]>
Commit | Line | Data |
---|---|---|
0ce20dd8 AP |
1 | # SPDX-License-Identifier: GPL-2.0-only |
2 | ||
3 | config HAVE_ARCH_KFENCE | |
4 | bool | |
5 | ||
6 | menuconfig KFENCE | |
7 | bool "KFENCE: low-overhead sampling-based memory safety error detector" | |
2b830526 | 8 | depends on HAVE_ARCH_KFENCE && (SLAB || SLUB) |
0ce20dd8 AP |
9 | select STACKTRACE |
10 | help | |
11 | KFENCE is a low-overhead sampling-based detector of heap out-of-bounds | |
12 | access, use-after-free, and invalid-free errors. KFENCE is designed | |
13 | to have negligible cost to permit enabling it in production | |
14 | environments. | |
15 | ||
10efe55f ME |
16 | See <file:Documentation/dev-tools/kfence.rst> for more details. |
17 | ||
0ce20dd8 AP |
18 | Note that, KFENCE is not a substitute for explicit testing with tools |
19 | such as KASAN. KFENCE can detect a subset of bugs that KASAN can | |
20 | detect, albeit at very different performance profiles. If you can | |
21 | afford to use KASAN, continue using KASAN, for example in test | |
22 | environments. If your kernel targets production use, and cannot | |
23 | enable KASAN due to its cost, consider using KFENCE. | |
24 | ||
25 | if KFENCE | |
26 | ||
27 | config KFENCE_STATIC_KEYS | |
28 | bool "Use static keys to set up allocations" | |
29 | default y | |
30 | depends on JUMP_LABEL # To ensure performance, require jump labels | |
31 | help | |
32 | Use static keys (static branches) to set up KFENCE allocations. Using | |
33 | static keys is normally recommended, because it avoids a dynamic | |
34 | branch in the allocator's fast path. However, with very low sample | |
35 | intervals, or on systems that do not support jump labels, a dynamic | |
36 | branch may still be an acceptable performance trade-off. | |
37 | ||
38 | config KFENCE_SAMPLE_INTERVAL | |
39 | int "Default sample interval in milliseconds" | |
40 | default 100 | |
41 | help | |
42 | The KFENCE sample interval determines the frequency with which heap | |
43 | allocations will be guarded by KFENCE. May be overridden via boot | |
44 | parameter "kfence.sample_interval". | |
45 | ||
46 | Set this to 0 to disable KFENCE by default, in which case only | |
47 | setting "kfence.sample_interval" to a non-zero value enables KFENCE. | |
48 | ||
49 | config KFENCE_NUM_OBJECTS | |
50 | int "Number of guarded objects available" | |
51 | range 1 65535 | |
52 | default 255 | |
53 | help | |
54 | The number of guarded objects available. For each KFENCE object, 2 | |
55 | pages are required; with one containing the object and two adjacent | |
56 | ones used as guard pages. | |
57 | ||
58 | config KFENCE_STRESS_TEST_FAULTS | |
59 | int "Stress testing of fault handling and error reporting" if EXPERT | |
60 | default 0 | |
61 | help | |
62 | The inverse probability with which to randomly protect KFENCE object | |
63 | pages, resulting in spurious use-after-frees. The main purpose of | |
64 | this option is to stress test KFENCE with concurrent error reports | |
65 | and allocations/frees. A value of 0 disables stress testing logic. | |
66 | ||
67 | Only for KFENCE testing; set to 0 if you are not a KFENCE developer. | |
68 | ||
bc8fbc5f ME |
69 | config KFENCE_KUNIT_TEST |
70 | tristate "KFENCE integration test suite" if !KUNIT_ALL_TESTS | |
71 | default KUNIT_ALL_TESTS | |
72 | depends on TRACEPOINTS && KUNIT | |
73 | help | |
74 | Test suite for KFENCE, testing various error detection scenarios with | |
75 | various allocation types, and checking that reports are correctly | |
76 | output to console. | |
77 | ||
78 | Say Y here if you want the test to be built into the kernel and run | |
79 | during boot; say M if you want the test to build as a module; say N | |
80 | if you are unsure. | |
81 | ||
0ce20dd8 | 82 | endif # KFENCE |