> On 2 Mar 2018, at 23:48, Matthew Wilcox <wi...@infradead.org> wrote: > Ah, I didn't mean that. I was thinking that we can change the > implementation to reserve 1-N pages after the end of the mapping. > So you can't map anything else in there, and any load/store into that > region will segfault. >
I’m afraid it still will allow many attacks. The formula for new address would be like: address_next = address_prev - mmap_size - random(N) as you suggested. To prevent brute-force attacks N should be big enough like more 2^32 for example. This number 2^32 is just an example and right now I don’t know the exact value. What I’m trying to say that address computation formula has dependency on concrete predictable address. In my scheme even address_prev was chose randomly. Best regards, Ilya
