From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 97C69397EC04; Wed, 14 Jul 2021 12:29:42 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 97C69397EC04 From: "guillaume at morinfr dot org" To: glibc-bugs@sourceware.org Subject: [Bug malloc/20646] sysmalloc incorrectly fails with custom morecore function Date: Wed, 14 Jul 2021 12:29:42 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: malloc X-Bugzilla-Version: 2.19 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: guillaume at morinfr dot org X-Bugzilla-Status: RESOLVED X-Bugzilla-Resolution: WONTFIX X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: siddhesh at sourceware dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: security- X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: glibc-bugs@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Glibc-bugs mailing list List-Unsubscribe: , List-Archive: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Jul 2021 12:29:42 -0000 https://sourceware.org/bugzilla/show_bug.cgi?id=3D20646 --- Comment #9 from Guillaume Morin --- That is not an equivalent solution though. What you're effectively saying n= ow that all libhugetlbfs users need to find, test and validate an entire malloc implementation that suits them to use hugetlb (i.e we can't use glibc's mal= loc and we can't use libhugetblfs). Or are you expecting all existing users to write their own custom malloc implementation? You're mentioning hooking in morecore() is a security hazard. But from a security point of view, wouldn't it just as good to support morecore() interposition instead of the entire malloc implementation? And this would g= ive current users a rather easy fix and a documented interface (unless I am mis= sing anything). I must say I find your other point about being subtly broken is a little ha= rd to digest. I put together a reproducer and a simple fix for this issue almo= st 5 years ago... Yes, things will be broken if nothing is done to fix them :-)= =20 Though this is the only issue with morecore() that I know of (and can only = be reached if the morecore implementation allows trimming). Keep in mind that there are a lot of libhugetlbfs users and all of them are using morecore(). We've been using libhugetblfs in production for a long time (10+ years) wit= hout any issues.=20 Are there some unfixable issues with the morecore() scheme that we never encountered besides the (understandable) security concerns? --=20 You are receiving this mail because: You are on the CC list for the bug.=