On Thu, 29 Sep 2011 20:18:48 +0400, Vasiliy Kulikov said: > As `new' is just increased, it means it is known with KB granularity, > not MB. By counting used slab objects he learns filled_obj_size_sum. > > So, rounding gives us nothing, but obscurity. Yes, but if he has an exploit that requires using up (for example) exactly 31 objects in the slab, he may now know that a new slab got allocated to push it over the MB boundary. So he knows there's exactly one object in that new slab. But now he has to fly blind for the next 30 because the numbers will display exactly the same, and he can't correct for somebody else allocating one so he needs to only allocate 29...
Attachment:
pgpfmP5kx2Uw4.pgp
Description: PGP signature