I'm working on integrating Memory Protection Keys (lwn.net/Articles/64379) into my hardened allocator for protecting the metadata. Unfortunately, I can't verify it works and has low enough overhead until I get access to a Skylake-SP CPU so it will be stuck in a separate branch.
Conversation
Replying to
Is the Skylake SP only required for your programming and testing? Not for the blocks on the chain (users), right?
Pricey chip.
1
Replying to
MPK is a fairly bleeding edge feature and hasn't trickled down to consumer CPUs. It's a simple way of adding a little bit more security to my hardened malloc implementation with a low performance cost. The possible hardening isn't the same across architectures and CPU revisions.
ARMv8.5 MTE (memory tagging) is a far more compelling feature able to drastically improve security. It's going to be a while before that's available at all, and it will only be present on brand new flagship phones for a while, similar to ARMv8.3 pointer auth availability today.
1
Replying to
I wish you the best. I've invested as much as a new car into these computers that I use for design work.