Skip to content

O
OpenXG-RAN
Commit 46dc7198 authored by winckel's avatar winckel
Browse files
Options

Added item status to check double free attempt. 

Splitted 32bits item info into two 16bits info.

git-svn-id: http://svn.eurecom.fr/openair4G/trunk@4757 818b1a75-f10b-46b9-bf7c-635c3b92a50f
parent 72dec1df
Show whitespace changes
Inline Side-by-side
Showing with 58 additions and 21 deletions
common/utils/itti/memory_pools.c
View file @ 46dc7198
...@@ -37,9 +37,13 @@ const static int mp_debug = 0; ...@@ -37,9 +37,13 @@ const static int mp_debug = 0;
#ifdef RTAI #ifdef RTAI
# define MP_DEBUG(x, args...) do { if (mp_debug) rt_printk("[MP][D]"x, ##args); } \ # define MP_DEBUG(x, args...) do { if (mp_debug) rt_printk("[MP][D]"x, ##args); } \
while(0) while(0)
# define MP_ERROR(x, args...) do { rt_printk("[MP][E]"x, ##args); } \
while(0)
#else #else
# define MP_DEBUG(x, args...) do { if (mp_debug) fprintf(stdout, "[MP][D]"x, ##args); fflush (stdout); } \ # define MP_DEBUG(x, args...) do { if (mp_debug) fprintf(stdout, "[MP][D]"x, ##args); fflush (stdout); } \
while(0) while(0)
# define MP_ERROR(x, args...) do { fprintf(stdout, "[MP][E]"x, ##args); } \
while(0)
#endif #endif
/*------------------------------------------------------------------------------*/ /*------------------------------------------------------------------------------*/
...@@ -71,12 +75,14 @@ typedef uint32_t pool_start_mark_t; ...@@ -71,12 +75,14 @@ typedef uint32_t pool_start_mark_t;
typedef uint32_t pools_start_mark_t; typedef uint32_t pools_start_mark_t;
typedef uint8_t pool_id_t; typedef uint8_t pool_id_t;
typedef uint8_t item_status_t;
typedef struct memory_pool_item_start_s { typedef struct memory_pool_item_start_s {
pool_item_start_mark_t start_mark; pool_item_start_mark_t start_mark;
pool_id_t pool_id; pool_id_t pool_id;
uint32_t info; item_status_t item_status;
uint16_t info[2];
} memory_pool_item_start_t; } memory_pool_item_start_t;
typedef struct memory_pool_item_end_s { typedef struct memory_pool_item_end_s {
...@@ -99,6 +105,7 @@ typedef struct memory_pool_s { ...@@ -99,6 +105,7 @@ typedef struct memory_pool_s {
memory_pool_item_t *items; memory_pool_item_t *items;
} memory_pool_t; } memory_pool_t;
typedef struct memory_pools_s { typedef struct memory_pools_s {
pools_start_mark_t start_mark; pools_start_mark_t start_mark;
...@@ -115,6 +122,9 @@ static const uint32_t MAX_POOL_ITEM_SIZE = 100 * 1000; ...@@ -115,6 +122,9 @@ static const uint32_t MAX_POOL_ITEM_SIZE = 100 * 1000;
static const pool_item_start_mark_t POOL_ITEM_START_MARK = CHARS_TO_UINT32 ('P', 'I', 's', 't'); static const pool_item_start_mark_t POOL_ITEM_START_MARK = CHARS_TO_UINT32 ('P', 'I', 's', 't');
static const pool_item_end_mark_t POOL_ITEM_END_MARK = CHARS_TO_UINT32 ('p', 'i', 'E', 'N'); static const pool_item_end_mark_t POOL_ITEM_END_MARK = CHARS_TO_UINT32 ('p', 'i', 'E', 'N');
static const item_status_t ITEM_STATUS_FREE = 'F';
static const item_status_t ITEM_STATUS_ALLOCATED = 'a';
static const pool_start_mark_t POOL_START_MARK = CHARS_TO_UINT32 ('P', '_', 's', 't'); static const pool_start_mark_t POOL_START_MARK = CHARS_TO_UINT32 ('P', '_', 's', 't');
static const pools_start_mark_t POOLS_START_MARK = CHARS_TO_UINT32 ('P', 'S', 's', 't'); static const pools_start_mark_t POOLS_START_MARK = CHARS_TO_UINT32 ('P', 'S', 's', 't');
