This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via 06b4164dfe269704976b52421edbbbdf3b345679 (commit) via d52d6f0cbe3cf377197a455b4d20b38c1d0858af (commit) from 43df4a03734c207fb8352edcbe1e06f576381aab (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 06b4164dfe269704976b52421edbbbdf3b345679 Author: Peter Müller peter.mueller@ipfire.org Date: Mon Aug 1 17:39:59 2022 +0000
linux: Do not allow slab caches to be merged
From the kernel documentation:
> For reduced kernel memory fragmentation, slab caches can be > merged when they share the same size and other characteristics. > This carries a risk of kernel heap overflows being able to > overwrite objects from merged caches (and more easily control > cache layout), which makes such heap attacks easier to exploit > by attackers. By keeping caches unmerged, these kinds of exploits > can usually only damage objects in the same cache. [...]
Thus, it is more sane to leave slab merging disabled. KSPP and ClipOS recommend this as well.
Signed-off-by: Peter Müller peter.mueller@ipfire.org Acked-by: Michael Tremer michael.tremer@ipfire.org
commit d52d6f0cbe3cf377197a455b4d20b38c1d0858af Author: Peter Müller peter.mueller@ipfire.org Date: Sat Aug 6 07:58:03 2022 +0000
Update contributor list
Signed-off-by: Peter Müller peter.mueller@ipfire.org
-----------------------------------------------------------------------
Summary of changes: config/kernel/kernel.config.aarch64-ipfire | 2 +- config/kernel/kernel.config.armv6l-ipfire | 2 +- config/kernel/kernel.config.riscv64-ipfire | 2 +- config/kernel/kernel.config.x86_64-ipfire | 2 +- html/cgi-bin/credits.cgi | 6 +++--- 5 files changed, 7 insertions(+), 7 deletions(-)
Difference in files: diff --git a/config/kernel/kernel.config.aarch64-ipfire b/config/kernel/kernel.config.aarch64-ipfire index 6a0ea681d..43558e8f7 100644 --- a/config/kernel/kernel.config.aarch64-ipfire +++ b/config/kernel/kernel.config.aarch64-ipfire @@ -247,7 +247,7 @@ CONFIG_VM_EVENT_COUNTERS=y # CONFIG_SLAB is not set CONFIG_SLUB=y # CONFIG_SLOB is not set -CONFIG_SLAB_MERGE_DEFAULT=y +# CONFIG_SLAB_MERGE_DEFAULT is not set CONFIG_SLAB_FREELIST_RANDOM=y CONFIG_SLAB_FREELIST_HARDENED=y CONFIG_SHUFFLE_PAGE_ALLOCATOR=y diff --git a/config/kernel/kernel.config.armv6l-ipfire b/config/kernel/kernel.config.armv6l-ipfire index 9d2776bd2..73619763d 100644 --- a/config/kernel/kernel.config.armv6l-ipfire +++ b/config/kernel/kernel.config.armv6l-ipfire @@ -250,7 +250,7 @@ CONFIG_VM_EVENT_COUNTERS=y # CONFIG_SLAB is not set CONFIG_SLUB=y # CONFIG_SLOB is not set -CONFIG_SLAB_MERGE_DEFAULT=y +# CONFIG_SLAB_MERGE_DEFAULT is not set CONFIG_SLAB_FREELIST_RANDOM=y CONFIG_SLAB_FREELIST_HARDENED=y CONFIG_SHUFFLE_PAGE_ALLOCATOR=y diff --git a/config/kernel/kernel.config.riscv64-ipfire b/config/kernel/kernel.config.riscv64-ipfire index c379447e7..37d5366af 100644 --- a/config/kernel/kernel.config.riscv64-ipfire +++ b/config/kernel/kernel.config.riscv64-ipfire @@ -230,7 +230,7 @@ CONFIG_VM_EVENT_COUNTERS=y # CONFIG_SLAB is not set CONFIG_SLUB=y # CONFIG_SLOB is not set -CONFIG_SLAB_MERGE_DEFAULT=y +# CONFIG_SLAB_MERGE_DEFAULT is not set CONFIG_SLAB_FREELIST_RANDOM=y CONFIG_SLAB_FREELIST_HARDENED=y CONFIG_SHUFFLE_PAGE_ALLOCATOR=y diff --git a/config/kernel/kernel.config.x86_64-ipfire b/config/kernel/kernel.config.x86_64-ipfire index f58bf4b2f..379fcdc17 100644 --- a/config/kernel/kernel.config.x86_64-ipfire +++ b/config/kernel/kernel.config.x86_64-ipfire @@ -270,7 +270,7 @@ CONFIG_VM_EVENT_COUNTERS=y # CONFIG_SLAB is not set CONFIG_SLUB=y # CONFIG_SLOB is not set -CONFIG_SLAB_MERGE_DEFAULT=y +# CONFIG_SLAB_MERGE_DEFAULT is not set CONFIG_SLAB_FREELIST_RANDOM=y CONFIG_SLAB_FREELIST_HARDENED=y CONFIG_SHUFFLE_PAGE_ALLOCATOR=y diff --git a/html/cgi-bin/credits.cgi b/html/cgi-bin/credits.cgi index a49f61d72..477531e2a 100644 --- a/html/cgi-bin/credits.cgi +++ b/html/cgi-bin/credits.cgi @@ -65,8 +65,8 @@ Arne Fitzenreiter, Stefan Schantl, Peter Müller, Matthias Fischer, -Christian Schmidt, Adolf Belka, +Christian Schmidt, Alexander Marx, Erik Kapfer, Jan Paul Tücking, @@ -83,20 +83,20 @@ Daniel Glanzmann, Heiner Schmeling, Stephan Feddersen, Stéphane Pautrel, +Robin Roevens, Tim FitzGeorge, Jan Lentfer, Marcus Scholz, Ersan Yildirim, Jörn-Ingo Weigert, Alexander Koch, -Robin Roevens, Wolfgang Apolinarski, +Jon Murphy, Alfred Haas, Lars Schuhmacher, Rene Zingel, Sascha Kilian, Bernhard Bitsch, -Jon Murphy, Ronald Wiesinger, Florian Bührle, Justin Luth,
hooks/post-receive -- IPFire 2.x development tree