€•
      Œsphinx.addnodes”Œdocument”“”)”}”(Œ	rawsource”Œ ”Œchildren”]”(Œtranslations”ŒLanguagesNode”“”)”}”(hhh]”(h Œpending_xref”“”)”}”(hhh]”Œdocutils.nodes”ŒText”“”ŒChinese (Simplified)”…””}”Œparent”hsbaŒ
attributes”}”(Œids”]”Œclasses”]”Œnames”]”Œdupnames”]”Œbackrefs”]”Œ	refdomain”Œstd”Œreftype”Œdoc”Œ	reftarget”Œ$/translations/zh_CN/dev-tools/kfence”Œmodname”NŒ	classname”NŒrefexplicit”ˆuŒtagname”hhhubh)”}”(hhh]”hŒChinese (Traditional)”…””}”hh2sbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ$/translations/zh_TW/dev-tools/kfence”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒItalian”…””}”hhFsbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ$/translations/it_IT/dev-tools/kfence”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒJapanese”…””}”hhZsbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ$/translations/ja_JP/dev-tools/kfence”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒKorean”…””}”hhnsbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ$/translations/ko_KR/dev-tools/kfence”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒPortuguese (Brazilian)”…””}”hh‚sbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ$/translations/pt_BR/dev-tools/kfence”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒSpanish”…””}”hh–sbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ$/translations/sp_SP/dev-tools/kfence”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubeh}”(h]”h ]”h"]”h$]”h&]”Œcurrent_language”ŒEnglish”uh1h
hhŒ	_document”hŒsource”NŒline”NubhŒcomment”“”)”}”(hŒ SPDX-License-Identifier: GPL-2.0”h]”hŒ SPDX-License-Identifier: GPL-2.0”…””}”hh·sbah}”(h]”h ]”h"]”h$]”h&]”Œ	xml:space”Œpreserve”uh1hµhhh²hh³Œ>/var/lib/git/docbuild/linux/Documentation/dev-tools/kfence.rst”h´Kubh¶)”}”(hŒCopyright (C) 2020, Google LLC.”h]”hŒCopyright (C) 2020, Google LLC.”…””}”hhÈsbah}”(h]”h ]”h"]”h$]”h&]”hÅhÆuh1hµhhh²hh³hÇh´KubhŒsection”“”)”}”(hhh]”(hŒtitle”“”)”}”(hŒKernel Electric-Fence (KFENCE)”h]”hŒKernel Electric-Fence (KFENCE)”…””}”(hhÝh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÛhhØh²hh³hÇh´KubhŒ	paragraph”“”)”}”(hŒ°Kernel Electric-Fence (KFENCE) is a low-overhead sampling-based memory safety
error detector. KFENCE detects heap out-of-bounds access, use-after-free, and
invalid-free errors.”h]”hŒ°Kernel Electric-Fence (KFENCE) is a low-overhead sampling-based memory safety
error detector. KFENCE detects heap out-of-bounds access, use-after-free, and
invalid-free errors.”…””}”(hhíh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hëh³hÇh´KhhØh²hubhì)”}”(hX¾  KFENCE is designed to be enabled in production kernels, and has near zero
performance overhead. Compared to KASAN, KFENCE trades performance for
precision. The main motivation behind KFENCE's design, is that with enough
total uptime KFENCE will detect bugs in code paths not typically exercised by
non-production test workloads. One way to quickly achieve a large enough total
uptime is when the tool is deployed across a large fleet of machines.”h]”hXÀ  KFENCE is designed to be enabled in production kernels, and has near zero
performance overhead. Compared to KASAN, KFENCE trades performance for
precision. The main motivation behind KFENCEâ€™s design, is that with enough
total uptime KFENCE will detect bugs in code paths not typically exercised by
non-production test workloads. One way to quickly achieve a large enough total
uptime is when the tool is deployed across a large fleet of machines.”…””}”(hhûh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hëh³hÇh´KhhØh²hubh×)”}”(hhh]”(hÜ)”}”(hŒUsage”h]”hŒUsage”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÛhj	  h²hh³hÇh´Kubhì)”}”(hŒ-To enable KFENCE, configure the kernel with::”h]”hŒ,To enable KFENCE, configure the kernel with:”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hëh³hÇh´Khj	  h²hubhŒliteral_block”“”)”}”(hŒCONFIG_KFENCE=y”h]”hŒCONFIG_KFENCE=y”…””}”hj*  sbah}”(h]”h ]”h"]”h$]”h&]”hÅhÆuh1j(  h³hÇh´Khj	  h²hubhì)”}”(hŒ™To build a kernel with KFENCE support, but disabled by default (to enable, set
