Commit | Line | Data |
---|---|---|
0ce20dd8 AP |
1 | # SPDX-License-Identifier: GPL-2.0-only |
2 | ||
3 | config HAVE_ARCH_KFENCE | |
4 | bool | |
5 | ||
6 | menuconfig KFENCE | |
7 | bool "KFENCE: low-overhead sampling-based memory safety error detector" | |
2b830526 | 8 | depends on HAVE_ARCH_KFENCE && (SLAB || SLUB) |
0ce20dd8 | 9 | select STACKTRACE |
407f1d8c | 10 | select IRQ_WORK |
0ce20dd8 AP |
11 | help |
12 | KFENCE is a low-overhead sampling-based detector of heap out-of-bounds | |
13 | access, use-after-free, and invalid-free errors. KFENCE is designed | |
14 | to have negligible cost to permit enabling it in production | |
15 | environments. | |
16 | ||
10efe55f ME |
17 | See <file:Documentation/dev-tools/kfence.rst> for more details. |
18 | ||
0ce20dd8 AP |
19 | Note that, KFENCE is not a substitute for explicit testing with tools |
20 | such as KASAN. KFENCE can detect a subset of bugs that KASAN can | |
21 | detect, albeit at very different performance profiles. If you can | |
22 | afford to use KASAN, continue using KASAN, for example in test | |
23 | environments. If your kernel targets production use, and cannot | |
24 | enable KASAN due to its cost, consider using KFENCE. | |
25 | ||
26 | if KFENCE | |
27 | ||
0ce20dd8 AP |
28 | config KFENCE_SAMPLE_INTERVAL |
29 | int "Default sample interval in milliseconds" | |
30 | default 100 | |
31 | help | |
32 | The KFENCE sample interval determines the frequency with which heap | |
33 | allocations will be guarded by KFENCE. May be overridden via boot | |
34 | parameter "kfence.sample_interval". | |
35 | ||
36 | Set this to 0 to disable KFENCE by default, in which case only | |
37 | setting "kfence.sample_interval" to a non-zero value enables KFENCE. | |
38 | ||
39 | config KFENCE_NUM_OBJECTS | |
40 | int "Number of guarded objects available" | |
41 | range 1 65535 | |
42 | default 255 | |
43 | help | |
44 | The number of guarded objects available. For each KFENCE object, 2 | |
45 | pages are required; with one containing the object and two adjacent | |
46 | ones used as guard pages. | |
47 | ||
4f612ed3 ME |
48 | config KFENCE_STATIC_KEYS |
49 | bool "Use static keys to set up allocations" if EXPERT | |
50 | depends on JUMP_LABEL | |
51 | help | |
52 | Use static keys (static branches) to set up KFENCE allocations. This | |
53 | option is only recommended when using very large sample intervals, or | |
54 | performance has carefully been evaluated with this option. | |
55 | ||
56 | Using static keys comes with trade-offs that need to be carefully | |
57 | evaluated given target workloads and system architectures. Notably, | |
58 | enabling and disabling static keys invoke IPI broadcasts, the latency | |
59 | and impact of which is much harder to predict than a dynamic branch. | |
60 | ||
61 | Say N if you are unsure. | |
62 | ||
0ce20dd8 AP |
63 | config KFENCE_STRESS_TEST_FAULTS |
64 | int "Stress testing of fault handling and error reporting" if EXPERT | |
65 | default 0 | |
66 | help | |
67 | The inverse probability with which to randomly protect KFENCE object | |
68 | pages, resulting in spurious use-after-frees. The main purpose of | |
69 | this option is to stress test KFENCE with concurrent error reports | |
70 | and allocations/frees. A value of 0 disables stress testing logic. | |
71 | ||
72 | Only for KFENCE testing; set to 0 if you are not a KFENCE developer. | |
73 | ||
bc8fbc5f ME |
74 | config KFENCE_KUNIT_TEST |
75 | tristate "KFENCE integration test suite" if !KUNIT_ALL_TESTS | |
76 | default KUNIT_ALL_TESTS | |
77 | depends on TRACEPOINTS && KUNIT | |
78 | help | |
79 | Test suite for KFENCE, testing various error detection scenarios with | |
80 | various allocation types, and checking that reports are correctly | |
81 | output to console. | |
82 | ||
83 | Say Y here if you want the test to be built into the kernel and run | |
84 | during boot; say M if you want the test to build as a module; say N | |
85 | if you are unsure. | |
86 | ||
0ce20dd8 | 87 | endif # KFENCE |