On Mon, 1 Apr 2019 08:06:13 +0300 Alexey Dobriyan <adobriyan@xxxxxxxxx> wrote: > No self respecting 64-bit program should ever touch that lowly 32-bit > part of address space. > > ... > > --- a/mm/Kconfig > +++ b/mm/Kconfig > @@ -306,7 +306,8 @@ config KSM > config DEFAULT_MMAP_MIN_ADDR > int "Low address space to protect from user allocation" > depends on MMU > - default 4096 > + default 4096 if !64BIT > + default 4294967296 if 64BIT > help > This is the portion of low virtual memory which should be protected > from userspace allocation. Keeping a user from writing to low pages > --- a/security/Kconfig > +++ b/security/Kconfig > @@ -129,7 +129,8 @@ config LSM_MMAP_MIN_ADDR > int "Low address space for LSM to protect from user allocation" > depends on SECURITY && SECURITY_SELINUX > default 32768 if ARM || (ARM64 && COMPAT) > - default 65536 > + default 65536 if !64BIT > + default 4294967296 if 64BIT > help > This is the portion of low virtual memory which should be protected > from userspace allocation. Keeping a user from writing to low pages Gee. Do we have any idea what effect this will have upon all userspace programs, some of which do inexplicably weird things? What's the benefit?