Protecting the JVM from segfaults
Maurizio Cimadamore
maurizio.cimadamore at oracle.com
Wed Apr 7 11:58:52 UTC 2021
Interesting article.
I've been reading about ARM's Memory Tagging Extension:
https://developer.arm.com/tools-and-software/open-source-software/linux-kernel/memory-tagging
Which is, I believe, very similar to Intel's MPK (at least in spirit).
I found the whole idea potentially interesting, except for the
scalability issues also mentioned in the paper: since there's only a low
number of "bits" available for tagging, only a statistical approach to
reduce use-after-free as much as possible could be realized.
The paper main contribution seems to be that of building a "virtual" tag
space, so that we're freed from hardware limitations. That said, this
virtualization technique is not without issues - as the paper says:
> For this reason,libmpkdoesnot ensure that a calling thread always
> obtains the accessdue to hardware limitations. That is, if all
> hardware keys areactively used,libmpkis no longer able to provide any key
That is, I suspect that if N threads all ask for a virtual key at the
same time, and N exceeds the amount of physical keys that can be handed
out by the processor, well, it just bails out.
While this approach might work in cases where sources of memory
allocations are known and monitored - I don't see something like this
flying as a general purpose mechanism to achieve pointer safety.
That said, this is an interesting space to be monitoring (and we've been
doing so in the past) - it just doesn't seem to me that the silver
bullet exists - yet, but I don't exclude that further refinements of the
memory tagging support might bring us closer to that HW-enforced,
pointer safety nirvana.
Maurizio
On 07/04/2021 12:15, Samuel Audet wrote:
> I was curious about that myself recently, and I've found interesting
> new features in today's CPU known as "memory protection keys" that
> could allow us to introduce that kind of protection from segfaults,
> essentially isolating the JVM from other code in the same process,
> with very low overhead:
>
> ERIM: Secure, Efficient In-process Isolation with Protection Keys (MPK)
> https://www.usenix.org/system/files/sec19-vahldiek-oberwagner_0.pdf
More information about the panama-dev
mailing list