mem: fix use after free issue in memories until 4-phase work complete.

2012-11-02 11:50:16 -05:00 · 2012-11-02 11:50:16 -05:00 · ce5766c409
parent 1dbf9bb4ca
commit ce5766c409
4 changed files with 27 additions and 2 deletions
--- a/src/mem/simple_dram.cc
+++ b/src/mem/simple_dram.cc
@ -474,6 +474,13 @@ SimpleDRAM::printQs() const {
 bool
 SimpleDRAM::recvTimingReq(PacketPtr pkt)
 {
+    /// @todo temporary hack to deal with memory corruption issues until
+    /// 4-phase transactions are complete
+    for (int x = 0; x < pendingDelete.size(); x++)
+        delete pendingDelete[x];
+    pendingDelete.clear();
+
+
    // This is where we enter from the outside world
    DPRINTF(DRAM, "Inside recvTimingReq: request %s addr %lld size %d\n",
            pkt->cmdString(),pkt->getAddr(), pkt->getSize());
@ -495,7 +502,7 @@ SimpleDRAM::recvTimingReq(PacketPtr pkt)
    // simply drop inhibited packets for now
    if (pkt->memInhibitAsserted()) {
        DPRINTF(DRAM,"Inhibited packet -- Dropping it now\n");
-        delete pkt;
+        pendingDelete.push_back(pkt);
        return true;
    }

--- a/src/mem/simple_dram.hh
+++ b/src/mem/simple_dram.hh
@ -453,6 +453,12 @@ class SimpleDRAM : public AbstractMemory
    Stats::Formula writeRowHitRate;
    Stats::Formula avgGap;

+    /** @todo this is a temporary workaround until the 4-phase code is
+     * committed. upstream caches needs this packet until true is returned, so
+     * hold onto it for deletion until a subsequent call
+     */
+    std::vector<PacketPtr> pendingDelete;
+
  public:

    void regStats();
--- a/src/mem/simple_mem.cc
+++ b/src/mem/simple_mem.cc
@ -94,10 +94,16 @@ SimpleMemory::doFunctionalAccess(PacketPtr pkt)
 bool
 SimpleMemory::recvTimingReq(PacketPtr pkt)
 {
+    /// @todo temporary hack to deal with memory corruption issues until
+    /// 4-phase transactions are complete
+    for (int x = 0; x < pendingDelete.size(); x++)
+        delete pendingDelete[x];
+    pendingDelete.clear();
+
    if (pkt->memInhibitAsserted()) {
        // snooper will supply based on copy of packet
        // still target's responsibility to delete packet
-        delete pkt;
+        pendingDelete.push_back(pkt);
        return true;
    }

--- a/src/mem/simple_mem.hh
+++ b/src/mem/simple_mem.hh
@ -118,6 +118,12 @@ class SimpleMemory : public AbstractMemory

    EventWrapper<SimpleMemory, &SimpleMemory::release> releaseEvent;

+    /** @todo this is a temporary workaround until the 4-phase code is
+     * committed. upstream caches needs this packet until true is returned, so
+     * hold onto it for deletion until a subsequent call
+     */
+    std::vector<PacketPtr> pendingDelete;
+
  public:

    SimpleMemory(const SimpleMemoryParams *p);