lib/os/mempool: Fix corruption case with block splitting

[andyross]

The block_fits() predicate was borked. It would check that a block
fits within the bounds of the whole heap. But that's not enough:
because of alignment changes between levels the sub-blocks may be
adjusted forward. It needs to fit inside the PARENT block that it was
split from.

What could happen at runtime is that the last subblocks of a
misaligned parent block would overlap memory from subsequent blocks,
or even run off the end of the heap. That's bad.

Change the API of block_fits() a little so it can extract the parent
region and do this properly.

Fixes #15279. Passes test introduced in #16728 to demonstrate what
seems like the same issue.

Signed-off-by: Andy Ross andrew.j.ross@intel.com

[andrewboie]

suggest parens around lvl == 0 for clarity.
same deal with following line.
or just use a regular if { } else { }. I had to blink at this a lot to correctly parse it.

[andyross]

Spread out formatting for clarity

[andyross]

One more tiny patch to address a buffer allocation bug @npitre pointed out (who I still can't seem to add as a reviewer, but who can surely just jump in).

[npitre]

On Thu, 20 Jun 2019, Andy Ross wrote: One more tiny patch to address a buffer allocation bug @npitre pointed out (who I still can't seem to add as a reviewer, but who can surely just jump in).

I agree with the first patch, the block_fits() one, for now at least. I also agreed with the second patch in principle. Now that I've actually seen it I must retract that. Your patch is not sufficient. You missed one header file. But more importantly, you are missing some small but again fundamental details. Please consider #16996 where I provided the complete explanation.

[andyross]

Yank duplicated fix. Rebase.

[npitre]

In case my opinion is still required, I approve this PR as it is. Please someone merge this ASAP. The potential for weird bugs is real without it.