[OS-BUILD PATCH] configs/common/generic: disable CONFIG_SLAB_MERGE_DEFAULT

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



From: Rafael Aquini <aquini@xxxxxxxxxx>

configs/common/generic: disable CONFIG_SLAB_MERGE_DEFAULT

This is desired to reduce the risk of kernel heap overflows
being able to overwrite objects from merged caches, and it
changes the requirements for cache layout control, increasing
the difficulty of these attacks.

It also in increases the reliability and protection against
object data corruption due to use-after-free and double-free
class of bugs, as by keeping caches unmerged, these kinds of
issues can only damage objects in the same cache.

CONFIG_SLAB_MERGE_DEFAULT=n has been the default setting
since RHEL-8

Signed-off-by: Rafael Aquini <aquini@xxxxxxxxxx>

diff a/redhat/configs/common/generic/CONFIG_SLAB_MERGE_DEFAULT b/redhat/configs/common/generic/CONFIG_SLAB_MERGE_DEFAULT
--- a/redhat/configs/common/generic/CONFIG_SLAB_MERGE_DEFAULT
+++ b/redhat/configs/common/generic/CONFIG_SLAB_MERGE_DEFAULT
@@ -1 +1 @@
-CONFIG_SLAB_MERGE_DEFAULT=y
+CONFIG_SLAB_MERGE_DEFAULT=n

--
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/990
_______________________________________________
kernel mailing list -- kernel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to kernel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/kernel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure




[Index of Archives]     [Fedora General Discussion]     [Older Fedora Users Archive]     [Fedora Advisory Board]     [Fedora Security]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Mentors]     [Fedora Package Announce]     [Fedora Package Review]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Coolkey]     [Yum Users]     [Tux]     [Yosemite News]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [USB]     [Asterisk PBX]

  Powered by Linux