Commit 7660a6fd authored by Committed by Linus TorvaldsBrowse files
mm: allow slab_nomerge to be set at build time
Some hardened environments want to build kernels with slab_nomerge already set (so that they do not depend on remembering to set the kernel command line option). This is desired to reduce the risk of kernel heap overflows being able to overwrite objects from merged caches and changes the requirements for cache layout control, increasing the difficulty of these attacks. By keeping caches unmerged, these kinds of exploits can usually only damage objects in the same cache (though the risk to metadata exploitation is unchanged). Link: http://lkml.kernel.org/r/20170620230911.GA25238@beast Signed-off-by: Kees Cook <firstname.lastname@example.org> Cc: Daniel Micay <email@example.com> Cc: David Windsor <firstname.lastname@example.org> Cc: Eric Biggers <email@example.com> Cc: Christoph Lameter <firstname.lastname@example.org> Cc: Jonathan Corbet <email@example.com> Cc: Daniel Micay <firstname.lastname@example.org> Cc: David Windsor <email@example.com> Cc: Eric Biggers <firstname.lastname@example.org> Cc: Pekka Enberg <pe...