...@@ -165,7 +175,11 @@ static inline void items_group_put_free_item (items_group_t *items_group, items_ ...@@ -165,7 +175,11 @@ static inline void items_group_put_free_item (items_group_t *items_group, items_
/* Calculate next position */ /* Calculate next position */
next = items_group->current + 1; next = items_group->current + 1;
/* Checks if next position is free */ /* Checks if next position is free */
if (items_group->indexes[next] == ITEMS_GROUP_INDEX_INVALID) if (items_group->indexes[next] != ITEMS_GROUP_INDEX_INVALID)
{
MP_DEBUG(" items_group_put_free_item (items_group->indexes[next] != ITEMS_GROUP_INDEX_INVALID) %d, %d\n", next, index);
}
else
{ {
/* Try to write index in next position */ /* Try to write index in next position */
index_previous = __sync_fetch_and_add (&items_group->indexes[next], index_to_add); index_previous = __sync_fetch_and_add (&items_group->indexes[next], index_to_add);
...@@ -175,6 +189,8 @@ static inline void items_group_put_free_item (items_group_t *items_group, items_ ...@@ -175,6 +189,8 @@ static inline void items_group_put_free_item (items_group_t *items_group, items_
/* Next position was not free anymore, restore its value */ /* Next position was not free anymore, restore its value */
__sync_fetch_and_add (&items_group->indexes[next], -index_to_add); __sync_fetch_and_add (&items_group->indexes[next], -index_to_add);
current = ITEMS_GROUP_POSITION_INVALID; current = ITEMS_GROUP_POSITION_INVALID;
MP_DEBUG(" items_group_put_free_item (index_previous != ITEMS_GROUP_INDEX_INVALID) %d\n", index);
} }
else else
{ {
...@@ -184,6 +200,8 @@ static inline void items_group_put_free_item (items_group_t *items_group, items_ ...@@ -184,6 +200,8 @@ static inline void items_group_put_free_item (items_group_t *items_group, items_
/* Next position content has been changed, restore its value */ /* Next position content has been changed, restore its value */
__sync_fetch_and_add (&items_group->indexes[next], -index_to_add); __sync_fetch_and_add (&items_group->indexes[next], -index_to_add);
current = ITEMS_GROUP_POSITION_INVALID; current = ITEMS_GROUP_POSITION_INVALID;
MP_DEBUG(" items_group_put_free_item (items_group->indexes[next] != index) %d\n", index);
} }
else else
{ {
...@@ -195,6 +213,8 @@ static inline void items_group_put_free_item (items_group_t *items_group, items_ ...@@ -195,6 +213,8 @@ static inline void items_group_put_free_item (items_group_t *items_group, items_
/* Current position does not match calculated next position, restore previous values */ /* Current position does not match calculated next position, restore previous values */
__sync_fetch_and_add (&items_group->current, -1); __sync_fetch_and_add (&items_group->current, -1);
__sync_fetch_and_add (&items_group->indexes[next], -index_to_add); __sync_fetch_and_add (&items_group->indexes[next], -index_to_add);
MP_DEBUG(" items_group_put_free_item (next != current) %d\n", index);
} }
} }
} }
...@@ -357,6 +377,7 @@ int memory_pools_add_pool (memory_pools_handle_t memory_pools_handle, uint32_t p ...@@ -357,6 +377,7 @@ int memory_pools_add_pool (memory_pools_handle_t memory_pools_handle, uint32_t p
memory_pool_item = memory_pool_item_from_index (memory_pool, item_index); memory_pool_item = memory_pool_item_from_index (memory_pool, item_index);
