c1480e34   
   XPost: comp.os.linux.advocacy, comp.os.linux.misc   
   From: lt@gnu.rocks   
      
   The security circus continues... (what else can it do?)   
      
   Kernel 6.11 has added yet more security garbage:   
      
   SLAB_BUCKETS   
      
   "Kernel heap attacks frequently depend on being able to create   
   specifically-sized allocations with user-controlled contents   
   that will be allocated into the same kmalloc bucket as a   
   target object. To avoid sharing these allocation buckets,   
   provide an explicitly separated set of buckets to be used for   
   user-controlled allocations. This may very slightly increase   
   memory fragmentation, though in practice it's only a handful   
   of extra pages since the bulk of user-controlled allocations   
   are relatively long-lived."   
      
   The rationale:   
      
   "many heap memory spraying/grooming attacks depend on using   
   userspace-controllable dynamically sized allocations to collide with   
   fixed size allocations that end up in same cache"   
      
   Yeah, sure.   
      
   Like who/what the fuck will ever attempt that on my personal   
   desktop workstation?   
      
   Just say "No."  Keep your fucking security hallucinations off   
   of my fucking machine.   
      
      
      
   --   
   Systemd: solving all the problems that you never knew you had.   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)