Le 14/11/2017 à 15:43, Maxime Villard a écrit :
The size and number of these blocks is controlled by the split-by-file parameter in Makefile.amd64. Right now it is set to 2MB, which produces a kernel with ~23 allocatable (ie useful at runtime) sections, which is a third of the total number supported (BTSPACE_NSEGS = 64). I will probably reduce this parameter a bit in the future, to 1.5MB, or even 1MB.
Actually I just did it. So now it's 1MB (better security), physically shifted by the prekern (better entropy), and mapped with large pages (better performance). And along the way it mostly mitigates TLB cache attacks. This is still wip but feel free to test, as always, Maxime
