On February 7, 2024 10:05:31 AM PST, Marco Elver <el...@google.com> wrote:
>On Wed, 7 Feb 2024 at 17:16, Matthieu Baerts <matt...@kernel.org> wrote:
>[...]
>> When talking to Jakub about the kernel config used by the new CI for the
>> net tree [1], Jakub suggested [2] to check if KFENCE could not be
>> enabled by default for x86 architecture.
>
>I think this would belong into some "hardening" config - while KFENCE
>is not a mitigation (due to sampling) it has the performance
>characteristics of unintrusive hardening techniques, so I think it
>would be a good fit. I think that'd be
>"kernel/configs/hardening.config".
I would be happy to see it added to the hardening fragment! Send me a patch and
I'll put it in my tree. :)
-Kees
--
Kees Cook
