Conversation

This Tweet was deleted by the Tweet author. Learn more

Replying to

github.com/AndroidHardeni uses it for a relatively unimportant security feature. It's not enabled by default because MPK performed much worse than I expected and I don't think it's worth the cost in this case. I also found a serious bug in the Linux kernel implementation of MPK.

github.com

GitHub - GrapheneOS/hardened_malloc: Hardened allocator designed for modern systems. It has...

Hardened allocator designed for modern systems. It has integration into Android's Bionic libc and can be used externally with musl and glibc as a dynamic library for use on other Linux-base...

Replying to

and

There's a patch at lore.kernel.org/patchwork/patc. I'm not sure if it finally landed. I have a feeling it's still not upstream, but I haven't been checking. Even after it's fixed, it will be painful to handle older kernels with the bug present unless they add a way to detect the fix.

Replying to

and

Here's where I work around the Linux kernel bug by disabling the feature in forked children: github.com/AndroidHardeni. I doubt many people are using it since I was the first person to run into this blatant flaw. I was very disappointed with the performance of the feature too.

Replying to

and

I implemented the feature for github.com/AndroidHardeni partly as a proof of concept for MPK. The performance on AWS was awful though. Toggling it on and off is comparable to locking and unlocking a mutex. I think it might have been way faster before assorted Spectre fixes, etc.

github.com

GitHub - GrapheneOS/hardened_malloc: Hardened allocator designed for modern systems. It has...

Hardened allocator designed for modern systems. It has integration into Android's Bionic libc and can be used externally with musl and glibc as a dynamic library for use on other Linux-base...

This Tweet was deleted by the Tweet author. Learn more

Daniel Micay

@DanielMicay

Replying to

@chrisrohlf

Yeah, the measurable performance cost should only be when toggling it on. I'm used to arm64 where execute-only mappings are part of the standard memory permissions, although I still don't think the vanilla Linux kernel exposes it to userspace... but it's just a one line change.

10:32 PM · Mar 19, 2019Twitter Web Client

Replying to

and

Just be aware that when you fork, the kernel is currently buggy and completely loses your pkey configuration... and you can't easily work around that since allocating a new pkey would create a leak on patched systems where it isn't losing your configuration.