Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 18 Apr 2018 16:35:56 -0400
From: Rich Felker <dalias@...c.org>
To: musl@...ts.openwall.com
Subject: Re: tcmalloc compatibility

On Mon, Apr 16, 2018 at 12:40:06AM -0400, Rich Felker wrote:
> On Mon, Apr 16, 2018 at 06:19:24AM +0200, Markus Wichmann wrote:
> > On Sun, Apr 15, 2018 at 01:52:10PM +0200, ardi wrote:
> > [...]
> > 
> > So long as you refrain from using dynamic linking (because of the memory
> > donation)
> 
> This is only a small part of the reason you can't use dynamic linking.
> The other big part is that references in libc.so are bound at libc.so
> link time, so functions like getline, open_memstream, strdup, etc.
> will return pointers that won't be valid for you to free.
> 
> > and calloc() and memalign() (and posix_memalign()) are unused
> > or overloaded, you should be fine. Both of these functions use the
> > internal bookkeeping of musl's malloc. calloc() uses it to figure out if
> > a chunk was mmapped (in which case no initialization is necessary), and
> > memalign() uses it to construct a second chunk header to cause the
> > returned pointer to be aligned.
> 
> Yes, but this rule always applies for interposing, with any
> implementation. It's not musl-specific.
> 
> > Most of the questioning here arose from that first part. Those are the
> > two big problems, actually, we need an interface to donate memory to the
> > malloc implementation,
> 
> This isn't needed. It's fine for donation to donate to the internal
> (unused) implementation if malloc is interposed, or for donation not
> to happen at all. I don't think it's a good idea to create a public
> interposable API for donation.
> 
> The big thing that does need to happen is getting rid of the call to
> free() to do the donation, which is unsafe/incorrect if it's
> interposed. Alexander Monakov's patch (which looks ok to commit with
> minor changes described in the thread) should fix that.
> 
> > and the malloc implementation needs to provide
> > all of the hairier functions like memalign(). And we currently have no
> > way of enforcing either of these.
> 
> A way to enforce this was discussed earlier in the thread, so it looks
> doable.

Today I pushed changes which should make malloc
replacement/interposition work reliably as long as you only use
AS-safe functions. If you try this, please let us know how it turns
out and if you run into any unexpected problems.

Rich

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.