[v6,1/2] Enable ASan for memory detector on DPDK
Checks
Commit Message
From: Zhihong Peng <zhihongx.peng@intel.com>
AddressSanitizer (ASan) is a google memory error detect
standard tool. It could help to detect use-after-free and
{heap,stack,global}-buffer overflow bugs in C/C++ programs,
print detailed error information when error happens, large
improve debug efficiency.
`AddressSanitizer
<https://github.com/google/sanitizers/wiki/AddressSanitizer>` (ASan)
is a widely-used debugging tool to detect memory access errors.
It helps detect issues like use-after-free, various kinds of buffer
overruns in C/C++ programs, and other similar errors, as well as
printing out detailed debug information whenever an error is detected.
DPDK ASan functionality is currently only supported Linux x86_64.
Support other platforms, need to define ASAN_SHADOW_OFFSET value
according to google ASan document.
Here is an example of heap-buffer-overflow bug:
......
char *p = rte_zmalloc(NULL, 7, 0);
p[7] = 'a';
......
Here is an example of use-after-free bug:
......
char *p = rte_zmalloc(NULL, 7, 0);
rte_free(p);
*p = 'a';
......
If you want to use this feature,
you need to add below compilation options when compiling code:
-Dbuildtype=debug -Db_lundef=false -Db_sanitize=address
"-Dbuildtype=debug": This is a non-essential option. When this option
is added, if a memory error occurs, ASan can clearly show where the
code is wrong.
"-Db_lundef=false": When use clang to compile DPDK, this option must
be added.
Signed-off-by: Xueqin Lin <xueqin.lin@intel.com>
Signed-off-by: Zhihong Peng <zhihongx.peng@intel.com>
---
devtools/words-case.txt | 1 +
doc/guides/prog_guide/ASan.rst | 108 +++++++++++++++++
doc/guides/prog_guide/index.rst | 1 +
examples/helloworld/main.c | 5 +
lib/eal/common/malloc_elem.c | 26 +++-
lib/eal/common/malloc_elem.h | 204 +++++++++++++++++++++++++++++++-
lib/eal/common/malloc_heap.c | 12 ++
lib/eal/common/rte_malloc.c | 9 +-
8 files changed, 361 insertions(+), 5 deletions(-)
create mode 100644 doc/guides/prog_guide/ASan.rst
Comments
Hello,
I see v6 is superseded in pw, I have been cleaning my queue... maybe my fault.
On Thu, Sep 30, 2021 at 7:37 AM <zhihongx.peng@intel.com> wrote:
>
> From: Zhihong Peng <zhihongx.peng@intel.com>
>
> AddressSanitizer (ASan) is a google memory error detect
> standard tool. It could help to detect use-after-free and
> {heap,stack,global}-buffer overflow bugs in C/C++ programs,
> print detailed error information when error happens, large
> improve debug efficiency.
>
> `AddressSanitizer
> <https://github.com/google/sanitizers/wiki/AddressSanitizer>` (ASan)
> is a widely-used debugging tool to detect memory access errors.
> It helps detect issues like use-after-free, various kinds of buffer
> overruns in C/C++ programs, and other similar errors, as well as
> printing out detailed debug information whenever an error is detected.
This patch mixes how to use ASan and instrumenting the DPDK mem allocator.
I would split this patch in two.
The first patch can add the documentation on enabling/using ASan and
describe the known issues on enabling it.
I'd find it better (from a user pov) if we hide all those details
about b_lundef and installation of libasan on Centos.
Something like (only quickly tested):
diff --git a/config/meson.build b/config/meson.build
index 4cdf589e20..7d8b71da79 100644
--- a/config/meson.build
+++ b/config/meson.build
@@ -411,6 +411,33 @@ if get_option('b_lto')
endif
endif
+if get_option('b_sanitize') == 'address'
+ asan_dep = cc.find_library('asan', required: true)
+ if (not cc.links('int main(int argc, char *argv[]) { return 0; }',
+ dependencies: asan_dep))
+ error('broken dependency, "libasan"')
+ endif
+ add_project_link_arguments('-lasan', language: 'c')
+ dpdk_extra_ldflags += '-lasan'
+endif
+
if get_option('default_library') == 'both'
error( '''
Unsupported value "both" for "default_library" option.
Bruce, do you see an issue with this approach?
Then a second patch adds the rte_malloc instrumentation, with a check
at configuration time.
endif
add_project_link_arguments('-lasan', language: 'c')
dpdk_extra_ldflags += '-lasan'
+ if arch_subdir == 'x86'
+ asan_check_code = '''
+#ifdef __SANITIZE_ADDRESS__
+#define RTE_MALLOC_ASAN
+#elif defined(__has_feature)
+# if __has_feature(address_sanitizer)
+#define RTE_MALLOC_ASAN
+# endif
+#endif
+
+#ifndef RTE_MALLOC_ASAN
+#error ASan not available.
+#endif
+'''
+ if cc.compiles(asan_check_code)
+ dpdk_conf.set10('RTE_MALLOC_ASAN', true)
+ endif
+ endif
endif
if get_option('default_library') == 'both'
Few more comments:
>
> DPDK ASan functionality is currently only supported Linux x86_64.
> Support other platforms, need to define ASAN_SHADOW_OFFSET value
> according to google ASan document.
>
> Here is an example of heap-buffer-overflow bug:
> ......
> char *p = rte_zmalloc(NULL, 7, 0);
> p[7] = 'a';
> ......
>
> Here is an example of use-after-free bug:
> ......
> char *p = rte_zmalloc(NULL, 7, 0);
> rte_free(p);
> *p = 'a';
> ......
>
> If you want to use this feature,
> you need to add below compilation options when compiling code:
> -Dbuildtype=debug -Db_lundef=false -Db_sanitize=address
> "-Dbuildtype=debug": This is a non-essential option. When this option
> is added, if a memory error occurs, ASan can clearly show where the
> code is wrong.
> "-Db_lundef=false": When use clang to compile DPDK, this option must
> be added.
>
> Signed-off-by: Xueqin Lin <xueqin.lin@intel.com>
> Signed-off-by: Zhihong Peng <zhihongx.peng@intel.com>
> ---
> devtools/words-case.txt | 1 +
> doc/guides/prog_guide/ASan.rst | 108 +++++++++++++++++
> doc/guides/prog_guide/index.rst | 1 +
> examples/helloworld/main.c | 5 +
> lib/eal/common/malloc_elem.c | 26 +++-
> lib/eal/common/malloc_elem.h | 204 +++++++++++++++++++++++++++++++-
> lib/eal/common/malloc_heap.c | 12 ++
> lib/eal/common/rte_malloc.c | 9 +-
> 8 files changed, 361 insertions(+), 5 deletions(-)
> create mode 100644 doc/guides/prog_guide/ASan.rst
>
> diff --git a/devtools/words-case.txt b/devtools/words-case.txt
> index 0bbad48626..3655596d47 100644
> --- a/devtools/words-case.txt
> +++ b/devtools/words-case.txt
> @@ -86,3 +86,4 @@ VXLAN
> Windows
> XDP
> XOR
> +ASan
Alphabetical order please.
> diff --git a/doc/guides/prog_guide/ASan.rst b/doc/guides/prog_guide/ASan.rst
Filenames are lowercase in the doc.
> new file mode 100644
> index 0000000000..7145a3b1a1
> --- /dev/null
> +++ b/doc/guides/prog_guide/ASan.rst
> @@ -0,0 +1,108 @@
> +.. Copyright (c) <2021>, Intel Corporation
> + All rights reserved.
> +
> +Memory error detect standard tool - AddressSanitizer(ASan)
> +==========================================================
> +
> +AddressSanitizer (ASan) is a google memory error detect
> +standard tool. It could help to detect use-after-free and
> +{heap,stack,global}-buffer overflow bugs in C/C++ programs,
> +print detailed error information when error happens, large
> +improve debug efficiency.
> +
> +By referring to its implementation algorithm
> +(https://github.com/google/sanitizers/wiki/AddressSanitizerAlgorithm),
> +enabled heap-buffer-overflow and use-after-free functions on DPDK.
> +DPDK ASan function currently only supports on Linux x86_64.
> +
> +AddressSanitizer is a part of LLVM(3.1+)and GCC(4.8+).
missing spaces around ().
> +
> +Example heap-buffer-overflow error
> +----------------------------------
> +
> +Following error was reported when ASan was enabled::
> +
> + Applied 9 bytes of memory, but accessed the 10th byte of memory,
> + so heap-buffer-overflow appeared.
> +
> +Below code results in this error::
> +
> + char *p = rte_zmalloc(NULL, 9, 0);
> + if (!p) {
> + printf("rte_zmalloc error.");
> + return -1;
> + }
> + p[9] = 'a';
> +
> +The error log::
> +
> + ==49433==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x7f773fafa249 at pc 0x5556b13bdae4 bp 0x7ffeb4965e40 sp 0x7ffeb4965e30 WRITE of size 1 at 0x7f773fafa249 thread T0
> + #0 0x5556b13bdae3 in asan_heap_buffer_overflow ../app/test/test_asan_heap_buffer_overflow.c:25
Please update this example since the unit test has been removed.
> + #1 0x5556b043e9d4 in cmd_autotest_parsed ../app/test/commands.c:71
> + #2 0x5556b1cdd4b0 in cmdline_parse ../lib/cmdline/cmdline_parse.c:290
> + #3 0x5556b1cd8987 in cmdline_valid_buffer ../lib/cmdline/cmdline.c:26
> + #4 0x5556b1ce477a in rdline_char_in ../lib/cmdline/cmdline_rdline.c:421
> + #5 0x5556b1cd923e in cmdline_in ../lib/cmdline/cmdline.c:149
> + #6 0x5556b1cd9769 in cmdline_interact ../lib/cmdline/cmdline.c:223
> + #7 0x5556b045f53b in main ../app/test/test.c:234
> + #8 0x7f7f1eba90b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
> + #9 0x5556b043e70d in _start (/home/pzh/yyy/x86_64-native-linuxapp-gcc/app/test/dpdk-test+0x7ce70d)
> +
> + Address 0x7f773fafa249 is a wild pointer.
