On Mon, May 21, 2018 at 05:00:47PM -0700, Daniel Colascione wrote: > On Mon, May 21, 2018 at 4:32 PM Dave Hansen <dave.hansen@xxxxxxxxx> wrote: > > I think there's still a potential dead-end here. "Deallocation" does > > not always free resources. > > Sure, but the general principle applies: reserve resources when you *can* > fail so that you don't fail where you can't fail. Umm. OK. But you want an mmap of 4TB to succeed, right? That implies preallocating one billion * sizeof(*vma). That's, what, dozens of gigabytes right there? I'm sympathetic to wanting to keep both vma-merging and unmap-anything-i-mapped working, but your proposal isn't going to fix it. You need to handle the attacker writing a program which mmaps 46 bits of address space and then munmaps alternate pages. That program needs to be detected and stopped.
