Re: Segments

On Mon, 6 Jan 2025 16:36:41 +0000, Anton Ertl wrote:

Terje Mathisen <terje.mathisen@tmsw.no> writes:

The best idea I have seen to help detect out of bounds accesses, is to
round all requested memory blocks up to the next 4K boundary and mark
the next page as unavailable, then return a skewed pointer back, so that
the end of the requested region coincides with the end of the (last)
allocated page. This does require at least 8kB for every allocation, but
I guess they can all share a single trapping segment?
>
(This idea does not help locate negative buffer overruns (underruns?)
but they seem to be much less common?)

>
It also does not help for out-of-bounds accesses that are not just
adjacent to an earlier in-bounds access.  That may also be a less
common vulnerability than adjacent positive-stride buffer overflows.
But if we throw hardware on the problem, do we want to spend hardware
on something that does not catch all out-of-bounds accesses?

An IBM guy once told me::
"If you are going to put it in HW, put it in in such a way that you
never have to change the definition of what you put in.
So, to answer the above question:: you want to check absolutely
all boundaries on all multi-container data objects, including
array bounds within a structure::
     struct { integer a,b,c,d;
              double  l[max],m[max],n[max][max]; } k;
Any access to m[] is checked to be within the substructure
of m[*], so you cannot touch l[] or n[][], or a,b,c, or d.
Try doing that with segmentation bounds checking...or
capabilities...

- anton