lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20250123211010.4ec97055@pumpkin>
Date: Thu, 23 Jan 2025 21:10:10 +0000
From: David Laight <david.laight.linux@...il.com>
To: Kees Cook <kees@...nel.org>
Cc: Mel Gorman <mgorman@...hsingularity.net>, Daniel Micay
 <danielmicay@...il.com>, Paul Moore <paul@...l-moore.com>,
 linux-hardening@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 2/4] mm: security: Allow default HARDENED_USERCOPY to be
 set at compile time

...  
> > +config HARDENED_USERCOPY_DEFAULT_ON
> > +	bool "Harden memory copies by default"
> > +	depends on HARDENED_USERCOPY
> > +	default n  
> 
> This must be "default HARDENED_USERCOPY" or existing distro builds will
> break. All major distros enable this by default, and I don't want to
> risk HARDENED_USERCOPY_DEFAULT_ON getting missed and getting globally
> disabled.

It'll also cause grief for anyone trying to bisect.
Although that is always going to go wrong if it has been disabled.

I had 'fun' trying to locate a massive slowdown of a single threaded
program that was caused by a side effect of one of the speculative
execution mitigations getting enabled because the config parameter
got renamed.

	David

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