0001 # SPDX-License-Identifier: GPL-2.0-only
0002
0003 config HAVE_ARCH_KFENCE
0004 bool
0005
0006 menuconfig KFENCE
0007 bool "KFENCE: low-overhead sampling-based memory safety error detector"
0008 depends on HAVE_ARCH_KFENCE && (SLAB || SLUB)
0009 select STACKTRACE
0010 select IRQ_WORK
0011 help
0012 KFENCE is a low-overhead sampling-based detector of heap out-of-bounds
0013 access, use-after-free, and invalid-free errors. KFENCE is designed
0014 to have negligible cost to permit enabling it in production
0015 environments.
0016
0017 See <file:Documentation/dev-tools/kfence.rst> for more details.
0018
0019 Note that, KFENCE is not a substitute for explicit testing with tools
0020 such as KASAN. KFENCE can detect a subset of bugs that KASAN can
0021 detect, albeit at very different performance profiles. If you can
0022 afford to use KASAN, continue using KASAN, for example in test
0023 environments. If your kernel targets production use, and cannot
0024 enable KASAN due to its cost, consider using KFENCE.
0025
0026 if KFENCE
0027
0028 config KFENCE_SAMPLE_INTERVAL
0029 int "Default sample interval in milliseconds"
0030 default 100
0031 help
0032 The KFENCE sample interval determines the frequency with which heap
0033 allocations will be guarded by KFENCE. May be overridden via boot
0034 parameter "kfence.sample_interval".
0035
0036 Set this to 0 to disable KFENCE by default, in which case only
0037 setting "kfence.sample_interval" to a non-zero value enables KFENCE.
0038
0039 config KFENCE_NUM_OBJECTS
0040 int "Number of guarded objects available"
0041 range 1 65535
0042 default 255
0043 help
0044 The number of guarded objects available. For each KFENCE object, 2
0045 pages are required; with one containing the object and two adjacent
0046 ones used as guard pages.
0047
0048 config KFENCE_DEFERRABLE
0049 bool "Use a deferrable timer to trigger allocations"
0050 help
0051 Use a deferrable timer to trigger allocations. This avoids forcing
0052 CPU wake-ups if the system is idle, at the risk of a less predictable
0053 sample interval.
0054
0055 Warning: The KUnit test suite fails with this option enabled - due to
0056 the unpredictability of the sample interval!
0057
0058 Say N if you are unsure.
0059
0060 config KFENCE_STATIC_KEYS
0061 bool "Use static keys to set up allocations" if EXPERT
0062 depends on JUMP_LABEL
0063 help
0064 Use static keys (static branches) to set up KFENCE allocations. This
0065 option is only recommended when using very large sample intervals, or
0066 performance has carefully been evaluated with this option.
0067
0068 Using static keys comes with trade-offs that need to be carefully
0069 evaluated given target workloads and system architectures. Notably,
0070 enabling and disabling static keys invoke IPI broadcasts, the latency
0071 and impact of which is much harder to predict than a dynamic branch.
0072
0073 Say N if you are unsure.
0074
0075 config KFENCE_STRESS_TEST_FAULTS
0076 int "Stress testing of fault handling and error reporting" if EXPERT
0077 default 0
0078 help
0079 The inverse probability with which to randomly protect KFENCE object
0080 pages, resulting in spurious use-after-frees. The main purpose of
0081 this option is to stress test KFENCE with concurrent error reports
0082 and allocations/frees. A value of 0 disables stress testing logic.
0083
0084 Only for KFENCE testing; set to 0 if you are not a KFENCE developer.
0085
0086 config KFENCE_KUNIT_TEST
0087 tristate "KFENCE integration test suite" if !KUNIT_ALL_TESTS
0088 default KUNIT_ALL_TESTS
0089 depends on TRACEPOINTS && KUNIT
0090 help
0091 Test suite for KFENCE, testing various error detection scenarios with
0092 various allocation types, and checking that reports are correctly
0093 output to console.
0094
0095 Say Y here if you want the test to be built into the kernel and run
0096 during boot; say M if you want the test to build as a module; say N
0097 if you are unsure.
0098
0099 endif # KFENCE
