TIL since Linux 4.0 /proc/%d/pagemap has hidden PFNs as sensitive due to Rowhammer. I wonder if they could be reexposed under cryptographic cipher with same cipher used to address /proc/kpage*...
Conversation
I'm seriously about to write a tool for detailed process memory usage analysis because all of the existing "how much memory X is using" metrics are so bogus.
1
9
Like at the very least, a report of not just how many but *which* pages are dirty. Getting fancier (not doing this now) reporting on what's in them, with heuristics (text? data structures with pointers? malloc framing matching known designs? etc.)
2
Replying to
AOSP adds a small feature to the kernel supporting naming anonymous VMAs, so they can be attributed to the source. It uses maps / pagemap to figure out what's actually used and to properly split shared memory between applications. Naming the anonymous VMAs isn't upstream though.
1
1
The prctl API they made for naming the anonymous VMAs isn't great because it requires an extra system call. It ended up causing too much overhead for spawning threads via pthread_create so they ended up removing the calls to it there. Ideally a name would just be passed to mmap.
2
I only use it in debug builds of hardened_malloc to avoid overhead. It's a simple API:
github.com/GrapheneOS/har
It's very helpful for debugging with hardened_malloc since the debug tracebacks show the malloc size class via the slab labels in proc maps:
1
This is the commit adding PR_SET_VMA_ANON_NAME for Android's Linux 5.4 LTS:
android.googlesource.com/kernel/common/
It's one of the few remaining downstream changes aside from backports. The Android common kernels mostly just backport a bunch of extra bug / security fixes and some features.
The API makes sense but there should be a fast path for the common case of setting a name with mmap. They tried to upstream it but upstream didn't really understand the purpose (i.e. how useful it is for memory usage tracking and debugging) and didn't like the implied perf hit.
1
One of the other tiny remaining features was gid-based control over access to network sockets, but that was replaced with a BPF-based implementation to avoid a kernel patch. They could just drop this tiny feature but it's incredibly useful... I really miss it outside of Android.