(now with the correct link! 🤦)[/bookmark]
Emmanuel Florac likes this.
I think we're where we want to be in terms of peak, next round of work will be (again) diminishing the impact of things like blk-cgroup, and other block/kernel options that have an adverse performance impact.[/bookmark]
"How a simple Linux kernel memory corruption bug can lead to complete system compromise: An analysis of current and potential kernel security mitigations"
I'll post a copy to the kernel-hardening list later in case folks want to discuss it. [/bookmark]