[malloc] Avoid immediately clobbering reference count when freeing memory

Rearrange the fields in struct memory_block (without altering
MIN_MEMBLOCK_SIZE) so that the "count" field of a reference-counted
object is left intact when the memory containing the object is freed.
This allows for the possibility of detecting reference-counting errors
such as double-freeing.

Signed-off-by: Michael Brown <mcb30@ipxe.org>

diff --git a/src/core/malloc.c b/src/core/malloc.c
index d317ce179c035dbc96c61f73809e74a986b73d89..6e3a421623bd6ab16d6bef10e0dd0aa0c534637b 100644 (file)
--- a/src/core/malloc.c
+++ b/src/core/malloc.c
@@ -25,6 +25,7 @@ FILE_LICENCE ( GPL2_OR_LATER );
 #include <ipxe/io.h>
 #include <ipxe/list.h>
 #include <ipxe/init.h>
+#include <ipxe/refcnt.h>
 #include <ipxe/malloc.h>
 
 /** @file
@@ -35,10 +36,21 @@ FILE_LICENCE ( GPL2_OR_LATER );
 
 /** A free block of memory */
 struct memory_block {
-       /** List of free blocks */
-       struct list_head list;
        /** Size of this block */
        size_t size;
+       /** Padding
+        *
+        * This padding exists to cover the "count" field of a
+        * reference counter, in the common case where a reference
+        * counter is the first element of a dynamically-allocated
+        * object.  It avoids clobbering the "count" field as soon as
+        * the memory is freed, and so allows for the possibility of
+        * detecting reference counting errors.
+        */
+       char pad[ offsetof ( struct refcnt, count ) +
+                 sizeof ( ( ( struct refcnt * ) NULL )->count ) ];
+       /** List of free blocks */
+       struct list_head list;
 };
 
 #define MIN_MEMBLOCK_SIZE \