1# SPDX-License-Identifier: GPL-2.0-only
2config PAGE_EXTENSION
3	bool "Extend memmap on extra space for more information on page"
4	help
5	  Extend memmap on extra space for more information on page. This
6	  could be used for debugging features that need to insert extra
7	  field for every page. This extension enables us to save memory
8	  by not allocating this extra memory according to boottime
9	  configuration.
10
11config DEBUG_PAGEALLOC
12	bool "Debug page memory allocations"
13	depends on DEBUG_KERNEL
14	depends on !HIBERNATION || ARCH_SUPPORTS_DEBUG_PAGEALLOC && !PPC && !SPARC
15	select PAGE_POISONING if !ARCH_SUPPORTS_DEBUG_PAGEALLOC
16	help
17	  Unmap pages from the kernel linear mapping after free_pages().
18	  Depending on runtime enablement, this results in a small or large
19	  slowdown, but helps to find certain types of memory corruption.
20
21	  Also, the state of page tracking structures is checked more often as
22	  pages are being allocated and freed, as unexpected state changes
23	  often happen for same reasons as memory corruption (e.g. double free,
24	  use-after-free). The error reports for these checks can be augmented
25	  with stack traces of last allocation and freeing of the page, when
26	  PAGE_OWNER is also selected and enabled on boot.
27
28	  For architectures which don't enable ARCH_SUPPORTS_DEBUG_PAGEALLOC,
29	  fill the pages with poison patterns after free_pages() and verify
30	  the patterns before alloc_pages(). Additionally, this option cannot
31	  be enabled in combination with hibernation as that would result in
32	  incorrect warnings of memory corruption after a resume because free
33	  pages are not saved to the suspend image.
34
35	  By default this option will have a small overhead, e.g. by not
36	  allowing the kernel mapping to be backed by large pages on some
37	  architectures. Even bigger overhead comes when the debugging is
38	  enabled by DEBUG_PAGEALLOC_ENABLE_DEFAULT or the debug_pagealloc
39	  command line parameter.
40
41config DEBUG_PAGEALLOC_ENABLE_DEFAULT
42	bool "Enable debug page memory allocations by default?"
43	depends on DEBUG_PAGEALLOC
44	help
45	  Enable debug page memory allocations by default? This value
46	  can be overridden by debug_pagealloc=off|on.
47
48config DEBUG_SLAB
49	bool "Debug slab memory allocations"
50	depends on DEBUG_KERNEL && SLAB
51	help
52	  Say Y here to have the kernel do limited verification on memory
53	  allocation as well as poisoning memory on free to catch use of freed
54	  memory. This can make kmalloc/kfree-intensive workloads much slower.
55
56config SLUB_DEBUG
57	default y
58	bool "Enable SLUB debugging support" if EXPERT
59	depends on SLUB && SYSFS && !SLUB_TINY
60	select STACKDEPOT if STACKTRACE_SUPPORT
61	help
62	  SLUB has extensive debug support features. Disabling these can
63	  result in significant savings in code size. While /sys/kernel/slab
64	  will still exist (with SYSFS enabled), it will not provide e.g. cache
65	  validation.
66
67config SLUB_DEBUG_ON
68	bool "SLUB debugging on by default"
69	depends on SLUB && SLUB_DEBUG
70	select STACKDEPOT_ALWAYS_INIT if STACKTRACE_SUPPORT
71	default n
72	help
73	  Boot with debugging on by default. SLUB boots by default with
74	  the runtime debug capabilities switched off. Enabling this is
75	  equivalent to specifying the "slub_debug" parameter on boot.
76	  There is no support for more fine grained debug control like
77	  possible with slub_debug=xxx. SLUB debugging may be switched
78	  off in a kernel built with CONFIG_SLUB_DEBUG_ON by specifying
79	  "slub_debug=-".
