mirror of
https://github.com/torvalds/linux.git
synced 2026-03-08 03:24:45 +01:00
hardening: Enable KFENCE in the hardening config
KFENCE is not a security mitigation mechanism (due to sampling), but has the performance characteristics of unintrusive hardening techniques. When used at scale, however, it improves overall security by allowing kernel developers to detect heap memory-safety bugs cheaply. Link: https://lkml.kernel.org/r/79B9A832-B3DE-4229-9D87-748B2CFB7D12@kernel.org Cc: Matthieu Baerts <matttbe@kernel.org> Cc: Jakub Kicinski <kuba@kernel.org> Signed-off-by: Marco Elver <elver@google.com> Link: https://lore.kernel.org/r/20240212130116.997627-1-elver@google.com Signed-off-by: Kees Cook <keescook@chromium.org>
This commit is contained in:
Marco Elver
Kees Cook
parent
7b3133aa4b
commit
de2683e7fd
1 changed files with 3 additions and 0 deletions
|
|
@ -45,6 +45,9 @@ CONFIG_UBSAN_BOUNDS=y
|
|||
# CONFIG_UBSAN_ENUM
|
||||
# CONFIG_UBSAN_ALIGNMENT
|
||||
|
||||
# Sampling-based heap out-of-bounds and use-after-free detection.
|
||||
CONFIG_KFENCE=y
|
||||
|
||||
# Linked list integrity checking.
|
||||
CONFIG_LIST_HARDENED=y
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue