Re: [PATCH] hardening: Enable KFENCE in the hardening config

From: Kees Cook
Date: Mon Feb 12 2024 - 14:05:18 EST

Next message: Greg Kroah-Hartman: "Re: [PATCH v2] scsi: Make scsi_bus_type const"
Previous message: Alan Stern: "Re: [PATCH v4] media: ucvideo: Add quirk for Logitech Rally Bar"
In reply to: Matthieu Baerts: "Re: [PATCH] hardening: Enable KFENCE in the hardening config"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Feb 12, 2024 at 02:01:09PM +0100, Marco Elver wrote:
> KFENCE is not a security mitigation mechanism (due to sampling), but has
> the performance characteristics of unintrusive hardening techniques.
> When used at scale, however, it improves overall security by allowing
> kernel developers to detect heap memory-safety bugs cheaply.
>
> Link: https://lkml.kernel.org/r/79B9A832-B3DE-4229-9D87-748B2CFB7D12@xxxxxxxxxx
> Cc: Matthieu Baerts <matttbe@xxxxxxxxxx>
> Cc: Jakub Kicinski <kuba@xxxxxxxxxx>
> Signed-off-by: Marco Elver <elver@xxxxxxxxxx>

Thanks! Applied to my for-next/hardening tree.

https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git/commit/?h=for-next/hardening&id=1f82cb2f3859540120e990a79abfee8151ea6b93

-Kees

--
Kees Cook

Next message: Greg Kroah-Hartman: "Re: [PATCH v2] scsi: Make scsi_bus_type const"
Previous message: Alan Stern: "Re: [PATCH v4] media: ucvideo: Add quirk for Logitech Rally Bar"
In reply to: Matthieu Baerts: "Re: [PATCH] hardening: Enable KFENCE in the hardening config"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]