add a minimum delay to free slabs reuse #55
Comments
|
Is there any legitimate concern for DoS under conditions with few available free slabs and a min quarantine time? With high churn, it seems like there's a window for recently freed slabs to be in the queue, but still unavailable for allocation. Using allocation requests as units of measurement (counter vs clock) might be of use there, especially if the calling threads are tracked for race reduction and entropy purposes. |
|
The delay is measured in terms of deallocation cycles (for the future slab allocation quarantine), or in this case number of free slabs. There's the concept of a partial slab (partially filled) which are filled before falling back to empty slabs (very limited cache size - 64k at the moment) and then free slabs which have been purged and memory protected and need to be unprotected to use them. Keeping more free slabs is very cheap since the only cost is the slab metadata (56 bytes, but it could be reduced to 32 bytes) and potentially an extra 2 VMAs (but not necessarily). |
|
This is the existing quarantine for large allocations, which are memory mappings with randomly sized guard regions: https://github.com/AndroidHardening/hardened_malloc/blob/3db3e167ede6a9bd035f9145b5cb817954e150dd/malloc.c#L551-L584. It uses a randomized array and a ring buffer as a queue. Slab metadata (which is out-of-line, like all metadata) has There will also be a quarantine for slab allocations themselves, but that's more complicated since it needs to have a way of preserving double-free detection unlike large allocations where that's all provided by the page -> region_info hash table regardless. It could also potentially avoid delaying the slabs becoming free slabs if it's implemented cleverly. |
It already has a queue and just needs to enforce a minimum length.
The text was updated successfully, but these errors were encountered: