Sweet! Daniel Rosenberg's encryption with casefolding on ext4 feature has landed upstream! This has been an out of tree dependency needed for booting AOSP, so its great its been merged!
git.kernel.org/pub/scm/linux/
Conversation
I think all that's left needed for generic AOSP functionality right now is the PR_SET_VMA_ANON_NAME feature.
android.googlesource.com/kernel/common/
4
This Tweet was deleted by the Tweet author. Learn more
It's also unfortunate that it requires an extra system call. Bionic removed a bunch of the labels due to the cost added to thread spawning. They're almost always set on the whole memory region after an mmap or mprotect call. Requiring extra system calls deters using the feature.
1
This Tweet was deleted by the Tweet author. Learn more
It would help a bit to be able to set more than one at a time but it would still be worse than being able to set them with mmap / mprotect.
So, for example, hardened_malloc uses mappings directly for sizes above either 128k (default) or 16k (extended size classes disabled).
1
It takes 2 calls to allocate a large allocation (mmap region including guards, mprotect usable region in between guards) and 1-2 calls to deallocate (MAP_FIXED mmap into a quarantined region and also munmap the mapping pushed out of the quarantine once it's full).
1
This Tweet was deleted by the Tweet author. Learn more
In general, it would be nice if there was a way to run arbitrary chains of system calls in batches to avoid the entry/exit cost.
For these ones in particular, they could in theory only grab / release mmap_sem once, but it could increase latency if you batched too much together.
2
1
I have a feeling that the upstream suggestion these days would be designing it around using eBPF to program a batch of system calls with other minor logic... and unprivileged eBPF is pretty scary.
Show more replies