mem: fix use after free issue in memories until 4-phase work complete.
authorAli Saidi <Ali.Saidi@ARM.com>
Fri, 2 Nov 2012 16:50:16 +0000 (11:50 -0500)
committerAli Saidi <Ali.Saidi@ARM.com>
Fri, 2 Nov 2012 16:50:16 +0000 (11:50 -0500)
src/mem/simple_dram.cc
src/mem/simple_dram.hh
src/mem/simple_mem.cc
src/mem/simple_mem.hh

index 42c97977a4704eedc0afb225aa9e566b127d9326..3dc59e8e0e5e12b80035c43564014a216c78dedc 100644 (file)
@@ -474,6 +474,13 @@ SimpleDRAM::printQs() const {
 bool
 SimpleDRAM::recvTimingReq(PacketPtr pkt)
 {
+    /// @todo temporary hack to deal with memory corruption issues until
+    /// 4-phase transactions are complete
+    for (int x = 0; x < pendingDelete.size(); x++)
+        delete pendingDelete[x];
+    pendingDelete.clear();
+
+
     // This is where we enter from the outside world
     DPRINTF(DRAM, "Inside recvTimingReq: request %s addr %lld size %d\n",
             pkt->cmdString(),pkt->getAddr(), pkt->getSize());
@@ -495,7 +502,7 @@ SimpleDRAM::recvTimingReq(PacketPtr pkt)
     // simply drop inhibited packets for now
     if (pkt->memInhibitAsserted()) {
         DPRINTF(DRAM,"Inhibited packet -- Dropping it now\n");
-        delete pkt;
+        pendingDelete.push_back(pkt);
         return true;
     }
 
index 373408c2a874c76c1a0fda46f38a791c1b14b0c2..de597d6687c20550266d1f3df31ac8b83878a2ae 100644 (file)
@@ -453,6 +453,12 @@ class SimpleDRAM : public AbstractMemory
     Stats::Formula writeRowHitRate;
     Stats::Formula avgGap;
 
+    /** @todo this is a temporary workaround until the 4-phase code is
+     * committed. upstream caches needs this packet until true is returned, so
+     * hold onto it for deletion until a subsequent call
+     */
+    std::vector<PacketPtr> pendingDelete;
+
   public:
 
     void regStats();
index e78b5792895d9ddad61129f3f8b651a7144d95d2..d3a53a26f38304f8686178f65640ab6d726f8f88 100644 (file)
@@ -94,10 +94,16 @@ SimpleMemory::doFunctionalAccess(PacketPtr pkt)
 bool
 SimpleMemory::recvTimingReq(PacketPtr pkt)
 {
+    /// @todo temporary hack to deal with memory corruption issues until
+    /// 4-phase transactions are complete
+    for (int x = 0; x < pendingDelete.size(); x++)
+        delete pendingDelete[x];
+    pendingDelete.clear();
+
     if (pkt->memInhibitAsserted()) {
         // snooper will supply based on copy of packet
         // still target's responsibility to delete packet
-        delete pkt;
+        pendingDelete.push_back(pkt);
         return true;
     }
 
index f1bad7d9f781bfc81f33a5533f6ca140d22c0a4f..ab002f2702f7fc7af24f51692f0fb0be27ade462 100644 (file)
@@ -118,6 +118,12 @@ class SimpleMemory : public AbstractMemory
 
     EventWrapper<SimpleMemory, &SimpleMemory::release> releaseEvent;
 
+    /** @todo this is a temporary workaround until the 4-phase code is
+     * committed. upstream caches needs this packet until true is returned, so
+     * hold onto it for deletion until a subsequent call
+     */
+    std::vector<PacketPtr> pendingDelete;
+
   public:
 
     SimpleMemory(const SimpleMemoryParams *p);