• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# SPDX-License-Identifier: GPL-2.0-only
2config PAGE_EXTENSION
3	bool "Extend memmap on extra space for more information on page"
4	help
5	  Extend memmap on extra space for more information on page. This
6	  could be used for debugging features that need to insert extra
7	  field for every page. This extension enables us to save memory
8	  by not allocating this extra memory according to boottime
9	  configuration.
10
11config DEBUG_PAGEALLOC
12	bool "Debug page memory allocations"
13	depends on DEBUG_KERNEL
14	depends on !HIBERNATION || ARCH_SUPPORTS_DEBUG_PAGEALLOC && !PPC && !SPARC
15	select PAGE_POISONING if !ARCH_SUPPORTS_DEBUG_PAGEALLOC
16	help
17	  Unmap pages from the kernel linear mapping after free_pages().
18	  Depending on runtime enablement, this results in a small or large
19	  slowdown, but helps to find certain types of memory corruption.
20
21	  Also, the state of page tracking structures is checked more often as
22	  pages are being allocated and freed, as unexpected state changes
23	  often happen for same reasons as memory corruption (e.g. double free,
24	  use-after-free). The error reports for these checks can be augmented
25	  with stack traces of last allocation and freeing of the page, when
26	  PAGE_OWNER is also selected and enabled on boot.
27
28	  For architectures which don't enable ARCH_SUPPORTS_DEBUG_PAGEALLOC,
29	  fill the pages with poison patterns after free_pages() and verify
30	  the patterns before alloc_pages(). Additionally, this option cannot
31	  be enabled in combination with hibernation as that would result in
32	  incorrect warnings of memory corruption after a resume because free
33	  pages are not saved to the suspend image.
34
35	  By default this option will have a small overhead, e.g. by not
36	  allowing the kernel mapping to be backed by large pages on some
37	  architectures. Even bigger overhead comes when the debugging is
38	  enabled by DEBUG_PAGEALLOC_ENABLE_DEFAULT or the debug_pagealloc
39	  command line parameter.
40
41config DEBUG_PAGEALLOC_ENABLE_DEFAULT
42	bool "Enable debug page memory allocations by default?"
43	depends on DEBUG_PAGEALLOC
44	help
45	  Enable debug page memory allocations by default? This value
46	  can be overridden by debug_pagealloc=off|on.
47
48config SLUB_DEBUG
49	default y
50	bool "Enable SLUB debugging support" if EXPERT
51	depends on SYSFS && !SLUB_TINY
52	select STACKDEPOT if STACKTRACE_SUPPORT
53	help
54	  SLUB has extensive debug support features. Disabling these can
55	  result in significant savings in code size. While /sys/kernel/slab
56	  will still exist (with SYSFS enabled), it will not provide e.g. cache
57	  validation.
58
59config SLUB_DEBUG_ON
60	bool "SLUB debugging on by default"
61	depends on SLUB_DEBUG
62	select STACKDEPOT_ALWAYS_INIT if STACKTRACE_SUPPORT
63	default n
64	help
65	  Boot with debugging on by default. SLUB boots by default with
66	  the runtime debug capabilities switched off. Enabling this is
67	  equivalent to specifying the "slab_debug" parameter on boot.
68	  There is no support for more fine grained debug control like
69	  possible with slab_debug=xxx. SLUB debugging may be switched
70	  off in a kernel built with CONFIG_SLUB_DEBUG_ON by specifying
71	  "slab_debug=-".
72
73config SLUB_RCU_DEBUG
74	bool "Enable UAF detection in TYPESAFE_BY_RCU caches (for KASAN)"
75	depends on SLUB_DEBUG
76	# SLUB_RCU_DEBUG should build fine without KASAN, but is currently useless
77	# without KASAN, so mark it as a dependency of KASAN for now.
78	depends on KASAN
79	default KASAN_GENERIC || KASAN_SW_TAGS
80	help
81	  Make SLAB_TYPESAFE_BY_RCU caches behave approximately as if the cache
82	  was not marked as SLAB_TYPESAFE_BY_RCU and every caller used
83	  kfree_rcu() instead.
84
85	  This is intended for use in combination with KASAN, to enable KASAN to
86	  detect use-after-free accesses in such caches.
87	  (KFENCE is able to do that independent of this flag.)
88
89	  This might degrade performance.
90	  Unfortunately this also prevents a very specific bug pattern from
91	  triggering (insufficient checks against an object being recycled
92	  within the RCU grace period); so this option can be turned off even on
93	  KASAN builds, in case you want to test for such a bug.
94
95	  If you're using this for testing bugs / fuzzing and care about
96	  catching all the bugs WAY more than performance, you might want to
97	  also turn on CONFIG_RCU_STRICT_GRACE_PERIOD.
