[linux.git] / lib / Kconfig.kfence

# SPDX-License-Identifier: GPL-2.0-only

config HAVE_ARCH_KFENCE
	bool

menuconfig KFENCE
	bool "KFENCE: low-overhead sampling-based memory safety error detector"
	depends on HAVE_ARCH_KFENCE
	select STACKTRACE
	select IRQ_WORK
	help
	  KFENCE is a low-overhead sampling-based detector of heap out-of-bounds
	  access, use-after-free, and invalid-free errors. KFENCE is designed
	  to have negligible cost to permit enabling it in production
	  environments.

	  See <file:Documentation/dev-tools/kfence.rst> for more details.

	  Note that, KFENCE is not a substitute for explicit testing with tools
	  such as KASAN. KFENCE can detect a subset of bugs that KASAN can
	  detect, albeit at very different performance profiles. If you can
	  afford to use KASAN, continue using KASAN, for example in test
	  environments. If your kernel targets production use, and cannot
	  enable KASAN due to its cost, consider using KFENCE.

if KFENCE

config KFENCE_SAMPLE_INTERVAL
	int "Default sample interval in milliseconds"
	default 100
	help
	  The KFENCE sample interval determines the frequency with which heap
	  allocations will be guarded by KFENCE. May be overridden via boot
	  parameter "kfence.sample_interval".

	  Set this to 0 to disable KFENCE by default, in which case only
	  setting "kfence.sample_interval" to a non-zero value enables KFENCE.

config KFENCE_NUM_OBJECTS
	int "Number of guarded objects available"
	range 1 65535
	default 255
	help
	  The number of guarded objects available. For each KFENCE object, 2
	  pages are required; with one containing the object and two adjacent
	  ones used as guard pages.

config KFENCE_DEFERRABLE
	bool "Use a deferrable timer to trigger allocations"
	help
	  Use a deferrable timer to trigger allocations. This avoids forcing
	  CPU wake-ups if the system is idle, at the risk of a less predictable
	  sample interval.

	  Warning: The KUnit test suite fails with this option enabled - due to
	  the unpredictability of the sample interval!

	  Say N if you are unsure.

config KFENCE_STATIC_KEYS
	bool "Use static keys to set up allocations" if EXPERT
	depends on JUMP_LABEL
	help
	  Use static keys (static branches) to set up KFENCE allocations. This
	  option is only recommended when using very large sample intervals, or
	  performance has carefully been evaluated with this option.

	  Using static keys comes with trade-offs that need to be carefully
	  evaluated given target workloads and system architectures. Notably,
	  enabling and disabling static keys invoke IPI broadcasts, the latency
	  and impact of which is much harder to predict than a dynamic branch.

	  Say N if you are unsure.

config KFENCE_STRESS_TEST_FAULTS
	int "Stress testing of fault handling and error reporting" if EXPERT
	default 0
	help
	  The inverse probability with which to randomly protect KFENCE object
	  pages, resulting in spurious use-after-frees. The main purpose of
	  this option is to stress test KFENCE with concurrent error reports
	  and allocations/frees. A value of 0 disables stress testing logic.

	  Only for KFENCE testing; set to 0 if you are not a KFENCE developer.

config KFENCE_KUNIT_TEST
	tristate "KFENCE integration test suite" if !KUNIT_ALL_TESTS
	default KUNIT_ALL_TESTS
	depends on TRACEPOINTS && KUNIT
	help
	  Test suite for KFENCE, testing various error detection scenarios with
	  various allocation types, and checking that reports are correctly
	  output to console.