> + SUMMARY: AddressSanitizer: heap-buffer-overflow ../app/test/test_asan_heap_buffer_overflow.c:25 in asan_heap_buffer_overflow
> +
> +Example use-after-free error
> +----------------------------
> +
> +Following error was reported when ASan was enabled::
> +
> + Applied for 9 bytes of memory, and accessed the first byte after
> + released, so heap-use-after-free appeared.
> +
> +Below code results in this error::
> +
> + char *p = rte_zmalloc(NULL, 9, 0);
> + if (!p) {
> + printf("rte_zmalloc error.");
> + return -1;
> + }
> + rte_free(p);
> + *p = 'a';
> +
> +The error log::
> +
> + ==49478==ERROR: AddressSanitizer: heap-use-after-free on address 0x7fe2ffafa240 at pc 0x56409b084bc8 bp 0x7ffef62c57d0 sp 0x7ffef62c57c0 WRITE of size 1 at 0x7fe2ffafa240 thread T0
> + #0 0x56409b084bc7 in asan_use_after_free ../app/test/test_asan_use_after_free.c:26
Idem.
> + #1 0x56409a1059d4 in cmd_autotest_parsed ../app/test/commands.c:71
> + #2 0x56409b9a44b0 in cmdline_parse ../lib/cmdline/cmdline_parse.c:290
> + #3 0x56409b99f987 in cmdline_valid_buffer ../lib/cmdline/cmdline.c:26
> + #4 0x56409b9ab77a in rdline_char_in ../lib/cmdline/cmdline_rdline.c:421
> + #5 0x56409b9a023e in cmdline_in ../lib/cmdline/cmdline.c:149
> + #6 0x56409b9a0769 in cmdline_interact ../lib/cmdline/cmdline.c:223
> + #7 0x56409a12653b in main ../app/test/test.c:234
> + #8 0x7feafafc20b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
> + #9 0x56409a10570d in _start (/home/pzh/yyy/x86_64-native-linuxapp-gcc/app/test/dpdk-test+0x7ce70d)
> +
> + Address 0x7fe2ffafa240 is a wild pointer.
> + SUMMARY: AddressSanitizer: heap-use-after-free ../app/test/test_asan_use_after_free.c:26 in asan_use_after_free
> -----Original Message-----
> From: David Marchand <david.marchand@redhat.com>
> Sent: Thursday, September 30, 2021 4:20 PM
> To: Peng, ZhihongX <ZhihongX.Peng@intel.com>; Richardson, Bruce
> <bruce.richardson@intel.com>
> Cc: Burakov, Anatoly <anatoly.burakov@intel.com>; Ananyev, Konstantin
> <konstantin.ananyev@intel.com>; Stephen Hemminger
> <stephen@networkplumber.org>; dev <dev@dpdk.org>; Lin, Xueqin
> <xueqin.lin@intel.com>; Thomas Monjalon <thomas@monjalon.net>
> Subject: Re: [dpdk-dev] [PATCH v6 1/2] Enable ASan for memory detector on
> DPDK
>
> Hello,
>
> I see v6 is superseded in pw, I have been cleaning my queue... maybe my
> fault.
>
>
> On Thu, Sep 30, 2021 at 7:37 AM <zhihongx.peng@intel.com> wrote:
> >
> > From: Zhihong Peng <zhihongx.peng@intel.com>
> >
> > AddressSanitizer (ASan) is a google memory error detect standard tool.
> > It could help to detect use-after-free and {heap,stack,global}-buffer
> > overflow bugs in C/C++ programs, print detailed error information when
> > error happens, large improve debug efficiency.
> >
> > `AddressSanitizer
> > <https://github.com/google/sanitizers/wiki/AddressSanitizer>` (ASan)
> > is a widely-used debugging tool to detect memory access errors.
> > It helps detect issues like use-after-free, various kinds of buffer
> > overruns in C/C++ programs, and other similar errors, as well as
> > printing out detailed debug information whenever an error is detected.
>
> This patch mixes how to use ASan and instrumenting the DPDK mem
> allocator.
>
> I would split this patch in two.
>
> The first patch can add the documentation on enabling/using ASan and
> describe the known issues on enabling it.
> I'd find it better (from a user pov) if we hide all those details about b_lundef
> and installation of libasan on Centos.
>
V7 version will be modified.
> Something like (only quickly tested):
>
> diff --git a/config/meson.build b/config/meson.build index
> 4cdf589e20..7d8b71da79 100644
> --- a/config/meson.build
> +++ b/config/meson.build
> @@ -411,6 +411,33 @@ if get_option('b_lto')
> endif
> endif
>
> +if get_option('b_sanitize') == 'address'
> + asan_dep = cc.find_library('asan', required: true)
> + if (not cc.links('int main(int argc, char *argv[]) { return 0; }',
> + dependencies: asan_dep))
> + error('broken dependency, "libasan"')
> + endif
> + add_project_link_arguments('-lasan', language: 'c')
> + dpdk_extra_ldflags += '-lasan'
> +endif
> +
> if get_option('default_library') == 'both'
> error( '''
> Unsupported value "both" for "default_library" option.
>
>
> Bruce, do you see an issue with this approach?
It seems clearer to get the ASan switch in the c code.
>
> Then a second patch adds the rte_malloc instrumentation, with a check at
> configuration time.
>
> endif
> add_project_link_arguments('-lasan', language: 'c')
> dpdk_extra_ldflags += '-lasan'
> + if arch_subdir == 'x86'
> + asan_check_code = '''
> +#ifdef __SANITIZE_ADDRESS__
> +#define RTE_MALLOC_ASAN
> +#elif defined(__has_feature)
> +# if __has_feature(address_sanitizer)
> +#define RTE_MALLOC_ASAN
> +# endif
> +#endif
> +
> +#ifndef RTE_MALLOC_ASAN
> +#error ASan not available.
> +#endif
> +'''
> + if cc.compiles(asan_check_code)
> + dpdk_conf.set10('RTE_MALLOC_ASAN', true)
> + endif
> + endif
> endif
>
> if get_option('default_library') == 'both'
>
>
> Few more comments:
>
>
> >
> > DPDK ASan functionality is currently only supported Linux x86_64.
> > Support other platforms, need to define ASAN_SHADOW_OFFSET value
> > according to google ASan document.
> >
> > Here is an example of heap-buffer-overflow bug:
> > ......
> > char *p = rte_zmalloc(NULL, 7, 0);
> > p[7] = 'a';
> > ......
> >
> > Here is an example of use-after-free bug:
> > ......
> > char *p = rte_zmalloc(NULL, 7, 0);
> > rte_free(p);
> > *p = 'a';
> > ......
> >
> > If you want to use this feature,
> > you need to add below compilation options when compiling code:
> > -Dbuildtype=debug -Db_lundef=false -Db_sanitize=address
> > "-Dbuildtype=debug": This is a non-essential option. When this option
> > is added, if a memory error occurs, ASan can clearly show where the
> > code is wrong.
> > "-Db_lundef=false": When use clang to compile DPDK, this option must
> > be added.
> >
> > Signed-off-by: Xueqin Lin <xueqin.lin@intel.com>
> > Signed-off-by: Zhihong Peng <zhihongx.peng@intel.com>
> > ---
> > devtools/words-case.txt | 1 +
> > doc/guides/prog_guide/ASan.rst | 108 +++++++++++++++++
> > doc/guides/prog_guide/index.rst | 1 +
> > examples/helloworld/main.c | 5 +
> > lib/eal/common/malloc_elem.c | 26 +++-
> > lib/eal/common/malloc_elem.h | 204
> +++++++++++++++++++++++++++++++-
> > lib/eal/common/malloc_heap.c | 12 ++
> > lib/eal/common/rte_malloc.c | 9 +-
> > 8 files changed, 361 insertions(+), 5 deletions(-) create mode
> > 100644 doc/guides/prog_guide/ASan.rst
> >
> > diff --git a/devtools/words-case.txt b/devtools/words-case.txt index
> > 0bbad48626..3655596d47 100644
> > --- a/devtools/words-case.txt
> > +++ b/devtools/words-case.txt
> > @@ -86,3 +86,4 @@ VXLAN
> > Windows
> > XDP
> > XOR
> > +ASan
>
> Alphabetical order please.
>
V7 version will be modified.
> > diff --git a/doc/guides/prog_guide/ASan.rst
> > b/doc/guides/prog_guide/ASan.rst
>
> Filenames are lowercase in the doc.
V7 version will be modified.
>
> > new file mode 100644
> > index 0000000000..7145a3b1a1
> > --- /dev/null
> > +++ b/doc/guides/prog_guide/ASan.rst
> > @@ -0,0 +1,108 @@
> > +.. Copyright (c) <2021>, Intel Corporation
> > + All rights reserved.
> > +
> > +Memory error detect standard tool - AddressSanitizer(ASan)
> >
> +=========================================================
> =
> > +
> > +AddressSanitizer (ASan) is a google memory error detect standard
> > +tool. It could help to detect use-after-free and
> > +{heap,stack,global}-buffer overflow bugs in C/C++ programs, print
> > +detailed error information when error happens, large improve debug
> > +efficiency.
> > +
> > +By referring to its implementation algorithm
> > +(https://github.com/google/sanitizers/wiki/AddressSanitizerAlgorithm)
> > +, enabled heap-buffer-overflow and use-after-free functions on DPDK.
> > +DPDK ASan function currently only supports on Linux x86_64.
> > +
> > +AddressSanitizer is a part of LLVM(3.1+)and GCC(4.8+).
>
> missing spaces around ().
V7 version will be modified.
>
> > +
> > +Example heap-buffer-overflow error
> > +----------------------------------
> > +
> > +Following error was reported when ASan was enabled::
> > +
> > + Applied 9 bytes of memory, but accessed the 10th byte of memory,
> > + so heap-buffer-overflow appeared.
