| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAGXu5jL1sivv70_Uahbg=cMZP2UM=eYBn4u8nx3NU5ayzHf28g@mail.gmail.com>
Date: Thu, 10 Jan 2019 14:52:29 -0800
From: Kees Cook <keescook@...omium.org>
To: Dan Williams <dan.j.williams@...el.com>
Cc: Mel Gorman <mgorman@...e.de>,
Andrew Morton <akpm@...ux-foundation.org>,
Michal Hocko <mhocko@...e.com>,
Dave Hansen <dave.hansen@...ux.intel.com>,
Mike Rapoport <rppt@...ux.ibm.com>,
Keith Busch <keith.busch@...el.com>,
Linux MM <linux-mm@...ck.org>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v7 1/3] mm: Shuffle initial free memory to improve
memory-side-cache utilization
On Thu, Jan 10, 2019 at 1:29 PM Dan Williams <dan.j.williams@...el.com> wrote:
> Note that higher order merging is not a current concern since the
> implementation is already randomizing on MAX_ORDER sized pages. Since
> memory side caches are so large there's no worry about a 4MB
> randomization boundary.
>
> However, for the (unproven) security use case where folks want to
> experiment with randomizing on smaller granularity, they should be
> wary of this (/me nudges Kees).
Yup. And I think this is well noted in the Kconfig help already. I
view this as slightly more fine grain randomization than we get from
just effectively the base address randomization that
CONFIG_RANDOMIZE_MEMORY performs.
I remain a fan of this series. :)
--
Kees Cook
Powered by blists - more mailing lists