On Thu, 8 Feb 2024 at 00:33, Jakub Kicinski <k...@kernel.org> wrote: > > On Wed, 7 Feb 2024 20:04:44 +0100 Borislav Petkov wrote: > > On Wed, Feb 07, 2024 at 07:35:53PM +0100, Matthieu Baerts wrote: > > > Sorry, I'm sure I understand your suggestion: do you mean not including > > > KFENCE in hardening.config either, but in another one? > > > > > > For the networking tests, we are already merging .config files, e.g. the > > > debug.config one. We are not pushing to have KFENCE in x86 defconfig, it > > > can be elsewhere, and we don't mind merging other .config files if they > > > are maintained. > > > > Well, depends on where should KFENCE be enabled? Do you want people to > > run their tests with it too, or only the networking tests? If so, then > > hardening.config probably makes sense. > > > > Judging by what Documentation/dev-tools/kfence.rst says: > > > > "KFENCE is designed to be enabled in production kernels, and has near zero > > performance overhead." > > > > this reads like it should be enabled *everywhere* - not only in some > > hardening config. > > Right, a lot of distros enable it and so do hyperscalers (Fedora, Meta > and Google at least, AFAIK). Linus is pretty clear on the policy that > "feature" type Kconfig options should default to disabled. But for > something like KFENCE we were wondering what the cut-over point is > for making it enabled by default.
That's a good question, and I don't have the answer to that - maybe we need to ask Linus then. We could argue that to improve memory safety of the Linux kernel more rapidly, enablement of KFENCE by default (on the "big" architectures like x86) might actually be a net benefit at ~zero performance overhead and the cost of 2 MiB of RAM (default config). One big assumption is that CI systems or whoever will look at their kernel logs and report the warnings (a quick web search does confirm that KFENCE reports are reported by random users as well and not just devs or CI systems). Thanks, -- Marco
