[PATCH v7 0/9] KFENCE: A low-overhead sampling-based memory safety error detector
Andrew Morton
akpm at linux-foundation.org
Tue Nov 3 19:31:03 EST 2020
On Tue, 3 Nov 2020 18:58:32 +0100 Marco Elver <elver at google.com> wrote:
> This adds the Kernel Electric-Fence (KFENCE) infrastructure. KFENCE is a
> low-overhead sampling-based memory safety error detector of heap
> use-after-free, invalid-free, and out-of-bounds access errors. This
> series enables KFENCE for the x86 and arm64 architectures, and adds
> KFENCE hooks to the SLAB and SLUB allocators.
>
> KFENCE is designed to be enabled in production kernels, and has near
> zero performance overhead. Compared to KASAN, KFENCE trades performance
> for precision. The main motivation behind KFENCE's design, is that with
> enough total uptime KFENCE will detect bugs in code paths not typically
> exercised by non-production test workloads. One way to quickly achieve a
> large enough total uptime is when the tool is deployed across a large
> fleet of machines.
Has kfence detected any kernel bugs yet? What is its track record?
Will a kfence merge permit us to remove some other memory debugging
subsystem? We seem to have rather a lot of them.
More information about the linux-arm-kernel
mailing list