memory_pool_item->start.start_mark = POOL_ITEM_START_MARK; memory_pool_item->start.start_mark = POOL_ITEM_START_MARK;
memory_pool_item->start.pool_id = pool; memory_pool_item->start.pool_id = pool;
memory_pool_item->start.item_status = ITEM_STATUS_FREE;
memory_pool_item->data[memory_pool->item_data_number] = POOL_ITEM_END_MARK; memory_pool_item->data[memory_pool->item_data_number] = POOL_ITEM_END_MARK;
} }
} }
...@@ -366,7 +387,7 @@ int memory_pools_add_pool (memory_pools_handle_t memory_pools_handle, uint32_t p ...@@ -366,7 +387,7 @@ int memory_pools_add_pool (memory_pools_handle_t memory_pools_handle, uint32_t p
return (0); return (0);
} }
memory_pool_item_handle_t memory_pools_allocate (memory_pools_handle_t memory_pools_handle, uint32_t item_size, uint32_t info) memory_pool_item_handle_t memory_pools_allocate (memory_pools_handle_t memory_pools_handle, uint32_t item_size, uint16_t info_0, uint16_t info_1)
{ {
memory_pools_t *memory_pools; memory_pools_t *memory_pools;
memory_pool_item_t *memory_pool_item; memory_pool_item_t *memory_pool_item;
...@@ -403,22 +424,32 @@ memory_pool_item_handle_t memory_pools_allocate (memory_pools_handle_t memory_po ...@@ -403,22 +424,32 @@ memory_pool_item_handle_t memory_pools_allocate (memory_pools_handle_t memory_po
{ {
/* Convert item index into memory_pool_item address */ /* Convert item index into memory_pool_item address */
memory_pool_item = memory_pool_item_from_index (&memory_pools->pools[pool], item_index); memory_pool_item = memory_pool_item_from_index (&memory_pools->pools[pool], item_index);
memory_pool_item->start.info = info; /* Sanity check on item status, must be free */
DevCheck (memory_pool_item->start.item_status == ITEM_STATUS_FREE, memory_pool_item->start.item_status, pool, item_index);
memory_pool_item->start.item_status = ITEM_STATUS_ALLOCATED;
memory_pool_item->start.info[0] = info_0;
memory_pool_item->start.info[1] = info_1;
memory_pool_item_handle = memory_pool_item->data; memory_pool_item_handle = memory_pool_item->data;
MP_DEBUG(" Alloc [%2u][%6d]{%6u}, %4u, %6u, %p, %p, %p\n", MP_DEBUG(" Alloc [%2u][%6d]{%6u}, %3u %3u, %6u, %p, %p, %p\n",
pool, item_index, memory_pools->pools[pool].items_group_free.minimum, pool, item_index,
info, item_size, memory_pools->pools[pool].items, memory_pool_item, memory_pool_item_handle); memory_pools->pools[pool].items_group_free.minimum,
info_0, info_1,
item_size,
memory_pools->pools[pool].items,
memory_pool_item,
memory_pool_item_handle);
} }
else else
{ {
MP_DEBUG(" Alloc [--][------]{------}, %4u, %6u, failed!\n", info, item_size); MP_DEBUG(" Alloc [--][------]{------}, %3u %3u, %6u, failed!\n", info_0, info_1, item_size);
} }
return memory_pool_item_handle; return memory_pool_item_handle;
} }
void memory_pools_free (memory_pools_handle_t memory_pools_handle, memory_pool_item_handle_t memory_pool_item_handle, uint32_t info) void memory_pools_free (memory_pools_handle_t memory_pools_handle, memory_pool_item_handle_t memory_pool_item_handle, uint16_t info)
{ {
memory_pools_t *memory_pools; memory_pools_t *memory_pools;
memory_pool_item_t *memory_pool_item; memory_pool_item_t *memory_pool_item;
...@@ -439,15 +470,21 @@ void memory_pools_free (memory_pools_handle_t memory_pools_handle, memory_pool_i ...@@ -439,15 +470,21 @@ void memory_pools_free (memory_pools_handle_t memory_pools_handle, memory_pool_i