> > +
> > +Below code results in this error::
> > +
> > + char *p = rte_zmalloc(NULL, 9, 0);
> > + if (!p) {
> > + printf("rte_zmalloc error.");
> > + return -1;
> > + }
> > + p[9] = 'a';
> > +
> > +The error log::
> > +
> > + ==49433==ERROR: AddressSanitizer: heap-buffer-overflow on address
> 0x7f773fafa249 at pc 0x5556b13bdae4 bp 0x7ffeb4965e40 sp 0x7ffeb4965e30
> WRITE of size 1 at 0x7f773fafa249 thread T0
> > + #0 0x5556b13bdae3 in asan_heap_buffer_overflow
> > + ../app/test/test_asan_heap_buffer_overflow.c:25
>
> Please update this example since the unit test has been removed.
V7 version will be modified.
>
> > + #1 0x5556b043e9d4 in
> cmd_autotest_parsed ../app/test/commands.c:71
> > + #2 0x5556b1cdd4b0 in
> cmdline_parse ../lib/cmdline/cmdline_parse.c:290
> > + #3 0x5556b1cd8987 in cmdline_valid_buffer ../lib/cmdline/cmdline.c:26
> > + #4 0x5556b1ce477a in rdline_char_in ../lib/cmdline/cmdline_rdline.c:421
> > + #5 0x5556b1cd923e in cmdline_in ../lib/cmdline/cmdline.c:149
> > + #6 0x5556b1cd9769 in cmdline_interact ../lib/cmdline/cmdline.c:223
> > + #7 0x5556b045f53b in main ../app/test/test.c:234
> > + #8 0x7f7f1eba90b2 in __libc_start_main (/lib/x86_64-linux-
> gnu/libc.so.6+0x270b2)
> > + #9 0x5556b043e70d in _start
> > + (/home/pzh/yyy/x86_64-native-linuxapp-gcc/app/test/dpdk-
> test+0x7ce70
> > + d)
> > +
> > + Address 0x7f773fafa249 is a wild pointer.
> > + SUMMARY: AddressSanitizer: heap-buffer-overflow
> > + ../app/test/test_asan_heap_buffer_overflow.c:25 in
> > + asan_heap_buffer_overflow
> > +
> > +Example use-after-free error
> > +----------------------------
> > +
> > +Following error was reported when ASan was enabled::
> > +
> > + Applied for 9 bytes of memory, and accessed the first byte after
> > + released, so heap-use-after-free appeared.
> > +
> > +Below code results in this error::
> > +
> > + char *p = rte_zmalloc(NULL, 9, 0);
> > + if (!p) {
> > + printf("rte_zmalloc error.");
> > + return -1;
> > + }
> > + rte_free(p);
> > + *p = 'a';
> > +
> > +The error log::
> > +
> > + ==49478==ERROR: AddressSanitizer: heap-use-after-free on address
> 0x7fe2ffafa240 at pc 0x56409b084bc8 bp 0x7ffef62c57d0 sp 0x7ffef62c57c0
> WRITE of size 1 at 0x7fe2ffafa240 thread T0
> > + #0 0x56409b084bc7 in asan_use_after_free
> > + ../app/test/test_asan_use_after_free.c:26
>
> Idem.
>
>
> > + #1 0x56409a1059d4 in
> cmd_autotest_parsed ../app/test/commands.c:71
> > + #2 0x56409b9a44b0 in
> cmdline_parse ../lib/cmdline/cmdline_parse.c:290
> > + #3 0x56409b99f987 in cmdline_valid_buffer ../lib/cmdline/cmdline.c:26
> > + #4 0x56409b9ab77a in
> rdline_char_in ../lib/cmdline/cmdline_rdline.c:421
> > + #5 0x56409b9a023e in cmdline_in ../lib/cmdline/cmdline.c:149
> > + #6 0x56409b9a0769 in cmdline_interact ../lib/cmdline/cmdline.c:223
> > + #7 0x56409a12653b in main ../app/test/test.c:234
> > + #8 0x7feafafc20b2 in __libc_start_main (/lib/x86_64-linux-
> gnu/libc.so.6+0x270b2)
> > + #9 0x56409a10570d in _start
> > + (/home/pzh/yyy/x86_64-native-linuxapp-gcc/app/test/dpdk-
> test+0x7ce70
> > + d)
> > +
> > + Address 0x7fe2ffafa240 is a wild pointer.
> > + SUMMARY: AddressSanitizer: heap-use-after-free
> > + ../app/test/test_asan_use_after_free.c:26 in asan_use_after_free
>
>
> --
> David Marchand
On Fri, Oct 8, 2021 at 10:07 AM Peng, ZhihongX <zhihongx.peng@intel.com> wrote:
>
> > -----Original Message-----
> > From: David Marchand <david.marchand@redhat.com>
> > Sent: Thursday, September 30, 2021 4:20 PM
> > To: Peng, ZhihongX <ZhihongX.Peng@intel.com>; Richardson, Bruce
> > <bruce.richardson@intel.com>
> > Cc: Burakov, Anatoly <anatoly.burakov@intel.com>; Ananyev, Konstantin
> > <konstantin.ananyev@intel.com>; Stephen Hemminger
> > <stephen@networkplumber.org>; dev <dev@dpdk.org>; Lin, Xueqin
> > <xueqin.lin@intel.com>; Thomas Monjalon <thomas@monjalon.net>
> > Subject: Re: [dpdk-dev] [PATCH v6 1/2] Enable ASan for memory detector on
> > DPDK
> >
> > Hello,
> >
> > I see v6 is superseded in pw, I have been cleaning my queue... maybe my
> > fault.
> >
[snip]
> >
> V7 version will be modified.
Ok, let's forget about *v6 bis* and go with v7...
>
> > Something like (only quickly tested):
> >
> > diff --git a/config/meson.build b/config/meson.build index
> > 4cdf589e20..7d8b71da79 100644
> > --- a/config/meson.build
> > +++ b/config/meson.build
> > @@ -411,6 +411,33 @@ if get_option('b_lto')
> > endif
> > endif
> >
> > +if get_option('b_sanitize') == 'address'
> > + asan_dep = cc.find_library('asan', required: true)
> > + if (not cc.links('int main(int argc, char *argv[]) { return 0; }',
> > + dependencies: asan_dep))
> > + error('broken dependency, "libasan"')
> > + endif
> > + add_project_link_arguments('-lasan', language: 'c')
> > + dpdk_extra_ldflags += '-lasan'
> > +endif
> > +
> > if get_option('default_library') == 'both'
> > error( '''
> > Unsupported value "both" for "default_library" option.
> >
> >
> > Bruce, do you see an issue with this approach?
>
> It seems clearer to get the ASan switch in the c code.
This is a feature the developper asked for at configuration time.
We have other condition to fulfill to get ASan linking correctly (wrt
lundef workaround and presence of libasan on Centos/RHEL 7).
It's not a matter of being clearer (which I fail to see how it is),
it's a matter of putting the check at the right place.
> -----Original Message-----
> From: David Marchand <david.marchand@redhat.com>
> Sent: Friday, October 8, 2021 4:30 PM
> To: Peng, ZhihongX <zhihongx.peng@intel.com>; Richardson, Bruce
> <bruce.richardson@intel.com>
> Cc: Burakov, Anatoly <anatoly.burakov@intel.com>; Ananyev, Konstantin
> <konstantin.ananyev@intel.com>; Stephen Hemminger
> <stephen@networkplumber.org>; dev <dev@dpdk.org>; Lin, Xueqin
> <xueqin.lin@intel.com>; Thomas Monjalon <thomas@monjalon.net>
> Subject: Re: [dpdk-dev] [PATCH v6 1/2] Enable ASan for memory detector on
> DPDK
>
> On Fri, Oct 8, 2021 at 10:07 AM Peng, ZhihongX <zhihongx.peng@intel.com>
> wrote:
> >
> > > -----Original Message-----
> > > From: David Marchand <david.marchand@redhat.com>
> > > Sent: Thursday, September 30, 2021 4:20 PM
> > > To: Peng, ZhihongX <ZhihongX.Peng@intel.com>; Richardson, Bruce
> > > <bruce.richardson@intel.com>
> > > Cc: Burakov, Anatoly <anatoly.burakov@intel.com>; Ananyev,
> > > Konstantin <konstantin.ananyev@intel.com>; Stephen Hemminger
> > > <stephen@networkplumber.org>; dev <dev@dpdk.org>; Lin, Xueqin
> > > <xueqin.lin@intel.com>; Thomas Monjalon <thomas@monjalon.net>
> > > Subject: Re: [dpdk-dev] [PATCH v6 1/2] Enable ASan for memory
> > > detector on DPDK
> > >
> > > Hello,
> > >
> > > I see v6 is superseded in pw, I have been cleaning my queue... maybe
> > > my fault.
> > >
>
> [snip]
>
> > >
> > V7 version will be modified.
>
> Ok, let's forget about *v6 bis* and go with v7...
>
>
> >
> > > Something like (only quickly tested):
> > >
> > > diff --git a/config/meson.build b/config/meson.build index
> > > 4cdf589e20..7d8b71da79 100644
> > > --- a/config/meson.build
> > > +++ b/config/meson.build
> > > @@ -411,6 +411,33 @@ if get_option('b_lto')
> > > endif
> > > endif
> > >
> > > +if get_option('b_sanitize') == 'address'
> > > + asan_dep = cc.find_library('asan', required: true)
> > > + if (not cc.links('int main(int argc, char *argv[]) { return 0; }',
> > > + dependencies: asan_dep))
> > > + error('broken dependency, "libasan"')
> > > + endif
> > > + add_project_link_arguments('-lasan', language: 'c')
> > > + dpdk_extra_ldflags += '-lasan'
> > > +endif
> > > +
> > > if get_option('default_library') == 'both'
> > > error( '''
> > > Unsupported value "both" for "default_library" option.
> > >
> > >
> > > Bruce, do you see an issue with this approach?
> >
> > It seems clearer to get the ASan switch in the c code.
>
> This is a feature the developper asked for at configuration time.
> We have other condition to fulfill to get ASan linking correctly (wrt lundef
> workaround and presence of libasan on Centos/RHEL 7).
>
> It's not a matter of being clearer (which I fail to see how it is), it's a matter of
> putting the check at the right place.
The v9 version will be fixed.
>
> --
> David Marchand
> -----Original Message-----
> From: David Marchand <david.marchand@redhat.com>
> Sent: Thursday, September 30, 2021 4:20 PM
> To: Peng, ZhihongX <ZhihongX.Peng@intel.com>; Richardson, Bruce
> <bruce.richardson@intel.com>
> Cc: Burakov, Anatoly <anatoly.burakov@intel.com>; Ananyev, Konstantin
> <konstantin.ananyev@intel.com>; Stephen Hemminger
> <stephen@networkplumber.org>; dev <dev@dpdk.org>; Lin, Xueqin
> <xueqin.lin@intel.com>; Thomas Monjalon <thomas@monjalon.net>
> Subject: Re: [dpdk-dev] [PATCH v6 1/2] Enable ASan for memory detector on
> DPDK
>
> Hello,
>
> I see v6 is superseded in pw, I have been cleaning my queue... maybe my
> fault.
>
>
> On Thu, Sep 30, 2021 at 7:37 AM <zhihongx.peng@intel.com> wrote:
> >
> > From: Zhihong Peng <zhihongx.peng@intel.com>
> >
> > AddressSanitizer (ASan) is a google memory error detect standard tool.
> > It could help to detect use-after-free and {heap,stack,global}-buffer
> > overflow bugs in C/C++ programs, print detailed error information when
> > error happens, large improve debug efficiency.
> >
> > `AddressSanitizer
> > <https://github.com/google/sanitizers/wiki/AddressSanitizer>` (ASan)
> > is a widely-used debugging tool to detect memory access errors.
> > It helps detect issues like use-after-free, various kinds of buffer
> > overruns in C/C++ programs, and other similar errors, as well as
> > printing out detailed debug information whenever an error is detected.
>
> This patch mixes how to use ASan and instrumenting the DPDK mem
> allocator.
>
> I would split this patch in two.
>
> The first patch can add the documentation on enabling/using ASan and
> describe the known issues on enabling it.
> I'd find it better (from a user pov) if we hide all those details about b_lundef
> and installation of libasan on Centos.
>
> Something like (only quickly tested):
>
> diff --git a/config/meson.build b/config/meson.build index
> 4cdf589e20..7d8b71da79 100644
> --- a/config/meson.build
> +++ b/config/meson.build
> @@ -411,6 +411,33 @@ if get_option('b_lto')
> endif
> endif
>
> +if get_option('b_sanitize') == 'address'
> + asan_dep = cc.find_library('asan', required: true)
> + if (not cc.links('int main(int argc, char *argv[]) { return 0; }',
> + dependencies: asan_dep))
> + error('broken dependency, "libasan"')
> + endif
> + add_project_link_arguments('-lasan', language: 'c')
> + dpdk_extra_ldflags += '-lasan'
No need to add code:
add_project_link_arguments('-lasan', language: 'c')
dpdk_extra_ldflags += '-lasan'
The app compiled by clang will fail to run
> +endif
> +
> if get_option('default_library') == 'both'
> error( '''
> Unsupported value "both" for "default_library" option.
>
>
> Bruce, do you see an issue with this approach?
>
>
> Then a second patch adds the rte_malloc instrumentation, with a check at
> configuration time.
>
> endif
> add_project_link_arguments('-lasan', language: 'c')
> dpdk_extra_ldflags += '-lasan'
> + if arch_subdir == 'x86'
> + asan_check_code = '''
> +#ifdef __SANITIZE_ADDRESS__
> +#define RTE_MALLOC_ASAN
> +#elif defined(__has_feature)
> +# if __has_feature(address_sanitizer)
> +#define RTE_MALLOC_ASAN
> +# endif
> +#endif
> +
> +#ifndef RTE_MALLOC_ASAN
> +#error ASan not available.
> +#endif
> +'''
> + if cc.compiles(asan_check_code)
> + dpdk_conf.set10('RTE_MALLOC_ASAN', true)
dpdk_conf.set10('RTE_MALLOC_ASAN', true) is not executed
> + endif
> + endif
> endif
Set the macro directly:
dpdk_conf.set10('RTE_MALLOC_ASAN', true)
All code:
if get_option('b_sanitize') == 'address'
asan_dep = cc.find_library('asan', required: true)
if (not cc.links('int main(int argc, char *argv[]) { return 0; }',
dependencies: asan_dep))
error('broken dependency, "libasan"')
endif
if arch_subdir == 'x86'
dpdk_conf.set10('RTE_MALLOC_ASAN', true)
endif
endif
> if get_option('default_library') == 'both'
>
>
> Few more comments:
>
>
> >
> > DPDK ASan functionality is currently only supported Linux x86_64.
> > Support other platforms, need to define ASAN_SHADOW_OFFSET value
> > according to google ASan document.
> >
> > Here is an example of heap-buffer-overflow bug:
> > ......
> > char *p = rte_zmalloc(NULL, 7, 0);
> > p[7] = 'a';
> > ......
> >
> > Here is an example of use-after-free bug:
> > ......
> > char *p = rte_zmalloc(NULL, 7, 0);
> > rte_free(p);
> > *p = 'a';
> > ......
> >
> > If you want to use this feature,
> > you need to add below compilation options when compiling code:
> > -Dbuildtype=debug -Db_lundef=false -Db_sanitize=address
> > "-Dbuildtype=debug": This is a non-essential option. When this option
> > is added, if a memory error occurs, ASan can clearly show where the
> > code is wrong.
> > "-Db_lundef=false": When use clang to compile DPDK, this option must
> > be added.
> >
> > Signed-off-by: Xueqin Lin <xueqin.lin@intel.com>
> > Signed-off-by: Zhihong Peng <zhihongx.peng@intel.com>
> > ---
> > devtools/words-case.txt | 1 +
> > doc/guides/prog_guide/ASan.rst | 108 +++++++++++++++++
> > doc/guides/prog_guide/index.rst | 1 +
> > examples/helloworld/main.c | 5 +
> > lib/eal/common/malloc_elem.c | 26 +++-
> > lib/eal/common/malloc_elem.h | 204
> +++++++++++++++++++++++++++++++-
> > lib/eal/common/malloc_heap.c | 12 ++
> > lib/eal/common/rte_malloc.c | 9 +-
> > 8 files changed, 361 insertions(+), 5 deletions(-) create mode
> > 100644 doc/guides/prog_guide/ASan.rst
> >
> > diff --git a/devtools/words-case.txt b/devtools/words-case.txt index
> > 0bbad48626..3655596d47 100644
> > --- a/devtools/words-case.txt
> > +++ b/devtools/words-case.txt
> > @@ -86,3 +86,4 @@ VXLAN
> > Windows
> > XDP
> > XOR
> > +ASan
>
> Alphabetical order please.
>
>
> > diff --git a/doc/guides/prog_guide/ASan.rst
> > b/doc/guides/prog_guide/ASan.rst
>
> Filenames are lowercase in the doc.
>
>
> > new file mode 100644
> > index 0000000000..7145a3b1a1
> > --- /dev/null
> > +++ b/doc/guides/prog_guide/ASan.rst
> > @@ -0,0 +1,108 @@
> > +.. Copyright (c) <2021>, Intel Corporation
> > + All rights reserved.
> > +
> > +Memory error detect standard tool - AddressSanitizer(ASan)
> >
> +=========================================================
> =
> > +
> > +AddressSanitizer (ASan) is a google memory error detect standard
> > +tool. It could help to detect use-after-free and
> > +{heap,stack,global}-buffer overflow bugs in C/C++ programs, print
> > +detailed error information when error happens, large improve debug
> > +efficiency.
> > +
> > +By referring to its implementation algorithm
> > +(https://github.com/google/sanitizers/wiki/AddressSanitizerAlgorithm)
> > +, enabled heap-buffer-overflow and use-after-free functions on DPDK.
> > +DPDK ASan function currently only supports on Linux x86_64.
> > +
> > +AddressSanitizer is a part of LLVM(3.1+)and GCC(4.8+).
>
> missing spaces around ().
>
>
> > +
> > +Example heap-buffer-overflow error
> > +----------------------------------
> > +
> > +Following error was reported when ASan was enabled::
> > +
> > + Applied 9 bytes of memory, but accessed the 10th byte of memory,
> > + so heap-buffer-overflow appeared.
> > +
> > +Below code results in this error::
> > +
> > + char *p = rte_zmalloc(NULL, 9, 0);
> > + if (!p) {
> > + printf("rte_zmalloc error.");
> > + return -1;
> > + }
> > + p[9] = 'a';
> > +
> > +The error log::
> > +
> > + ==49433==ERROR: AddressSanitizer: heap-buffer-overflow on address
> 0x7f773fafa249 at pc 0x5556b13bdae4 bp 0x7ffeb4965e40 sp 0x7ffeb4965e30
> WRITE of size 1 at 0x7f773fafa249 thread T0
> > + #0 0x5556b13bdae3 in asan_heap_buffer_overflow
> > + ../app/test/test_asan_heap_buffer_overflow.c:25
>
> Please update this example since the unit test has been removed.
>
>
> > + #1 0x5556b043e9d4 in
> cmd_autotest_parsed ../app/test/commands.c:71
> > + #2 0x5556b1cdd4b0 in
> cmdline_parse ../lib/cmdline/cmdline_parse.c:290
> > + #3 0x5556b1cd8987 in cmdline_valid_buffer ../lib/cmdline/cmdline.c:26
> > + #4 0x5556b1ce477a in rdline_char_in ../lib/cmdline/cmdline_rdline.c:421
> > + #5 0x5556b1cd923e in cmdline_in ../lib/cmdline/cmdline.c:149
> > + #6 0x5556b1cd9769 in cmdline_interact ../lib/cmdline/cmdline.c:223
> > + #7 0x5556b045f53b in main ../app/test/test.c:234
> > + #8 0x7f7f1eba90b2 in __libc_start_main (/lib/x86_64-linux-
> gnu/libc.so.6+0x270b2)
> > + #9 0x5556b043e70d in _start
> > + (/home/pzh/yyy/x86_64-native-linuxapp-gcc/app/test/dpdk-
> test+0x7ce70
> > + d)
> > +
> > + Address 0x7f773fafa249 is a wild pointer.
