]>
Commit | Line | Data |
---|---|---|
0ce20dd8 AP |
1 | # SPDX-License-Identifier: GPL-2.0-only |
2 | ||
3 | config HAVE_ARCH_KFENCE | |
4 | bool | |
5 | ||
6 | menuconfig KFENCE | |
7 | bool "KFENCE: low-overhead sampling-based memory safety error detector" | |
2b830526 | 8 | depends on HAVE_ARCH_KFENCE && (SLAB || SLUB) |
0ce20dd8 | 9 | select STACKTRACE |
407f1d8c | 10 | select IRQ_WORK |
0ce20dd8 AP |
11 | help |
12 | KFENCE is a low-overhead sampling-based detector of heap out-of-bounds | |
13 | access, use-after-free, and invalid-free errors. KFENCE is designed | |
14 | to have negligible cost to permit enabling it in production | |
15 | environments. | |
16 | ||
10efe55f ME |
17 | See <file:Documentation/dev-tools/kfence.rst> for more details. |
18 | ||
0ce20dd8 AP |
19 | Note that, KFENCE is not a substitute for explicit testing with tools |
20 | such as KASAN. KFENCE can detect a subset of bugs that KASAN can | |
21 | detect, albeit at very different performance profiles. If you can | |
22 | afford to use KASAN, continue using KASAN, for example in test | |
23 | environments. If your kernel targets production use, and cannot | |
24 | enable KASAN due to its cost, consider using KFENCE. | |
25 | ||
26 | if KFENCE | |
27 | ||
28 | config KFENCE_STATIC_KEYS | |
29 | bool "Use static keys to set up allocations" | |
30 | default y | |
31 | depends on JUMP_LABEL # To ensure performance, require jump labels | |
32 | help | |
33 | Use static keys (static branches) to set up KFENCE allocations. Using | |
34 | static keys is normally recommended, because it avoids a dynamic | |
35 | branch in the allocator's fast path. However, with very low sample | |
36 | intervals, or on systems that do not support jump labels, a dynamic | |
37 | branch may still be an acceptable performance trade-off. | |
38 | ||
39 | config KFENCE_SAMPLE_INTERVAL | |
40 | int "Default sample interval in milliseconds" | |
41 | default 100 | |
42 | help | |
43 | The KFENCE sample interval determines the frequency with which heap | |
44 | allocations will be guarded by KFENCE. May be overridden via boot | |
45 | parameter "kfence.sample_interval". | |
46 | ||
47 | Set this to 0 to disable KFENCE by default, in which case only | |
48 | setting "kfence.sample_interval" to a non-zero value enables KFENCE. | |
49 | ||
50 | config KFENCE_NUM_OBJECTS | |
51 | int "Number of guarded objects available" | |
52 | range 1 65535 | |
53 | default 255 | |
54 | help | |
55 | The number of guarded objects available. For each KFENCE object, 2 | |
56 | pages are required; with one containing the object and two adjacent | |
57 | ones used as guard pages. | |
58 | ||
59 | config KFENCE_STRESS_TEST_FAULTS | |
60 | int "Stress testing of fault handling and error reporting" if EXPERT | |
61 | default 0 | |
62 | help | |
63 | The inverse probability with which to randomly protect KFENCE object | |
64 | pages, resulting in spurious use-after-frees. The main purpose of | |
65 | this option is to stress test KFENCE with concurrent error reports | |
66 | and allocations/frees. A value of 0 disables stress testing logic. | |
67 | ||
68 | Only for KFENCE testing; set to 0 if you are not a KFENCE developer. | |
69 | ||
bc8fbc5f ME |
70 | config KFENCE_KUNIT_TEST |
71 | tristate "KFENCE integration test suite" if !KUNIT_ALL_TESTS | |
72 | default KUNIT_ALL_TESTS | |
73 | depends on TRACEPOINTS && KUNIT | |
74 | help | |
75 | Test suite for KFENCE, testing various error detection scenarios with | |
76 | various allocation types, and checking that reports are correctly | |
77 | output to console. | |
78 | ||
79 | Say Y here if you want the test to be built into the kernel and run | |
80 | during boot; say M if you want the test to build as a module; say N | |
81 | if you are unsure. | |
82 | ||
0ce20dd8 | 83 | endif # KFENCE |