Re: hardened memory allocate port to linux-fedora system for secutiry

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 8/13/22, Demi Marie Obenour wrote:

On 8/13/22, Kevin Kofler via devel wrote:

martin luther wrote:

should we implement https://github.com/GrapheneOS/hardened_malloc/
it is hardened memory allocate it will increase the security of fedora
according to the graphene os team it can be ported to linux as well need
to look at it


CCing Daniel Micay who wrote hardened_malloc.


There are several questions that come up:  [[snip]]


It seems to me that hardened_malloc could increase working set and RAM
desired by something like 10% compared to glibc for some important workloads,
such as Fedora re-builds.  From page 22 of [1] (attached here; 203KB), the graph
of number of requests versus requested size shows that blocks of size <= 128
were requested tens to thousands of times more often than all the rest.

For sizes from 0 through 128, the "Size classes" section of README.md of [2]
documents worst-case internal fragmentation (in "slabs") of 93.75% to 11.72%.
That seems too high.  Where are actual measurements for workloads such as
Fedora re-builds?

(Also note that the important special case of malloc(0), which is analogous
to (gensym) of Lisp and is implemented internally as malloc(1), consumes
16 bytes and has a fragmentation of 93.75% for both glibc and hardened_malloc.
The worst fragmentation happens for *every* call to malloc(0), which occurred
about 800,000 times in the sample.  Yikes!)


[1] https://blog.linuxplumbersconf.org/2016/ocw/system/presentations/3921/original/LPC%202016%20-%20linux%20and%20glibc_%20The%204.5TiB%20malloc%20API%20trace.pdf
[2] https://github.com/GrapheneOS/hardened_malloc/

Attachment: malloc-frequency-versus-size-p22.pdf
Description: Adobe PDF document

_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux