[redhat] New configs in lib/Kconfig.kfence (!936) · Merge requests · cki-project / kernel-ark

Hi,

As part of the ongoing rebase effort, the following configuration options need to be reviewed.

As a reminder, the ARK configuration flow involves moving unreviewed configuration options from the pending directory to the ark directory. In the diff below, options are removed from the pending directory and added to the ark hierarchy. The final options that need to be ACKed are the files that are being added to the ark hierarchy.

If the value for a file that is added should be changed, please reply with a better option.

CONFIG_KFENCE:

KFENCE is a low-overhead sampling-based detector of heap out-of-bounds access, use-after-free, and invalid-free errors. KFENCE is designed to have negligible cost to permit enabling it in production environments.

See file:Documentation/dev-tools/kfence.rst for more details.

Note that, KFENCE is not a substitute for explicit testing with tools such as KASAN. KFENCE can detect a subset of bugs that KASAN can detect, albeit at very different performance profiles. If you can afford to use KASAN, continue using KASAN, for example in test environments. If your kernel targets production use, and cannot enable KASAN due to its cost, consider using KFENCE.

Symbol: KFENCE [=n] Type : bool Defined at lib/Kconfig.kfence:6 Prompt: KFENCE: low-overhead sampling-based memory safety error detector Depends on: HAVE_ARCH_KFENCE [=y] && (SLAB [=n] || SLUB [=y]) Location: -> Kernel hacking -> Memory Debugging Selects: STACKTRACE [=y]

Cc: Prarit Bhargava prarit@redhat.com Signed-off-by: Fedora Kernel Team kernel-team@fedoraproject.org

[redhat] New configs in lib/Kconfig.kfence

Merge request reports