Add SLAB_NO_MERGE to key_jar to prevent the allocator from merging it with other similarly-sized caches. This hardens struct key isolation by ensuring dedicated slab pages.
Acked-by: Vlastimil Babka (SUSE) <[email protected]> Signed-off-by: Mohammed EL Kadiri <[email protected]> --- security/keys/key.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security/keys/key.c b/security/keys/key.c index 3bbdde778631..592b65cf8539 100644 --- a/security/keys/key.c +++ b/security/keys/key.c @@ -1275,7 +1275,7 @@ void __init key_init(void) { /* allocate a slab in which we can store keys */ key_jar = kmem_cache_create("key_jar", sizeof(struct key), - 0, SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL); + 0, SLAB_HWCACHE_ALIGN | SLAB_PANIC | SLAB_NO_MERGE, NULL); /* add the special key types */ list_add_tail(&key_type_keyring.link, &key_types_list); -- 2.43.0