> > + SUMMARY: AddressSanitizer: heap-buffer-overflow
> > + ../app/test/test_asan_heap_buffer_overflow.c:25 in
> > + asan_heap_buffer_overflow
> > +
> > +Example use-after-free error
> > +----------------------------
> > +
> > +Following error was reported when ASan was enabled::
> > +
> > + Applied for 9 bytes of memory, and accessed the first byte after
> > + released, so heap-use-after-free appeared.
> > +
> > +Below code results in this error::
> > +
> > + char *p = rte_zmalloc(NULL, 9, 0);
> > + if (!p) {
> > + printf("rte_zmalloc error.");
> > + return -1;
> > + }
> > + rte_free(p);
> > + *p = 'a';
> > +
> > +The error log::
> > +
> > + ==49478==ERROR: AddressSanitizer: heap-use-after-free on address
> 0x7fe2ffafa240 at pc 0x56409b084bc8 bp 0x7ffef62c57d0 sp 0x7ffef62c57c0
> WRITE of size 1 at 0x7fe2ffafa240 thread T0
> > + #0 0x56409b084bc7 in asan_use_after_free
> > + ../app/test/test_asan_use_after_free.c:26
>
> Idem.
>
>
> > + #1 0x56409a1059d4 in
> cmd_autotest_parsed ../app/test/commands.c:71
> > + #2 0x56409b9a44b0 in
> cmdline_parse ../lib/cmdline/cmdline_parse.c:290
> > + #3 0x56409b99f987 in cmdline_valid_buffer ../lib/cmdline/cmdline.c:26
> > + #4 0x56409b9ab77a in
> rdline_char_in ../lib/cmdline/cmdline_rdline.c:421
> > + #5 0x56409b9a023e in cmdline_in ../lib/cmdline/cmdline.c:149
> > + #6 0x56409b9a0769 in cmdline_interact ../lib/cmdline/cmdline.c:223
> > + #7 0x56409a12653b in main ../app/test/test.c:234
> > + #8 0x7feafafc20b2 in __libc_start_main (/lib/x86_64-linux-
> gnu/libc.so.6+0x270b2)
> > + #9 0x56409a10570d in _start
> > + (/home/pzh/yyy/x86_64-native-linuxapp-gcc/app/test/dpdk-
> test+0x7ce70
> > + d)
> > +
> > + Address 0x7fe2ffafa240 is a wild pointer.
> > + SUMMARY: AddressSanitizer: heap-use-after-free
> > + ../app/test/test_asan_use_after_free.c:26 in asan_use_after_free
>
>
> --
> David Marchand
On Thu, Sep 30, 2021 at 10:20:00AM +0200, David Marchand wrote:
> Hello,
>
> I see v6 is superseded in pw, I have been cleaning my queue... maybe my fault.
>
>
> On Thu, Sep 30, 2021 at 7:37 AM <zhihongx.peng@intel.com> wrote:
> >
> > From: Zhihong Peng <zhihongx.peng@intel.com>
> >
> > AddressSanitizer (ASan) is a google memory error detect
> > standard tool. It could help to detect use-after-free and
> > {heap,stack,global}-buffer overflow bugs in C/C++ programs,
> > print detailed error information when error happens, large
> > improve debug efficiency.
> >
> > `AddressSanitizer
> > <https://github.com/google/sanitizers/wiki/AddressSanitizer>` (ASan)
> > is a widely-used debugging tool to detect memory access errors.
> > It helps detect issues like use-after-free, various kinds of buffer
> > overruns in C/C++ programs, and other similar errors, as well as
> > printing out detailed debug information whenever an error is detected.
>
> This patch mixes how to use ASan and instrumenting the DPDK mem allocator.
>
> I would split this patch in two.
>
> The first patch can add the documentation on enabling/using ASan and
> describe the known issues on enabling it.
> I'd find it better (from a user pov) if we hide all those details
> about b_lundef and installation of libasan on Centos.
>
> Something like (only quickly tested):
>
> diff --git a/config/meson.build b/config/meson.build
> index 4cdf589e20..7d8b71da79 100644
> --- a/config/meson.build
> +++ b/config/meson.build
> @@ -411,6 +411,33 @@ if get_option('b_lto')
> endif
> endif
>
> +if get_option('b_sanitize') == 'address'
> + asan_dep = cc.find_library('asan', required: true)
> + if (not cc.links('int main(int argc, char *argv[]) { return 0; }',
> + dependencies: asan_dep))
> + error('broken dependency, "libasan"')
> + endif
> + add_project_link_arguments('-lasan', language: 'c')
> + dpdk_extra_ldflags += '-lasan'
> +endif
> +
> if get_option('default_library') == 'both'
> error( '''
> Unsupported value "both" for "default_library" option.
>
>
> Bruce, do you see an issue with this approach?
>
Apologies for delayed reply on this.
No issue with this approach on my end, seems reasonable. Just watch out
that b_sanitize can have "address,undefined" as a possible value, so if we
want to support that, we can't just check directly for the literal string
"address"
>
> Then a second patch adds the rte_malloc instrumentation, with a check
> at configuration time.
>
> endif
> add_project_link_arguments('-lasan', language: 'c')
> dpdk_extra_ldflags += '-lasan'
> + if arch_subdir == 'x86'
> + asan_check_code = '''
> +#ifdef __SANITIZE_ADDRESS__
> +#define RTE_MALLOC_ASAN
> +#elif defined(__has_feature)
> +# if __has_feature(address_sanitizer)
> +#define RTE_MALLOC_ASAN
> +# endif
> +#endif
> +
> +#ifndef RTE_MALLOC_ASAN
> +#error ASan not available.
> +#endif
> +'''
> + if cc.compiles(asan_check_code)
> + dpdk_conf.set10('RTE_MALLOC_ASAN', true)
> + endif
> + endif
> endif
>
Apologies, but I haven't been tracking this set in much detail.
Do we really need this second configuration check? Should it, or could it,
be merged into the check above for the asan library presence?
/Bruce
> -----Original Message-----
> From: Richardson, Bruce <bruce.richardson@intel.com>
> Sent: Wednesday, October 13, 2021 4:00 PM
> To: David Marchand <david.marchand@redhat.com>
> Cc: Peng, ZhihongX <zhihongx.peng@intel.com>; Burakov, Anatoly
> <anatoly.burakov@intel.com>; Ananyev, Konstantin
> <konstantin.ananyev@intel.com>; Stephen Hemminger
> <stephen@networkplumber.org>; dev <dev@dpdk.org>; Lin, Xueqin
> <xueqin.lin@intel.com>; Thomas Monjalon <thomas@monjalon.net>
> Subject: Re: [dpdk-dev] [PATCH v6 1/2] Enable ASan for memory detector on
> DPDK
>
> On Thu, Sep 30, 2021 at 10:20:00AM +0200, David Marchand wrote:
> > Hello,
> >
> > I see v6 is superseded in pw, I have been cleaning my queue... maybe my
> fault.
> >
> >
> > On Thu, Sep 30, 2021 at 7:37 AM <zhihongx.peng@intel.com> wrote:
> > >
> > > From: Zhihong Peng <zhihongx.peng@intel.com>
> > >
> > > AddressSanitizer (ASan) is a google memory error detect standard
> > > tool. It could help to detect use-after-free and
> > > {heap,stack,global}-buffer overflow bugs in C/C++ programs, print
> > > detailed error information when error happens, large improve debug
> > > efficiency.
> > >
> > > `AddressSanitizer
> > > <https://github.com/google/sanitizers/wiki/AddressSanitizer>` (ASan)
> > > is a widely-used debugging tool to detect memory access errors.
> > > It helps detect issues like use-after-free, various kinds of buffer
> > > overruns in C/C++ programs, and other similar errors, as well as
> > > printing out detailed debug information whenever an error is detected.
> >
> > This patch mixes how to use ASan and instrumenting the DPDK mem
> allocator.
> >
> > I would split this patch in two.
> >
> > The first patch can add the documentation on enabling/using ASan and
> > describe the known issues on enabling it.
> > I'd find it better (from a user pov) if we hide all those details
> > about b_lundef and installation of libasan on Centos.
> >
> > Something like (only quickly tested):
> >
> > diff --git a/config/meson.build b/config/meson.build index
> > 4cdf589e20..7d8b71da79 100644
> > --- a/config/meson.build
> > +++ b/config/meson.build
> > @@ -411,6 +411,33 @@ if get_option('b_lto')
> > endif
> > endif
> >
> > +if get_option('b_sanitize') == 'address'
> > + asan_dep = cc.find_library('asan', required: true)
> > + if (not cc.links('int main(int argc, char *argv[]) { return 0; }',
> > + dependencies: asan_dep))
> > + error('broken dependency, "libasan"')
> > + endif
> > + add_project_link_arguments('-lasan', language: 'c')
> > + dpdk_extra_ldflags += '-lasan'
> > +endif
> > +
> > if get_option('default_library') == 'both'
> > error( '''
> > Unsupported value "both" for "default_library" option.
> >
> >
> > Bruce, do you see an issue with this approach?
> >
>
> Apologies for delayed reply on this.
>
> No issue with this approach on my end, seems reasonable. Just watch out
> that b_sanitize can have "address,undefined" as a possible value, so if we
> want to support that, we can't just check directly for the literal string
> "address"
>
> >
> > Then a second patch adds the rte_malloc instrumentation, with a check
> > at configuration time.
> >
> > endif
> > add_project_link_arguments('-lasan', language: 'c')
> > dpdk_extra_ldflags += '-lasan'
> > + if arch_subdir == 'x86'
> > + asan_check_code = '''
> > +#ifdef __SANITIZE_ADDRESS__
> > +#define RTE_MALLOC_ASAN
> > +#elif defined(__has_feature)
> > +# if __has_feature(address_sanitizer) #define RTE_MALLOC_ASAN #
> endif
> > +#endif
> > +
> > +#ifndef RTE_MALLOC_ASAN
> > +#error ASan not available.
> > +#endif
> > +'''
> > + if cc.compiles(asan_check_code)
> > + dpdk_conf.set10('RTE_MALLOC_ASAN', true)
> > + endif
> > + endif
> > endif
> >
>
> Apologies, but I haven't been tracking this set in much detail.
> Do we really need this second configuration check? Should it, or could it, be
> merged into the check above for the asan library presence?
