Dang

Q&A

  • How to detect there is still reference pointing to a pool?

  • What if there is a buffer overflow to the freed variable on the same page?

Reference 1

Problem:

Allocate only one object per physical page would be quickly exhaust physical memory. Changing the allocation in this way would potentially lead to poor cache performance in physically indexed cache.

Overview:

  1. Use a new virtual page for each allocation of the program but map it to the same physical page as the original allocator.

    • after malloc returns with address a, remap this address from a to new_a. E.g. via mremap(old_address, old_size, new_size, flags); This way, we get a new virtual address for the physical address; keep old virt address for deallocatio later;

  2. Implemented without any changes to the underlying memory allocator.

    • with a small addition to the metadata for the allocator;
    • no change to the allocation algorithm.

  3. Use automatic pool allocation to reuse virtual pages. Partition memory into pools according to their lifetimes and allows us to reuse virtual pages.

  1. Efficiently Detecting All Dangling Pointer Uses in Prodction Servers. DSN, 2006. ↩
Created Oct 25, 2019 // Last Updated Oct 25, 2019

If you could revise
the fundmental principles of
computer system design
to improve security...

... what would you change?