]>
Commit | Line | Data |
---|---|---|
0ce20dd8 AP |
1 | # SPDX-License-Identifier: GPL-2.0-only |
2 | ||
3 | config HAVE_ARCH_KFENCE | |
4 | bool | |
5 | ||
6 | menuconfig KFENCE | |
7 | bool "KFENCE: low-overhead sampling-based memory safety error detector" | |
8 | depends on HAVE_ARCH_KFENCE && !KASAN && (SLAB || SLUB) | |
9 | select STACKTRACE | |
10 | help | |
11 | KFENCE is a low-overhead sampling-based detector of heap out-of-bounds | |
12 | access, use-after-free, and invalid-free errors. KFENCE is designed | |
13 | to have negligible cost to permit enabling it in production | |
14 | environments. | |
15 | ||
16 | Note that, KFENCE is not a substitute for explicit testing with tools | |
17 | such as KASAN. KFENCE can detect a subset of bugs that KASAN can | |
18 | detect, albeit at very different performance profiles. If you can | |
19 | afford to use KASAN, continue using KASAN, for example in test | |
20 | environments. If your kernel targets production use, and cannot | |
21 | enable KASAN due to its cost, consider using KFENCE. | |
22 | ||
23 | if KFENCE | |
24 | ||
25 | config KFENCE_STATIC_KEYS | |
26 | bool "Use static keys to set up allocations" | |
27 | default y | |
28 | depends on JUMP_LABEL # To ensure performance, require jump labels | |
29 | help | |
30 | Use static keys (static branches) to set up KFENCE allocations. Using | |
31 | static keys is normally recommended, because it avoids a dynamic | |
32 | branch in the allocator's fast path. However, with very low sample | |
33 | intervals, or on systems that do not support jump labels, a dynamic | |
34 | branch may still be an acceptable performance trade-off. | |
35 | ||
36 | config KFENCE_SAMPLE_INTERVAL | |
37 | int "Default sample interval in milliseconds" | |
38 | default 100 | |
39 | help | |
40 | The KFENCE sample interval determines the frequency with which heap | |
41 | allocations will be guarded by KFENCE. May be overridden via boot | |
42 | parameter "kfence.sample_interval". | |
43 | ||
44 | Set this to 0 to disable KFENCE by default, in which case only | |
45 | setting "kfence.sample_interval" to a non-zero value enables KFENCE. | |
46 | ||
47 | config KFENCE_NUM_OBJECTS | |
48 | int "Number of guarded objects available" | |
49 | range 1 65535 | |
50 | default 255 | |
51 | help | |
52 | The number of guarded objects available. For each KFENCE object, 2 | |
53 | pages are required; with one containing the object and two adjacent | |
54 | ones used as guard pages. | |
55 | ||
56 | config KFENCE_STRESS_TEST_FAULTS | |
57 | int "Stress testing of fault handling and error reporting" if EXPERT | |
58 | default 0 | |
59 | help | |
60 | The inverse probability with which to randomly protect KFENCE object | |
61 | pages, resulting in spurious use-after-frees. The main purpose of | |
62 | this option is to stress test KFENCE with concurrent error reports | |
63 | and allocations/frees. A value of 0 disables stress testing logic. | |
64 | ||
65 | Only for KFENCE testing; set to 0 if you are not a KFENCE developer. | |
66 | ||
67 | endif # KFENCE |