Conversation

Linux kernel heap feng shui in 2022 An article by

and

describing the kernel changes that affected exploitation techniques for slab-related vulnerabilities over the last few years. duasynt.com/blog/linux-ker

232

Replying to

and

I believe the "post 5.0" part should be "post 5.9". Using separate caches for accounting was removed in this patch:

github.com

mm: memcg/slab: use a single set of kmem_caches for all allocations · torvalds/linux@10befea

Instead of having two sets of kmem_caches: one for system-wide and non-accounted allocations and the second one shared by all accounted allocations, we can use just one. The idea is simple: space ...

7:44 PM · Jun 8, 2022Twitter Web App

Replying to

As an addition, using separate caches for accounting was introduced again in 5.14, as pointed out by

Quote Tweet

linux kernel introduced kmalloc-cg-* in 5.14. allocations using GFP_KERNEL_ACCOUNT will go in there. no wonder i cant use msg_msg spray on 5.17 while on Ubuntu 21.10 (5.13) i still can use it. github.com/torvalds/linux

Replying to

flex

Replying to

and

👍 yes that needs to be 5.9 and prior to 5.14. and that's referring to kmem accounted general purpose allocations only

Replying to

Thanks for allowing us to improve github.com/nccgroup/explo :D

github.com

precision for mergeable cache vs accounting · nccgroup/exploit_mitigations@b4856b4

Show replies

Replying to

and

yes that should be post 5.9 up to 5.14. and it applies to kmalloc allocations only, not special caches with SLAB_ACCOUNT. thanks

Replying to

and

Ah, so wrt kmalloc caches: they are not mergeable with non-kmalloc ones ever since 4.16 due to hardened usercopy, and these newer patches only affect whether GFP_KERNEL_ACCOUNT kmalloc allocations get dispatched into a different set of kmalloc caches than GFP_KERNEL ones. Right?

Show replies