Re: [PATCH 0/3] Allow default HARDENED_USERCOPY to be set at compile time

From: Kees Cook
Date: Mon Jan 20 2025 - 16:08:52 EST

Next message: Kees Cook: "Re: [PATCH 1/3] mm: security: Move hardened usercopy under 'Kernel hardening options'"
Previous message: Rafael J. Wysocki: "[GIT PULL] Thermal control updates for v6.14-rc1"
In reply to: Paul Moore: "Re: [PATCH 1/3] mm: security: Move hardened usercopy under 'Kernel hardening options'"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Jan 17, 2025 at 01:03:34PM +0000, Mel Gorman wrote:
> Some hardening options like HARDENED_USERCOPY can be set at boot time
> and have negligible cost when disabled. The default for options like
> init_on_alloc= can be set at compile time but hardened usercopy is
> enabled by default if built in. This incurs overhead when a kernel
> wishes to provide optional hardening but the user does not necessarily
> care.

Yeah! I like this. It's been somewhere on my TODO list for a while, so
thank you for doing it!

Nits/ideas in the patch replies...

--
Kees Cook

Next message: Kees Cook: "Re: [PATCH 1/3] mm: security: Move hardened usercopy under 'Kernel hardening options'"
Previous message: Rafael J. Wysocki: "[GIT PULL] Thermal control updates for v6.14-rc1"
In reply to: Paul Moore: "Re: [PATCH 1/3] mm: security: Move hardened usercopy under 'Kernel hardening options'"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]