From patchwork Wed Dec 10 00:07:24 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Simon Glass X-Patchwork-Id: 890 Return-Path: X-Original-To: u-boot-concept@u-boot.org Delivered-To: u-boot-concept@u-boot.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=u-boot.org; s=default; t=1765325425; bh=xcAmDNvqLnbUWLYvqMQM6ovflsqKHFtO5Dy6858BuKE=; h=From:To:Date:In-Reply-To:References:CC:Subject:List-Id: List-Archive:List-Help:List-Owner:List-Post:List-Subscribe: List-Unsubscribe:From; b=okRLKbIT1gKLqMRn/7HfZtluIYF1bowwXuy4SGwF7tOc0D1cqhNSwaLFBsbSZcoue WjL1MWSTKUjgHK0ufIhI7csdLgiDYM2fqmq4zeAAcpMFJgoggywpNEArUUNLQd1FTV vkGdnSZsLf52QcFHGP8aGhDUZzW/01RzrfP6ifkkjOLTqKVLNZw9Qg6Kb7C0JC2RQL Nm7mp8LrxURzzrLmH/iWXzpMEpc//TYHU5i/h54Ysq1ZWU/7n9B6yz0g2HyfwatRgv YAqMJdhOZkBqd4Twsm6AjVt/fUqIKDNd3XetJCnmh4DgAZuFX9KPVxLt4NWsmBCEQs Gz1WTsvzsRhig== Received: from localhost (localhost [127.0.0.1]) by mail.u-boot.org (Postfix) with ESMTP id AF3F068A47 for ; Tue, 9 Dec 2025 17:10:25 -0700 (MST) X-Virus-Scanned: Debian amavis at Received: from mail.u-boot.org ([127.0.0.1]) by localhost (mail.u-boot.org [127.0.0.1]) (amavis, port 10024) with ESMTP id yjMxsuIGhq7U for ; Tue, 9 Dec 2025 17:10:25 -0700 (MST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=u-boot.org; s=default; t=1765325425; bh=xcAmDNvqLnbUWLYvqMQM6ovflsqKHFtO5Dy6858BuKE=; h=From:To:Date:In-Reply-To:References:CC:Subject:List-Id: List-Archive:List-Help:List-Owner:List-Post:List-Subscribe: List-Unsubscribe:From; b=okRLKbIT1gKLqMRn/7HfZtluIYF1bowwXuy4SGwF7tOc0D1cqhNSwaLFBsbSZcoue WjL1MWSTKUjgHK0ufIhI7csdLgiDYM2fqmq4zeAAcpMFJgoggywpNEArUUNLQd1FTV vkGdnSZsLf52QcFHGP8aGhDUZzW/01RzrfP6ifkkjOLTqKVLNZw9Qg6Kb7C0JC2RQL Nm7mp8LrxURzzrLmH/iWXzpMEpc//TYHU5i/h54Ysq1ZWU/7n9B6yz0g2HyfwatRgv YAqMJdhOZkBqd4Twsm6AjVt/fUqIKDNd3XetJCnmh4DgAZuFX9KPVxLt4NWsmBCEQs Gz1WTsvzsRhig== Received: from mail.u-boot.org (localhost [127.0.0.1]) by mail.u-boot.org (Postfix) with ESMTP id 9DA5E68A3E for ; Tue, 9 Dec 2025 17:10:25 -0700 (MST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=u-boot.org; s=default; t=1765325423; bh=q5AhuEsh0y/lVTO2bxZz/2rH2P9I4DZV/lUVR319buA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=rbxppQBO1E82nkTWaIIiR8EeNaXga8rpick8WOljC2bKfIyPn9iUZTiOFZGoQaHaL zwGN+UiJcTjHs0iplvCziL++qv2aTEefJhT8GtOpTczvYuX0cvB1c2ohPo6YYEkXOK wH4WkskN4/rBzITdLZDn1ZFJD6rqQQTXM4EEjliDJ6o3QkvGZUAnmtK4sDTc2Aaxd9 9O7qZ2lT742O+aC7YzZbL6joUeT2WUAEMoNKPurthIO1Yi5xNb6+TpBvsR0xrdBve1 aWvrePjBcTv2hO7M68pLM5X5bZsSZUeWqhgRFY03Vj4+Uy1HsFvrstgbJlsRyfYZEY FIcX+nWRM2AeA== Received: from localhost (localhost [127.0.0.1]) by mail.u-boot.org (Postfix) with ESMTP id 9B68A68A3E; Tue, 9 Dec 2025 17:10:23 -0700 (MST) X-Virus-Scanned: Debian amavis at Received: from mail.u-boot.org ([127.0.0.1]) by localhost (mail.u-boot.org [127.0.0.1]) (amavis, port 10026) with ESMTP id VH3qapEAI6Cb; Tue, 9 Dec 2025 17:10:23 -0700 (MST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=u-boot.org; s=default; t=1765325418; bh=yG+7rVMYiXen5yzaNqZHlGuj5c5aAPcfHgvUcVAq73k=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=WLSEEpFUWpW/WcNLztvKupxWud/B6vjzQ2vPIv6fhsy4cGJhWwD/J9L4v47yzdu04 DhbM4XUxwNSLJsdcRKLJrZQe6wrQOM0mvtFmH+mp4hzki2cIfIwJTaLxT5bLY70pqX QcdT+APeySGtKdTKOQHzGyxIWf7VBVT/t5TgaU2gzm36buZkYbg0pM4pR14bBtEQiw wS6rLzAyOERWaOtj3+cchBZ7SQx6mf5Z90SSGCCaVRnMxSV48eqv4MilX8hT9OGbSe BWQk41Dqb6cbvJNfOUjBwDrzwIZmtiPy/a7r6gf5n4UVBsV4gnLfW+TnPWCt7rcthe RodUbHMdh0eww== Received: from u-boot.org (unknown [73.34.74.121]) by mail.u-boot.org (Postfix) with ESMTPSA id 88CD66895B; Tue, 9 Dec 2025 17:10:18 -0700 (MST) From: Simon Glass To: U-Boot Concept Date: Tue, 9 Dec 2025 17:07:24 -0700 Message-ID: <20251210000737.180797-34-sjg@u-boot.