CONFIG_SEAL_METADATA is regularly tested now

pull/187/head
Daniel Micay 2022-01-13 14:25:41 -05:00
parent 17891d743e
commit 42b097f3b0
1 changed files with 4 additions and 5 deletions

View File

@ -267,11 +267,10 @@ The following boolean configuration options are available:
* `CONFIG_SEAL_METADATA`: `true` or `false` (default) to control whether Memory
Protection Keys are used to disable access to all writable allocator state
outside of the memory allocator code. It's currently disabled by default due
to lack of regular testing and a significant performance cost for this use
case on current generation hardware, which may become drastically lower in
the future. Whether or not this feature is enabled, the metadata is all
contained within an isolated memory region with high entropy random guard
regions around it.
to a significant performance cost for this use case on current generation
hardware, which may become drastically lower in the future. Whether or not
this feature is enabled, the metadata is all contained within an isolated
memory region with high entropy random guard regions around it.
The following integer configuration options are available: