Hi Boris, Thank you for your reply.
On 07/02/2024 19:16, Borislav Petkov wrote: > On Wed, Feb 07, 2024 at 07:05:31PM +0100, Marco Elver wrote: >> I think this would belong into some "hardening" config - while KFENCE >> is not a mitigation (due to sampling) it has the performance >> characteristics of unintrusive hardening techniques, so I think it >> would be a good fit. I think that'd be >> "kernel/configs/hardening.config". > > Instead of doing a special config for all the parties out there, why > don't parties simply automate their testing efforts by merging config > snippets into the default configs using > > scripts/kconfig/merge_config.sh > > before they run their specialized tests? Sorry, I'm sure I understand your suggestion: do you mean not including KFENCE in hardening.config either, but in another one? For the networking tests, we are already merging .config files, e.g. the debug.config one. We are not pushing to have KFENCE in x86 defconfig, it can be elsewhere, and we don't mind merging other .config files if they are maintained. Cheers, Matt -- Sponsored by the NGI0 Core fund.
