[mettamage]

I haven't read this article yet, but this is more or less the best moment to showcase you guys what a friend of mine made. I think it's really cool.

He created a memory allocator in which it is impossible to create dangling pointers. He used it by becoming the kernel through Intel VT-x (i.e. he uses ring 0). He uses libdune for this, which in turn uses Intel VT-x.

Check it out at: https://dangless.gaborkozar.me/

I'm going to write an ascii diagram in the upcoming edit. For now: I'll just leave you with the legend that my friend made.

Note: my friend made a video and slides. So for people who are interested, his slides and videos are much nicer to look at than this diagram.

DIAGRAM (of all the physical and virtual memory)

|1|<-A->|2|<-B->|3|<-C->|4|

LEGEND

1 = host physical memory

2 = host virtual memory

3 = guest physical memory

4 = guest virtual memory

A: normal host pagetable

B: embedded page table (this is VT-X thingy)

C: guest page table (this is what I mess with)

[cperciva]

I'm surprised that doesn't have a larger performance cost, since it's requiring a TLB entry for each memory allocation. I wonder if the benchmarks understate the cost due to being undersized for modern systems.

[drb91]

> I'm surprised that doesn't have a larger performance cost,

For what workload?

[twic]

Reminds me a bit of the segmentapalooza design of the APX architecture:

https://en.wikipedia.org/wiki/Intel_iAPX_432#Object-oriented...

[mastax]

This is probably interesting enough for its own post.

[mettamage]

Done! You can see it here: https://dangless.gaborkozar.me/

[mettamage]

Edit: I was on my phone that is just his normal website that I linked to earlier.

Here is the HN entry on it: https://news.ycombinator.com/item?id=18214738

[fulafel]

From the slides it seems that there are still dangling pointers, but the addresses will not be reused for valid allocations? Thus mitigating security vulns from the dangling pointers.

[crumbshot]

That is interesting, I am wondering how this differs in performance for existing page-based approaches used in debugging, such as Page Heap on Windows or Guard Malloc on Mac OS.

[DenisM]

One could alternatively never reuse addresses and decommit pages once the last object on a page is gone. No need for VT.

You might run out of address space eventually, that might be a good moment to drain current workitems and launch new ones into a replacement process. This would work well for things like web services since each request is relatively short lived.

[bytefire]

very interesting and creative use if EPT, will read the link. thanks for sharing