mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity

hardening: Enable KFENCE in the hardening config 

KFENCE is not a security mitigation mechanism (due to sampling), but has
the performance characteristics of unintrusive hardening techniques.
When used at scale, however, it improves overall security by allowing
kernel developers to detect heap memory-safety bugs cheaply.

Link: https://lkml.kernel.org/r/79B9A832-B3DE-4229-9D87-748B2CFB7D12@kernel.org
Cc: Matthieu Baerts <matttbe@kernel.org>
Cc: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Marco Elver <elver@google.com>
Link: https://lore.kernel.org/r/20240212130116.997627-1-elver@google.com
Signed-off-by: Kees Cook <keescook@chromium.org>
This commit is contained in:
Marco Elver 2024-02-12 14:01:09 +01:00 committed by Kees Cook
parent 7b3133aa4b
commit de2683e7fd
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
kernel/configs/hardening.config
View File

@ -45,6 +45,9 @@ CONFIG_UBSAN_BOUNDS=y
# CONFIG_UBSAN_ENUM
# CONFIG_UBSAN_ALIGNMENT
# Sampling-based heap out-of-bounds and use-after-free detection.
CONFIG_KFENCE=y
# Linked list integrity checking.
CONFIG_LIST_HARDENED=y