[$] Per-call-site slab caches for heap-spraying protection

One tactic often used by attackers set on compromising a system is heap spraying; inshort, the attacker fills as much of the heap as possible with crafted datain the hope of getting the target system to use that data in a bad way. Ifheap spraying can be blocked, attackers will lose an important tool. Thekernel has some heap-spraying defenses now, including the dedicated bucket allocator merged for theupcoming 6.11 release, but its author, Kees Cook, thinks that more can bedone.