From 5e4c313a2d764d0720b7dcb968d5f99868bf44de Mon Sep 17 00:00:00 2001
From: Daniel Micay <daniel.micay@grapheneos.org>
Date: Sat, 18 Jan 2025 02:27:05 -0500
Subject: [PATCH] document kernel hardware memory tagging

---
 static/features.html | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/static/features.html b/static/features.html
index 677a314e5..c511bee9a 100644
--- a/static/features.html
+++ b/static/features.html
@@ -365,6 +365,11 @@ <h4><a href="#exploit-mitigations">Exploit mitigations</a></h4>
                                     larger address space (48-bit instead of 39-bit) with
                                     significantly higher entropy Address Space Layout
                                     Randomization (33-bit instead of 24-bit).</li>
+                                    <li>Basic hardware memory tagging is used in the main kernel
+                                    memory allocators (slab, page_alloc, non-executable vmalloc) to
+                                    provide probabilistic detection of all use-after-free and
+                                    inter-object overflows (providing deterministic guarantees
+                                    similar to our hardened_malloc implementation is planned)</li>
                                     <li>Random canaries with a leading zero are added to the
                                     kernel heap (slub) to block C string overflows, absorb small
                                     overflows and detect linear overflows or other heap corruption