100 lines
3.5 KiB
Plaintext
100 lines
3.5 KiB
Plaintext
# SPDX-License-Identifier: GPL-2.0-only
|
|
|
|
config HAVE_ARCH_KFENCE
|
|
bool
|
|
|
|
menuconfig KFENCE
|
|
bool "KFENCE: low-overhead sampling-based memory safety error detector"
|
|
depends on HAVE_ARCH_KFENCE
|
|
select STACKTRACE
|
|
select IRQ_WORK
|
|
help
|
|
KFENCE is a low-overhead sampling-based detector of heap out-of-bounds
|
|
access, use-after-free, and invalid-free errors. KFENCE is designed
|
|
to have negligible cost to permit enabling it in production
|
|
environments.
|
|
|
|
See <file:Documentation/dev-tools/kfence.rst> for more details.
|
|
|
|
Note that, KFENCE is not a substitute for explicit testing with tools
|
|
such as KASAN. KFENCE can detect a subset of bugs that KASAN can
|
|
detect, albeit at very different performance profiles. If you can
|
|
afford to use KASAN, continue using KASAN, for example in test
|
|
environments. If your kernel targets production use, and cannot
|
|
enable KASAN due to its cost, consider using KFENCE.
|
|
|
|
if KFENCE
|
|
|
|
config KFENCE_SAMPLE_INTERVAL
|
|
int "Default sample interval in milliseconds"
|
|
default 100
|
|
help
|
|
The KFENCE sample interval determines the frequency with which heap
|
|
allocations will be guarded by KFENCE. May be overridden via boot
|
|
parameter "kfence.sample_interval".
|
|
|
|
Set this to 0 to disable KFENCE by default, in which case only
|
|
setting "kfence.sample_interval" to a non-zero value enables KFENCE.
|
|
|
|
config KFENCE_NUM_OBJECTS
|
|
int "Number of guarded objects available"
|
|
range 1 65535
|
|
default 255
|
|
help
|
|
The number of guarded objects available. For each KFENCE object, 2
|
|
pages are required; with one containing the object and two adjacent
|
|
ones used as guard pages.
|
|
|
|
config KFENCE_DEFERRABLE
|
|
bool "Use a deferrable timer to trigger allocations"
|
|
help
|
|
Use a deferrable timer to trigger allocations. This avoids forcing
|
|
CPU wake-ups if the system is idle, at the risk of a less predictable
|
|
sample interval.
|
|
|
|
Warning: The KUnit test suite fails with this option enabled - due to
|
|
the unpredictability of the sample interval!
|
|
|
|
Say N if you are unsure.
|
|
|
|
config KFENCE_STATIC_KEYS
|
|
bool "Use static keys to set up allocations" if EXPERT
|
|
depends on JUMP_LABEL
|
|
help
|
|
Use static keys (static branches) to set up KFENCE allocations. This
|
|
option is only recommended when using very large sample intervals, or
|
|
performance has carefully been evaluated with this option.
|
|
|
|
Using static keys comes with trade-offs that need to be carefully
|
|
evaluated given target workloads and system architectures. Notably,
|
|
enabling and disabling static keys invoke IPI broadcasts, the latency
|
|
and impact of which is much harder to predict than a dynamic branch.
|
|
|
|
Say N if you are unsure.
|
|
|
|
config KFENCE_STRESS_TEST_FAULTS
|
|
int "Stress testing of fault handling and error reporting" if EXPERT
|
|
default 0
|
|
help
|
|
The inverse probability with which to randomly protect KFENCE object
|
|
pages, resulting in spurious use-after-frees. The main purpose of
|
|
this option is to stress test KFENCE with concurrent error reports
|
|
and allocations/frees. A value of 0 disables stress testing logic.
|
|
|
|
Only for KFENCE testing; set to 0 if you are not a KFENCE developer.
|
|
|
|
config KFENCE_KUNIT_TEST
|
|
tristate "KFENCE integration test suite" if !KUNIT_ALL_TESTS
|
|
default KUNIT_ALL_TESTS
|
|
depends on TRACEPOINTS && KUNIT
|
|
help
|
|
Test suite for KFENCE, testing various error detection scenarios with
|
|
various allocation types, and checking that reports are correctly
|
|
output to console.
|
|
|
|
Say Y here if you want the test to be built into the kernel and run
|
|
during boot; say M if you want the test to build as a module; say N
|
|
if you are unsure.
|
|
|
|
endif # KFENCE
|