Recommended_Settings: Add details about hash_pointers=always

kees · kees · commit 05fb5c09c3bf · 2025-10-07T08:48:36.000-07:00
Update slub_debug=FZ note. Closes: #8 Signed-off-by: Kees Cook <kees@kernel.org>
diff --git a/Recommended_Settings.md b/Recommended_Settings.md
@@ -443,9 +443,14 @@ pti=on
 # To prevent against L1TF, at the cost of losing hyper threading (slow).
 nosmt
 
-# Enable SLUB redzoning and sanity checking (slow; requires CONFIG_SLUB_DEBUG=y above).
+# Enable SLUB redzoning and sanity checking (`**`slow`**`; requires CONFIG_SLUB_DEBUG=y above).
+# From v5.14 through v6.16, this disables pointer hashing (see below). From v6.17 on, using
+# `hash_pointers=always` will avoid this.
 slub_debug=ZF
 
+# Since v6.17, force exposed pointers to be hashed.
+hash_pointers=always
+
 # (Before v5.3 without "init_on_free=1") Enable slub/slab allocator free poisoning (requires CONFIG_SLUB_DEBUG=y above).
 slub_debug=P
 