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20251210000737.180797-1-sjg@u-boot.org> References: <20251210000737.180797-1-sjg@u-boot.org> MIME-Version: 1.0 Message-ID-Hash: Y63CL7N5ET3SDSYZWXJPXQDGU762T4RV X-Message-ID-Hash: Y63CL7N5ET3SDSYZWXJPXQDGU762T4RV X-MailFrom: sjg@u-boot.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: Heinrich Schuchardt , Simon Glass , Claude X-Mailman-Version: 3.3.10 Precedence: list Subject: [Concept] [PATCH 33/35] malloc: Show caller info for freed chunks in malloc_dump List-Id: Discussion and patches related to U-Boot Concept Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: From: Simon Glass When CONFIG_MCHECK_HEAP_PROTECTION is enabled, show the original caller info for freed chunks. This helps identify what code allocated memory that is now free. The mcheck header's canary and caller fields survive after free since dlmalloc only overwrites the first 16 bytes (size, aln_skip) with its free list pointers (fd, bk). We detect freed headers by looking for the MAGICFREE canary pattern. For small chunks or coalesced chunks where the header is not preserved, the caller info is simply omitted. Co-developed-by: Claude Signed-off-by: Simon Glass --- common/dlmalloc.c | 47 ++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 46 insertions(+), 1 deletion(-) diff --git a/common/dlmalloc.c b/common/dlmalloc.c index c294b355ff2..62e1e0a77da 100644 --- a/common/dlmalloc.c +++ b/common/dlmalloc.c @@ -7093,6 +7093,39 @@ next: return NULL; } + +/** + * find_freed_mcheck_hdr() - find a freed mcheck header in a free chunk + * + * For freed chunks, the mcheck header remains with MAGICFREE canaries. + * Since freed entries are removed from the registry, scan the chunk + * for the MAGICFREE pattern. Only check offset 0 since free chunks + * may have been coalesced and we want the first (original) allocation. + * + * Note: dlmalloc overwrites the first 16 bytes (size, aln_skip) with + * free list pointers (fd, bk), but the canary and caller remain intact. + * + * @mem: chunk memory pointer (from chunk2mem) + * @sz: chunk size + * Return: pointer to mcheck header if found, NULL otherwise + */ +static struct mcheck_hdr *find_freed_mcheck_hdr(void *mem, size_t sz) +{ + struct mcheck_hdr *hdr = (struct mcheck_hdr *)mem; + int i; + + /* Only check at offset 0 - coalesced chunks lose alignment info */ + if (sz < sizeof(struct mcheck_hdr)) + return NULL; + + /* Check for MAGICFREE canary pattern */ + for (i = 0; i < CANARY_DEPTH; i++) { + if (hdr->canary.elems[i] != MAGICFREE) + return NULL; + } + + return hdr; +} #endif void malloc_dump(void) @@ -7142,8 +7175,20 @@ void malloc_dump(void) used += sz; used_count++; } else { - printf("%12lx %10zx \n", +#if CONFIG_IS_ENABLED(MCHECK_HEAP_PROTECTION) + struct mcheck_hdr *hdr; + + hdr = find_freed_mcheck_hdr(mem, sz); + if (hdr && hdr->caller[0]) + printf("%12lx %10zx free %s\n", + (ulong)mem, sz, hdr->caller); + else + printf("%12lx %10zx free\n", + (ulong)mem, sz); +#else + printf("%12lx %10zx free\n", (ulong)mem, sz); +#endif free_space += sz; free_count++; }