Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20180418203556.GH3094@brightrain.aerifal.cx>
Date: Wed, 18 Apr 2018 16:35:56 -0400
From: Rich Felker <dalias@...c.org>
To: musl@...ts.openwall.com
Subject: Re: tcmalloc compatibility

On Mon, Apr 16, 2018 at 12:40:06AM -0400, Rich Felker wrote:
> On Mon, Apr 16, 2018 at 06:19:24AM +0200, Markus Wichmann wrote:
> > On Sun, Apr 15, 2018 at 01:52:10PM +0200, ardi wrote:
> > [...]
> > 
> > So long as you refrain from using dynamic linking (because of the memory
> > donation)
> 
> This is only a small part of the reason you can't use dynamic linking.
> The other big part is that references in libc.so are bound at libc.so
> link time, so functions like getline, open_memstream, strdup, etc.
> will return pointers that won't be valid for you to free.
> 
> > and calloc() and memalign() (and posix_memalign()) are unused
> > or overloaded, you should be fine. Both of these functions use the
> > internal bookkeeping of musl's malloc. calloc() uses it to figure out if
> > a chunk was mmapped (in which case no initialization is necessary), and
> > memalign() uses it to construct a second chunk header to cause the
> > returned pointer to be aligned.
> 
> Yes, but this rule always applies for interposing, with any
> implementation. It's not musl-specific.
> 
> > Most of the questioning here arose from that first part. Those are the
> > two big problems, actually, we need an interface to donate memory to the
> > malloc implementation,
> 
> This isn't needed. It's fine for donation to donate to the internal
> (unused) implementation if malloc is interposed, or for donation not
> to happen at all. I don't think it's a good idea to create a public
> interposable API for donation.
> 
> The big thing that does need to happen is getting rid of the call to
> free() to do the donation, which is unsafe/incorrect if it's
> interposed. Alexander Monakov's patch (which looks ok to commit with
> minor changes described in the thread) should fix that.
> 
> > and the malloc implementation needs to provide
> > all of the hairier functions like memalign(). And we currently have no
> > way of enforcing either of these.
> 
> A way to enforce this was discussed earlier in the thread, so it looks
> doable.

Today I pushed changes which should make malloc
replacement/interposition work reliably as long as you only use
AS-safe functions. If you try this, please let us know how it turns
out and if you run into any unexpected problems.

Rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.