From: Willy Tarreau Date: Wed, 23 Feb 2022 10:45:09 +0000 (+0100) Subject: MINOR: pools: disable redundant poisonning on pool_free() X-Git-Tag: v2.6-dev2~85 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=af580f659caf025c512429210e069c35f6fff4e8;p=thirdparty%2Fhaproxy.git MINOR: pools: disable redundant poisonning on pool_free() The poisonning performed on pool_free() used to help a little bit with use-after-free detection, but usually did more harm than good in that it was never possible to perform post-mortem analysis on released objects once poisonning was enabled on allocation. Now that there is a dedicated DEBUG_POOL_INTEGRITY, let's get rid of this annoyance which is not even documented in the management manual. --- diff --git a/doc/internals/api/pools.txt b/doc/internals/api/pools.txt index 567571968e..b89b0f3e06 100644 --- a/doc/internals/api/pools.txt +++ b/doc/internals/api/pools.txt @@ -380,9 +380,7 @@ void pool_free(struct pool_head *pool, void *ptr) Free an entry allocate from one of the pool_alloc() functions above from pool . The object will be placed into the thread-local cache if enabled, or in the shared pool if enabled, or will be released using - the operating system's default allocator. When memory poisonning is - enabled, the area will be overwritten before being released. This can - sometimes help detect use-after-free conditions. When a local cache is + the operating system's default allocator. When a local cache is enabled, if the local cache size becomes larger than 75% of the maximum size configured at build time, some objects will be evicted to the shared pool. Such objects are taken first from the same pool, but if diff --git a/src/pool.c b/src/pool.c index 60be27d0db..aca28efdc8 100644 --- a/src/pool.c +++ b/src/pool.c @@ -654,10 +654,6 @@ void __pool_free(struct pool_head *pool, void *ptr) /* we'll get late corruption if we refill to the wrong pool or double-free */ POOL_DEBUG_CHECK_MARK(pool, ptr); POOL_DEBUG_RESET_MARK(pool, ptr); - - if (unlikely(mem_poison_byte >= 0)) - memset(ptr, mem_poison_byte, pool->size); - pool_put_to_cache(pool, ptr, caller); }