diff options
-rw-r--r-- | src/kernel/heapmgr.C | 8 | ||||
-rw-r--r-- | src/usr/mbox/mbox_dma_buffer.H | 13 | ||||
-rw-r--r-- | src/usr/targeting/attrsync.C | 19 |
3 files changed, 25 insertions, 15 deletions
diff --git a/src/kernel/heapmgr.C b/src/kernel/heapmgr.C index d2df127e9..4fdfded57 100644 --- a/src/kernel/heapmgr.C +++ b/src/kernel/heapmgr.C @@ -578,6 +578,14 @@ bool HeapManager::_freeBig(void* i_ptr) } bc = (big_chunk_t*) (((uint64_t)bc->next) & 0x00000000FFFFFFFF); } + + // Small allocations are always aligned, hence we exited out at the + // beginning of the function. Large allocations are always aligned. + // If we did not find a large allocation in the list (result == false) + // then either we have a double-free or someone trying to free something + // that doesn't belong on the heap. + crit_assert(result); + return result; } diff --git a/src/usr/mbox/mbox_dma_buffer.H b/src/usr/mbox/mbox_dma_buffer.H index 534267137..8566af3ae 100644 --- a/src/usr/mbox/mbox_dma_buffer.H +++ b/src/usr/mbox/mbox_dma_buffer.H @@ -100,11 +100,14 @@ namespace MBOX bool isDmaAddress(void * i_address) const { uint64_t address = reinterpret_cast<uint64_t>(i_address); - return - (address >= VmmManager::MBOX_DMA_ADDR && - address < (VmmManager::MBOX_DMA_ADDR + - (VmmManager::MBOX_DMA_PAGES * - VmmManager::MBOX_DMA_PAGESIZE))); + uint64_t bufaddr = reinterpret_cast<uint64_t>(iv_head); + + return ((address >= bufaddr) && + (address < (bufaddr + + (VmmManager::MBOX_DMA_PAGES * + VmmManager::MBOX_DMA_PAGESIZE)) + ) + ); } /** diff --git a/src/usr/targeting/attrsync.C b/src/usr/targeting/attrsync.C index ca70f8658..70494a691 100644 --- a/src/usr/targeting/attrsync.C +++ b/src/usr/targeting/attrsync.C @@ -180,7 +180,7 @@ namespace TARGETING if ( ATTR_SYNC_SECTION_TO_HB == l_pMsg->type ) { TARG_DBG( "HB Attribute Sync Section message type received " - "from the FSP"); + "from the FSP"); // get the section id l_page.sectionId = ATTR_SYNC_GET_SECTION_ID(l_pMsg->data[0]); @@ -231,11 +231,15 @@ namespace TARGETING { iv_pages.push_back(l_page); } + + // Free memory allocated for message + msg_free( l_pMsg ); + l_pMsg = NULL; } else if ( ATTR_SYNC_COMPLETE_TO_HB == l_pMsg->type ) { TARG_DBG( "HB Attribute Sync Complete message type " - "received from the FSP"); + "received from the FSP"); l_sync_complete = true; @@ -299,11 +303,6 @@ namespace TARGETING { TARG_ERR( "WARNING: Invalid message type [0x%x] received " "from the FSP, ignoring...", l_pMsg->type); - } - - // Free memory allocated for message - if ( msg_is_async(l_pMsg) ) - { msg_free( l_pMsg ); l_pMsg = NULL; } @@ -477,7 +476,7 @@ namespace TARGETING free( i_msg->extra_data ); } } - + return l_errl; } @@ -514,7 +513,7 @@ namespace TARGETING if( l_errl ) { TRACFCOMP(g_trac_targeting, - "Error returned when syncing section type %d to FSP", + "Error returned when syncing section type %d to FSP", section_type[i]); break; } @@ -547,7 +546,7 @@ namespace TARGETING if (l_errl) { TARG_ERR( "Error registering the Hostboot message queue with " - "mailbox service." ); + "mailbox service." ); break; } |