(feat): Add memfd secret based allocation #16
Conversation
prabhpreet
changed the title
|
This looks good to me, maybe should be put into a separate file and some tests need to be added. |
|
@quininer : Thanks for your review comments. I think this is ready for review now. I have also added extra tests as a sanity check to attempt to write in guard pages, and canary area to see if allocation fails at right stages. |
memsec-test/tests/allocext_linux.rs
Outdated
| } | ||
|
|
||
| /// Attempts to | ||
| #[cfg(unix)] |
There was a problem hiding this comment.
Since the mod already has cfg os=linux, the cfg here seems redundant
| // free | ||
| let total_size = PAGE_SIZE + PAGE_SIZE + unprotected_size + PAGE_SIZE; | ||
| _mprotect(base_ptr, total_size, Prot::ReadWrite); | ||
|
|
There was a problem hiding this comment.
Thank you, added it with crate::memzero
There was a problem hiding this comment.
Added it for entire memory length, starting with base_ptr
There was a problem hiding this comment.
I think unprotected_ptr is enough, like https://github.com/quininer/memsec/blob/master/src/alloc.rs#L223C20-L223C35
| let total_size = PAGE_SIZE + PAGE_SIZE + unprotected_size + PAGE_SIZE; | ||
| let (base_ptr, fd) = alloc_memfd_secret(total_size)?; | ||
| let base_ptr = base_ptr.as_ptr(); | ||
| let fd_ptr = base_ptr.add(size_of::<usize>()); |
There was a problem hiding this comment.
maybe we should add an assert size + fd <= page
There was a problem hiding this comment.
Thank you, made the change on line 43. Please let me know if that wasn't what you had in mind.
memsec-test/tests/malloc.rs
Outdated
| @@ -83,10 +83,12 @@ fn malloc_mprotect_1_test() { | |||
| } | |||
| } | |||
|
|
|||
| procspawn::enable_test_support!(); | |||
| #[cfg(unix)] | |||
There was a problem hiding this comment.
You can put it into a separate file.
|
@quininer Looks like the checks have passed. When you think it is ready, I request you to please squash the commit changes before merging. |
|
Thank you! |
Implements: - An additional allocator to use memfd_secret(2) and guard pages using mmap(2), implemented in quininer/memsec#16 - An allocator that abstracts away underlying allocators, and uses specified allocator set by rosenpass_secret_memory::policy functions (or a function that sets rosenpass_secret_memory::alloc::ALLOC_INIT - Updates to tests- integration, fuzz, bench: some tests use procspawn to spawn multiple processes with different allocator policies
Credits to @koraa for the implementation idea
Adds functions to allocate and free memfd_secret based allocations on Linux only using
memfd_secret,memfd_secret_sizedandfree_memfd_secretmethods inallocmodule, adding guard pages and canary padding.Addresses #13 partly by adding functions to allocate using this method.
Plan to use for rosenpass/rosenpass#320
Starting this as a draft PR- please do suggest any comments/improvements. I'll be adding tests soon as well.