public inbox for libc-alpha@sourceware.org
 help / color / mirror / Atom feed
* [PATCH] malloc: perturb mchunk returned from tcache like fast, small,  large bin
@ 2020-05-15 14:33 Wilco Dijkstra
  0 siblings, 0 replies; 2+ messages in thread
From: Wilco Dijkstra @ 2020-05-15 14:33 UTC (permalink / raw)
  To: libc-alpha, wangxu72

Hi Wang,

I don't think tcache uses the odd perturb thingy at all, likely on purpose since the goal
of tcache is better performance. If you wanted additional safety, you would disable
tcache and switch on the additional malloc checks - maybe switching on such checks
should disable tcache automatically?

Note overwriting blocks as soon as they are freed (rather than allocated) makes more
sense since it catches many use-after-free errors. Overwriting allocated blocks is not
nearly as useful, especially if any internal pointers are cleared.

Additionally any patch like this should have benchmark results so we know what the
impact will be on malloc performance. There are several benchmarks in benchtests
which might be good enough for this purpose.

Cheers,
Wilco

^ permalink raw reply	[flat|nested] 2+ messages in thread
* [PATCH] malloc: perturb mchunk returned from tcache like fast, small, large bin
@ 2020-05-15  7:27 wangxu
  0 siblings, 0 replies; 2+ messages in thread
From: wangxu @ 2020-05-15  7:27 UTC (permalink / raw)
  To: carlos, dj, fweimer; +Cc: libc-alpha, fw, wangle6, nixiaoming, cg.chen

From: Wang Xu <wangxu72@huawei.com>

mchunk returned from tcache donot have the chance to be perturbed
like what from fastbin, smallbin and largebin.

This patch perturbs the mchunk returned from tcache.

Thanks Carlos O'Donell for comment.

---
 malloc/malloc.c | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/malloc/malloc.c b/malloc/malloc.c
index e8abb4e..057e5ad 100644
--- a/malloc/malloc.c
+++ b/malloc/malloc.c
@@ -3108,7 +3108,9 @@ __libc_malloc (size_t bytes)
       && tcache
       && tcache->counts[tc_idx] > 0)
     {
-      return tcache_get (tc_idx);
+      void *p = tcache_get (tc_idx);
+      alloc_perturb (p, bytes);
+      return p;
     }
   DIAG_POP_NEEDS_COMMENT;
 #endif
@@ -3963,7 +3965,9 @@ _int_malloc (mstate av, size_t bytes)
 	  && mp_.tcache_unsorted_limit > 0
 	  && tcache_unsorted_count > mp_.tcache_unsorted_limit)
 	{
-	  return tcache_get (tc_idx);
+	  void *p = tcache_get (tc_idx);
+	  alloc_perturb (p, bytes);
+	  return p;
 	}
 #endif
 
@@ -3976,7 +3980,9 @@ _int_malloc (mstate av, size_t bytes)
       /* If all the small chunks we found ended up cached, return one now.  */
       if (return_cached)
 	{
-	  return tcache_get (tc_idx);
+	  void *p = tcache_get (tc_idx);
+	  alloc_perturb (p, bytes);
+	  return p;
 	}
 #endif
 
-- 
1.8.5.6


^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-05-15 14:33 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-05-15 14:33 [PATCH] malloc: perturb mchunk returned from tcache like fast, small, large bin Wilco Dijkstra
  -- strict thread matches above, loose matches on Subject: below --
2020-05-15  7:27 wangxu

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).