>
All code:
if get_option('b_sanitize') == 'address' or get_option('b_sanitize') == 'undefined'
if cc.get_id() == 'gcc'
asan_dep = cc.find_library('asan', required: true)
if (not cc.links('int main(int argc, char *argv[]) { return 0; }',
dependencies: asan_dep))
error('broken dependency, "libasan"')
endif
endif
if exec_env == 'linux' and arch_subdir == 'x86'
dpdk_conf.set10('RTE_MALLOC_ASAN', true)
endif
endif
Bruce, is this code correct?
Thanks!
> /Bruce
> -----Original Message-----
> From: dev <dev-bounces@dpdk.org> On Behalf Of Peng, ZhihongX
> Sent: Thursday, October 14, 2021 2:34 PM
> To: Richardson, Bruce <bruce.richardson@intel.com>; David Marchand
> <david.marchand@redhat.com>
> Cc: Burakov, Anatoly <anatoly.burakov@intel.com>; Ananyev, Konstantin
> <konstantin.ananyev@intel.com>; Stephen Hemminger
> <stephen@networkplumber.org>; dev <dev@dpdk.org>; Lin, Xueqin
> <xueqin.lin@intel.com>; Thomas Monjalon <thomas@monjalon.net>
> Subject: Re: [dpdk-dev] [PATCH v6 1/2] Enable ASan for memory detector on
> DPDK
>
> > -----Original Message-----
> > From: Richardson, Bruce <bruce.richardson@intel.com>
> > Sent: Wednesday, October 13, 2021 4:00 PM
> > To: David Marchand <david.marchand@redhat.com>
> > Cc: Peng, ZhihongX <zhihongx.peng@intel.com>; Burakov, Anatoly
> > <anatoly.burakov@intel.com>; Ananyev, Konstantin
> > <konstantin.ananyev@intel.com>; Stephen Hemminger
> > <stephen@networkplumber.org>; dev <dev@dpdk.org>; Lin, Xueqin
> > <xueqin.lin@intel.com>; Thomas Monjalon <thomas@monjalon.net>
> > Subject: Re: [dpdk-dev] [PATCH v6 1/2] Enable ASan for memory detector
> > on DPDK
> >
> > On Thu, Sep 30, 2021 at 10:20:00AM +0200, David Marchand wrote:
> > > Hello,
> > >
> > > I see v6 is superseded in pw, I have been cleaning my queue... maybe
> > > my
> > fault.
> > >
> > >
> > > On Thu, Sep 30, 2021 at 7:37 AM <zhihongx.peng@intel.com> wrote:
> > > >
> > > > From: Zhihong Peng <zhihongx.peng@intel.com>
> > > >
> > > > AddressSanitizer (ASan) is a google memory error detect standard
> > > > tool. It could help to detect use-after-free and
> > > > {heap,stack,global}-buffer overflow bugs in C/C++ programs, print
> > > > detailed error information when error happens, large improve debug
> > > > efficiency.
> > > >
> > > > `AddressSanitizer
> > > > <https://github.com/google/sanitizers/wiki/AddressSanitizer>`
> > > > (ASan) is a widely-used debugging tool to detect memory access errors.
> > > > It helps detect issues like use-after-free, various kinds of
> > > > buffer overruns in C/C++ programs, and other similar errors, as
> > > > well as printing out detailed debug information whenever an error is
> detected.
> > >
> > > This patch mixes how to use ASan and instrumenting the DPDK mem
> > allocator.
> > >
> > > I would split this patch in two.
> > >
> > > The first patch can add the documentation on enabling/using ASan and
> > > describe the known issues on enabling it.
> > > I'd find it better (from a user pov) if we hide all those details
> > > about b_lundef and installation of libasan on Centos.
> > >
> > > Something like (only quickly tested):
> > >
> > > diff --git a/config/meson.build b/config/meson.build index
> > > 4cdf589e20..7d8b71da79 100644
> > > --- a/config/meson.build
> > > +++ b/config/meson.build
> > > @@ -411,6 +411,33 @@ if get_option('b_lto')
> > > endif
> > > endif
> > >
> > > +if get_option('b_sanitize') == 'address'
> > > + asan_dep = cc.find_library('asan', required: true)
> > > + if (not cc.links('int main(int argc, char *argv[]) { return 0; }',
> > > + dependencies: asan_dep))
> > > + error('broken dependency, "libasan"')
> > > + endif
> > > + add_project_link_arguments('-lasan', language: 'c')
> > > + dpdk_extra_ldflags += '-lasan'
> > > +endif
> > > +
> > > if get_option('default_library') == 'both'
> > > error( '''
> > > Unsupported value "both" for "default_library" option.
> > >
> > >
> > > Bruce, do you see an issue with this approach?
> > >
> >
> > Apologies for delayed reply on this.
> >
> > No issue with this approach on my end, seems reasonable. Just watch
> > out that b_sanitize can have "address,undefined" as a possible value,
> > so if we want to support that, we can't just check directly for the
> > literal string "address"
> >
> > >
> > > Then a second patch adds the rte_malloc instrumentation, with a
> > > check at configuration time.
> > >
> > > endif
> > > add_project_link_arguments('-lasan', language: 'c')
> > > dpdk_extra_ldflags += '-lasan'
> > > + if arch_subdir == 'x86'
> > > + asan_check_code = '''
> > > +#ifdef __SANITIZE_ADDRESS__
> > > +#define RTE_MALLOC_ASAN
> > > +#elif defined(__has_feature)
> > > +# if __has_feature(address_sanitizer) #define RTE_MALLOC_ASAN #
> > endif
> > > +#endif
> > > +
> > > +#ifndef RTE_MALLOC_ASAN
> > > +#error ASan not available.
> > > +#endif
> > > +'''
> > > + if cc.compiles(asan_check_code)
> > > + dpdk_conf.set10('RTE_MALLOC_ASAN', true)
> > > + endif
> > > + endif
> > > endif
> > >
> >
> > Apologies, but I haven't been tracking this set in much detail.
> > Do we really need this second configuration check? Should it, or could
> > it, be merged into the check above for the asan library presence?
> >
>
> All code:
> if get_option('b_sanitize') == 'address' or get_option('b_sanitize') ==
> 'undefined'
> if cc.get_id() == 'gcc'
> asan_dep = cc.find_library('asan', required: true)
> if (not cc.links('int main(int argc, char *argv[]) { return 0; }',
> dependencies: asan_dep))
> error('broken dependency, "libasan"')
> endif
> endif
>
> if exec_env == 'linux' and arch_subdir == 'x86'
> dpdk_conf.set10('RTE_MALLOC_ASAN', true)
> endif
> endif
>
Modify:
if get_option('b_sanitize') == 'address' or get_option('b_sanitize') == 'undefined'
if cc.get_id() == 'gcc'
asan_dep = cc.find_library('asan', required: true)
if (not cc.links('int main(int argc, char *argv[]) { return 0; }',
dependencies: asan_dep))
error('broken dependency, "libasan"')
endif
endif
if get_option('b_sanitize') == 'address'
if exec_env == 'linux' and arch_subdir == 'x86'
dpdk_conf.set10('RTE_MALLOC_ASAN', true)
endif
endif
endif
> Bruce, is this code correct?
> Thanks!
> > /Bruce
@@ -86,3 +86,4 @@ VXLAN
Windows
XDP
XOR
+ASan
new file mode 100644
@@ -0,0 +1,108 @@
+.. Copyright (c) <2021>, Intel Corporation
+ All rights reserved.
+
+Memory error detect standard tool - AddressSanitizer(ASan)
+==========================================================
+
+AddressSanitizer (ASan) is a google memory error detect
+standard tool. It could help to detect use-after-free and
+{heap,stack,global}-buffer overflow bugs in C/C++ programs,
+print detailed error information when error happens, large
+improve debug efficiency.
+
+By referring to its implementation algorithm
+(https://github.com/google/sanitizers/wiki/AddressSanitizerAlgorithm),
+enabled heap-buffer-overflow and use-after-free functions on DPDK.
+DPDK ASan function currently only supports on Linux x86_64.
+
+AddressSanitizer is a part of LLVM(3.1+)and GCC(4.8+).
+
+Example heap-buffer-overflow error
+----------------------------------
+
+Following error was reported when ASan was enabled::
+
+ Applied 9 bytes of memory, but accessed the 10th byte of memory,
+ so heap-buffer-overflow appeared.
+
+Below code results in this error::
+
+ char *p = rte_zmalloc(NULL, 9, 0);
+ if (!p) {
+ printf("rte_zmalloc error.");
+ return -1;
+ }
+ p[9] = 'a';
+
+The error log::
+
+ ==49433==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x7f773fafa249 at pc 0x5556b13bdae4 bp 0x7ffeb4965e40 sp 0x7ffeb4965e30 WRITE of size 1 at 0x7f773fafa249 thread T0
+ #0 0x5556b13bdae3 in asan_heap_buffer_overflow ../app/test/test_asan_heap_buffer_overflow.c:25
+ #1 0x5556b043e9d4 in cmd_autotest_parsed ../app/test/commands.c:71
+ #2 0x5556b1cdd4b0 in cmdline_parse ../lib/cmdline/cmdline_parse.c:290
+ #3 0x5556b1cd8987 in cmdline_valid_buffer ../lib/cmdline/cmdline.c:26
+ #4 0x5556b1ce477a in rdline_char_in ../lib/cmdline/cmdline_rdline.c:421
+ #5 0x5556b1cd923e in cmdline_in ../lib/cmdline/cmdline.c:149
+ #6 0x5556b1cd9769 in cmdline_interact ../lib/cmdline/cmdline.c:223
+ #7 0x5556b045f53b in main ../app/test/test.c:234
+ #8 0x7f7f1eba90b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
+ #9 0x5556b043e70d in _start (/home/pzh/yyy/x86_64-native-linuxapp-gcc/app/test/dpdk-test+0x7ce70d)
+
+ Address 0x7f773fafa249 is a wild pointer.
+ SUMMARY: AddressSanitizer: heap-buffer-overflow ../app/test/test_asan_heap_buffer_overflow.c:25 in asan_heap_buffer_overflow
+
+Example use-after-free error
+----------------------------
+
+Following error was reported when ASan was enabled::
+
+ Applied for 9 bytes of memory, and accessed the first byte after
+ released, so heap-use-after-free appeared.
