Add SLAB_NO_MERGE to cred_jar to ensure struct cred objects get dedicated slab pages, preventing the allocator from merging this cache with other similarly-sized caches. This is a hardening measure to provide type isolation for credential objects.
Reviewed-by: Kees Cook <[email protected]> Signed-off-by: Mohammed EL Kadiri <[email protected]> --- Changes in v2: - Collected Reviewed-by tag from Kees Cook. - No code changes from v1. kernel/cred.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/cred.c b/kernel/cred.c index 9676965c0981..0e4ee60a5acd 100644 --- a/kernel/cred.c +++ b/kernel/cred.c @@ -557,7 +557,7 @@ void __init cred_init(void) { /* allocate a slab in which we can store credentials */ cred_jar = KMEM_CACHE(cred, - SLAB_HWCACHE_ALIGN | SLAB_PANIC | SLAB_ACCOUNT); + SLAB_HWCACHE_ALIGN | SLAB_PANIC | SLAB_ACCOUNT | SLAB_NO_MERGE); } /** -- 2.43.0
