Huh. It'd never occured to me that Alpha/AXP was the only NT port that doesn't use 4KB pages (EDIT: and Itanium...). That's interesting -- I wonder how they dealt with that, especially with 16/32-bit x86 emulation (fx!32, good enough that it runs ClassiCube and Half-Life), and the dot net port that never saw the light of day, but was evidently worked on (there's still evidence of the AXP64 port in the open source dotnet, and evidence for an AXP port floating around elsewhere on GitHub...)
I know on PowerPC, with 64KB pages, IBM (?) added the subpage_prot syscall to Linux for emulation of 4KB pages, for the sake of their x86 emulation software.
Really, it's weird that NT apparently has/had some architectural support for larger pages, and then never used it again...
> Technologies like ARM's Memory Tagging Extension (MTE) and the Capability Hardware Enhanced RISC Instructions (CHERI) architecture offer a complementary defense, particularly for existing code.
> In addition, current-generation ARM64 Microsoft devices, like the Surface Pro, are not shipped with chips that can support the Memory Tagging Extension (MTE) feature. Although not implemented today on Windows systems, the implementation of both PAC and MTE in the future would serve to greatly increase the cost of memory corruption exploits.
> 7.3 Pointer-safe tagging:
Recall that safe allocations could still allow inter-object cor-
ruption unless it is also pointer-safe (Sections 5.3 and 6.3).
To distinguish such safe, but pointer-unsafe allocations, we
tag them using the 0b10xx. Consequently, we can at run-time
distinguish pointers loaded from pointer-safe allocations, and
apply tag forgery prevention to all other loaded pointers.
> Introduction: Note: this page describes a tool under development. Part of this functionality is planned but not implemented. Hardware capable of running MemTagSanitizer does not exist as of Oct 2019.
> MemTagSanitizer is a fast memory error detector and a code hardening tool based on the Armv8.5-A Memory Tagging Extension. It detects a similar class of errors as AddressSanitizer or HardwareAssistedAddressSanitizer, but with much lower overhead.
> MemTagSanitizer overhead is expected to be in low single digits, both CPU and memory. There are plans for a debug mode with slightly higher memory overhead and better diagnostics. The primary use case of MemTagSanitizer is code hardening in production binaries, where it is expected to be a strong mitigation for both stack and heap-based memory bugs.
> The Scudo Hardened Allocator is a user-mode allocator, originally based on LLVM Sanitizers’ CombinedAllocator. It aims at providing additional mitigation against heap based vulnerabilities, while maintaining good performance. Scudo is currently the default allocator in Fuchsia, and in Android since Android 11
reply