Skip to content

feat: virtual memory subsystem #634

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
JonasKruckenberg wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

feat: virtual memory subsystem #634

JonasKruckenberg wants to merge 1 commit into from

Conversation

@JonasKruckenberg
Copy link
Owner

@JonasKruckenberg JonasKruckenberg commented Jan 3, 2026

No description provided.

@claude
Copy link

claude bot commented Jan 3, 2026

Critical Issue: Integer Overflow Risk - In libs/kmem-aslr/src/lib.rs:77, the max_candidate_spots calculation uses shift operations that can overflow on 32-bit systems. For 48-bit address spaces with 4KB pages, this computes (1 << 36) which exceeds usize capacity on 32-bit platforms. Recommend adding compile-time bounds check or using u64.

@JonasKruckenberg JonasKruckenberg force-pushed the jonas/virtual-memory-subsystem branch from 8611706 to 0668bb9 Compare January 3, 2026 16:42
@claude

This comment was marked as outdated.

Sign in to view
@JonasKruckenberg JonasKruckenberg marked this pull request as draft January 3, 2026 16:47
@JonasKruckenberg JonasKruckenberg force-pushed the jonas/virtual-memory-subsystem branch from 0668bb9 to 848fac9 Compare January 3, 2026 16:47
@claude
Copy link

claude bot commented Jan 3, 2026

Code Review

Overall: Solid implementation of a virtual memory subsystem with ASLR support. The refactoring to separate concerns is well-done.

Critical Issues

1. Integer Overflow in ASLR (libs/kmem-aslr/src/lib.rs:141)

.add(target_index << layout.align().ilog2())

Left-shift can overflow for large target_index values. Use checked_shl() or saturating_shl():

.add(target_index.checked_shl(layout.align().ilog2()).ok_or(...)?)

2. Unimplemented Functions Returning todo!() (libs/mem/src/address_space.rs:75, 147)
The map() and set_attributes() functions contain todo!() macros. If this is intentional WIP, consider returning proper errors instead to prevent panics.

Security Concerns

3. ASLR Entropy Calculation (libs/kmem-aslr/src/lib.rs:76-86)
The entropy calculation looks correct, but verify it provides sufficient randomization for your security requirements. The max_candidate_spots calculation could potentially overflow for very large address spaces.

Code Quality

4. Unsafe Block Documentation (libs/mem/src/address_space/region.rs:185, 192)
The unsafe blocks in into_ptr() and from_ptr() have minimal documentation. Consider expanding safety comments to explain the pinning invariants being upheld.

5. Clone Iterator Performance (libs/kmem-aslr/src/lib.rs:71)
The gaps: impl Iterator + Clone may clone the entire iterator on the retry path (line 97). For large address spaces, this could be expensive. Consider if you need a different approach for the retry.

@JonasKruckenberg JonasKruckenberg force-pushed the jonas/virtual-memory-subsystem branch from 848fac9 to 6bc9293 Compare January 3, 2026 17:34
@claude
Copy link

claude bot commented Jan 3, 2026

Critical Issue - Potential Integer Overflow (libs/kmem-aslr/src/lib.rs:141): In choose_spot, the calculation target_index << layout.align().ilog2() could overflow for large target_index values. Consider using checked_shl.

Bug - Unwrap in Production Code (libs/mem/src/address_space.rs:62): find_spot_for(layout).unwrap() will panic if no suitable spot is found. Should propagate the error instead.

Security - Test Seed in Production Crate (libs/mem/src/address_space.rs:225-228): The hardcoded ASLR seed lives in the production crate. Consider moving tests to tests/ directory to ensure this never compiles into production builds.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@JonasKruckenberg