mirror of
https://github.com/Kicksecure/security-misc.git
synced 2025-07-23 22:33:05 +07:00
Provide option to enable the kernel Electric-Fence
This commit is contained in:
@ -113,6 +113,15 @@ GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX debugfs=off"
|
||||
#GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX loglevel=0"
|
||||
#GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX quiet"
|
||||
|
||||
## Enable the kernel "Electric-Fence" sampling-based memory safety error detector.
|
||||
## KFENCE detects heap out-of-bounds access, use-after-free, and invalid-free errors.
|
||||
## Aims to have very low processing overhead at each sampling interval
|
||||
## Sampling interval is set to occur every 100 milliseconds as per KSPP recommendation.
|
||||
##
|
||||
## https://www.kernel.org/doc/html/latest/dev-tools/kfence.html
|
||||
##
|
||||
#GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX kfence.sample_interval=100"
|
||||
|
||||
## Switch (back) to using kCFI as the default Control Flow Integrity (CFI) implementation.
|
||||
## The default implementation is FIneIBT as of Linux kernel 6.2.
|
||||
## The Intel-developed IBT (Indirect Branch Tracking) is only used if supported by the CPU.
|
||||
|
Reference in New Issue
Block a user