• Kees Cook's avatar
    mm: allow slab_nomerge to be set at build time · 7660a6fd
    Kees Cook authored
    Some hardened environments want to build kernels with slab_nomerge
    already set (so that they do not depend on remembering to set the kernel
    command line option).  This is desired to reduce the risk of kernel heap
    overflows being able to overwrite objects from merged caches and changes
    the requirements for cache layout control, increasing the difficulty of
    these attacks.  By keeping caches unmerged, these kinds of exploits can
    usually only damage objects in the same cache (though the risk to
    metadata exploitation is unchanged).
    
    Link: http://lkml.kernel.org/r/20170620230911.GA25238@beastSigned-off-by: default avatarKees Cook <keescook@chromium.org>
    Cc: Daniel Micay <danielmicay@gmail.com>
    Cc: David Windsor <dave@nullcore.net>
    Cc: Eric Biggers <ebiggers3@gmail.com>
    Cc: Christoph Lameter <cl@linux.com>
    Cc: Jonathan Corbet <corbet@lwn.net>
    Cc: Daniel Micay <danielmicay@gmail.com>
    Cc: David Windsor <dave@nullcore.net>
    Cc: Eric Biggers <ebiggers3@gmail.com>
    Cc: Pekka Enberg <penberg@kernel.org>
    Cc: David Rientjes <rientjes@google.com>
    Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
    Cc: "Rafael J. Wysocki" <rafael.j.wysocki@intel.com>
    Cc: Thomas Gleixner <tglx@linutronix.de>
    Cc: Ingo Molnar <mingo@kernel.org>
    Cc: Mauro Carvalho Chehab <mchehab@kernel.org>
    Cc: "Paul E. McKenney" <paulmck@linux.vnet.ibm.com>
    Cc: Arnd Bergmann <arnd@arndb.de>
    Cc: Andy Lutomirski <luto@kernel.org>
    Cc: Nicolas Pitre <nicolas.pitre@linaro.org>
    Cc: Tejun Heo <tj@kernel.org>
    Cc: Daniel Mack <daniel@zonque.org>
    Cc: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
    Cc: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
    Cc: Helge Deller <deller@gmx.de>
    Cc: Rik van Riel <riel@redhat.com>
    Cc: Randy Dunlap <rdunlap@infradead.org>
    Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
    Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    7660a6fd
Name
Last commit
Last update
Documentation Loading commit data...
arch Loading commit data...
block Loading commit data...
certs Loading commit data...
crypto Loading commit data...
drivers Loading commit data...
firmware Loading commit data...
fs Loading commit data...
include Loading commit data...
init Loading commit data...
ipc Loading commit data...
kernel Loading commit data...
lib Loading commit data...
mm Loading commit data...
net Loading commit data...
samples Loading commit data...
scripts Loading commit data...
security Loading commit data...
sound Loading commit data...
tools Loading commit data...
usr Loading commit data...
virt Loading commit data...
.cocciconfig Loading commit data...
.get_maintainer.ignore Loading commit data...
.gitattributes Loading commit data...
.gitignore Loading commit data...
.mailmap Loading commit data...
COPYING Loading commit data...
CREDITS Loading commit data...
Kbuild Loading commit data...
Kconfig Loading commit data...
MAINTAINERS Loading commit data...
Makefile Loading commit data...
README Loading commit data...