On Tue, Oct 06, 2020 at 12:56:33AM +0200, Jann Horn wrote: > It seems to me like, if you want to make UAF exploitation harder at > the heap allocator layer, you could do somewhat more effective things > with a probably much smaller performance budget. Things like > preventing the reallocation of virtual kernel addresses with different > types, such that an attacker can only replace a UAF object with > another object of the same type. (That is not an idea I like very much > either, but I would like it more than this proposal.) (E.g. some > browsers implement things along those lines, I believe.) The slab allocator already has that functionality. We call it TYPESAFE_BY_RCU, but if forcing that on by default would enhance security by a measurable amount, it wouldn't be a terribly hard sell ...