	  Say Y here if you want the test to be built into the kernel and run
	  during boot; say M if you want the test to build as a module; say N
	  if you are unsure.

endif # KFENCE
Commit	Line	Data
0ce20dd8 AP	1	# SPDX-License-Identifier: GPL-2.0-only
	2
	3	config HAVE_ARCH_KFENCE
	4	bool
	5
	6	menuconfig KFENCE
	7	bool "KFENCE: low-overhead sampling-based memory safety error detector"
2a19be61	8	depends on HAVE_ARCH_KFENCE
0ce20dd8	9	select STACKTRACE
407f1d8c	10	select IRQ_WORK
0ce20dd8 AP	11	help
	12	KFENCE is a low-overhead sampling-based detector of heap out-of-bounds
	13	access, use-after-free, and invalid-free errors. KFENCE is designed
	14	to have negligible cost to permit enabling it in production
	15	environments.
	16
10efe55f ME	17	See <file:Documentation/dev-tools/kfence.rst> for more details.
10efe55f ME	18
0ce20dd8 AP	19	Note that, KFENCE is not a substitute for explicit testing with tools
	20	such as KASAN. KFENCE can detect a subset of bugs that KASAN can
	21	detect, albeit at very different performance profiles. If you can
	22	afford to use KASAN, continue using KASAN, for example in test
	23	environments. If your kernel targets production use, and cannot
	24	enable KASAN due to its cost, consider using KFENCE.
	25
	26	if KFENCE
	27
0ce20dd8 AP	28	config KFENCE_SAMPLE_INTERVAL
	29	int "Default sample interval in milliseconds"
	30	default 100
	31	help
	32	The KFENCE sample interval determines the frequency with which heap
	33	allocations will be guarded by KFENCE. May be overridden via boot
	34	parameter "kfence.sample_interval".
	35
	36	Set this to 0 to disable KFENCE by default, in which case only
	37	setting "kfence.sample_interval" to a non-zero value enables KFENCE.
	38
	39	config KFENCE_NUM_OBJECTS
	40	int "Number of guarded objects available"
	41	range 1 65535
	42	default 255
	43	help
	44	The number of guarded objects available. For each KFENCE object, 2
	45	pages are required; with one containing the object and two adjacent
	46	ones used as guard pages.
	47
737b6a10 ME	48	config KFENCE_DEFERRABLE
	49	bool "Use a deferrable timer to trigger allocations"
	50	help
	51	Use a deferrable timer to trigger allocations. This avoids forcing
	52	CPU wake-ups if the system is idle, at the risk of a less predictable
	53	sample interval.
	54
	55	Warning: The KUnit test suite fails with this option enabled - due to
	56	the unpredictability of the sample interval!
	57
	58	Say N if you are unsure.
	59
4f612ed3 ME	60	config KFENCE_STATIC_KEYS
	61	bool "Use static keys to set up allocations" if EXPERT
	62	depends on JUMP_LABEL
	63	help
	64	Use static keys (static branches) to set up KFENCE allocations. This
	65	option is only recommended when using very large sample intervals, or
	66	performance has carefully been evaluated with this option.
	67
	68	Using static keys comes with trade-offs that need to be carefully
	69	evaluated given target workloads and system architectures. Notably,
	70	enabling and disabling static keys invoke IPI broadcasts, the latency
	71	and impact of which is much harder to predict than a dynamic branch.
	72
	73	Say N if you are unsure.
	74
0ce20dd8 AP	75	config KFENCE_STRESS_TEST_FAULTS
	76	int "Stress testing of fault handling and error reporting" if EXPERT
	77	default 0
	78	help
	79	The inverse probability with which to randomly protect KFENCE object
	80	pages, resulting in spurious use-after-frees. The main purpose of
	81	this option is to stress test KFENCE with concurrent error reports
	82	and allocations/frees. A value of 0 disables stress testing logic.
	83
	84	Only for KFENCE testing; set to 0 if you are not a KFENCE developer.
	85
bc8fbc5f ME	86	config KFENCE_KUNIT_TEST
	87	tristate "KFENCE integration test suite" if !KUNIT_ALL_TESTS
	88	default KUNIT_ALL_TESTS
	89	depends on TRACEPOINTS && KUNIT
	90	help
	91	Test suite for KFENCE, testing various error detection scenarios with
	92	various allocation types, and checking that reports are correctly
	93	output to console.
	94
	95	Say Y here if you want the test to be built into the kernel and run
	96	during boot; say M if you want the test to build as a module; say N
	97	if you are unsure.
	98
0ce20dd8	99	endif # KFENCE