98
99	  WARNING:
100	  This is designed as a debugging feature, not a security feature.
101	  Objects are sometimes recycled without RCU delay under memory pressure.
102
103	  If unsure, say N.
104
105config PAGE_OWNER
106	bool "Track page owner"
107	depends on DEBUG_KERNEL && STACKTRACE_SUPPORT
108	select DEBUG_FS
109	select STACKTRACE
110	select STACKDEPOT
111	select PAGE_EXTENSION
112	help
113	  This keeps track of what call chain is the owner of a page, may
114	  help to find bare alloc_page(s) leaks. Even if you include this
115	  feature on your build, it is disabled in default. You should pass
116	  "page_owner=on" to boot parameter in order to enable it. Eats
117	  a fair amount of memory if enabled. See tools/mm/page_owner_sort.c
118	  for user-space helper.
119
120	  If unsure, say N.
121
122config PAGE_TABLE_CHECK
123	bool "Check for invalid mappings in user page tables"
124	depends on ARCH_SUPPORTS_PAGE_TABLE_CHECK
125	depends on EXCLUSIVE_SYSTEM_RAM
126	select PAGE_EXTENSION
127	help
128	  Check that anonymous page is not being mapped twice with read write
129	  permissions. Check that anonymous and file pages are not being
130	  erroneously shared. Since the checking is performed at the time
131	  entries are added and removed to user page tables, leaking, corruption
132	  and double mapping problems are detected synchronously.
133
134	  If unsure say "n".
135
136config PAGE_TABLE_CHECK_ENFORCED
137	bool "Enforce the page table checking by default"
138	depends on PAGE_TABLE_CHECK
139	help
140	  Always enable page table checking.  By default the page table checking
141	  is disabled, and can be optionally enabled via page_table_check=on
142	  kernel parameter. This config enforces that page table check is always
143	  enabled.
144
145	  If unsure say "n".
146
147config PAGE_PINNER
148        bool "Track page pinner"
149        depends on DEBUG_KERNEL && STACKTRACE_SUPPORT
150        select DEBUG_FS
151        select STACKTRACE
152        select STACKDEPOT
153        select PAGE_EXTENSION
154        help
155          This keeps track of what call chain is the pinner of a page, may
156          help to find page migration failures. Even if you include this
157          feature in your build, it is disabled by default. You should pass
158          "page_pinner=on" to boot parameter in order to enable it. Eats
159          a fair amount of memory if enabled.
160
161          If unsure, say N.
162
163config PAGE_POISONING
164	bool "Poison pages after freeing"
165	help
166	  Fill the pages with poison patterns after free_pages() and verify
167	  the patterns before alloc_pages. The filling of the memory helps
168	  reduce the risk of information leaks from freed data. This does
169	  have a potential performance impact if enabled with the
170	  "page_poison=1" kernel boot option.
171
172	  Note that "poison" here is not the same thing as the "HWPoison"
173	  for CONFIG_MEMORY_FAILURE. This is software poisoning only.
174
175	  If you are only interested in sanitization of freed pages without
176	  checking the poison pattern on alloc, you can boot the kernel with
177	  "init_on_free=1" instead of enabling this.
178
179	  If unsure, say N
180
181config DEBUG_PAGE_REF
182	bool "Enable tracepoint to track down page reference manipulation"
183	depends on DEBUG_KERNEL
184	depends on TRACEPOINTS
185	help
186	  This is a feature to add tracepoint for tracking down page reference
187	  manipulation. This tracking is useful to diagnose functional failure
188	  due to migration failures caused by page reference mismatches.  Be
189	  careful when enabling this feature because it adds about 30 KB to the
190	  kernel code.  However the runtime performance overhead is virtually
191	  nil until the tracepoints are actually enabled.
192
193config DEBUG_RODATA_TEST
194    bool "Testcase for the marking rodata read-only"
195    depends on STRICT_KERNEL_RWX
196	help
197      This option enables a testcase for the setting rodata read-only.
198
199config ARCH_HAS_DEBUG_WX
200	bool
201
202config DEBUG_WX
203	bool "Warn on W+X mappings at boot"
204	depends on ARCH_HAS_DEBUG_WX
205	depends on MMU
206	select PTDUMP_CORE
207	help
208	  Generate a warning if any W+X mappings are found at boot.
209
210	  This is useful for discovering cases where the kernel is leaving W+X
211	  mappings after applying NX, as such mappings are a security risk.
