has anyone done any research on exploiting overflows with memory returned by kmalloc()? after briefly looking at source, i see that internally it relies on the kmem_cache_alloc() functions. i didn't see any sort of coalescing as with dlmalloc, so maybe it's not even possible? anyone have any links/info about this?