[PATCH] mm: security: introduce CONFIG_INIT_HEAP_ALL

Vlastimil Babka vbabka at suse.cz
Tue Apr 16 08:33:32 UTC 2019


On 4/16/19 4:02 AM, Andrew Morton wrote:
> Requiring a kernel rebuild is rather user-hostile.  A boot option
> (early_param()) would be much more useful and I expect that the loss in
> coverage would be small and acceptable?  Could possibly use the
> static_branch infrastructure.

Agreed. There could be a config option to make it default on if no param
given. Then a config option to (not) compile this in at all would be
probably superfluous, although small systems/architectures without
effective static keys might care.



More information about the Linux-security-module-archive mailing list