2019-04-23 22:16:22 +02:00
|
|
|
|
{ config, lib, pkgs, ... }:
|
|
|
|
|
with lib;
|
|
|
|
|
|
|
|
|
|
let
|
|
|
|
|
cfg = config.environment.memoryAllocator;
|
|
|
|
|
|
|
|
|
|
# The set of alternative malloc(3) providers.
|
|
|
|
|
providers = {
|
2019-08-13 23:52:01 +02:00
|
|
|
|
graphene-hardened = {
|
2019-04-23 22:16:22 +02:00
|
|
|
|
libPath = "${pkgs.graphene-hardened-malloc}/lib/libhardened_malloc.so";
|
|
|
|
|
description = ''
|
|
|
|
|
An allocator designed to mitigate memory corruption attacks, such as
|
|
|
|
|
those caused by use-after-free bugs.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
2019-08-13 23:52:01 +02:00
|
|
|
|
jemalloc = {
|
2019-04-23 22:16:22 +02:00
|
|
|
|
libPath = "${pkgs.jemalloc}/lib/libjemalloc.so";
|
|
|
|
|
description = ''
|
|
|
|
|
A general purpose allocator that emphasizes fragmentation avoidance
|
|
|
|
|
and scalable concurrency support.
|
|
|
|
|
'';
|
|
|
|
|
};
|
2019-05-29 19:16:45 +02:00
|
|
|
|
|
2021-10-29 20:56:17 +02:00
|
|
|
|
scudo = let
|
|
|
|
|
platformMap = {
|
|
|
|
|
aarch64-linux = "aarch64";
|
|
|
|
|
x86_64-linux = "x86_64";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
systemPlatform = platformMap.${pkgs.stdenv.hostPlatform.system} or (throw "scudo not supported on ${pkgs.stdenv.hostPlatform.system}");
|
|
|
|
|
in {
|
llvmPackages_latest: move to aliases.nix
Because llvmPackages_latest is used in Nixpkgs, by quite a few
packages, it's difficult to keep it up to date, because updating it
requires some level of confidence that every package that uses it is
going to keep working after the update. The result of this is that
llvmPackages_latest is not updated, and so we end up in the situation
that "latest" is two versions older than the latest version we
actually provide. This is confusing and unexpected.
"But won't this end up fragmenting our LLVM versions, if every package
previously using _latest is separately pinned to LLVM 14?", I hear you
ask. No. That fragmentation is already happening, even with an
llvmPackages_latest, because packages that actually require the
_latest_ version of LLVM (15/16), have already been decoupled from
llvmPackages_latest since it hasn't been upgraded. So like it or not,
we can't escape packages depending on specific recent LLVMs. The only
real fix is to get better at keeping the default LLVM up to
date (which I'm reasonably confident we're getting into a better
position to be feasibly better able to do).
So, unless we want to double down on providing a confusingly named
"llvmPackages_latest" attribute that refers to some arbitrary LLVM
version that's probably not the latest one (or even the latest one
available in Nixpkgs), we only have two options here: either we don't
provide such an attribute at all, or we don't use it in Nixpkgs so we
don't become scared to bump it as soon as we have a new LLVM available.
2023-05-04 10:39:50 +02:00
|
|
|
|
libPath = "${pkgs.llvmPackages_14.compiler-rt}/lib/linux/libclang_rt.scudo-${systemPlatform}.so";
|
2019-05-29 19:16:45 +02:00
|
|
|
|
description = ''
|
|
|
|
|
A user-mode allocator based on LLVM Sanitizer’s CombinedAllocator,
|
|
|
|
|
which aims at providing additional mitigations against heap based
|
|
|
|
|
vulnerabilities, while maintaining good performance.
|
|
|
|
|
'';
|
|
|
|
|
};
|
2021-09-20 19:10:28 +02:00
|
|
|
|
|
|
|
|
|
mimalloc = {
|
|
|
|
|
libPath = "${pkgs.mimalloc}/lib/libmimalloc.so";
|
|
|
|
|
description = ''
|
|
|
|
|
A compact and fast general purpose allocator, which may
|
|
|
|
|
optionally be built with mitigations against various heap
|
|
|
|
|
vulnerabilities.
