[PATCH v2] cred: prevent slab cache merging for cred_jar
Mohammed EL Kadiri
med08elkadiri at gmail.com
Thu Jun 11 07:00:54 UTC 2026
Add SLAB_NO_MERGE to cred_jar to ensure struct cred objects get
dedicated slab pages, preventing the allocator from merging this
cache with other similarly-sized caches. This is a hardening measure
to provide type isolation for credential objects.
Reviewed-by: Kees Cook <kees at kernel.org>
Signed-off-by: Mohammed EL Kadiri <med08elkadiri at gmail.com>
---
Changes in v2:
- Collected Reviewed-by tag from Kees Cook.
- No code changes from v1.
kernel/cred.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/cred.c b/kernel/cred.c
index 9676965c0981..0e4ee60a5acd 100644
--- a/kernel/cred.c
+++ b/kernel/cred.c
@@ -557,7 +557,7 @@ void __init cred_init(void)
{
/* allocate a slab in which we can store credentials */
cred_jar = KMEM_CACHE(cred,
- SLAB_HWCACHE_ALIGN | SLAB_PANIC | SLAB_ACCOUNT);
+ SLAB_HWCACHE_ALIGN | SLAB_PANIC | SLAB_ACCOUNT | SLAB_NO_MERGE);
}
/**
--
2.43.0
More information about the Linux-security-module-archive
mailing list