Instruction-pointer based memory protection#45
Conversation
There was a problem hiding this comment.
Pull request overview
This PR tightens BenchmarkManager memory protection by moving from range/overlap-based seccomp-notify handling to an instruction-pointer allowlist for mprotect on a designated “sensitive” region, and refactors key storage/protection to work with the new model.
Changes:
- Introduces a wire protocol (
SupervisorSetupMsg+ allowed syscall sites) and aPROTECT_RANGEmacro that registersmprotectcallsites for supervisor allowlisting. - Updates the seccomp supervisor to allow
mprotecton the sensitive region only from whitelisted instruction pointers (or forPROT_NONE). - Refactors
BenchmarkManagersignature handling and arena protections to use the newPROTECT_RANGEmechanism.
Reviewed changes
Copilot reviewed 10 out of 10 changed files in this pull request and generated 17 comments.
Show a summary per file
| File | Description |
|---|---|
| exploits/submission_aes_key_recovery.py | Updates exploit heuristics for changed mapping protections and arena scanning assumptions. |
| csrc/supervisor.cpp | Receives sensitive range + allowed IPs; enforces IP-based allowlisting for mprotect notifications. |
| csrc/seccomp.cpp | Sends supervisor setup header + allowed sites; keeps seccomp notify filter installation. |
| csrc/protocol.h | Defines the supervisor wire protocol and AllowedSite type. |
| csrc/protect.h | Adds PROTECT_RANGE inline-syscall macro and linker-section registration for allowed mprotect sites. |
| csrc/obfuscate.h | Refactors ObfuscatedHexDigest to allocate from a PMR arena; exposes cleanse() and updates encryption API. |
| csrc/obfuscate.cpp | Implements PMR-backed ObfuscatedHexDigest and moves key cleansing into cleanse(). |
| csrc/manager.h | Updates manager factory/ctor signature handling and adds randomize_before_test helper. |
| csrc/manager.cpp | Uses PROTECT_RANGE for arena/key protections; removes compilation thread indirection; refactors signature storage. |
| csrc/binding.cpp | Switches to passing raw signature bytes into the manager and explicitly cleanses the temporary buffer. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 10 out of 10 changed files in this pull request and generated 8 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 11 out of 11 changed files in this pull request and generated 4 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
this allows mprotect calls that touch the BenchmarkManager's memory only from a select set of whitelisted instuction pointer values, thus making
mprotect-based defenses much more effective.It also means that (I think) we can remove the additional thread indirection for kernel compilation, as the main point was to open up a new seccomp scope, which is no longer needed.