mirror of git://git.yoctoproject.org/linux-yocto.git synced 2025-10-22 15:03:53 +02:00

Go to file

Marco Elver cc0a0f9855 kfence: introduce burst mode Introduce burst mode, which can be configured with kfence.burst=$count, where the burst count denotes the additional successive slab allocations to be allocated through KFENCE for each sample interval. The idea is that this can give developers an additional knob to make KFENCE more aggressive when debugging specific issues of systems where either rebooting or recompiling the kernel with KASAN is not possible. Experiment: To assess the effectiveness of the new option, we randomly picked a recent out-of-bounds [1] and use-after-free bug [2], each with a reproducer provided by syzbot, that initially detected these bugs with KASAN. We then tried to reproduce the bugs with KFENCE below. [1] Fixed by: `7c55b78818` ("jfs: xattr: fix buffer overflow for invalid xattr") https://syzkaller.appspot.com/bug?id=9d1b59d4718239da6f6069d3891863c25f9f24a2 [2] Fixed by: `f8ad00f3fb` ("l2tp: fix possible UAF when cleaning up tunnels") https://syzkaller.appspot.com/bug?id=4f34adc84f4a3b080187c390eeef60611fd450e1 The following KFENCE configs were compared. A pool size of 1023 objects was used for all configurations. Baseline kfence.sample_interval=100 kfence.skip_covered_thresh=75 kfence.burst=0 Aggressive kfence.sample_interval=1 kfence.skip_covered_thresh=10 kfence.burst=0 AggressiveBurst kfence.sample_interval=1 kfence.skip_covered_thresh=10 kfence.burst=1000 Each reproducer was run 10 times (after a fresh reboot), with the following detection counts for each KFENCE config: \| Detection Count out of 10 \| \| OOB [1] \| UAF [2] \| ------------------+-------------+-------------+ Default \| 0/10 \| 0/10 \| Aggressive \| 0/10 \| 0/10 \| AggressiveBurst \| 8/10 \| 8/10 \| With the Default and even the Aggressive configs the results are unsurprising, given KFENCE has not been designed for deterministic bug detection of small test cases. However, when enabling burst mode with relatively large burst count, KFENCE can start to detect heap memory-safety bugs even in simpler test cases with high probability (in the above cases with ~80% probability). Link: https://lkml.kernel.org/r/20240805124203.2692278-1-elver@google.com Signed-off-by: Marco Elver <elver@google.com> Reviewed-by: Alexander Potapenko <glider@google.com> Cc: Andrey Konovalov <andreyknvl@gmail.com> Cc: Dmitry Vyukov <dvyukov@google.com> Cc: Jann Horn <jannh@google.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org>		2024-09-01 20:26:03 -07:00
arch	s390/mm/fault: convert do_secure_storage_access() from follow_page() to folio_walk	2024-09-01 20:26:01 -07:00
block	block: fix detection of unsupported WRITE SAME in blkdev_issue_write_zeroes	2024-08-28 08:49:25 -06:00
certs	kbuild: use $(src) instead of $(srctree)/$(src) for source directory	2024-05-10 04:34:52 +09:00
crypto	crypto: testmgr - generate power-of-2 lengths more often	2024-07-13 11:50:28 +12:00
Documentation	kfence: introduce burst mode	2024-09-01 20:26:03 -07:00
drivers	mm: kvmalloc: align kvrealloc() with krealloc()	2024-09-01 20:25:44 -07:00
fs	mm/hugetlb: remove hugetlb_follow_page_mask() leftover	2024-09-01 20:25:57 -07:00
include	kfence: introduce burst mode	2024-09-01 20:26:03 -07:00
init	mm: fix typo in Kconfig	2024-09-01 20:25:45 -07:00
io_uring	io_uring/kbuf: return correct iovec count from classic buffer peek	2024-08-30 10:45:54 -06:00
ipc	sysctl: treewide: constify the ctl_table argument of proc_handlers	2024-07-24 20:59:29 +02:00
kernel	mm: create promo_wmark_pages and clean up open-coded sites	2024-09-01 20:25:58 -07:00
lib	lib: test_hmm: use min() to improve dmirror_exclusive()	2024-09-01 20:25:52 -07:00
LICENSES
mm	kfence: introduce burst mode	2024-09-01 20:26:03 -07:00
net	Including fixes from bluetooth, wireless and netfilter.	2024-08-30 06:14:39 +12:00
rust	Rust fixes for v6.11	2024-08-16 11:24:06 -07:00
samples	kmemleak-test: add percpu leak	2024-09-01 20:25:50 -07:00
scripts	net: drop special comment style	2024-08-23 10:21:02 +01:00
security	Merge branch 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging	2024-09-01 09:18:48 +12:00
sound	sound fixes for 6.11-rc6	2024-08-28 06:24:22 +12:00
tools	tools: add skeleton code for userland testing of VMA logic	2024-09-01 20:25:55 -07:00
usr	initramfs: shorten cmd_initfs in usr/Makefile	2024-07-16 01:07:52 +09:00
virt	KVM: x86: Disallow read-only memslots for SEV-ES and SEV-SNP (and TDX)	2024-08-14 12:28:24 -04:00
.clang-format	Docs: Move clang-format from process/ to dev-tools/	2024-06-26 16:36:00 -06:00
.cocciconfig
.editorconfig	.editorconfig: remove trim_trailing_whitespace option	2024-06-13 16:47:52 +02:00
.get_maintainer.ignore	Add Jeff Kirsher to .get_maintainer.ignore	2024-03-08 11:36:54 +00:00
.gitattributes	.gitattributes: set diff driver for Rust source code files	2023-05-31 17:48:25 +02:00
.gitignore	kbuild: add script and target to generate pacman package	2024-07-22 01:24:22 +09:00
.mailmap	ARM: SoC fixes for 6.11, part 2	2024-09-01 06:42:13 +12:00
.rustfmt.toml
COPYING
CREDITS	tracing: Update of MAINTAINERS and CREDITS file	2024-07-18 14:08:42 -07:00
Kbuild
Kconfig
MAINTAINERS	tools: add skeleton code for userland testing of VMA logic	2024-09-01 20:25:55 -07:00
Makefile	Linux 6.11-rc6	2024-09-01 19:46:02 +12:00
README	README: Fix spelling	2024-03-18 03:36:32 -06:00

README

Linux kernel

There are several guides for kernel developers and users. These guides can be rendered in a number of formats, like HTML and PDF. Please read Documentation/admin-guide/README.rst first.

In order to build the documentation, use make htmldocs or make pdfdocs. The formatted documentation can also be read online at:

https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory, several of them using the reStructuredText markup notation.

Please read the Documentation/process/changes.rst file, as it contains the requirements for building and running the kernel, and information about the problems which may result by upgrading your kernel.