This is the mail archive of the libc-help@sourceware.org mailing list for the glibc project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: malloc/free: tcache security patch

On 04/20/2018 07:58 PM, 清水祐太郎 wrote:
> However, as long as there is a possibility that a bug exists, it is
> necessary to protect it with glibc.

This is not true at all.

We assume a correctly functioning program and optimize for that.

For example the dynamic loader does not protect against all forms of
errors in ELF files.

Nor does malloc catch all forms of corruption, and it should not,
because doing so is too expensive.

The checks in malloc, particularly checks in the hot path that add
instructions to tcache, *must* be rationalized as a balance between
catching corruption for debugging purposes and performance. It provides
only marginal post-attack mitigation, which is why it must be very low
cost, particularly in tcache.

Please see this for a detailed discussion on the topic:
https://sourceware.org/glibc/wiki/Style_and_Conventions#Error_Handling

What performance impact do your patches have on x86_64?

-- 
Cheers,
Carlos.
Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]