+
+Below code results in this error::
+
+ char *p = rte_zmalloc(NULL, 9, 0);
+ if (!p) {
+ printf("rte_zmalloc error.");
+ return -1;
+ }
+ rte_free(p);
+ *p = 'a';
+
+The error log::
+
+ ==49478==ERROR: AddressSanitizer: heap-use-after-free on address 0x7fe2ffafa240 at pc 0x56409b084bc8 bp 0x7ffef62c57d0 sp 0x7ffef62c57c0 WRITE of size 1 at 0x7fe2ffafa240 thread T0
+ #0 0x56409b084bc7 in asan_use_after_free ../app/test/test_asan_use_after_free.c:26
+ #1 0x56409a1059d4 in cmd_autotest_parsed ../app/test/commands.c:71
+ #2 0x56409b9a44b0 in cmdline_parse ../lib/cmdline/cmdline_parse.c:290
+ #3 0x56409b99f987 in cmdline_valid_buffer ../lib/cmdline/cmdline.c:26
+ #4 0x56409b9ab77a in rdline_char_in ../lib/cmdline/cmdline_rdline.c:421
+ #5 0x56409b9a023e in cmdline_in ../lib/cmdline/cmdline.c:149
+ #6 0x56409b9a0769 in cmdline_interact ../lib/cmdline/cmdline.c:223
+ #7 0x56409a12653b in main ../app/test/test.c:234
+ #8 0x7feafafc20b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
+ #9 0x56409a10570d in _start (/home/pzh/yyy/x86_64-native-linuxapp-gcc/app/test/dpdk-test+0x7ce70d)
+
+ Address 0x7fe2ffafa240 is a wild pointer.
+ SUMMARY: AddressSanitizer: heap-use-after-free ../app/test/test_asan_use_after_free.c:26 in asan_use_after_free
+
+Usage
+-----
+
+meson build
+^^^^^^^^^^^
+
+To enable ASan in meson build system, use following meson build command:
+
+Example usage::
+
+ meson build -Dbuildtype=debug -Db_lundef=false -Db_sanitize=address
+ ninja -C build
+
+.. Note::
+
+ a) Some of the features of ASan (for example, 'Display memory application location,currently
+ displayed as a wild pointer') are not currently supported by DPDK's implementation.
+ b) DPDK test has been completed in ubuntu18.04/ubuntu20.04/redhat8.3. Centos needs to install
+ libasan separately.
+ c) If the program uses cmdline, when a memory bug occurs, need to execute the "stty echo" command.
@@ -71,3 +71,4 @@ Programmer's Guide
lto
profile_app
glossary
+ ASan
@@ -14,6 +14,7 @@
#include <rte_per_lcore.h>
#include <rte_lcore.h>
#include <rte_debug.h>
+#include <rte_malloc.h>
/* Launch a function on lcore. 8< */
static int
@@ -38,6 +39,10 @@ main(int argc, char **argv)
rte_panic("Cannot init EAL\n");
/* >8 End of initialization of Environment Abstraction Layer */
+ char *p = (char *)rte_malloc(NULL, 9, 0);
+ rte_free(p);
+ p[5] = 'a';
+
/* Launches the function on each lcore. 8< */
RTE_LCORE_FOREACH_WORKER(lcore_id) {
/* Simpler equivalent. 8< */
@@ -446,6 +446,8 @@ malloc_elem_alloc(struct malloc_elem *elem, size_t size, unsigned align,
struct malloc_elem *new_free_elem =
RTE_PTR_ADD(new_elem, size + MALLOC_ELEM_OVERHEAD);
+ asan_clear_split_alloczone(new_free_elem);
+
split_elem(elem, new_free_elem);
malloc_elem_free_list_insert(new_free_elem);
@@ -458,6 +460,8 @@ malloc_elem_alloc(struct malloc_elem *elem, size_t size, unsigned align,
elem->state = ELEM_BUSY;
elem->pad = old_elem_size;
+ asan_clear_alloczone(elem);
+
/* put a dummy header in padding, to point to real element header */
if (elem->pad > 0) { /* pad will be at least 64-bytes, as everything
* is cache-line aligned */
@@ -470,12 +474,18 @@ malloc_elem_alloc(struct malloc_elem *elem, size_t size, unsigned align,
return new_elem;
}
+ asan_clear_split_alloczone(new_elem);
+
/* we are going to split the element in two. The original element
* remains free, and the new element is the one allocated.
* Re-insert original element, in case its new size makes it
* belong on a different list.
*/
+
split_elem(elem, new_elem);
+
+ asan_clear_alloczone(new_elem);
+
new_elem->state = ELEM_BUSY;
malloc_elem_free_list_insert(elem);
@@ -601,6 +611,8 @@ malloc_elem_hide_region(struct malloc_elem *elem, void *start, size_t len)
if (next && next_elem_is_adjacent(elem)) {
len_after = RTE_PTR_DIFF(next, hide_end);
if (len_after >= MALLOC_ELEM_OVERHEAD + MIN_DATA_SIZE) {
+ asan_clear_split_alloczone(hide_end);
+
/* split after */
split_elem(elem, hide_end);
@@ -615,6 +627,8 @@ malloc_elem_hide_region(struct malloc_elem *elem, void *start, size_t len)
if (prev && prev_elem_is_adjacent(elem)) {
len_before = RTE_PTR_DIFF(hide_start, elem);
if (len_before >= MALLOC_ELEM_OVERHEAD + MIN_DATA_SIZE) {
+ asan_clear_split_alloczone(hide_start);
+
/* split before */
split_elem(elem, hide_start);
@@ -628,6 +642,8 @@ malloc_elem_hide_region(struct malloc_elem *elem, void *start, size_t len)
}
}
+ asan_clear_alloczone(elem);
+
remove_elem(elem);
}
@@ -641,8 +657,10 @@ malloc_elem_resize(struct malloc_elem *elem, size_t size)
const size_t new_size = size + elem->pad + MALLOC_ELEM_OVERHEAD;
/* if we request a smaller size, then always return ok */
- if (elem->size >= new_size)
+ if (elem->size >= new_size) {
+ asan_clear_alloczone(elem);
return 0;
+ }
/* check if there is a next element, it's free and adjacent */
if (!elem->next || elem->next->state != ELEM_FREE ||
@@ -661,9 +679,15 @@ malloc_elem_resize(struct malloc_elem *elem, size_t size)
/* now we have a big block together. Lets cut it down a bit, by splitting */
struct malloc_elem *split_pt = RTE_PTR_ADD(elem, new_size);
split_pt = RTE_PTR_ALIGN_CEIL(split_pt, RTE_CACHE_LINE_SIZE);
+
+ asan_clear_split_alloczone(split_pt);
+
split_elem(elem, split_pt);
malloc_elem_free_list_insert(split_pt);
}
+
+ asan_clear_alloczone(elem);
+
return 0;
}
@@ -7,6 +7,16 @@
#include <stdbool.h>
+#ifdef RTE_ARCH_X86_64
+#ifdef __SANITIZE_ADDRESS__
+#define RTE_MALLOC_ASAN
+#elif defined(__has_feature)
+# if __has_feature(address_sanitizer)
+#define RTE_MALLOC_ASAN
+# endif
+#endif
+#endif
+
#define MIN_DATA_SIZE (RTE_CACHE_LINE_SIZE)
/* dummy definition of struct so we can use pointers to it in malloc_elem struct */
@@ -36,10 +46,20 @@ struct malloc_elem {
uint64_t header_cookie; /* Cookie marking start of data */
/* trailer cookie at start + size */
#endif
+#ifdef RTE_MALLOC_ASAN
+ size_t user_size;
+ uint64_t asan_cookie[2]; /* must be next to header_cookie */
+#endif
} __rte_cache_aligned;
+static const unsigned int MALLOC_ELEM_HEADER_LEN = sizeof(struct malloc_elem);
+
#ifndef RTE_MALLOC_DEBUG
-static const unsigned MALLOC_ELEM_TRAILER_LEN = 0;
+#ifdef RTE_MALLOC_ASAN
+static const unsigned int MALLOC_ELEM_TRAILER_LEN = RTE_CACHE_LINE_SIZE;
+#else
+static const unsigned int MALLOC_ELEM_TRAILER_LEN;
+#endif
/* dummy function - just check if pointer is non-null */
static inline int
@@ -55,7 +75,7 @@ set_trailer(struct malloc_elem *elem __rte_unused){ }
#else
-static const unsigned MALLOC_ELEM_TRAILER_LEN = RTE_CACHE_LINE_SIZE;
+static const unsigned int MALLOC_ELEM_TRAILER_LEN = RTE_CACHE_LINE_SIZE;
#define MALLOC_HEADER_COOKIE 0xbadbadbadadd2e55ULL /**< Header cookie. */
#define MALLOC_TRAILER_COOKIE 0xadd2e55badbadbadULL /**< Trailer cookie.*/
@@ -90,9 +110,187 @@ malloc_elem_cookies_ok(const struct malloc_elem *elem)
#endif
-static const unsigned MALLOC_ELEM_HEADER_LEN = sizeof(struct malloc_elem);
#define MALLOC_ELEM_OVERHEAD (MALLOC_ELEM_HEADER_LEN + MALLOC_ELEM_TRAILER_LEN)
+#ifdef RTE_MALLOC_ASAN
+
+#ifdef RTE_ARCH_X86_64
+#define ASAN_SHADOW_OFFSET 0x00007fff8000
+#endif
+
+#define ASAN_SHADOW_GRAIN_SIZE 8
+#define ASAN_MEM_FREE_FLAG 0xfd
+#define ASAN_MEM_REDZONE_FLAG 0xfa
+#define ASAN_SHADOW_SCALE 3
+
+#define ASAN_MEM_SHIFT(mem) ((void *)((uintptr_t)(mem) >> ASAN_SHADOW_SCALE))
+#define ASAN_MEM_TO_SHADOW(mem) \
+ RTE_PTR_ADD(ASAN_MEM_SHIFT(mem), ASAN_SHADOW_OFFSET)
+
+#if defined(__clang__)
+__attribute__((no_sanitize("address", "hwaddress")))
+#else
+__attribute__((no_sanitize_address))
+#endif
+static inline void
+asan_set_shadow(void *addr, char val)
+{
+ *(char *)addr = val;
+}
+
+static inline void
+asan_set_zone(void *ptr, size_t len, uint32_t val)
+{
+ size_t offset, i;
+ void *shadow;
+ size_t zone_len = len / ASAN_SHADOW_GRAIN_SIZE;
+ if (len % ASAN_SHADOW_GRAIN_SIZE != 0)
+ zone_len += 1;
+
+ for (i = 0; i < zone_len; i++) {
+ offset = i * ASAN_SHADOW_GRAIN_SIZE;
+ shadow = ASAN_MEM_TO_SHADOW(((uintptr_t)ptr + offset));
+ asan_set_shadow(shadow, val);
+ }
+}
+
+/*
+ * When the memory is released, the release mark is
+ * set in the corresponding range of the shadow area.
