From d2521bc8979099598393629384b2b451f3a04587 Mon Sep 17 00:00:00 2001 From: Alexander Potapenko Date: Tue, 13 Apr 2021 16:22:45 +0200 Subject: [PATCH] ANDROID: gki_defconfig: reduce KFENCE pool size CONFIG_KFENCE_NUM_OBJECTS controls the constant memory overhead that KFENCE introduces for its memory pool. By default it is 255 objects (2Mb extra memory), but since concerns have been raised that low-memory devices may not afford that, we are lowering the number of objects to 63 (512Kb extra memory). So far we haven't seen Android devices allocate more than 50 KFENCE objects. Should the kernel exhaust the pool, KFENCE will stop allocating new objects and fall back to SLAB/SLUB until one of the objects is freed. An immediate consequence of reducing the pool size is that a freed KFENCE object will be reused 4x times faster, effectively reducing the probability of detecting a use-after-free. Since KFENCE is a best-effort error detection tool, not a use-after-free mitigation mechanism, we believe this should not be problematic. Bug: 181822795 Test: run KFENCE on an Android device Signed-off-by: Alexander Potapenko Change-Id: I88fca80eea8b382115de03dbb104fd305b35476f --- arch/arm64/configs/gki_defconfig | 1 + arch/x86/configs/gki_defconfig | 1 + 2 files changed, 2 insertions(+) diff --git a/arch/arm64/configs/gki_defconfig b/arch/arm64/configs/gki_defconfig index 1112c1e2e8d1..021b8f1bd163 100644 --- a/arch/arm64/configs/gki_defconfig +++ b/arch/arm64/configs/gki_defconfig @@ -642,6 +642,7 @@ CONFIG_KASAN=y CONFIG_KASAN_HW_TAGS=y CONFIG_KFENCE=y CONFIG_KFENCE_SAMPLE_INTERVAL=500 +CONFIG_KFENCE_NUM_OBJECTS=63 CONFIG_PANIC_ON_OOPS=y CONFIG_PANIC_TIMEOUT=-1 CONFIG_DETECT_HUNG_TASK=y diff --git a/arch/x86/configs/gki_defconfig b/arch/x86/configs/gki_defconfig index ac0290e18e68..28158f8d67f6 100644 --- a/arch/x86/configs/gki_defconfig +++ b/arch/x86/configs/gki_defconfig @@ -582,6 +582,7 @@ CONFIG_DEBUG_STACK_USAGE=y CONFIG_DEBUG_MEMORY_INIT=y CONFIG_KFENCE=y CONFIG_KFENCE_SAMPLE_INTERVAL=500 +CONFIG_KFENCE_NUM_OBJECTS=63 CONFIG_PANIC_ON_OOPS=y CONFIG_PANIC_TIMEOUT=-1 CONFIG_DETECT_HUNG_TASK=y