Re: [PATCH] hardening: Enable KFENCE in the hardening config

From: Matthieu Baerts
Date: Mon Feb 12 2024 - 09:13:54 EST

Next message: Rob Herring: "Re: [PATCH v2] dt-bindings: interrupt-controller: Convert Atmel AIC to json-schema"
Previous message: Hongyan Xia: "Re: [RFC PATCH v2 0/7] uclamp sum aggregation"
In reply to: Marco Elver: "[PATCH] hardening: Enable KFENCE in the hardening config"
Next in thread: Kees Cook: "Re: [PATCH] hardening: Enable KFENCE in the hardening config"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Marco,

On 12/02/2024 14:01, Marco Elver wrote:
> KFENCE is not a security mitigation mechanism (due to sampling), but has
> the performance characteristics of unintrusive hardening techniques.
> When used at scale, however, it improves overall security by allowing
> kernel developers to detect heap memory-safety bugs cheaply.

Thank you for having sent this patch!

Cheers,
Matt
--
Sponsored by the NGI0 Core fund.

Next message: Rob Herring: "Re: [PATCH v2] dt-bindings: interrupt-controller: Convert Atmel AIC to json-schema"
Previous message: Hongyan Xia: "Re: [RFC PATCH v2 0/7] uclamp sum aggregation"
In reply to: Marco Elver: "[PATCH] hardening: Enable KFENCE in the hardening config"
Next in thread: Kees Cook: "Re: [PATCH] hardening: Enable KFENCE in the hardening config"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]