From: Rich Felker <dalias@libc.org>
To: musl@lists.openwall.com
Subject: Re: tcmalloc compatibility
Date: Mon, 16 Apr 2018 00:40:06 -0400 [thread overview]
Message-ID: <20180416044006.GY3094@brightrain.aerifal.cx> (raw)
In-Reply-To: <20180416041924.GA23767@voyager>
On Mon, Apr 16, 2018 at 06:19:24AM +0200, Markus Wichmann wrote:
> On Sun, Apr 15, 2018 at 01:52:10PM +0200, ardi wrote:
> > On Tue, Apr 10, 2018 at 11:17 PM, Szabolcs Nagy <nsz@port70.net> wrote:
> > >
> > > then the wrappers with dlsym(RTLD_NEXT,sym) would not work.
> > > (malloc checkers, valgrind, sanitizers etc all do it)
> >
> > I've been using ElectricFence, as my only memory debugger since 1996
> > or so; mostly with the libc of commercial Unices, but also with glibc
> > in Linux, and with the OSX libc. I never considered I could run into
> > the issues commented in this thread, and in fact I never faced these
> > issues and it always worked as expected (however, I must admit I only
> > use multithreading for accelerating clearly isolated math-intensive
> > loops that don't call malloc-related functions from inside the loop).
> >
> > Said this, when I'm linking with ElectricFence, my brain has the "hack
> > mode flag" ON (I mean, I always had the feeling that I'm working with
> > a temporary hack that can fail whenever my link line contains -lefence
> > , and I'm aware that things can go wrong --I didn't consider thread
> > safety, but anyway I know ElectricFence can fail if the OS syscalls
> > that allocate protected memory at buffer ends change their behaviour
> > in newer versions, or if there's some OS/CPU-dependent subtlety with
> > alignment, etc...)
> >
> > I've not tried to use ElectricFence with musl yet... but reading this,
> > can I suppose it won't work? Is there any "hack mode ON" procedure
> > (yet easy) that would allow to use ElectricFence (assuming
> > non-threaded code, which is always my case).
> >
> > I agree with your commitment to correctness, and I'm not asking for a
> > safe and guaranteed implementation of function interposition, just
> > that sometimes I need to break my binaries to make them crash hard as
> > soon as pointer accesses a byte it shouldn't access.
> >
> > Cheers,
> >
> > ardi
>
> So long as you refrain from using dynamic linking (because of the memory
> donation)
This is only a small part of the reason you can't use dynamic linking.
The other big part is that references in libc.so are bound at libc.so
link time, so functions like getline, open_memstream, strdup, etc.
will return pointers that won't be valid for you to free.
> and calloc() and memalign() (and posix_memalign()) are unused
> or overloaded, you should be fine. Both of these functions use the
> internal bookkeeping of musl's malloc. calloc() uses it to figure out if
> a chunk was mmapped (in which case no initialization is necessary), and
> memalign() uses it to construct a second chunk header to cause the
> returned pointer to be aligned.
Yes, but this rule always applies for interposing, with any
implementation. It's not musl-specific.
> Most of the questioning here arose from that first part. Those are the
> two big problems, actually, we need an interface to donate memory to the
> malloc implementation,
This isn't needed. It's fine for donation to donate to the internal
(unused) implementation if malloc is interposed, or for donation not
to happen at all. I don't think it's a good idea to create a public
interposable API for donation.
The big thing that does need to happen is getting rid of the call to
free() to do the donation, which is unsafe/incorrect if it's
interposed. Alexander Monakov's patch (which looks ok to commit with
minor changes described in the thread) should fix that.
> and the malloc implementation needs to provide
> all of the hairier functions like memalign(). And we currently have no
> way of enforcing either of these.
A way to enforce this was discussed earlier in the thread, so it looks
doable.
Rich
next prev parent reply other threads:[~2018-04-16 4:40 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-04-10 10:22 Denis V. Razumovsky
2018-04-10 14:33 ` Rich Felker
2018-04-10 14:45 ` Bobby Powers
2018-04-10 15:35 ` Rich Felker
[not found] ` <878t9vlzh1.fsf@mid.deneb.enyo.de>
2018-04-10 18:39 ` Rich Felker
2018-04-10 20:33 ` Szabolcs Nagy
2018-04-10 20:44 ` Rich Felker
2018-04-10 21:17 ` Szabolcs Nagy
2018-04-15 11:52 ` ardi
2018-04-16 4:19 ` Markus Wichmann
2018-04-16 4:40 ` Rich Felker [this message]
2018-04-18 20:35 ` Rich Felker
2018-04-19 18:27 ` Szabolcs Nagy
2018-04-19 19:11 ` Rich Felker
2018-04-18 20:50 ` Florian Weimer
2018-04-18 21:06 ` Rich Felker
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180416044006.GY3094@brightrain.aerifal.cx \
--to=dalias@libc.org \
--cc=musl@lists.openwall.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/musl/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).