this post was submitted on 19 Jul 2024
57 points (100.0% liked)

Linux

5382 readers
27 users here now

A community for everything relating to the linux operating system

Also check out [email protected]

Original icon base courtesy of [email protected] and The GIMP

founded 1 year ago
MODERATORS
top 3 comments
sorted by: hot top controversial new old
[–] [email protected] 14 points 4 months ago
[–] [email protected] 4 points 4 months ago

This is the best summary I could come up with:


The SLAB pull request landed in Linux 6.11 Git on Thursday with kmem_buckets-based hardening of kernel memory allocations.

This hardening is the latest Linux security improvement addressed by Google's Kees Cook.

This may very slightly increase memory fragmentation, though in practice it's only a handful of extra pages since the bulk of user-controlled allocations are relatively long-lived."

Addressing these cases is limited in scope, so isolating these kinds of interfaces will not become an unbounded game of whack-a-mole.

Note that these caches are specifically flagged with SLAB_NO_MERGE, since merging would defeat the entire purpose of the mitigation.

This dedicated bucket allocator landed in the Linux 6.11 kernel yesterday via the SLAB pull request.


The original article contains 378 words, the summary contains 113 words. Saved 70%. I'm a bot and I'm open source!

[–] [email protected] 4 points 4 months ago

Just got to keep making it suck even worse trying to exploit a UAF in the kernel don't you?

Nice work! Let's make zero days harder.