Disallow merge of slab caches

Description

For reduced kernel memory fragmentation, slab caches can be merged when they share the same size and other characteristics. This carries a risk of kernel heap overflows being able to overwrite objects from merged caches (and more easily control cache layout), which makes such heap attacks easier to exploit by attackers. This configuration is available from kernel 4.13. The configuration that was used to build kernel is available at /boot/config-*. To check the configuration value for CONFIG_SLAB_MERGE_DEFAULT, run the following command: grep CONFIG_SLAB_MERGE_DEFAULT /boot/config-* Configs with value 'n' are not explicitly set in the file, so either commented lines or no lines should be returned.

Rationale

Disabling the merge of slabs of similar sizes prevents the kernel from merging a seemingly useless but vulnerable slab with a useful and valuable slab. This increase the risk that a heap overflow could overwrite objects from merged caches, with unmerged caches the heap overflow would only affect the objects in the same cache. Overall, this reduces the kernel attack surface area by isolating slabs from each other.