this post was submitted on 19 Jul 2024
57 points (100.0% liked)
Linux
5382 readers
26 users here now
A community for everything relating to the linux operating system
Also check out [email protected]
Original icon base courtesy of [email protected] and The GIMP
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
This is the best summary I could come up with:
The SLAB pull request landed in Linux 6.11 Git on Thursday with kmem_buckets-based hardening of kernel memory allocations.
This hardening is the latest Linux security improvement addressed by Google's Kees Cook.
This may very slightly increase memory fragmentation, though in practice it's only a handful of extra pages since the bulk of user-controlled allocations are relatively long-lived."
Addressing these cases is limited in scope, so isolating these kinds of interfaces will not become an unbounded game of whack-a-mole.
Note that these caches are specifically flagged with SLAB_NO_MERGE, since merging would defeat the entire purpose of the mitigation.
This dedicated bucket allocator landed in the Linux 6.11 kernel yesterday via the SLAB pull request.
The original article contains 378 words, the summary contains 113 words. Saved 70%. I'm a bot and I'm open source!