2019-04-23 20:16:22 +00:00
|
|
|
|
{ config, lib, pkgs, ... }:
|
|
|
|
|
with lib;
|
|
|
|
|
|
|
|
|
|
let
|
|
|
|
|
cfg = config.environment.memoryAllocator;
|
|
|
|
|
|
|
|
|
|
# The set of alternative malloc(3) providers.
|
|
|
|
|
providers = {
|
2019-08-13 21:52:01 +00:00
|
|
|
|
graphene-hardened = {
|
2019-04-23 20:16:22 +00:00
|
|
|
|
libPath = "${pkgs.graphene-hardened-malloc}/lib/libhardened_malloc.so";
|
|
|
|
|
description = ''
|
2024-04-18 21:19:46 +00:00
|
|
|
|
Hardened memory allocator coming from GrapheneOS project.
|
|
|
|
|
The default configuration template has all normal optional security
|
|
|
|
|
features enabled and is quite aggressive in terms of sacrificing
|
|
|
|
|
performance and memory usage for security.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
graphene-hardened-light = {
|
|
|
|
|
libPath = "${pkgs.graphene-hardened-malloc}/lib/libhardened_malloc-light.so";
|
|
|
|
|
description = ''
|
|
|
|
|
Hardened memory allocator coming from GrapheneOS project.
|
|
|
|
|
The light configuration template disables the slab quarantines,
|
|
|
|
|
write after free check, slot randomization and raises the guard
|
|
|
|
|
slab interval from 1 to 8 but leaves zero-on-free and slab canaries enabled.
|
|
|
|
|
The light configuration has solid performance and memory usage while still
|
|
|
|
|
being far more secure than mainstream allocators with much better security
|
|
|
|
|
properties.
|
2019-04-23 20:16:22 +00:00
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
2019-08-13 21:52:01 +00:00
|
|
|
|
jemalloc = {
|
2019-04-23 20:16:22 +00:00
|
|
|
|
libPath = "${pkgs.jemalloc}/lib/libjemalloc.so";
|
|
|
|
|
description = ''
|
|
|
|
|
A general purpose allocator that emphasizes fragmentation avoidance
|
|
|
|
|
and scalable concurrency support.
|
|
|
|
|
'';
|
|
|
|
|
};
|
2019-05-29 17:16:45 +00:00
|
|
|
|
|
2021-10-29 18:56:17 +00:00
|
|
|
|
scudo = let
|
|
|
|
|
platformMap = {
|
|
|
|
|
aarch64-linux = "aarch64";
|
|
|
|
|
x86_64-linux = "x86_64";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
systemPlatform = platformMap.${pkgs.stdenv.hostPlatform.system} or (throw "scudo not supported on ${pkgs.stdenv.hostPlatform.system}");
|
|
|
|
|
in {
|
llvmPackages_latest: move to aliases.nix
Because llvmPackages_latest is used in Nixpkgs, by quite a few
packages, it's difficult to keep it up to date, because updating it
requires some level of confidence that every package that uses it is
going to keep working after the update. The result of this is that
llvmPackages_latest is not updated, and so we end up in the situation
that "latest" is two versions older than the latest version we
actually provide. This is confusing and unexpected.
"But won't this end up fragmenting our LLVM versions, if every package
previously using _latest is separately pinned to LLVM 14?", I hear you
ask. No. That fragmentation is already happening, even with an
llvmPackages_latest, because packages that actually require the
_latest_ version of LLVM (15/16), have already been decoupled from
llvmPackages_latest since it hasn't been upgraded. So like it or not,
we can't escape packages depending on specific recent LLVMs. The only
real fix is to get better at keeping the default LLVM up to
date (which I'm reasonably confident we're getting into a better
position to be feasibly better able to do).
So, unless we want to double down on providing a confusingly named
"llvmPackages_latest" attribute that refers to some arbitrary LLVM
version that's probably not the latest one (or even the latest one
available in Nixpkgs), we only have two options here: either we don't
provide such an attribute at all, or we don't use it in Nixpkgs so we
don't become scared to bump it as soon as we have a new LLVM available.
