this is my output. are you on Windows? safety checking is still TODO on that platform
Conversation
i'm using linux (zig 0.7.1 from the arch linux repo to be precise) 😕
1
1
huh. I'd like to try to reproduce these results. mind sharing an strace?
1
1
gist.github.com/saleemrashid/6 🙏
mmap hint looks wrong? (also that's a surprising number of write syscalls for one std.debug.print 👀)
1
2
oh! it is something related to the linux-hardened kernel github.com/anthraxx/linux (it does the right thing on the non-hardened one), might know why
1
It primarily just fixes x86 vdso randomization and uses the maximum values for ASLR entropy configuration by default which are already configurable via sysctl.
1
I'd strongly recommend measuring the size of the address space and reserving a huge portion as a massive PROT_NONE mapping rather than using hints though. mmap hints aren't respected everywhere and you can end up with other mappings getting in the way and screwing up the hints.
2
3
Basically, make a massive PROT_NONE mapping and then you allocate with mprotect to PROT_READ|PROT_WRITE and free by using MAP_FIXED mmap to replace a section with a new fresh PROT_NONE region. It prevents anything else from getting that via mmap outside of your own mmap usage.
2
2
9
The only 2 issues on Linux are RLIMIT_AS (which is just misguided) and the Linux kernel implementation of mlockall being really stupid and wasting time going through PROT_NONE memory trying to lock it all.
github.com/GrapheneOS/har uses this approach in production. Works well.
Here's the output of /proc/1/maps showing the address space of an arbitrary process (init) on GrapheneOS which uses hardened_malloc:
gist.githubusercontent.com/thestinger/28c
Android adds support for setting labels on anonymous mappings and hardened_malloc does that in a debug build.
1
1
Shows how it reserves all address space it ever needs for all metadata (entirely out-of-line) and slab allocations (<= 128k by default) with a dedicated region for each size class.
Can also see 1 active large allocation (which get random guards) and 1 freed one (quarantined).
1
Show replies