``kfence.sample_interval`` to non-zero value), configure the kernel with::”h]”(hŒOTo build a kernel with KFENCE support, but disabled by default (to enable, set
”…””}”(hj8  h²hh³Nh´NubhŒliteral”“”)”}”(hŒ``kfence.sample_interval``”h]”hŒkfence.sample_interval”…””}”(hjB  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j@  hj8  ubhŒ/ to non-zero value), configure the kernel with:”…””}”(hj8  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hëh³hÇh´Khj	  h²hubj)  )”}”(hŒ/CONFIG_KFENCE=y
CONFIG_KFENCE_SAMPLE_INTERVAL=0”h]”hŒ/CONFIG_KFENCE=y
CONFIG_KFENCE_SAMPLE_INTERVAL=0”…””}”hjZ  sbah}”(h]”h ]”h"]”h$]”h&]”hÅhÆuh1j(  h³hÇh´Khj	  h²hubhì)”}”(hŒ’KFENCE provides several other configuration options to customize behaviour (see
the respective help text in ``lib/Kconfig.kfence`` for more info).”h]”(hŒlKFENCE provides several other configuration options to customize behaviour (see
the respective help text in ”…””}”(hjh  h²hh³Nh´NubjA  )”}”(hŒ``lib/Kconfig.kfence``”h]”hŒlib/Kconfig.kfence”…””}”(hjp  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j@  hjh  ubhŒ for more info).”…””}”(hjh  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hëh³hÇh´Khj	  h²hubh×)”}”(hhh]”(hÜ)”}”(hŒTuning performance”h]”hŒTuning performance”…””}”(hj‹  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÛhjˆ  h²hh³hÇh´K#ubhì)”}”(hX„  The most important parameter is KFENCE's sample interval, which can be set via
the kernel boot parameter ``kfence.sample_interval`` in milliseconds. The
sample interval determines the frequency with which heap allocations will be
guarded by KFENCE. The default is configurable via the Kconfig option
``CONFIG_KFENCE_SAMPLE_INTERVAL``. Setting ``kfence.sample_interval=0``
disables KFENCE.”h]”(hŒkThe most important parameter is KFENCEâ€™s sample interval, which can be set via
the kernel boot parameter ”…””}”(hj™  h²hh³Nh´NubjA  )”}”(hŒ``kfence.sample_interval``”h]”hŒkfence.sample_interval”…””}”(hj¡  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j@  hj™  ubhŒ© in milliseconds. The
sample interval determines the frequency with which heap allocations will be
guarded by KFENCE. The default is configurable via the Kconfig option
”…””}”(hj™  h²hh³Nh´NubjA  )”}”(hŒ!``CONFIG_KFENCE_SAMPLE_INTERVAL``”h]”hŒCONFIG_KFENCE_SAMPLE_INTERVAL”…””}”(hj³  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j@  hj™  ubhŒ
. Setting ”…””}”(hj™  h²hh³Nh´NubjA  )”}”(hŒ``kfence.sample_interval=0``”h]”hŒkfence.sample_interval=0”…””}”(hjÅ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j@  hj™  ubhŒ
disables KFENCE.”…””}”(hj™  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hëh³hÇh´K%hjˆ  h²hubhì)”}”(hX
  The sample interval controls a timer that sets up KFENCE allocations. By
default, to keep the real sample interval predictable, the normal timer also
causes CPU wake-ups when the system is completely idle. This may be undesirable
on power-constrained systems. The boot parameter ``kfence.deferrable=1``
instead switches to a "deferrable" timer which does not force CPU wake-ups on
idle systems, at the risk of unpredictable sample intervals. The default is
configurable via the Kconfig option ``CONFIG_KFENCE_DEFERRABLE``.”h]”(hX  The sample interval controls a timer that sets up KFENCE allocations. By
default, to keep the real sample interval predictable, the normal timer also
causes CPU wake-ups when the system is completely idle. This may be undesirable
on power-constrained systems. The boot parameter ”…””}”(hjÝ  h²hh³Nh´NubjA  )”}”(hŒ``kfence.deferrable=1``”h]”hŒkfence.deferrable=1”…””}”(hjå  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j@  hjÝ  ubhŒÃ