|
|
|
|
|
'';
|
|
|
|
|
};
|
2019-04-23 22:16:22 +02:00
|
|
|
|
};
|
|
|
|
|
|
2019-08-13 23:52:01 +02:00
|
|
|
|
providerConf = providers.${cfg.provider};
|
2019-04-23 22:16:22 +02:00
|
|
|
|
|
|
|
|
|
# An output that contains only the shared library, to avoid
|
|
|
|
|
# needlessly bloating the system closure
|
|
|
|
|
mallocLib = pkgs.runCommand "malloc-provider-${cfg.provider}"
|
|
|
|
|
rec {
|
|
|
|
|
preferLocalBuild = true;
|
|
|
|
|
allowSubstitutes = false;
|
|
|
|
|
origLibPath = providerConf.libPath;
|
|
|
|
|
libName = baseNameOf origLibPath;
|
|
|
|
|
}
|
|
|
|
|
''
|
|
|
|
|
mkdir -p $out/lib
|
|
|
|
|
cp -L $origLibPath $out/lib/$libName
|
|
|
|
|
'';
|
|
|
|
|
|
|
|
|
|
# The full path to the selected provider shlib.
|
|
|
|
|
providerLibPath = "${mallocLib}/lib/${mallocLib.libName}";
|
|
|
|
|
in
|
|
|
|
|
|
|
|
|
|
{
|
|
|
|
|
meta = {
|
|
|
|
|
maintainers = [ maintainers.joachifm ];
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
options = {
|
|
|
|
|
environment.memoryAllocator.provider = mkOption {
|
|
|
|
|
type = types.enum ([ "libc" ] ++ attrNames providers);
|
|
|
|
|
default = "libc";
|
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
|
The system-wide memory allocator.
|
|
|
|
|
|
|
|
|
|
Briefly, the system-wide memory allocator providers are:
|
2022-08-29 23:34:22 +02:00
|
|
|
|
|
2019-04-23 22:16:22 +02:00
|
|
|
|
- `libc`: the standard allocator provided by libc
|
|
|
|
|
${concatStringsSep "\n" (mapAttrsToList
|
|
|
|
|
(name: value: "- `${name}`: ${replaceStrings [ "\n" ] [ " " ] value.description}")
|
|
|
|
|
providers)}
|
|
|
|
|
|
|
|
|
|
::: {.warning}
|
|
|
|
|
Selecting an alternative allocator (i.e., anything other than
|
|
|
|
|
`libc`) may result in instability, data loss,
|
|
|
|
|
and/or service failure.
|
2022-08-29 23:34:22 +02:00
|
|
|
|
:::
|
2019-04-23 22:16:22 +02:00
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
config = mkIf (cfg.provider != "libc") {
|
2019-06-02 16:03:26 +02:00
|
|
|
|
environment.etc."ld-nix.so.preload".text = ''
|
|
|
|
|
${providerLibPath}
|
|
|
|
|
'';
|
2020-10-18 15:36:24 +02:00
|
|
|
|
security.apparmor.includes = {
|
|
|
|
|
"abstractions/base" = ''
|
|
|
|
|
r /etc/ld-nix.so.preload,
|
|
|
|
|
r ${config.environment.etc."ld-nix.so.preload".source},
|
2021-06-06 17:30:45 +02:00
|
|
|
|
include "${pkgs.apparmorRulesFromClosure {
|
|
|
|
|
name = "mallocLib";
|
|
|
|
|
baseRules = ["mr $path/lib/**.so*"];
|
|
|
|
|
} [ mallocLib ] }"
|
2020-10-18 15:36:24 +02:00
|
|
|
|
'';
|
|
|
|
|
};
|
2019-04-23 22:16:22 +02:00
|
|
|
|
};
|
|
|
|
|
}
|