i'm using linux (zig 0.7.1 from the arch linux repo to be precise) 😕
Conversation
huh. I'd like to try to reproduce these results. mind sharing an strace?
1
1
gist.github.com/saleemrashid/6 🙏
mmap hint looks wrong? (also that's a surprising number of write syscalls for one std.debug.print 👀)
1
2
oh! it is something related to the linux-hardened kernel github.com/anthraxx/linux (it does the right thing on the non-hardened one), might know why
1
It primarily just fixes x86 vdso randomization and uses the maximum values for ASLR entropy configuration by default which are already configurable via sysctl.
1
I'd strongly recommend measuring the size of the address space and reserving a huge portion as a massive PROT_NONE mapping rather than using hints though. mmap hints aren't respected everywhere and you can end up with other mappings getting in the way and screwing up the hints.
2
3
Basically, make a massive PROT_NONE mapping and then you allocate with mprotect to PROT_READ|PROT_WRITE and free by using MAP_FIXED mmap to replace a section with a new fresh PROT_NONE region. It prevents anything else from getting that via mmap outside of your own mmap usage.
2
2
9
The only 2 issues on Linux are RLIMIT_AS (which is just misguided) and the Linux kernel implementation of mlockall being really stupid and wasting time going through PROT_NONE memory trying to lock it all.
github.com/GrapheneOS/har uses this approach in production. Works well.
1
3
Here's the output of /proc/1/maps showing the address space of an arbitrary process (init) on GrapheneOS which uses hardened_malloc:
gist.githubusercontent.com/thestinger/28c
Android adds support for setting labels on anonymous mappings and hardened_malloc does that in a debug build.
Shows how it reserves all address space it ever needs for all metadata (entirely out-of-line) and slab allocations (<= 128k by default) with a dedicated region for each size class.
Can also see 1 active large allocation (which get random guards) and 1 freed one (quarantined).
1
Can also see the guard slabs it leaves between each slab for the slab allocation region.
Since init hasn't used most size classes, the inactive size class regions are still labelled as slab region gaps since it starts out that way and has reserved random gaps between regions.