# SPDX-License-Identifier: GPL-2.0-only

config HAVE_ARCH_KFENCE
        bool

menuconfig KFENCE
        bool "KFENCE: low-overhead sampling-based memory safety error detector"
        depends on HAVE_ARCH_KFENCE && (SLAB || SLUB)
        select STACKTRACE
        select IRQ_WORK
        help
          KFENCE is a low-overhead sampling-based detector of heap out-of-bounds
          access, use-after-free, and invalid-free errors. KFENCE is designed
          to have negligible cost to permit enabling it in production
          environments.

          See <file:Documentation/dev-tools/kfence.rst> for more details.

          Note that, KFENCE is not a substitute for explicit testing with tools
          such as KASAN. KFENCE can detect a subset of bugs that KASAN can
          detect, albeit at very different performance profiles. If you can
          afford to use KASAN, continue using KASAN, for example in test
          environments. If your kernel targets production use, and cannot
          enable KASAN due to its cost, consider using KFENCE.

if KFENCE

config KFENCE_STATIC_KEYS
        bool "Use static keys to set up allocations"
        default y
        depends on JUMP_LABEL # To ensure performance, require jump labels
        help
          Use static keys (static branches) to set up KFENCE allocations. Using
          static keys is normally recommended, because it avoids a dynamic
          branch in the allocator's fast path. However, with very low sample
          intervals, or on systems that do not support jump labels, a dynamic
          branch may still be an acceptable performance trade-off.

config KFENCE_SAMPLE_INTERVAL
        int "Default sample interval in milliseconds"
        default 100
        help
          The KFENCE sample interval determines the frequency with which heap
          allocations will be guarded by KFENCE. May be overridden via boot
          parameter "kfence.sample_interval".

          Set this to 0 to disable KFENCE by default, in which case only
          setting "kfence.sample_interval" to a non-zero value enables KFENCE.

config KFENCE_NUM_OBJECTS
        int "Number of guarded objects available"
        range 1 65535
        default 255
        help
          The number of guarded objects available. For each KFENCE object, 2
          pages are required; with one containing the object and two adjacent
          ones used as guard pages.

config KFENCE_STRESS_TEST_FAULTS
        int "Stress testing of fault handling and error reporting" if EXPERT
        default 0
        help
          The inverse probability with which to randomly protect KFENCE object
          pages, resulting in spurious use-after-frees. The main purpose of
          this option is to stress test KFENCE with concurrent error reports
          and allocations/frees. A value of 0 disables stress testing logic.

          Only for KFENCE testing; set to 0 if you are not a KFENCE developer.

config KFENCE_KUNIT_TEST
        tristate "KFENCE integration test suite" if !KUNIT_ALL_TESTS
        default KUNIT_ALL_TESTS
        depends on TRACEPOINTS && KUNIT
        help
          Test suite for KFENCE, testing various error detection scenarios with
          various allocation types, and checking that reports are correctly
          output to console.

          Say Y here if you want the test to be built into the kernel and run
          during boot; say M if you want the test to build as a module; say N
          if you are unsure.

endif # KFENCE