State of the Kernel Self Protection Project

As mentioned previously on LWN, e.g. https://lwn.net/Articles/662907/ , Linus himself repeatedly refuses some of the most powerful PaX defenses. Not only the hardware protections of recent high-end x86, x86_64 and ARMv7 processors he's mentioning aren't as powerful as PaX's (partially) software protections - see e.g. https://lwn.net/Articles/617945/ - but also, MEMORY_UDEREF and KERNEXEC work on processors about a decade older, and less expensive parts, which means that they could protect the vast majority of existing computers, rather than a tiny minority.
Emese Revfy once spent time, probably a significant amount thereof, making a large patch series constifying lots of needlessly writable, and therefore ripe for abuse, mostly "ops" structures in the kernel. The fact is that relatively few maintainers picked up the pieces.

Fortunately, the number of distros packaging grsec kernels is growing, and programs are slowly being improved / fixed - depending on one's POV - to work on PaX/grsec kernels (e.g. Docker wrt. grsec chroot hardening), which means that it's getting easier for users to get most PaX/grsec benefits. RANDSTRUCT is nullified by shared builds, but the other benefits, spanning a wide range of defenses, remain.