10ce20dd8SAlexander Potapenko# SPDX-License-Identifier: GPL-2.0-only 20ce20dd8SAlexander Potapenko 30ce20dd8SAlexander Potapenkoconfig HAVE_ARCH_KFENCE 40ce20dd8SAlexander Potapenko bool 50ce20dd8SAlexander Potapenko 60ce20dd8SAlexander Potapenkomenuconfig KFENCE 70ce20dd8SAlexander Potapenko bool "KFENCE: low-overhead sampling-based memory safety error detector" 8*2a19be61SVlastimil Babka depends on HAVE_ARCH_KFENCE 90ce20dd8SAlexander Potapenko select STACKTRACE 10407f1d8cSMarco Elver select IRQ_WORK 110ce20dd8SAlexander Potapenko help 120ce20dd8SAlexander Potapenko KFENCE is a low-overhead sampling-based detector of heap out-of-bounds 130ce20dd8SAlexander Potapenko access, use-after-free, and invalid-free errors. KFENCE is designed 140ce20dd8SAlexander Potapenko to have negligible cost to permit enabling it in production 150ce20dd8SAlexander Potapenko environments. 160ce20dd8SAlexander Potapenko 1710efe55fSMarco Elver See <file:Documentation/dev-tools/kfence.rst> for more details. 1810efe55fSMarco Elver 190ce20dd8SAlexander Potapenko Note that, KFENCE is not a substitute for explicit testing with tools 200ce20dd8SAlexander Potapenko such as KASAN. KFENCE can detect a subset of bugs that KASAN can 210ce20dd8SAlexander Potapenko detect, albeit at very different performance profiles. If you can 220ce20dd8SAlexander Potapenko afford to use KASAN, continue using KASAN, for example in test 230ce20dd8SAlexander Potapenko environments. If your kernel targets production use, and cannot 240ce20dd8SAlexander Potapenko enable KASAN due to its cost, consider using KFENCE. 250ce20dd8SAlexander Potapenko 260ce20dd8SAlexander Potapenkoif KFENCE 270ce20dd8SAlexander Potapenko 280ce20dd8SAlexander Potapenkoconfig KFENCE_SAMPLE_INTERVAL 290ce20dd8SAlexander Potapenko int "Default sample interval in milliseconds" 300ce20dd8SAlexander Potapenko default 100 310ce20dd8SAlexander Potapenko help 320ce20dd8SAlexander Potapenko The KFENCE sample interval determines the frequency with which heap 330ce20dd8SAlexander Potapenko allocations will be guarded by KFENCE. May be overridden via boot 340ce20dd8SAlexander Potapenko parameter "kfence.sample_interval". 350ce20dd8SAlexander Potapenko 360ce20dd8SAlexander Potapenko Set this to 0 to disable KFENCE by default, in which case only 370ce20dd8SAlexander Potapenko setting "kfence.sample_interval" to a non-zero value enables KFENCE. 380ce20dd8SAlexander Potapenko 390ce20dd8SAlexander Potapenkoconfig KFENCE_NUM_OBJECTS 400ce20dd8SAlexander Potapenko int "Number of guarded objects available" 410ce20dd8SAlexander Potapenko range 1 65535 420ce20dd8SAlexander Potapenko default 255 430ce20dd8SAlexander Potapenko help 440ce20dd8SAlexander Potapenko The number of guarded objects available. For each KFENCE object, 2 450ce20dd8SAlexander Potapenko pages are required; with one containing the object and two adjacent 460ce20dd8SAlexander Potapenko ones used as guard pages. 470ce20dd8SAlexander Potapenko 48737b6a10SMarco Elverconfig KFENCE_DEFERRABLE 49737b6a10SMarco Elver bool "Use a deferrable timer to trigger allocations" 50737b6a10SMarco Elver help 51737b6a10SMarco Elver Use a deferrable timer to trigger allocations. This avoids forcing 52737b6a10SMarco Elver CPU wake-ups if the system is idle, at the risk of a less predictable 53737b6a10SMarco Elver sample interval. 54737b6a10SMarco Elver 55737b6a10SMarco Elver Warning: The KUnit test suite fails with this option enabled - due to 56737b6a10SMarco Elver the unpredictability of the sample interval! 57737b6a10SMarco Elver 58737b6a10SMarco Elver Say N if you are unsure. 59737b6a10SMarco Elver 604f612ed3SMarco Elverconfig KFENCE_STATIC_KEYS 614f612ed3SMarco Elver bool "Use static keys to set up allocations" if EXPERT 624f612ed3SMarco Elver depends on JUMP_LABEL 634f612ed3SMarco Elver help 644f612ed3SMarco Elver Use static keys (static branches) to set up KFENCE allocations. This 654f612ed3SMarco Elver option is only recommended when using very large sample intervals, or 664f612ed3SMarco Elver performance has carefully been evaluated with this option. 674f612ed3SMarco Elver 684f612ed3SMarco Elver Using static keys comes with trade-offs that need to be carefully 694f612ed3SMarco Elver evaluated given target workloads and system architectures. Notably, 704f612ed3SMarco Elver enabling and disabling static keys invoke IPI broadcasts, the latency 714f612ed3SMarco Elver and impact of which is much harder to predict than a dynamic branch. 724f612ed3SMarco Elver 734f612ed3SMarco Elver Say N if you are unsure. 744f612ed3SMarco Elver 750ce20dd8SAlexander Potapenkoconfig KFENCE_STRESS_TEST_FAULTS 760ce20dd8SAlexander Potapenko int "Stress testing of fault handling and error reporting" if EXPERT 770ce20dd8SAlexander Potapenko default 0 780ce20dd8SAlexander Potapenko help 790ce20dd8SAlexander Potapenko The inverse probability with which to randomly protect KFENCE object 800ce20dd8SAlexander Potapenko pages, resulting in spurious use-after-frees. The main purpose of 810ce20dd8SAlexander Potapenko this option is to stress test KFENCE with concurrent error reports 820ce20dd8SAlexander Potapenko and allocations/frees. A value of 0 disables stress testing logic. 830ce20dd8SAlexander Potapenko 840ce20dd8SAlexander Potapenko Only for KFENCE testing; set to 0 if you are not a KFENCE developer. 850ce20dd8SAlexander Potapenko 86bc8fbc5fSMarco Elverconfig KFENCE_KUNIT_TEST 87bc8fbc5fSMarco Elver tristate "KFENCE integration test suite" if !KUNIT_ALL_TESTS 88bc8fbc5fSMarco Elver default KUNIT_ALL_TESTS 89bc8fbc5fSMarco Elver depends on TRACEPOINTS && KUNIT 90bc8fbc5fSMarco Elver help 91bc8fbc5fSMarco Elver Test suite for KFENCE, testing various error detection scenarios with 92bc8fbc5fSMarco Elver various allocation types, and checking that reports are correctly 93bc8fbc5fSMarco Elver output to console. 94bc8fbc5fSMarco Elver 95bc8fbc5fSMarco Elver Say Y here if you want the test to be built into the kernel and run 96bc8fbc5fSMarco Elver during boot; say M if you want the test to build as a module; say N 97bc8fbc5fSMarco Elver if you are unsure. 98bc8fbc5fSMarco Elver 990ce20dd8SAlexander Potapenkoendif # KFENCE 100