Conversation

saleem

⍼

@saleemrash1d

Mar 22, 2021

Replying to

@saleemrash1d

@andy_kelley

and 2 others

this is what it looks like for me

Replying to

and

huh. I'd like to try to reproduce these results. mind sharing an strace?

Replying to

and

gist.github.com/saleemrashid/6 🙏 mmap hint looks wrong? (also that's a surprising number of write syscalls for one std.debug.print 👀)

gist.github.com

strace.log

GitHub Gist: instantly share code, notes, and snippets.

Replying to

oh! it is something related to the linux-hardened kernel github.com/anthraxx/linux (it does the right thing on the non-hardened one),

@DanielMicay

might know why

github.com

GitHub - anthraxx/linux-hardened: Minimal supplement to upstream Kernel Self Protection Project...

Minimal supplement to upstream Kernel Self Protection Project changes. Features already provided by SELinux + Yama and archs other than multiarch arm64 / x86_64 aren't in scope. Only tags h...

Replying to

It primarily just fixes x86 vdso randomization and uses the maximum values for ASLR entropy configuration by default which are already configurable via sysctl.

Replying to

I'd strongly recommend measuring the size of the address space and reserving a huge portion as a massive PROT_NONE mapping rather than using hints though. mmap hints aren't respected everywhere and you can end up with other mappings getting in the way and screwing up the hints.

Replying to

thanks for the tip!

Replying to

Basically, make a massive PROT_NONE mapping and then you allocate with mprotect to PROT_READ|PROT_WRITE and free by using MAP_FIXED mmap to replace a section with a new fresh PROT_NONE region. It prevents anything else from getting that via mmap outside of your own mmap usage.

Replying to

The only 2 issues on Linux are RLIMIT_AS (which is just misguided) and the Linux kernel implementation of mlockall being really stupid and wasting time going through PROT_NONE memory trying to lock it all. github.com/GrapheneOS/har uses this approach in production. Works well.

github.com

GitHub - GrapheneOS/hardened_malloc: Hardened allocator designed for modern systems. It has...

Hardened allocator designed for modern systems. It has integration into Android's Bionic libc and can be used externally with musl and glibc as a dynamic library for use on other Linux-base...

Replying to

Here's the output of /proc/1/maps showing the address space of an arbitrary process (init) on GrapheneOS which uses hardened_malloc: gist.githubusercontent.com/thestinger/28c Android adds support for setting labels on anonymous mappings and hardened_malloc does that in a debug build.

Replying to

Shows how it reserves all address space it ever needs for all metadata (entirely out-of-line) and slab allocations (<= 128k by default) with a dedicated region for each size class. Can also see 1 active large allocation (which get random guards) and 1 freed one (quarantined).

12:29 AM · Mar 23, 2021Twitter Web App

Replying to

Can also see the guard slabs it leaves between each slab for the slab allocation region. Since init hasn't used most size classes, the inactive size class regions are still labelled as slab region gaps since it starts out that way and has reserved random gaps between regions.