memory in zmalloc.

Signed-off-by: Stephen Hemminger <stephen at networkplumber.org>
---
 lib/librte_eal/common/malloc_elem.c | 5 ++++-
 lib/librte_eal/common/rte_malloc.c  | 6 +++++-
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/lib/librte_eal/common/malloc_elem.c b/lib/librte_eal/common/malloc_elem.c
index efcb82677198..62cc0b385c0c 100644
--- a/lib/librte_eal/common/malloc_elem.c
+++ b/lib/librte_eal/common/malloc_elem.c
@@ -23,6 +23,8 @@
 #include "malloc_elem.h"
 #include "malloc_heap.h"
 
+#define MALLOC_POISON	       0x6b		     /**< Free memory. */
+
 size_t
 malloc_elem_find_max_iova_contig(struct malloc_elem *elem, size_t align)
 {
@@ -531,7 +533,8 @@ malloc_elem_free(struct malloc_elem *elem)
 	/* decrease heap's count of allocated elements */
 	elem->heap->alloc_count--;
 
-	memset(ptr, 0, data_len);
+	/* poison memory */
+	memset(ptr, MALLOC_POISON, data_len);
 
 	return elem;
 }
diff --git a/lib/librte_eal/common/rte_malloc.c b/lib/librte_eal/common/rte_malloc.c
index b51a6d111bde..b33c936fd491 100644
--- a/lib/librte_eal/common/rte_malloc.c
+++ b/lib/librte_eal/common/rte_malloc.c
@@ -70,7 +70,11 @@ rte_malloc(const char *type, size_t size, unsigned align)
 void *
 rte_zmalloc_socket(const char *type, size_t size, unsigned align, int socket)
 {
-	return rte_malloc_socket(type, size, align, socket);
+	void *ptr = rte_malloc_socket(type, size, align, socket);
+
+	if (ptr != NULL)
+		memset(ptr, 0, size);
+	return ptr;
 }
 
 /*
-- 
2.18.0