[$] Per-call-site slab caches for heap-spraying protection

One tactic often used by attackers set on compromising a system is https://en.wikipedia.org/wiki/Heap_spraying
; in
short, the attacker fills as much of the heap as possible with crafted data
in the hope of getting the target system to use that data in a bad way.  If
heap spraying can be blocked, attackers will lose an important tool.  The
kernel has some heap-spraying defenses now, including the https://lwn.net/Articles/965837/
 merged for the
upcoming 6.11 release, but its author, Kees Cook, thinks that more can be
done.

https://lwn.net/Articles/986174/