instead switches to a â€œdeferrableâ€ timer which does not force CPU wake-ups on
idle systems, at the risk of unpredictable sample intervals. The default is
configurable via the Kconfig option ”…””}”(hjÝ  h²hh³Nh´NubjA  )”}”(hŒ``CONFIG_KFENCE_DEFERRABLE``”h]”hŒCONFIG_KFENCE_DEFERRABLE”…””}”(hj÷  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j@  hjÝ  ubhŒ.”…””}”(hjÝ  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hëh³hÇh´K,hjˆ  h²hubhŒwarning”“”)”}”(hŒˆThe KUnit test suite is very likely to fail when using a deferrable timer
since it currently causes very unpredictable sample intervals.”h]”hì)”}”(hŒˆThe KUnit test suite is very likely to fail when using a deferrable timer
since it currently causes very unpredictable sample intervals.”h]”hŒˆThe KUnit test suite is very likely to fail when using a deferrable timer
since it currently causes very unpredictable sample intervals.”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hëh³hÇh´K5hj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hjˆ  h²hh³hÇh´Nubhì)”}”(hXª  By default KFENCE will only sample 1 heap allocation within each sample
interval. *Burst mode* allows to sample successive heap allocations, where the
kernel boot parameter ``kfence.burst`` can be set to a non-zero value which
denotes the *additional* successive allocations within a sample interval;
setting ``kfence.burst=N`` means that ``1 + N`` successive allocations are
attempted through KFENCE for each sample interval.”h]”(hŒRBy default KFENCE will only sample 1 heap allocation within each sample
interval. ”…””}”(hj)  h²hh³Nh´NubhŒemphasis”“”)”}”(hŒ*Burst mode*”h]”hŒ
Burst mode”…””}”(hj3  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j1  hj)  ubhŒO allows to sample successive heap allocations, where the
kernel boot parameter ”…””}”(hj)  h²hh³Nh´NubjA  )”}”(hŒ``kfence.burst``”h]”hŒkfence.burst”…””}”(hjE  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j@  hj)  ubhŒ2 can be set to a non-zero value which
denotes the ”…””}”(hj)  h²hh³Nh´Nubj2  )”}”(hŒ*additional*”h]”hŒ
additional”…””}”(hjW  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j1  hj)  ubhŒ: successive allocations within a sample interval;
setting ”…””}”(hj)  h²hh³Nh´NubjA  )”}”(hŒ``kfence.burst=N``”h]”hŒkfence.burst=N”…””}”(hji  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j@  hj)  ubhŒ means that ”…””}”(hj)  h²hh³Nh´NubjA  )”}”(hŒ	``1 + N``”h]”hŒ1 + N”…””}”(hj{  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j@  hj)  ubhŒN successive allocations are
attempted through KFENCE for each sample interval.”…””}”(hj)  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hëh³hÇh´K8hjˆ  h²hubhì)”}”(hX©  The KFENCE memory pool is of fixed size, and if the pool is exhausted, no
further KFENCE allocations occur. With ``CONFIG_KFENCE_NUM_OBJECTS`` (default
255), the number of available guarded objects can be controlled. Each object
requires 2 pages, one for the object itself and the other one used as a guard
page; object pages are interleaved with guard pages, and every object page is
therefore surrounded by two guard pages.”h]”(hŒqThe KFENCE memory pool is of fixed size, and if the pool is exhausted, no
further KFENCE allocations occur. With ”…””}”(hj“  h²hh³Nh´NubjA  )”}”(hŒ``CONFIG_KFENCE_NUM_OBJECTS``”h]”hŒCONFIG_KFENCE_NUM_OBJECTS”…””}”(hj›  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j@  hj“  ubhX   (default
255), the number of available guarded objects can be controlled. Each object
requires 2 pages, one for the object itself and the other one used as a guard
page; object pages are interleaved with guard pages, and every object page is
