Re: [PATCH] hardening: Enable KFENCE in the hardening config
From: Kees Cook
Date: Mon Feb 12 2024 - 14:05:18 EST
On Mon, Feb 12, 2024 at 02:01:09PM +0100, Marco Elver wrote:
> KFENCE is not a security mitigation mechanism (due to sampling), but has
> the performance characteristics of unintrusive hardening techniques.
> When used at scale, however, it improves overall security by allowing
> kernel developers to detect heap memory-safety bugs cheaply.
>
> Link: https://lkml.kernel.org/r/79B9A832-B3DE-4229-9D87-748B2CFB7D12@xxxxxxxxxx
> Cc: Matthieu Baerts <matttbe@xxxxxxxxxx>
> Cc: Jakub Kicinski <kuba@xxxxxxxxxx>
> Signed-off-by: Marco Elver <elver@xxxxxxxxxx>
Thanks! Applied to my for-next/hardening tree.
https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git/commit/?h=for-next/hardening&id=1f82cb2f3859540120e990a79abfee8151ea6b93
-Kees
--
Kees Cook