From 6405f4f64dbf1523fa450e156ea69f527adb44b6 Mon Sep 17 00:00:00 2001 From: Alexander Potapenko Date: Tue, 13 Apr 2021 16:22:45 +0200 Subject: [PATCH] ANDROID: gki_defconfig: reduce KFENCE pool size CONFIG_KFENCE_NUM_OBJECTS controls the constant memory overhead that KFENCE introduces for its memory pool. By default it is 255 objects (2Mb extra memory), but since concerns have been raised that low-memory devices may not afford that, we are lowering the number of objects to 63 (512Kb extra memory). So far we haven't seen Android devices allocate more than 50 KFENCE objects. Should the kernel exhaust the pool, KFENCE will stop allocating new objects and fall back to SLAB/SLUB until one of the objects is freed. An immediate consequence of reducing the pool size is that a freed KFENCE object will be reused 4x times faster, effectively reducing the probability of detecting a use-after-free. Since KFENCE is a best-effort error detection tool, not a use-after-free mitigation mechanism, we believe this should not be problematic. Bug: 181822795 Test: run KFENCE on an Android device Signed-off-by: Alexander Potapenko Change-Id: I88fca80eea8b382115de03dbb104fd305b35476f --- arch/arm64/configs/gki_defconfig | 1 + arch/x86/configs/gki_defconfig | 1 + 2 files changed, 2 insertions(+) diff --git a/arch/arm64/configs/gki_defconfig b/arch/arm64/configs/gki_defconfig index bf7432c635ee..1744a38b1d41 100644 --- a/arch/arm64/configs/gki_defconfig +++ b/arch/arm64/configs/gki_defconfig @@ -629,6 +629,7 @@ CONFIG_KASAN=y CONFIG_KASAN_HW_TAGS=y CONFIG_KFENCE=y CONFIG_KFENCE_SAMPLE_INTERVAL=500 +CONFIG_KFENCE_NUM_OBJECTS=63 CONFIG_PANIC_ON_OOPS=y CONFIG_PANIC_TIMEOUT=-1 CONFIG_SOFTLOCKUP_DETECTOR=y diff --git a/arch/x86/configs/gki_defconfig b/arch/x86/configs/gki_defconfig index 09089c32a2ec..07ed6fd669ba 100644 --- a/arch/x86/configs/gki_defconfig +++ b/arch/x86/configs/gki_defconfig @@ -569,6 +569,7 @@ CONFIG_DEBUG_STACK_USAGE=y CONFIG_DEBUG_MEMORY_INIT=y CONFIG_KFENCE=y CONFIG_KFENCE_SAMPLE_INTERVAL=500 +CONFIG_KFENCE_NUM_OBJECTS=63 CONFIG_PANIC_ON_OOPS=y CONFIG_PANIC_TIMEOUT=-1 CONFIG_SOFTLOCKUP_DETECTOR=y