[RFC][PATCH 0/5] slab: Allocate and use per-call-site caches
From: Kees Cook
Date: Fri Aug 09 2024 - 03:33:24 EST
Hi,
Here's my current progress on using per-call-site kmalloc caches (instead
of KMALLOC_NORMAL), as a defense against the common heap-grooming attacks
that construct malicious objects in the same cache as a target object.
I'd like to get feedback on the general approach before I continue with
it. I've noted in the later patches what additional improvements I'd
like to make. The first 3 patches are relatively small infrastructure
changes.
Thanks!
-Kees
Kees Cook (5):
slab: Introduce kmem_buckets_destroy()
codetag: Run module_load hooks for builtin codetags
codetag: Introduce codetag_early_walk()
alloc_tag: Track fixed vs dynamic sized kmalloc calls
slab: Allocate and use per-call-site caches
include/linux/alloc_tag.h | 38 +++++++++--
include/linux/codetag.h | 2 +
include/linux/slab.h | 17 ++---
lib/alloc_tag.c | 129 +++++++++++++++++++++++++++++++++++---
lib/codetag.c | 21 +++++--
mm/Kconfig | 25 ++++++++
mm/slab_common.c | 18 +++++-
mm/slub.c | 31 ++++++++-
8 files changed, 253 insertions(+), 28 deletions(-)
--
2.34.1