public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
nixpkgs/nixos/modules/config/malloc.nix
TredwellGit fc6948cd47 nixos/malloc: fix Scudo 
Fixes segmentation faults.
https://github.com/NixOS/nixpkgs/issues/100799
2020-11-17 09:11:31 -05:00

92 lines
2.6 KiB
Nix
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.environment.memoryAllocator;
# The set of alternative malloc(3) providers.
providers = {
graphene-hardened = {
libPath = "${pkgs.graphene-hardened-malloc}/lib/libhardened_malloc.so";
description = ''
An allocator designed to mitigate memory corruption attacks, such as
those caused by use-after-free bugs.
'';
};
jemalloc = {
libPath = "${pkgs.jemalloc}/lib/libjemalloc.so";
description = ''
A general purpose allocator that emphasizes fragmentation avoidance
and scalable concurrency support.
'';
};
scudo = {
libPath = "${pkgs.llvmPackages_latest.compiler-rt}/lib/linux/libclang_rt.scudo-x86_64.so";
description = ''
A user-mode allocator based on LLVM Sanitizers CombinedAllocator,
which aims at providing additional mitigations against heap based
vulnerabilities, while maintaining good performance.
'';
};
};
providerConf = providers.${cfg.provider};
# An output that contains only the shared library, to avoid
# needlessly bloating the system closure
mallocLib = pkgs.runCommand "malloc-provider-${cfg.provider}"
rec {
preferLocalBuild = true;
allowSubstitutes = false;
origLibPath = providerConf.libPath;
libName = baseNameOf origLibPath;
}
''
mkdir -p $out/lib
cp -L $origLibPath $out/lib/$libName
'';
# The full path to the selected provider shlib.
providerLibPath = "${mallocLib}/lib/${mallocLib.libName}";
in
{
meta = {
maintainers = [ maintainers.joachifm ];
};
options = {
environment.memoryAllocator.provider = mkOption {
type = types.enum ([ "libc" ] ++ attrNames providers);
default = "libc";
description = ''
The system-wide memory allocator.
Briefly, the system-wide memory allocator providers are:
<itemizedlist>
<listitem><para><literal>libc</literal>: the standard allocator provided by libc</para></listitem>
${toString (mapAttrsToList
(name: value: "<listitem><para><literal>${name}</literal>: ${value.description}</para></listitem>")
providers)}
</itemizedlist>
<warning>
<para>
Selecting an alternative allocator (i.e., anything other than
<literal>libc</literal>) may result in instability, data loss,
and/or service failure.
</para>
</warning>
'';
};
};
config = mkIf (cfg.provider != "libc") {
environment.etc."ld-nix.so.preload".text = ''
${providerLibPath}
'';
};
}
Reference in New Issue View Git Blame Copy Permalink