diff options
| author | Niels de Vos <ndevos@redhat.com> | 2015-03-26 11:25:58 +0100 |
|---|---|---|
| committer | Kaleb KEITHLEY <kkeithle@redhat.com> | 2015-03-30 05:37:07 -0700 |
| commit | 8a2e2b88fc21dc7879f838d18cd0413dd88023b7 (patch) | |
| tree | 459703725ec6411c57f6d3483888c3503afdbf38 /libglusterfs/src/mem-pool.h | |
| parent | 6a3024fe5953f51b51a7b9c2867d59c9e54c6d03 (diff) | |
mem-pool: invalidate memory on GF_FREE to aid debugging
Debugging where memory gets free'd with help from overwriting the memory
before it is free'd with some structures (repeatedly). The struct
mem_invalid starts with a magic value (0xdeadc0de), followed by a
pointer to the xlator, the mem-type. the size of the GF_?ALLOC()
requested area and the baseaddr pointer to what GF_?ALLOC() returned.
With these details, and the 'struct mem_header' that is placed when
calling GF_?ALLOC(), it is possible to identify overruns and possible
use-after-free. A memory dump (core) or running with a debugger is
needed to read the surrounding memory of corrupt structures.
This additional memory invalidation/poisoning needs to be enabled by
passing --enable-debug to ./configure.
Change-Id: I9f5f37dc4b5b59142adefc90897d32e89be67b82
Signed-off-by: Niels de Vos <ndevos@redhat.com>
Reviewed-on: http://review.gluster.org/10019
Reviewed-by: Venky Shankar <vshankar@redhat.com>
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Emmanuel Dreyfus <manu@netbsd.org>
Reviewed-by: Kaleb KEITHLEY <kkeithle@redhat.com>
Diffstat (limited to 'libglusterfs/src/mem-pool.h')
| -rw-r--r-- | libglusterfs/src/mem-pool.h | 21 |
1 files changed, 20 insertions, 1 deletions
diff --git a/libglusterfs/src/mem-pool.h b/libglusterfs/src/mem-pool.h index 2bbb45ae8a7..81fb579a0ab 100644 --- a/libglusterfs/src/mem-pool.h +++ b/libglusterfs/src/mem-pool.h @@ -31,10 +31,10 @@ #include <cmocka.h> #endif -#define GF_MEM_HEADER_SIZE (4 + sizeof (size_t) + sizeof (xlator_t *) + 4 + 8) #define GF_MEM_TRAILER_SIZE 8 #define GF_MEM_HEADER_MAGIC 0xCAFEBABE #define GF_MEM_TRAILER_MAGIC 0xBAADF00D +#define GF_MEM_INVALID_MAGIC 0xDEADC0DE struct mem_acct { uint32_t num_types; @@ -51,6 +51,25 @@ struct mem_acct_rec { gf_lock_t lock; }; +struct mem_header { + uint32_t type; + size_t size; + void *xlator; + uint32_t magic; + int padding[8]; +}; + +#define GF_MEM_HEADER_SIZE (sizeof (struct mem_header)) + +#ifdef DEBUG +struct mem_invalid { + uint32_t magic; + void *xlator; + uint32_t type; + size_t size; + void *baseaddr; +}; +#endif void * __gf_calloc (size_t cnt, size_t size, uint32_t type, const char *typestr); |