From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 17946 invoked by alias); 21 Apr 2018 02:06:51 -0000 Mailing-List: contact libc-help-help@sourceware.org; run by ezmlm Precedence: bulk List-Subscribe: List-Post: List-Help: , Sender: libc-help-owner@sourceware.org Received: (qmail 17737 invoked by uid 89); 21 Apr 2018 02:06:50 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=1.1 required=5.0 tests=AWL,BAYES_00,BODY_8BITS,GARBLED_BODY,RCVD_IN_DNSWL_NONE autolearn=no version=3.3.2 spammy=loader, functioning, HX-Received:sk:k13-v6m, HContent-Transfer-Encoding:8bit X-HELO: mail-qt0-f172.google.com Received: from mail-qt0-f172.google.com (HELO mail-qt0-f172.google.com) (209.85.216.172) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Sat, 21 Apr 2018 02:06:49 +0000 Received: by mail-qt0-f172.google.com with SMTP id f20-v6so11880819qtp.7 for ; Fri, 20 Apr 2018 19:06:48 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:organization :message-id:date:user-agent:mime-version:in-reply-to :content-language:content-transfer-encoding; bh=BL2lNq0fmkjXQBy+0LfLzEPEpdxbGd4p7SuklNblU80=; b=COh50vON/ChYUAXdkIwA06XLnfnvuRjgqfBETLXgs74Klpe1OFZnlLSKcaHFr8xuLs VphEY0s3o9AfnJw/86Gehj+VI6vbZm6mJejCtBAzmtFRgqt7RnrwXU+ZRvsRAOIfvTuh G7z0HiR2rcD5fzbuf7YyoPMxH+4Ji8AlvGKducnSiTrkfRqUC3hT6ppDDKKoqpxvnfpt m8jSJtz3sHvIHSiqgep1HZqJDti9mxghOwwBkVfmRpQ98Bv+wOCbQo8zyCA5Ohs1xkqj YMJarU+7HyF3xidOf2/RygnewdW2KaxnNHjinCDy0KBCPevuVRGOGZEpyK+5BkeKLHLR 7WHw== X-Gm-Message-State: ALQs6tBEOdleads2AMytyfJgL3aLWeAYsVGwDwHnDKcVfKjGamyV0OSq j0+YA/SPls5M+1QLEJbw1Seg45839T4= X-Google-Smtp-Source: AB8JxZpwZJlDZ+aUqUlJQnQrG1+YhrqYdA8gj9FvK1YMiQpd+aSkkHEq802Yi7sPy3qnB8/n0+bfFw== X-Received: by 2002:ac8:c0d:: with SMTP id k13-v6mr14240926qti.281.1524276406659; Fri, 20 Apr 2018 19:06:46 -0700 (PDT) Received: from [10.150.73.190] (217.sub-174-207-1.myvzw.com. [174.207.1.217]) by smtp.gmail.com with ESMTPSA id u63sm3986929qkf.41.2018.04.20.19.06.44 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 20 Apr 2018 19:06:45 -0700 (PDT) Subject: Re: malloc/free: tcache security patch To: =?UTF-8?B?5riF5rC056WQ5aSq6YOO?= , =?UTF-8?B?T25kxZllaiBCw61sa2E=?= Cc: "libc-help@sourceware.org" References: <20180420124408.3C16F10E8052@mail.shift-crops.net> <20180420213618.GA12494@domone> <20180421005820.9827D10E8014@mail.shift-crops.net> From: Carlos O'Donell Message-ID: Date: Sat, 21 Apr 2018 02:06:00 -0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: <20180421005820.9827D10E8014@mail.shift-crops.net> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-IsSubscribed: yes X-SW-Source: 2018-04/txt/msg00017.txt.bz2 On 04/20/2018 07:58 PM, 清水祐太郎 wrote: > However, as long as there is a possibility that a bug exists, it is > necessary to protect it with glibc. This is not true at all. We assume a correctly functioning program and optimize for that. For example the dynamic loader does not protect against all forms of errors in ELF files. Nor does malloc catch all forms of corruption, and it should not, because doing so is too expensive. The checks in malloc, particularly checks in the hot path that add instructions to tcache, *must* be rationalized as a balance between catching corruption for debugging purposes and performance. It provides only marginal post-attack mitigation, which is why it must be very low cost, particularly in tcache. Please see this for a detailed discussion on the topic: https://sourceware.org/glibc/wiki/Style_and_Conventions#Error_Handling What performance impact do your patches have on x86_64? -- Cheers, Carlos.