From: Fedora Kernel Team <kernel-team(a)fedoraproject.org>
[redhat] New configs in lib/Kconfig.kfence
Hi,
As part of the ongoing rebase effort, the following configuration
options need to be reviewed.
As a reminder, the ARK configuration flow involves moving unreviewed
configuration options from the pending directory to the ark directory.
In the diff below, options are removed from the pending directory and
added to the ark hierarchy. The final options that need to be ACKed
are the files that are being added to the ark hierarchy.
If the value for a file that is added should be changed, please reply
with a better option.
CONFIG_KFENCE:
KFENCE is a low-overhead sampling-based detector of heap out-of-bounds
access, use-after-free, and invalid-free errors. KFENCE is designed
to have negligible cost to permit enabling it in production
environments.
See <file:Documentation/dev-tools/kfence.rst> for more details.
Note that, KFENCE is not a substitute for explicit testing with tools
such as KASAN. KFENCE can detect a subset of bugs that KASAN can
detect, albeit at very different performance profiles. If you can
afford to use KASAN, continue using KASAN, for example in test
environments. If your kernel targets production use, and cannot
enable KASAN due to its cost, consider using KFENCE.
Symbol: KFENCE [=n]
Type : bool
Defined at lib/Kconfig.kfence:6
Prompt: KFENCE: low-overhead sampling-based memory safety error detector
Depends on: HAVE_ARCH_KFENCE [=y] && (SLAB [=n] || SLUB [=y])
Location:
-> Kernel hacking
-> Memory Debugging
Selects: STACKTRACE [=y]
---
Cc: Prarit Bhargava <prarit(a)redhat.com>
Signed-off-by: Fedora Kernel Team <kernel-team(a)fedoraproject.org>
diff a/redhat/configs/common/generic/CONFIG_KFENCE
b/redhat/configs/common/generic/CONFIG_KFENCE
--- /dev/null
+++ b/redhat/configs/common/generic/CONFIG_KFENCE
@@ -0,0 +1 @@
+# CONFIG_KFENCE is not set
diff a/redhat/configs/pending-common/generic/CONFIG_KFENCE
b/redhat/configs/pending-common/generic/CONFIG_KFENCE
--- a/redhat/configs/pending-common/generic/CONFIG_KFENCE
+++ /dev/null
@@ -1,29 +0,0 @@
-# CONFIG_KFENCE:
-#
-# KFENCE is a low-overhead sampling-based detector of heap out-of-bounds
-# access, use-after-free, and invalid-free errors. KFENCE is designed
-# to have negligible cost to permit enabling it in production
-# environments.
-#
-# See <file:Documentation/dev-tools/kfence.rst> for more details.
-#
-# Note that, KFENCE is not a substitute for explicit testing with tools
-# such as KASAN. KFENCE can detect a subset of bugs that KASAN can
-# detect, albeit at very different performance profiles. If you can
-# afford to use KASAN, continue using KASAN, for example in test
-# environments. If your kernel targets production use, and cannot
-# enable KASAN due to its cost, consider using KFENCE.
-#
-# Symbol: KFENCE [=n]
-# Type : bool
-# Defined at lib/Kconfig.kfence:6
-# Prompt: KFENCE: low-overhead sampling-based memory safety error detector
-# Depends on: HAVE_ARCH_KFENCE [=y] && (SLAB [=n] || SLUB [=y])
-# Location:
-# -> Kernel hacking
-# -> Memory Debugging
-# Selects: STACKTRACE [=y]
-#
-#
-#
-# CONFIG_KFENCE is not set
--
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/936