From 8f921e30beb1d628825708f0ecf26c9241556109 Mon Sep 17 00:00:00 2001 From: Daniel Micay Date: Fri, 7 Sep 2018 06:32:07 -0400 Subject: [PATCH] add kernel feature wishlist --- KERNEL_FEATURE_WISHLIST.md | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 KERNEL_FEATURE_WISHLIST.md diff --git a/KERNEL_FEATURE_WISHLIST.md b/KERNEL_FEATURE_WISHLIST.md new file mode 100644 index 0000000..d6b7a11 --- /dev/null +++ b/KERNEL_FEATURE_WISHLIST.md @@ -0,0 +1,29 @@ +Very important and should be an easy sell: + +* improved robustness for high vma count on high memory machines +* much higher `vm.max_map_count` by default +* work on improving performance and resource usage with high vma count +* add a way to disable the brk heap and have mmap grow upwards like it did in + the past (preserving the same high base entropy) + +Somewhat important and an easy sell: + +* mremap flag to disable unmapping the source mapping + * also needed by jemalloc for different reasons + * not needed if the kernel gets first class support for arbitrarily sized + guard pages and a virtual memory quarantine feature + +Fairly infeasible to land but could reduce overhead and extend coverage of +security features to other code directly using mmap: + +* first class support for arbitrarily sized guard pages for mmap and mremap to + eliminate half of the resulting VMAs and reduce 2 system calls to 1 + * not usable if it doesn't support mremap (shrink, grow, grow via move) + * not usable if the guard page size is static + * should support changing guard size for mremap growth via move + * must be possible to set it up from the process +* virtual memory quarantine + * must be possible to set it up from the process +* first-class support for aligned mappings with mmap and ideally mremap + * not usable unless guard page support is provided and of course it has to + work with this too