80
81config PAGE_OWNER
82	bool "Track page owner"
83	depends on DEBUG_KERNEL && STACKTRACE_SUPPORT
84	select DEBUG_FS
85	select STACKTRACE
86	select STACKDEPOT
87	select PAGE_EXTENSION
88	help
89	  This keeps track of what call chain is the owner of a page, may
90	  help to find bare alloc_page(s) leaks. Even if you include this
91	  feature on your build, it is disabled in default. You should pass
92	  "page_owner=on" to boot parameter in order to enable it. Eats
93	  a fair amount of memory if enabled. See tools/mm/page_owner_sort.c
94	  for user-space helper.
95
96	  If unsure, say N.
97
98config PAGE_TABLE_CHECK
99	bool "Check for invalid mappings in user page tables"
100	depends on ARCH_SUPPORTS_PAGE_TABLE_CHECK
101	depends on EXCLUSIVE_SYSTEM_RAM
102	select PAGE_EXTENSION
103	help
104	  Check that anonymous page is not being mapped twice with read write
105	  permissions. Check that anonymous and file pages are not being
106	  erroneously shared. Since the checking is performed at the time
107	  entries are added and removed to user page tables, leaking, corruption
108	  and double mapping problems are detected synchronously.
109
110	  If unsure say "n".
111
112config PAGE_TABLE_CHECK_ENFORCED
113	bool "Enforce the page table checking by default"
114	depends on PAGE_TABLE_CHECK
115	help
116	  Always enable page table checking.  By default the page table checking
117	  is disabled, and can be optionally enabled via page_table_check=on
118	  kernel parameter. This config enforces that page table check is always
119	  enabled.
120
121	  If unsure say "n".
122
123config PAGE_POISONING
124	bool "Poison pages after freeing"
125	help
126	  Fill the pages with poison patterns after free_pages() and verify
127	  the patterns before alloc_pages. The filling of the memory helps
128	  reduce the risk of information leaks from freed data. This does
129	  have a potential performance impact if enabled with the
130	  "page_poison=1" kernel boot option.
131
132	  Note that "poison" here is not the same thing as the "HWPoison"
133	  for CONFIG_MEMORY_FAILURE. This is software poisoning only.
134
135	  If you are only interested in sanitization of freed pages without
136	  checking the poison pattern on alloc, you can boot the kernel with
137	  "init_on_free=1" instead of enabling this.
138
139	  If unsure, say N
140
141config DEBUG_PAGE_REF
142	bool "Enable tracepoint to track down page reference manipulation"
143	depends on DEBUG_KERNEL
144	depends on TRACEPOINTS
145	help
146	  This is a feature to add tracepoint for tracking down page reference
147	  manipulation. This tracking is useful to diagnose functional failure
148	  due to migration failures caused by page reference mismatches.  Be
149	  careful when enabling this feature because it adds about 30 KB to the
150	  kernel code.  However the runtime performance overhead is virtually
151	  nil until the tracepoints are actually enabled.
152
153config DEBUG_RODATA_TEST
154    bool "Testcase for the marking rodata read-only"
155    depends on STRICT_KERNEL_RWX
156	help
157      This option enables a testcase for the setting rodata read-only.
158
159config ARCH_HAS_DEBUG_WX
160	bool
161
162config DEBUG_WX
163	bool "Warn on W+X mappings at boot"
164	depends on ARCH_HAS_DEBUG_WX
165	depends on MMU
166	select PTDUMP_CORE
167	help
168	  Generate a warning if any W+X mappings are found at boot.
169
170	  This is useful for discovering cases where the kernel is leaving W+X
171	  mappings after applying NX, as such mappings are a security risk.
172
173	  Look for a message in dmesg output like this:
174
175	    <arch>/mm: Checked W+X mappings: passed, no W+X pages found.
176
177	  or like this, if the check failed:
178
179	    <arch>/mm: Checked W+X mappings: failed, <N> W+X pages found.
180
181	  Note that even if the check fails, your kernel is possibly
182	  still fine, as W+X mappings are not a security hole in
183	  themselves, what they do is that they make the exploitation
184	  of other unfixed kernel bugs easier.
185
186	  There is no runtime or memory usage effect of this option
187	  once the kernel has booted up - it's a one time check.
188
189	  If in doubt, say "Y".
190
191config GENERIC_PTDUMP
192	bool
193
194config PTDUMP_CORE
195	bool
196
197config PTDUMP_DEBUGFS
198	bool "Export kernel pagetable layout to userspace via debugfs"
199	depends on DEBUG_KERNEL
200	depends on DEBUG_FS
201	depends on GENERIC_PTDUMP
202	select PTDUMP_CORE
203	help
204	  Say Y here if you want to show the kernel pagetable layout in a
205	  debugfs file. This information is only useful for kernel developers
206	  who are working in architecture specific areas of the kernel.
207	  It is probably not a good idea to enable this feature in a production
208	  kernel.
209
210	  If in doubt, say N.
211
212config HAVE_DEBUG_KMEMLEAK
213	bool
214
215config DEBUG_KMEMLEAK
216	bool "Kernel memory leak detector"
217	depends on DEBUG_KERNEL && HAVE_DEBUG_KMEMLEAK
218	select DEBUG_FS
219	select STACKTRACE if STACKTRACE_SUPPORT
220	select KALLSYMS
221	select CRC32
222	select STACKDEPOT
223	select STACKDEPOT_ALWAYS_INIT if !DEBUG_KMEMLEAK_DEFAULT_OFF
224	help
225	  Say Y here if you want to enable the memory leak
226	  detector. The memory allocation/freeing is traced in a way
227	  similar to the Boehm's conservative garbage collector, the
228	  difference being that the orphan objects are not freed but
229	  only shown in /sys/kernel/debug/kmemleak. Enabling this
230	  feature will introduce an overhead to memory
231	  allocations. See Documentation/dev-tools/kmemleak.rst for more
232	  details.
233
234	  Enabling DEBUG_SLAB or SLUB_DEBUG may increase the chances
235	  of finding leaks due to the slab objects poisoning.
236
237	  In order to access the kmemleak file, debugfs needs to be
238	  mounted (usually at /sys/kernel/debug).
239
240config DEBUG_KMEMLEAK_MEM_POOL_SIZE
241	int "Kmemleak memory pool size"
242	depends on DEBUG_KMEMLEAK
243	range 200 1000000
244	default 16000
245	help
246	  Kmemleak must track all the memory allocations to avoid
247	  reporting false positives. Since memory may be allocated or
248	  freed before kmemleak is fully initialised, use a static pool
249	  of metadata objects to track such callbacks. After kmemleak is
250	  fully initialised, this memory pool acts as an emergency one
251	  if slab allocations fail.
252
253config DEBUG_KMEMLEAK_DEFAULT_OFF
254	bool "Default kmemleak to off"
255	depends on DEBUG_KMEMLEAK
256	help
257	  Say Y here to disable kmemleak by default. It can then be enabled
258	  on the command line via kmemleak=on.
259
260config DEBUG_KMEMLEAK_AUTO_SCAN
261	bool "Enable kmemleak auto scan thread on boot up"
262	default y
263	depends on DEBUG_KMEMLEAK
264	help
265	  Depending on the cpu, kmemleak scan may be cpu intensive and can
266	  stall user tasks at times. This option enables/disables automatic
267	  kmemleak scan at boot up.
268
269	  Say N here to disable kmemleak auto scan thread to stop automatic
270	  scanning. Disabling this option disables automatic reporting of
271	  memory leaks.
272
273	  If unsure, say Y.
274
275config PER_VMA_LOCK_STATS
276	bool "Statistics for per-vma locks"
277	depends on PER_VMA_LOCK
278	help
279	  Say Y here to enable success, retry and failure counters of page
280	  faults handled under protection of per-vma locks. When enabled, the
281	  counters are exposed in /proc/vmstat. This information is useful for
282	  kernel developers to evaluate effectiveness of per-vma locks and to
283	  identify pathological cases. Counting these events introduces a small
284	  overhead in the page fault path.
285
286	  If in doubt, say N.
287