[PATCH] Update tcache double-free check
Carlos O'Donell
carlos@redhat.com
Mon Aug 10 13:44:31 GMT 2020
On 8/10/20 9:35 AM, Eyal Itkin wrote:
> The overall scheme for accumulating random between threads might be
> useful in the future, for a cookie-style security check, however I
> convinced myself that it won't be needed in this case.
Your analysis seems sensible to me. In the case of a cookie-style check
I think we can and *should* do this with some of the chunk metadata.
This is something Florian proposed a couple of years ago, but the
difficulty is that it's straight on the hot path, so you have to try
reorder the operations to get as-good performance as before. Given that
you're already touching the cacheline with the metadata there is a lot
that you can hide e.g. xor of the size with a cookie.
You're right though the code you've written I think will be useful to
others.
I still need to review the various versions we have and get consensus.
--
Cheers,
Carlos.
More information about the Libc-alpha
mailing list