therefore surrounded by two guard pages.”…””}”(hj“  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hëh³hÇh´K?hjˆ  h²hubhì)”}”(hŒIThe total memory dedicated to the KFENCE memory pool can be computed as::”h]”hŒHThe total memory dedicated to the KFENCE memory pool can be computed as:”…””}”(hj³  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hëh³hÇh´KFhjˆ  h²hubj)  )”}”(hŒ ( #objects + 1 ) * 2 * PAGE_SIZE”h]”hŒ ( #objects + 1 ) * 2 * PAGE_SIZE”…””}”hjÁ  sbah}”(h]”h ]”h"]”h$]”h&]”hÅhÆuh1j(  h³hÇh´KHhjˆ  h²hubhì)”}”(hŒsUsing the default config, and assuming a page size of 4 KiB, results in
dedicating 2 MiB to the KFENCE memory pool.”h]”hŒsUsing the default config, and assuming a page size of 4 KiB, results in
dedicating 2 MiB to the KFENCE memory pool.”…””}”(hjÏ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hëh³hÇh´KJhjˆ  h²hubhì)”}”(hŒ²Note: On architectures that support huge pages, KFENCE will ensure that the
pool is using pages of size ``PAGE_SIZE``. This will result in additional page
tables being allocated.”h]”(hŒhNote: On architectures that support huge pages, KFENCE will ensure that the
pool is using pages of size ”…””}”(hjÝ  h²hh³Nh´NubjA  )”}”(hŒ``PAGE_SIZE``”h]”hŒ	PAGE_SIZE”…””}”(hjå  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j@  hjÝ  ubhŒ=. This will result in additional page
tables being allocated.”…””}”(hjÝ  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hëh³hÇh´KMhjˆ  h²hubeh}”(h]”Œtuning-performance”ah ]”h"]”Œtuning performance”ah$]”h&]”uh1hÖhj	  h²hh³hÇh´K#ubh×)”}”(hhh]”(hÜ)”}”(hŒError reports”h]”hŒError reports”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÛhj  h²hh³hÇh´KRubhì)”}”(hŒhThe boot parameter ``kfence.fault`` can be used to control the behavior when a
KFENCE error is detected:”h]”(hŒThe boot parameter ”…””}”(hj  h²hh³Nh´NubjA  )”}”(hŒ``kfence.fault``”h]”hŒkfence.fault”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j@  hj  ubhŒE can be used to control the behavior when a
KFENCE error is detected:”…””}”(hj  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hëh³hÇh´KThj  h²hubhŒbullet_list”“”)”}”(hhh]”(hŒ	list_item”“”)”}”(hŒG``kfence.fault=report``: Print the error report and continue (default).”h]”hì)”}”(hj?  h]”(jA  )”}”(hŒ``kfence.fault=report``”h]”hŒkfence.fault=report”…””}”(hjD  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j@  hjA  ubhŒ0: Print the error report and continue (default).”…””}”(hjA  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hëh³hÇh´KWhj=  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j;  hj8  h²hh³hÇh´Nubj<  )”}”(hŒ7``kfence.fault=oops``: Print the error report and oops.”h]”hì)”}”(hjd  h]”(jA  )”}”(hŒ``kfence.fault=oops``”h]”hŒkfence.fault=oops”…””}”(hji  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j@  hjf  ubhŒ": Print the error report and oops.”…””}”(hjf  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hëh³hÇh´KXhjb  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j;  hj8  h²hh³hÇh´Nubj<  )”}”(hŒ:``kfence.fault=panic``: Print the error report and panic.
”h]”hì)”}”(hŒ9``kfence.fault=panic``: Print the error report and panic.”h]”(jA  )”}”(hŒ``kfence.fault=panic``”h]”hŒkfence.fault=panic”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j@  hj‹  ubhŒ#: Print the error report and panic.”…””}”(hj‹  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hëh³hÇh´KYhj‡  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j;  hj8  h²hh³hÇh´Nubeh}”(h]”h ]”h"]”h$]”h&]”Œbullet”Œ-”uh1j6  h³hÇh´KWhj  h²hubhì)”}”(hŒ0A typical out-of-bounds access looks like this::”h]”hŒ/A typical out-of-bounds access looks like this:”…””}”(hjµ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hëh³hÇh´K[hj  h²hubj)  )”}”(hXp  ==================================================================
BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0xa6/0x234