+ */
+static inline void
+asan_set_freezone(void *ptr, size_t size)
+{
+ asan_set_zone(ptr, size, ASAN_MEM_FREE_FLAG);
+}
+
+/*
+ * When the memory is allocated, memory state must set as accessible.
+ */
+static inline void
+asan_clear_alloczone(struct malloc_elem *elem)
+{
+ asan_set_zone((void *)elem, elem->size, 0x0);
+}
+
+static inline void
+asan_clear_split_alloczone(struct malloc_elem *elem)
+{
+ void *ptr = RTE_PTR_SUB(elem, MALLOC_ELEM_TRAILER_LEN);
+ asan_set_zone(ptr, MALLOC_ELEM_OVERHEAD, 0x0);
+}
+
+/*
+ * When the memory is allocated, the memory boundary is
+ * marked in the corresponding range of the shadow area.
+ * Requirement: redzone >= 16, is a power of two.
+ */
+static inline void
+asan_set_redzone(struct malloc_elem *elem, size_t user_size)
+{
+ uintptr_t head_redzone;
+ uintptr_t tail_redzone;
+ void *front_shadow;
+ void *tail_shadow;
+ uint32_t val;
+
+ if (elem != NULL) {
+ if (elem->state != ELEM_PAD)
+ elem = RTE_PTR_ADD(elem, elem->pad);
+
+ elem->user_size = user_size;
+
+ /* Set mark before the start of the allocated memory */
+ head_redzone = (uintptr_t)RTE_PTR_ADD(elem,
+ MALLOC_ELEM_HEADER_LEN - ASAN_SHADOW_GRAIN_SIZE);
+ front_shadow = ASAN_MEM_TO_SHADOW(head_redzone);
+ asan_set_shadow(front_shadow, ASAN_MEM_REDZONE_FLAG);
+ front_shadow = ASAN_MEM_TO_SHADOW(head_redzone
+ - ASAN_SHADOW_GRAIN_SIZE);
+ asan_set_shadow(front_shadow, ASAN_MEM_REDZONE_FLAG);
+
+ /* Set mark after the end of the allocated memory */
+ tail_redzone = (uintptr_t)RTE_PTR_ADD(elem,
+ MALLOC_ELEM_HEADER_LEN
+ + elem->user_size);
+ tail_shadow = ASAN_MEM_TO_SHADOW(tail_redzone);
+ val = (tail_redzone % ASAN_SHADOW_GRAIN_SIZE);
+ val = (val == 0) ? ASAN_MEM_REDZONE_FLAG : val;
+ asan_set_shadow(tail_shadow, val);
+ tail_shadow = ASAN_MEM_TO_SHADOW(tail_redzone
+ + ASAN_SHADOW_GRAIN_SIZE);
+ asan_set_shadow(tail_shadow, ASAN_MEM_REDZONE_FLAG);
+ }
+}
+
+/*
+ * When the memory is released, the mark of the memory boundary
+ * in the corresponding range of the shadow area is cleared.
+ * Requirement: redzone >= 16, is a power of two.
+ */
+static inline void
+asan_clear_redzone(struct malloc_elem *elem)
+{
+ uintptr_t head_redzone;
+ uintptr_t tail_redzone;
+ void *head_shadow;
+ void *tail_shadow;
+
+ if (elem != NULL) {
+ elem = RTE_PTR_ADD(elem, elem->pad);
+
+ /* Clear mark before the start of the allocated memory */
+ head_redzone = (uintptr_t)RTE_PTR_ADD(elem,
+ MALLOC_ELEM_HEADER_LEN - ASAN_SHADOW_GRAIN_SIZE);
+ head_shadow = ASAN_MEM_TO_SHADOW(head_redzone);
+ asan_set_shadow(head_shadow, 0x00);
+ head_shadow = ASAN_MEM_TO_SHADOW(head_redzone
+ - ASAN_SHADOW_GRAIN_SIZE);
+ asan_set_shadow(head_shadow, 0x00);
+
+ /* Clear mark after the end of the allocated memory */
+ tail_redzone = (uintptr_t)RTE_PTR_ADD(elem,
+ MALLOC_ELEM_HEADER_LEN + elem->user_size);
+ tail_shadow = ASAN_MEM_TO_SHADOW(tail_redzone);
+ asan_set_shadow(tail_shadow, 0x00);
+ tail_shadow = ASAN_MEM_TO_SHADOW(tail_redzone
+ + ASAN_SHADOW_GRAIN_SIZE);
+ asan_set_shadow(tail_shadow, 0x00);
+ }
+}
+
+static inline size_t
+old_malloc_size(struct malloc_elem *elem)
+{
+ if (elem->state != ELEM_PAD)
+ elem = RTE_PTR_ADD(elem, elem->pad);
+
+ return elem->user_size;
+}
+#else
+static inline void
+asan_set_freezone(void *ptr __rte_unused, size_t size __rte_unused) { }
+
+static inline void
+asan_clear_alloczone(struct malloc_elem *elem __rte_unused) { }
+
+static inline void
+asan_clear_split_alloczone(struct malloc_elem *elem __rte_unused) { }
+
+static inline void
+asan_set_redzone(struct malloc_elem *elem __rte_unused,
+ size_t user_size __rte_unused) { }
+
+static inline void
+asan_clear_redzone(struct malloc_elem *elem __rte_unused) { }
+
+static inline size_t
+old_malloc_size(struct malloc_elem *elem)
+{
+ return elem->size - elem->pad - MALLOC_ELEM_OVERHEAD;
+}
+#endif
+
/*
* Given a pointer to the start of a memory block returned by malloc, get
* the actual malloc_elem header for that block.
@@ -237,6 +237,7 @@ heap_alloc(struct malloc_heap *heap, const char *type __rte_unused, size_t size,
unsigned int flags, size_t align, size_t bound, bool contig)
{
struct malloc_elem *elem;
+ size_t user_size = size;
size = RTE_CACHE_LINE_ROUNDUP(size);
align = RTE_CACHE_LINE_ROUNDUP(align);
@@ -250,6 +251,8 @@ heap_alloc(struct malloc_heap *heap, const char *type __rte_unused, size_t size,
/* increase heap's count of allocated elements */
heap->alloc_count++;
+
+ asan_set_redzone(elem, user_size);
}
return elem == NULL ? NULL : (void *)(&elem[1]);
@@ -270,6 +273,8 @@ heap_alloc_biggest(struct malloc_heap *heap, const char *type __rte_unused,
/* increase heap's count of allocated elements */
heap->alloc_count++;
+
+ asan_set_redzone(elem, size);
}
return elem == NULL ? NULL : (void *)(&elem[1]);
@@ -841,6 +846,8 @@ malloc_heap_free(struct malloc_elem *elem)
if (!malloc_elem_cookies_ok(elem) || elem->state != ELEM_BUSY)
return -1;
+ asan_clear_redzone(elem);
+
/* elem may be merged with previous element, so keep heap address */
heap = elem->heap;
msl = elem->msl;
@@ -848,6 +855,9 @@ malloc_heap_free(struct malloc_elem *elem)
rte_spinlock_lock(&(heap->lock));
+ void *asan_ptr = RTE_PTR_ADD(elem, MALLOC_ELEM_HEADER_LEN + elem->pad);
+ size_t asan_data_len = elem->size - MALLOC_ELEM_OVERHEAD - elem->pad;
+
/* mark element as free */
elem->state = ELEM_FREE;
@@ -1001,6 +1011,8 @@ malloc_heap_free(struct malloc_elem *elem)
rte_mcfg_mem_write_unlock();
free_unlock:
+ asan_set_freezone(asan_ptr, asan_data_len);
+
rte_spinlock_unlock(&(heap->lock));
return ret;
}
@@ -162,6 +162,8 @@ rte_calloc(const char *type, size_t num, size_t size, unsigned align)
void *
rte_realloc_socket(void *ptr, size_t size, unsigned int align, int socket)
{
+ size_t user_size;
+
if (ptr == NULL)
return rte_malloc_socket(NULL, size, align, socket);
@@ -171,6 +173,8 @@ rte_realloc_socket(void *ptr, size_t size, unsigned int align, int socket)
return NULL;
}
+ user_size = size;
+
size = RTE_CACHE_LINE_ROUNDUP(size), align = RTE_CACHE_LINE_ROUNDUP(align);
/* check requested socket id and alignment matches first, and if ok,
@@ -181,6 +185,9 @@ rte_realloc_socket(void *ptr, size_t size, unsigned int align, int socket)
RTE_PTR_ALIGN(ptr, align) == ptr &&
malloc_heap_resize(elem, size) == 0) {
rte_eal_trace_mem_realloc(size, align, socket, ptr);
+
+ asan_set_redzone(elem, user_size);
+
return ptr;
}
@@ -192,7 +199,7 @@ rte_realloc_socket(void *ptr, size_t size, unsigned int align, int socket)
if (new_ptr == NULL)
return NULL;
/* elem: |pad|data_elem|data|trailer| */
- const size_t old_size = elem->size - elem->pad - MALLOC_ELEM_OVERHEAD;
+ const size_t old_size = old_malloc_size(elem);
rte_memcpy(new_ptr, ptr, old_size < size ? old_size : size);
rte_free(ptr);