Live CD: Check hardened_malloc usage or replacement

[yveszoundi]

During the migration of the CI/CD pipeline to GitHub actions (#16 ), a random error has been observed for the amd64 ISO image.

• Check if the podman version installed via GitHub actions is the same as what is built locally
• Check apt repository differences
• Compare podman versions (version on 0.3.0, version on local dev build, version on GitHub actions dev build)
• Compare kernel versions too

If hardened_malloc is going to be a problem, consider a replacement such as mimalloc (secure mode).

Random error with GitHub actions dev build (amd64 ISO image) There have been few iterations of the build pipeline on GitHub but it never led to errors related to hardened_malloc

After observing the above issue, it was confirmed that disabling hardened_malloc makes the problem go away...

[yveszoundi]

No meaningful environment differences were observed between amd64 and arm64 ISO images generated by GitHub actions .

The ISO images are running under QEMU for the results to follow.

amd64 ISO image

uname -r => 5.10.0-20-amd64
podman --version => podman version 3.0.1
root@entrusted-livecd:/home/entrusted# cat /proc/cpuinfo 
processor       : 0
vendor_id       : GenuineIntel
cpu family      : 15
model           : 107
model name      : QEMU Virtual CPU version 2.5+
stepping        : 1
microcode       : 0x1
cpu MHz         : 2999.832
cache size      : 16384 KB
physical id     : 0
siblings        : 1
core id         : 0
cpu cores       : 1
apicid          : 0
initial apicid  : 0
fpu             : yes
fpu_exception   : yes
cpuid level     : 13
wp              : yes
flags           : fpu de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 syscall nx lm constant_tsc nopl xtopology cpuid pni cx16 hypervisor lahf_lm pti
bugs            : cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf mds swapgs itlb_multihit mmio_unknown
bogomips        : 5999.66
clflush size    : 64
cache_alignment : 128
address sizes   : 40 bits physical, 48 bits virtual
power management:

arm64 ISO image

uname -r => 5.10.0-20-arm64
podman --version => podman version 3.0.1
entrusted@entrusted-livecd:~$ cat /proc/cpuinfo 
processor       : 0
BogoMIPS        : 125.00
Features        : fp asimd evtstrm aes pmull sha1 sha2 crc32 cpuid
CPU implementer : 0x41
CPU architecture: 8
CPU variant     : 0x1
CPU part        : 0xd07
CPU revision    : 0

processor       : 1
BogoMIPS        : 125.00
Features        : fp asimd evtstrm aes pmull sha1 sha2 crc32 cpuid
CPU implementer : 0x41
CPU architecture: 8
CPU variant     : 0x1
CPU part        : 0xd07
CPU revision    : 0

[yveszoundi]

The root cause is apparently the default optimizations for the detected CPU at build time for hardened_malloc.

Setting the hardened_malloc option for CONFIG_NATIVE to false appears to fix the problem and the application no longer crashes abruptly during conversions. This was tested only for amd64 and arm64 needs to be re-tested.

[yveszoundi]

This is verified for local builds and GitHub actions.

• The generated ISO images don't crash abruptly for amd64 and the runtime behavior is still correct for arm64
• The tests were not exhaustive (i.e. not the entire test_data folder file set)