Out-of-bounds read at 0xffff8c3f2e291fff (1B left of kfence-#72):
 test_out_of_bounds_read+0xa6/0x234
 kunit_try_run_case+0x61/0xa0
 kunit_generic_run_threadfn_adapter+0x16/0x30
 kthread+0x176/0x1b0
 ret_from_fork+0x22/0x30

kfence-#72: 0xffff8c3f2e292000-0xffff8c3f2e29201f, size=32, cache=kmalloc-32

allocated by task 484 on cpu 0 at 32.919330s:
 test_alloc+0xfe/0x738
 test_out_of_bounds_read+0x9b/0x234
 kunit_try_run_case+0x61/0xa0
 kunit_generic_run_threadfn_adapter+0x16/0x30
 kthread+0x176/0x1b0
 ret_from_fork+0x22/0x30

CPU: 0 PID: 484 Comm: kunit_try_catch Not tainted 5.13.0-rc3+ #7
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014
==================================================================”h]”hXp  ==================================================================
BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0xa6/0x234

Out-of-bounds read at 0xffff8c3f2e291fff (1B left of kfence-#72):
 test_out_of_bounds_read+0xa6/0x234
 kunit_try_run_case+0x61/0xa0
 kunit_generic_run_threadfn_adapter+0x16/0x30
 kthread+0x176/0x1b0
 ret_from_fork+0x22/0x30

kfence-#72: 0xffff8c3f2e292000-0xffff8c3f2e29201f, size=32, cache=kmalloc-32

allocated by task 484 on cpu 0 at 32.919330s:
 test_alloc+0xfe/0x738
 test_out_of_bounds_read+0x9b/0x234
 kunit_try_run_case+0x61/0xa0
 kunit_generic_run_threadfn_adapter+0x16/0x30
 kthread+0x176/0x1b0
 ret_from_fork+0x22/0x30

CPU: 0 PID: 484 Comm: kunit_try_catch Not tainted 5.13.0-rc3+ #7
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014
==================================================================”…””}”hjÃ  sbah}”(h]”h ]”h"]”h$]”h&]”hÅhÆuh1j(  h³hÇh´K]hj  h²hubhì)”}”(hX  The header of the report provides a short summary of the function involved in
the access. It is followed by more detailed information about the access and
its origin. Note that, real kernel addresses are only shown when using the
kernel command line option ``no_hash_pointers``.”h]”(hX  The header of the report provides a short summary of the function involved in
the access. It is followed by more detailed information about the access and
its origin. Note that, real kernel addresses are only shown when using the
kernel command line option ”…””}”(hjÑ  h²hh³Nh´NubjA  )”}”(hŒ``no_hash_pointers``”h]”hŒno_hash_pointers”…””}”(hjÙ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j@  hjÑ  ubhŒ.”…””}”(hjÑ  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hëh³hÇh´Kuhj  h²hubhì)”}”(hŒ)Use-after-free accesses are reported as::”h]”hŒ(Use-after-free accesses are reported as:”…””}”(hjñ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hëh³hÇh´Kzhj  h²hubj)  )”}”(hXG  ==================================================================
BUG: KFENCE: use-after-free read in test_use_after_free_read+0xb3/0x143

