On Thu, Jan 10, 2019 at 1:29 PM Dan Williams <dan.j.williams@xxxxxxxxx> wrote: > Note that higher order merging is not a current concern since the > implementation is already randomizing on MAX_ORDER sized pages. Since > memory side caches are so large there's no worry about a 4MB > randomization boundary. > > However, for the (unproven) security use case where folks want to > experiment with randomizing on smaller granularity, they should be > wary of this (/me nudges Kees). Yup. And I think this is well noted in the Kconfig help already. I view this as slightly more fine grain randomization than we get from just effectively the base address randomization that CONFIG_RANDOMIZE_MEMORY performs. I remain a fan of this series. :) -- Kees Cook
