On Thu, Sep 16, 2021 at 12:41:56PM +0200, Peter Zijlstra wrote: > > The vmalloc guard pages are added on top of each allocation, thereby > isolating any two allocations from one another. The top guard of the > lower allocation is the bottom guard guard of the higher allocation > etc. > > Therefore VM_NO_GUARD is dangerous; it breaks the basic premise of > isolating separate allocations. > > There are only two in-tree users of this flag, neither of which use it > through the exported interface. Ensure it stays this way. > > Signed-off-by: Peter Zijlstra (Intel) <peterz@xxxxxxxxxxxxx> Yes, please. :) Acked-by: Kees Cook <keescook@xxxxxxxxxxxx> -- Kees Cook
