Provide option to enable the kernel Electric-Fence

This commit is contained in:
Raja Grewal
2024-08-03 00:12:50 +10:00
parent f6a16258a1
commit 9099ecce8a
2 changed files with 13 additions and 0 deletions

View File

@ -113,6 +113,15 @@ GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX debugfs=off"
#GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX loglevel=0"
#GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX quiet"
## Enable the kernel "Electric-Fence" sampling-based memory safety error detector.
## KFENCE detects heap out-of-bounds access, use-after-free, and invalid-free errors.
## Aims to have very low processing overhead at each sampling interval
## Sampling interval is set to occur every 100 milliseconds as per KSPP recommendation.
##
## https://www.kernel.org/doc/html/latest/dev-tools/kfence.html
##
#GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX kfence.sample_interval=100"
## Switch (back) to using kCFI as the default Control Flow Integrity (CFI) implementation.
## The default implementation is FIneIBT as of Linux kernel 6.2.
## The Intel-developed IBT (Indirect Branch Tracking) is only used if supported by the CPU.