pool_item_size = memory_pools->pools[pool].pool_item_size; pool_item_size = memory_pools->pools[pool].pool_item_size;
item_index = (((void *) memory_pool_item) - ((void *) memory_pools->pools[pool].items)) / pool_item_size; item_index = (((void *) memory_pool_item) - ((void *) memory_pools->pools[pool].items)) / pool_item_size;
MP_DEBUG(" Free [%2u][%6d]{%6u}, %4u, %p, %p, %p, %u\n", MP_DEBUG(" Free [%2u][%6d]{%6u}, %3u %3u, %p, %p, %p, %u\n",
pool, item_index, memory_pools->pools[pool].items_group_free.current, pool, item_index, memory_pools->pools[pool].items_group_free.current,
info, memory_pool_item_handle, memory_pool_item, memory_pools->pools[pool].items, item_size * sizeof(memory_pool_data_t)); memory_pool_item->start.info[0], memory_pool_item->start.info[1],
memory_pool_item_handle, memory_pool_item,
memory_pools->pools[pool].items, item_size * sizeof(memory_pool_data_t));
/* Sanity check on calculated item index */ /* Sanity check on calculated item index */
DevCheck (memory_pool_item == memory_pool_item_from_index(&memory_pools->pools[pool], item_index), memory_pool_item, DevCheck (memory_pool_item == memory_pool_item_from_index(&memory_pools->pools[pool], item_index), memory_pool_item,
memory_pool_item_from_index(&memory_pools->pools[pool], item_index), pool); memory_pool_item_from_index(&memory_pools->pools[pool], item_index), pool);
/* Check if end marker is still present (no write overflow) */ /* Sanity check on end marker, must still be present (no write overflow) */
DevCheck (memory_pool_item->data[item_size] == POOL_ITEM_END_MARK, pool, 0, 0); DevCheck (memory_pool_item->data[item_size] == POOL_ITEM_END_MARK, pool, 0, 0);
/* Sanity check on item status, must be allocated */
DevCheck (memory_pool_item->start.item_status == ITEM_STATUS_ALLOCATED, memory_pool_item->start.item_status, pool, item_index);
memory_pool_item->start.item_status = ITEM_STATUS_FREE;
items_group_put_free_item(&memory_pools->pools[pool].items_group_free, item_index); items_group_put_free_item(&memory_pools->pools[pool].items_group_free, item_index);
} }
common/utils/itti/memory_pools.h
View file @ 46dc7198
...@@ -42,8 +42,8 @@ char *memory_pools_statistics(memory_pools_handle_t memory_pools_handle); ...@@ -42,8 +42,8 @@ char *memory_pools_statistics(memory_pools_handle_t memory_pools_handle);
int memory_pools_add_pool (memory_pools_handle_t memory_pools_handle, uint32_t pool_items_number, uint32_t pool_item_size); int memory_pools_add_pool (memory_pools_handle_t memory_pools_handle, uint32_t pool_items_number, uint32_t pool_item_size);
memory_pool_item_handle_t memory_pools_allocate (memory_pools_handle_t memory_pools_handle, uint32_t item_size, uint32_t info); memory_pool_item_handle_t memory_pools_allocate (memory_pools_handle_t memory_pools_handle, uint32_t item_size, uint16_t info_0, uint16_t info_1);
void memory_pools_free (memory_pools_handle_t memory_pools_handle, memory_pool_item_handle_t memory_pool_item_handle, uint32_t info); void memory_pools_free (memory_pools_handle_t memory_pools_handle, memory_pool_item_handle_t memory_pool_item_handle, uint16_t info_0);
#endif /* MEMORY_POOLS_H_ */ #endif /* MEMORY_POOLS_H_ */
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment