On 6/16/23 13:18, GONG, Ruiqi wrote: > index a3c95338cd3a..6150e9a946a7 100644 > --- a/mm/Kconfig > +++ b/mm/Kconfig > @@ -337,6 +337,55 @@ config SLUB_CPU_PARTIAL > which requires the taking of locks that may cause latency spikes. > Typically one would choose no for a realtime system. > > +config RANDOM_KMALLOC_CACHES > + default n > + depends on SLUB > + bool "Random slab caches for normal kmalloc" > + help > + A hardening feature that creates multiple copies of slab caches for > + normal kmalloc allocation and makes kmalloc randomly pick one based > + on code address, which makes the attackers unable to spray vulnerable > + memory objects on the heap for exploiting memory vulnerabilities. > + > +choice > + prompt "Number of random slab caches copies" > + depends on RANDOM_KMALLOC_CACHES > + default RANDOM_KMALLOC_CACHES_16 > + help > + The number of copies of random slab caches. Bigger value makes the > + potentially vulnerable memory object less likely to collide with > + objects allocated from other subsystems or modules. When I read this, without further knowledge, why would I select anything else than the largest value? It should mention memory overhead maybe? Also would anyone really select only "2" and thus limit the collision probability to 50% and not less? "4" also seems quite low for the given purpose? Could we just pick and hardcode 8 or 16 and avoid the selection, at least until there's some more experience with the whole approach?
