TIL since Linux 4.0 /proc/%d/pagemap has hidden PFNs as sensitive due to Rowhammer. I wonder if they could be reexposed under cryptographic cipher with same cipher used to address /proc/kpage*...
Conversation
I'm seriously about to write a tool for detailed process memory usage analysis because all of the existing "how much memory X is using" metrics are so bogus.
1
9
Like at the very least, a report of not just how many but *which* pages are dirty. Getting fancier (not doing this now) reporting on what's in them, with heuristics (text? data structures with pointers? malloc framing matching known designs? etc.)
2
Replying to
AOSP adds a small feature to the kernel supporting naming anonymous VMAs, so they can be attributed to the source. It uses maps / pagemap to figure out what's actually used and to properly split shared memory between applications. Naming the anonymous VMAs isn't upstream though.
1
1
The prctl API they made for naming the anonymous VMAs isn't great because it requires an extra system call. It ended up causing too much overhead for spawning threads via pthread_create so they ended up removing the calls to it there. Ideally a name would just be passed to mmap.
I only use it in debug builds of hardened_malloc to avoid overhead. It's a simple API:
github.com/GrapheneOS/har
It's very helpful for debugging with hardened_malloc since the debug tracebacks show the malloc size class via the slab labels in proc maps:
1
This is the commit adding PR_SET_VMA_ANON_NAME for Android's Linux 5.4 LTS:
android.googlesource.com/kernel/common/
It's one of the few remaining downstream changes aside from backports. The Android common kernels mostly just backport a bunch of extra bug / security fixes and some features.
1
Show replies
Replying to
Sadly mmap is out of space for any additional arguments, and they wasted all the flag bits on useless hugetlb specific-pagesize requests (altho hopefully those bits can be repurposed when MAP_HUGETLB bit is clear...).
2
And, any idea what's going on with this?
Quote Tweet
And lovely, the soft_dirty bit in /proc/%d/pagemap silently doesn't work (always reads as 0) and I can't find any documentation about why.
Show this thread