2023-05-04 08:39:50 +00:00
|
|
|
|
libPath = "${pkgs.llvmPackages_14.compiler-rt}/lib/linux/libclang_rt.scudo-${systemPlatform}.so";
|
2019-05-29 17:16:45 +00:00
|
|
|
|
description = ''
|
|
|
|
|
A user-mode allocator based on LLVM Sanitizer’s CombinedAllocator,
|
|
|
|
|
which aims at providing additional mitigations against heap based
|
|
|
|
|
vulnerabilities, while maintaining good performance.
|
|
|
|
|
'';
|
|
|
|
|
};
|
2021-09-20 17:10:28 +00:00
|
|
|
|
|
|
|
|
|
mimalloc = {
|
|
|
|
|
libPath = "${pkgs.mimalloc}/lib/libmimalloc.so";
|
|
|
|
|
description = ''
|
|
|
|
|
A compact and fast general purpose allocator, which may
|
|
|
|
|
optionally be built with mitigations against various heap
|
|
|
|
|
vulnerabilities.
|
|
|
|
|
'';
|
|
|
|
|
};
|
2019-04-23 20:16:22 +00:00
|
|
|
|
};
|
|
|
|
|
|
2019-08-13 21:52:01 +00:00
|
|
|
|
providerConf = providers.${cfg.provider};
|
2019-04-23 20:16:22 +00:00
|
|
|
|
|
|
|
|
|
# An output that contains only the shared library, to avoid
|
|
|
|
|
# needlessly bloating the system closure
|
|
|
|
|
mallocLib = pkgs.runCommand "malloc-provider-${cfg.provider}"
|
|
|
|
|
rec {
|
|
|
|
|
preferLocalBuild = true;
|
|
|
|
|
allowSubstitutes = false;
|
|
|
|
|
origLibPath = providerConf.libPath;
|
|
|
|
|
libName = baseNameOf origLibPath;
|
|
|
|
|
}
|
|
|
|
|
''
|
|
|
|
|
mkdir -p $out/lib
|
|
|
|
|
cp -L $origLibPath $out/lib/$libName
|
|
|
|
|
'';
|
|
|
|
|
|
|
|
|
|
# The full path to the selected provider shlib.
|
|
|
|
|
providerLibPath = "${mallocLib}/lib/${mallocLib.libName}";
|
|
|
|
|
in
|
|
|
|
|
|
|
|
|
|
{
|
|
|
|
|
meta = {
|
|
|
|
|
maintainers = [ maintainers.joachifm ];
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
options = {
|
|
|
|
|
environment.memoryAllocator.provider = mkOption {
|
|
|
|
|
type = types.enum ([ "libc" ] ++ attrNames providers);
|
|
|
|
|
default = "libc";
|
2024-04-13 12:54:15 +00:00
|
|
|
|
description = ''
|
2019-04-23 20:16:22 +00:00
|
|
|
|
The system-wide memory allocator.
|
|
|
|
|
|
|
|
|
|
Briefly, the system-wide memory allocator providers are:
|
2022-08-29 21:34:22 +00:00
|
|
|
|
|
2019-04-23 20:16:22 +00:00
|
|
|
|
- `libc`: the standard allocator provided by libc
|
|
|
|
|
${concatStringsSep "\n" (mapAttrsToList
|
|
|
|
|
(name: value: "- `${name}`: ${replaceStrings [ "\n" ] [ " " ] value.description}")
|
|
|
|
|
providers)}
|
|
|
|
|
|
|
|
|
|
::: {.warning}
|
|
|
|
|
Selecting an alternative allocator (i.e., anything other than
|
|
|
|
|
`libc`) may result in instability, data loss,
|
|
|
|
|
and/or service failure.
|
2022-08-29 21:34:22 +00:00
|
|
|
|
:::
|
2019-04-23 20:16:22 +00:00
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
config = mkIf (cfg.provider != "libc") {
|
2019-06-02 14:03:26 +00:00
|
|
|
|
environment.etc."ld-nix.so.preload".text = ''
|
|
|
|
|
${providerLibPath}
|
|
|
|
|
'';
|
2020-10-18 13:36:24 +00:00
|
|
|
|
security.apparmor.includes = {
|
|
|
|
|
"abstractions/base" = ''
|
|
|
|
|
r /etc/ld-nix.so.preload,
|
|
|
|
|
r ${config.environment.etc."ld-nix.so.preload".source},
|
2021-06-06 15:30:45 +00:00
|
|
|
|
include "${pkgs.apparmorRulesFromClosure {
|
|
|
|
|
name = "mallocLib";
|
|
|
|
|
baseRules = ["mr $path/lib/**.so*"];
|
|
|
|
|
} [ mallocLib ] }"
|
2020-10-18 13:36:24 +00:00
|
|
|
|
'';
|
|
|
|
|
};
|
2019-04-23 20:16:22 +00:00
|
|
|
|
};
|
|
|
|
|
}
|