| # SPDX-License-Identifier: GPL-2.0-only |
| config PAGE_EXTENSION |
| bool "Extend memmap on extra space for more information on page" |
| help |
| Extend memmap on extra space for more information on page. This |
| could be used for debugging features that need to insert extra |
| field for every page. This extension enables us to save memory |
| by not allocating this extra memory according to boottime |
| configuration. |
| |
| config DEBUG_PAGEALLOC |
| bool "Debug page memory allocations" |
| depends on DEBUG_KERNEL |
| depends on !HIBERNATION || ARCH_SUPPORTS_DEBUG_PAGEALLOC && !PPC && !SPARC |
| select PAGE_POISONING if !ARCH_SUPPORTS_DEBUG_PAGEALLOC |
| help |
| Unmap pages from the kernel linear mapping after free_pages(). |
| Depending on runtime enablement, this results in a small or large |
| slowdown, but helps to find certain types of memory corruption. |
| |
| Also, the state of page tracking structures is checked more often as |
| pages are being allocated and freed, as unexpected state changes |
| often happen for same reasons as memory corruption (e.g. double free, |
| use-after-free). The error reports for these checks can be augmented |
| with stack traces of last allocation and freeing of the page, when |
| PAGE_OWNER is also selected and enabled on boot. |
| |
| For architectures which don't enable ARCH_SUPPORTS_DEBUG_PAGEALLOC, |
| fill the pages with poison patterns after free_pages() and verify |
| the patterns before alloc_pages(). Additionally, this option cannot |
| be enabled in combination with hibernation as that would result in |
| incorrect warnings of memory corruption after a resume because free |
| pages are not saved to the suspend image. |
| |
| By default this option will have a small overhead, e.g. by not |
| allowing the kernel mapping to be backed by large pages on some |
| architectures. Even bigger overhead comes when the debugging is |
| enabled by DEBUG_PAGEALLOC_ENABLE_DEFAULT or the debug_pagealloc |
| command line parameter. |
| |
| config DEBUG_PAGEALLOC_ENABLE_DEFAULT |
| bool "Enable debug page memory allocations by default?" |
| depends on DEBUG_PAGEALLOC |
| help |
| Enable debug page memory allocations by default? This value |
| can be overridden by debug_pagealloc=off|on. |
| |
| config DEBUG_SLAB |
| bool "Debug slab memory allocations" |
| depends on DEBUG_KERNEL && SLAB |
| help |
| Say Y here to have the kernel do limited verification on memory |
| allocation as well as poisoning memory on free to catch use of freed |
| memory. This can make kmalloc/kfree-intensive workloads much slower. |
| |
| config SLUB_DEBUG |
| default y |
| bool "Enable SLUB debugging support" if EXPERT |
| depends on SLUB && SYSFS |
| select STACKDEPOT if STACKTRACE_SUPPORT |
| help |
| SLUB has extensive debug support features. Disabling these can |
| result in significant savings in code size. This also disables |
| SLUB sysfs support. /sys/slab will not exist and there will be |
| no support for cache validation etc. |
| |
| config SLUB_DEBUG_ON |
| bool "SLUB debugging on by default" |
| depends on SLUB && SLUB_DEBUG |
| select STACKDEPOT_ALWAYS_INIT if STACKTRACE_SUPPORT |
| default n |
| help |
| Boot with debugging on by default. SLUB boots by default with |
| the runtime debug capabilities switched off. Enabling this is |
| equivalent to specifying the "slub_debug" parameter on boot. |
| There is no support for more fine grained debug control like |
| possible with slub_debug=xxx. SLUB debugging may be switched |
| off in a kernel built with CONFIG_SLUB_DEBUG_ON by specifying |
| "slub_debug=-". |
| |
| config PAGE_OWNER |
| bool "Track page owner" |
| depends on DEBUG_KERNEL && STACKTRACE_SUPPORT |
| select DEBUG_FS |
| select STACKTRACE |
| select STACKDEPOT |
| select PAGE_EXTENSION |
| help |
| This keeps track of what call chain is the owner of a page, may |
| help to find bare alloc_page(s) leaks. Even if you include this |
| feature on your build, it is disabled in default. You should pass |
| "page_owner=on" to boot parameter in order to enable it. Eats |
| a fair amount of memory if enabled. See tools/vm/page_owner_sort.c |
| for user-space helper. |
| |
| If unsure, say N. |
| |
| config PAGE_TABLE_CHECK |
| bool "Check for invalid mappings in user page tables" |
| depends on ARCH_SUPPORTS_PAGE_TABLE_CHECK |
| depends on EXCLUSIVE_SYSTEM_RAM |
| select PAGE_EXTENSION |
| help |
| Check that anonymous page is not being mapped twice with read write |
| permissions. Check that anonymous and file pages are not being |
| erroneously shared. Since the checking is performed at the time |
| entries are added and removed to user page tables, leaking, corruption |
| and double mapping problems are detected synchronously. |
| |
| If unsure say "n". |
| |
| config PAGE_TABLE_CHECK_ENFORCED |
| bool "Enforce the page table checking by default" |
| depends on PAGE_TABLE_CHECK |
| help |
| Always enable page table checking. By default the page table checking |
| is disabled, and can be optionally enabled via page_table_check=on |
| kernel parameter. This config enforces that page table check is always |
| enabled. |
| |
| If unsure say "n". |
| |
| config PAGE_POISONING |
| bool "Poison pages after freeing" |
| help |
| Fill the pages with poison patterns after free_pages() and verify |
| the patterns before alloc_pages. The filling of the memory helps |
| reduce the risk of information leaks from freed data. This does |
| have a potential performance impact if enabled with the |
| "page_poison=1" kernel boot option. |
| |
| Note that "poison" here is not the same thing as the "HWPoison" |
| for CONFIG_MEMORY_FAILURE. This is software poisoning only. |
| |
| If you are only interested in sanitization of freed pages without |
| checking the poison pattern on alloc, you can boot the kernel with |
| "init_on_free=1" instead of enabling this. |
| |
| If unsure, say N |
| |
| config DEBUG_PAGE_REF |
| bool "Enable tracepoint to track down page reference manipulation" |
| depends on DEBUG_KERNEL |
| depends on TRACEPOINTS |
| help |
| This is a feature to add tracepoint for tracking down page reference |
| manipulation. This tracking is useful to diagnose functional failure |
| due to migration failures caused by page reference mismatches. Be |
| careful when enabling this feature because it adds about 30 KB to the |
| kernel code. However the runtime performance overhead is virtually |
| nil until the tracepoints are actually enabled. |
| |
| config DEBUG_RODATA_TEST |
| bool "Testcase for the marking rodata read-only" |
| depends on STRICT_KERNEL_RWX |
| help |
| This option enables a testcase for the setting rodata read-only. |
| |
| config ARCH_HAS_DEBUG_WX |
| bool |
| |
| config DEBUG_WX |
| bool "Warn on W+X mappings at boot" |
| depends on ARCH_HAS_DEBUG_WX |
| depends on MMU |
| select PTDUMP_CORE |
| help |
| Generate a warning if any W+X mappings are found at boot. |
| |
| This is useful for discovering cases where the kernel is leaving W+X |
| mappings after applying NX, as such mappings are a security risk. |
| |
| Look for a message in dmesg output like this: |
| |
| <arch>/mm: Checked W+X mappings: passed, no W+X pages found. |
| |
| or like this, if the check failed: |
| |
| <arch>/mm: Checked W+X mappings: failed, <N> W+X pages found. |
| |
| Note that even if the check fails, your kernel is possibly |
| still fine, as W+X mappings are not a security hole in |
| themselves, what they do is that they make the exploitation |
| of other unfixed kernel bugs easier. |
| |
| There is no runtime or memory usage effect of this option |
| once the kernel has booted up - it's a one time check. |
| |
| If in doubt, say "Y". |
| |
| config GENERIC_PTDUMP |
| bool |
| |
| config PTDUMP_CORE |
| bool |
| |
| config PTDUMP_DEBUGFS |
| bool "Export kernel pagetable layout to userspace via debugfs" |
| depends on DEBUG_KERNEL |
| depends on DEBUG_FS |
| depends on GENERIC_PTDUMP |
| select PTDUMP_CORE |
| help |
| Say Y here if you want to show the kernel pagetable layout in a |
| debugfs file. This information is only useful for kernel developers |
| who are working in architecture specific areas of the kernel. |
| It is probably not a good idea to enable this feature in a production |
| kernel. |
| |
| If in doubt, say N. |