212
213	  Look for a message in dmesg output like this:
214
215	    <arch>/mm: Checked W+X mappings: passed, no W+X pages found.
216
217	  or like this, if the check failed:
218
219	    <arch>/mm: Checked W+X mappings: failed, <N> W+X pages found.
220
221	  Note that even if the check fails, your kernel is possibly
222	  still fine, as W+X mappings are not a security hole in
223	  themselves, what they do is that they make the exploitation
224	  of other unfixed kernel bugs easier.
225
226	  There is no runtime or memory usage effect of this option
227	  once the kernel has booted up - it's a one time check.
228
229	  If in doubt, say "Y".
230
231config GENERIC_PTDUMP
232	bool
233
234config PTDUMP_CORE
235	bool
236
237config PTDUMP_DEBUGFS
238	bool "Export kernel pagetable layout to userspace via debugfs"
239	depends on DEBUG_KERNEL
240	depends on DEBUG_FS
241	depends on GENERIC_PTDUMP
242	select PTDUMP_CORE
243	help
244	  Say Y here if you want to show the kernel pagetable layout in a
245	  debugfs file. This information is only useful for kernel developers
246	  who are working in architecture specific areas of the kernel.
247	  It is probably not a good idea to enable this feature in a production
248	  kernel.
249
250	  If in doubt, say N.
251
252config HAVE_DEBUG_KMEMLEAK
253	bool
254
255config DEBUG_KMEMLEAK
256	bool "Kernel memory leak detector"
257	depends on DEBUG_KERNEL && HAVE_DEBUG_KMEMLEAK
258	select DEBUG_FS
259	select STACKTRACE if STACKTRACE_SUPPORT
260	select KALLSYMS
261	select CRC32
262	select STACKDEPOT
263	select STACKDEPOT_ALWAYS_INIT if !DEBUG_KMEMLEAK_DEFAULT_OFF
264	help
265	  Say Y here if you want to enable the memory leak
266	  detector. The memory allocation/freeing is traced in a way
267	  similar to the Boehm's conservative garbage collector, the
268	  difference being that the orphan objects are not freed but
269	  only shown in /sys/kernel/debug/kmemleak. Enabling this
270	  feature will introduce an overhead to memory
271	  allocations. See Documentation/dev-tools/kmemleak.rst for more
272	  details.
273
274	  Enabling SLUB_DEBUG may increase the chances of finding leaks
275	  due to the slab objects poisoning.
276
277	  In order to access the kmemleak file, debugfs needs to be
278	  mounted (usually at /sys/kernel/debug).
279
280config DEBUG_KMEMLEAK_MEM_POOL_SIZE
281	int "Kmemleak memory pool size"
282	depends on DEBUG_KMEMLEAK
283	range 200 1000000
284	default 16000
285	help
286	  Kmemleak must track all the memory allocations to avoid
287	  reporting false positives. Since memory may be allocated or
288	  freed before kmemleak is fully initialised, use a static pool
289	  of metadata objects to track such callbacks. After kmemleak is
290	  fully initialised, this memory pool acts as an emergency one
291	  if slab allocations fail.
292
293config DEBUG_KMEMLEAK_DEFAULT_OFF
294	bool "Default kmemleak to off"
295	depends on DEBUG_KMEMLEAK
296	help
297	  Say Y here to disable kmemleak by default. It can then be enabled
298	  on the command line via kmemleak=on.
299
300config DEBUG_KMEMLEAK_AUTO_SCAN
301	bool "Enable kmemleak auto scan thread on boot up"
302	default y
303	depends on DEBUG_KMEMLEAK
304	help
305	  Depending on the cpu, kmemleak scan may be cpu intensive and can
306	  stall user tasks at times. This option enables/disables automatic
307	  kmemleak scan at boot up.
308
309	  Say N here to disable kmemleak auto scan thread to stop automatic
310	  scanning. Disabling this option disables automatic reporting of
311	  memory leaks.
312
313	  If unsure, say Y.
314
315config PER_VMA_LOCK_STATS
316	bool "Statistics for per-vma locks"
317	depends on PER_VMA_LOCK
318	help
319	  Say Y here to enable success, retry and failure counters of page
320	  faults handled under protection of per-vma locks. When enabled, the
321	  counters are exposed in /proc/vmstat. This information is useful for
322	  kernel developers to evaluate effectiveness of per-vma locks and to
323	  identify pathological cases. Counting these events introduces a small
324	  overhead in the page fault path.
325
326	  If in doubt, say N.
327