From: Rafael Aquini <aquini@xxxxxxxxxx> configs/common/generic: disable CONFIG_SLAB_MERGE_DEFAULT This is desired to reduce the risk of kernel heap overflows being able to overwrite objects from merged caches, and it changes the requirements for cache layout control, increasing the difficulty of these attacks. It also in increases the reliability and protection against object data corruption due to use-after-free and double-free class of bugs, as by keeping caches unmerged, these kinds of issues can only damage objects in the same cache. CONFIG_SLAB_MERGE_DEFAULT=n has been the default setting since RHEL-8 Signed-off-by: Rafael Aquini <aquini@xxxxxxxxxx> diff a/redhat/configs/common/generic/CONFIG_SLAB_MERGE_DEFAULT b/redhat/configs/common/generic/CONFIG_SLAB_MERGE_DEFAULT --- a/redhat/configs/common/generic/CONFIG_SLAB_MERGE_DEFAULT +++ b/redhat/configs/common/generic/CONFIG_SLAB_MERGE_DEFAULT @@ -1 +1 @@ -CONFIG_SLAB_MERGE_DEFAULT=y +CONFIG_SLAB_MERGE_DEFAULT=n -- https://gitlab.com/cki-project/kernel-ark/-/merge_requests/990 _______________________________________________ kernel mailing list -- kernel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to kernel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure