On Thu, 21 Sep 2017, Kees Cook wrote: > > So what is the point of this patch? > > The DMA kmalloc caches are not whitelisted: The DMA kmalloc caches are pretty obsolete and mostly there for obscure drivers. ?? > >> kmalloc_dma_caches[i] = create_kmalloc_cache(n, > >> - size, SLAB_CACHE_DMA | flags); > >> + size, SLAB_CACHE_DMA | flags, 0, 0); > > So this is creating the distinction between the kmallocs that go to > userspace and those that don't. The expectation is that future work > can start to distinguish between "for userspace" and "only kernel" > kmalloc allocations, as is already done here for DMA. The creation of the kmalloc caches in earlier patches already setup the "whitelisting". Why do it twice?