On Thu, Jan 05, 2017 at 04:10:56PM -0500, George Spelvin wrote:
> It just has to be less of a DoS attack than MAP_DENYWRITE.
It's easy to turn MAP_COPY into DoS:
- in endless loop: mmap(MAP_COPY|MAP_FIXED) a victim file 1000 times (by
distinct addresses) into your address space;
- any attempt to write to the file would require to go through all
mapping and put new page in every one;
- by the time you've done with all 1000 VMAs, attacker created new bunch
for you.
There's no way to guarantee it would ever complete (nasty hacks into
scheduler don't count).
--
Kirill A. Shutemov
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@xxxxxxxxx. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>