Re: malloc freelists

[Ted Unangst]

On Thu, May 01, 2014 at 15:57, Damien Miller wrote:
 On Thu, 1 May 2014, Ted Unangst wrote:
 
 What's better than a freelist? Four freelists!
 
 Apart from moar = better, what's the motivation? Do you have a particular
 attack in mind? The only thing I can think of where this change might help
 is an attack that speculatively spams small offsets from the overflow and
 hopes it doesn't run off the end of the page, and this seems fairly
 contrived...

Nope, I can't tell you exactly how this would help, but it seems cheap
enough. Guiding philosophy is simply to make a list of everything
known about malloc, and then make it unknown or less certain.

Re: malloc freelists

[Marc Espie]

Okay, the question is: why 4 ? why not 3 ? or 2 ? or 8 ?
Where do you stop ? how did you figure out that 4 was better ?

This looks a bit like hey, let's make our own crypto code, it ought to
work just fine, right ?

Re: malloc freelists

[Marc Espie]

Sorry, badly phrased reply. I didn't mean to imply it was a bad idea, but
you didn't explain at all why 4, and not 3 or 6, or 42 ?  If it's good with
4, it ought to be better with more, right ? any data point or rationale for
choosing 4 ?

Re: malloc freelists

[Theo de Raadt]

 Sorry, badly phrased reply. I didn't mean to imply it was a bad idea, but
 you didn't explain at all why 4, and not 3 or 6, or 42 ?  If it's good with
 4, it ought to be better with more, right ? any data point or rationale for
 choosing 4 ?

Why does Ted have to explain his heuristic?

Should all pkg_add design changes have to undergo the same public
scrutiny?  Should do we go through the last 10 commits and create a
fuss?

Chill dude.

4 looks good to me.  Shrug.

Re: malloc freelists

[Ted Unangst]

On Thu, May 01, 2014 at 20:52, Marc Espie wrote:
 Sorry, badly phrased reply. I didn't mean to imply it was a bad idea, but
 you didn't explain at all why 4, and not 3 or 6, or 42 ?  If it's good with
 4, it ought to be better with more, right ? any data point or rationale for
 choosing 4 ?

The bigger it goes, the more memory you burn. 4 seemed a reasonably
small choice where you aren't likely to even notice. It could perhaps
scale with the size of the chunk, but that's further complication.

Re: malloc freelists

[Bob Beck]

because it's better than one.

frankly, it's a starting point. if 8 or 42 is better we can tune from there.

or replace it with something that's better to do the same thing - if
that can be come up with. Do you have a better suggestion?

On Thu, May 1, 2014 at 12:52 PM, Marc Espie es...@nerim.net wrote:
 Sorry, badly phrased reply. I didn't mean to imply it was a bad idea, but
 you didn't explain at all why 4, and not 3 or 6, or 42 ?  If it's good with
 4, it ought to be better with more, right ? any data point or rationale for
 choosing 4 ?