Use-after-free read at 0xffff8c3f2e2a0000 (in kfence-#79):
 test_use_after_free_read+0xb3/0x143
 kunit_try_run_case+0x61/0xa0
 kunit_generic_run_threadfn_adapter+0x16/0x30
 kthread+0x176/0x1b0
 ret_from_fork+0x22/0x30

kfence-#79: 0xffff8c3f2e2a0000-0xffff8c3f2e2a001f, size=32, cache=kmalloc-32

allocated by task 488 on cpu 2 at 33.871326s:
 test_alloc+0xfe/0x738
 test_use_after_free_read+0x76/0x143
 kunit_try_run_case+0x61/0xa0
 kunit_generic_run_threadfn_adapter+0x16/0x30
 kthread+0x176/0x1b0
 ret_from_fork+0x22/0x30

freed by task 488 on cpu 2 at 33.871358s:
 test_use_after_free_read+0xa8/0x143
 kunit_try_run_case+0x61/0xa0
 kunit_generic_run_threadfn_adapter+0x16/0x30
 kthread+0x176/0x1b0
 ret_from_fork+0x22/0x30

CPU: 2 PID: 488 Comm: kunit_try_catch Tainted: G    B             5.13.0-rc3+ #7
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014
==================================================================”h]”hXG  ==================================================================
BUG: KFENCE: use-after-free read in test_use_after_free_read+0xb3/0x143

Use-after-free read at 0xffff8c3f2e2a0000 (in kfence-#79):
 test_use_after_free_read+0xb3/0x143
 kunit_try_run_case+0x61/0xa0
 kunit_generic_run_threadfn_adapter+0x16/0x30
 kthread+0x176/0x1b0
 ret_from_fork+0x22/0x30

kfence-#79: 0xffff8c3f2e2a0000-0xffff8c3f2e2a001f, size=32, cache=kmalloc-32

allocated by task 488 on cpu 2 at 33.871326s:
 test_alloc+0xfe/0x738
 test_use_after_free_read+0x76/0x143
 kunit_try_run_case+0x61/0xa0
 kunit_generic_run_threadfn_adapter+0x16/0x30
 kthread+0x176/0x1b0
 ret_from_fork+0x22/0x30

freed by task 488 on cpu 2 at 33.871358s:
 test_use_after_free_read+0xa8/0x143
 kunit_try_run_case+0x61/0xa0
 kunit_generic_run_threadfn_adapter+0x16/0x30
 kthread+0x176/0x1b0
 ret_from_fork+0x22/0x30

CPU: 2 PID: 488 Comm: kunit_try_catch Tainted: G    B             5.13.0-rc3+ #7
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014
==================================================================”…””}”hjÿ  sbah}”(h]”h ]”h"]”h$]”h&]”hÅhÆuh1j(  h³hÇh´K|hj  h²hubhì)”}”(hŒ<KFENCE also reports on invalid frees, such as double-frees::”h]”hŒ;KFENCE also reports on invalid frees, such as double-frees:”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hëh³hÇh´K›hj  h²hubj)  )”}”(hX  ==================================================================
BUG: KFENCE: invalid free in test_double_free+0xdc/0x171

Invalid free of 0xffff8c3f2e2a4000 (in kfence-#81):
 test_double_free+0xdc/0x171
 kunit_try_run_case+0x61/0xa0
 kunit_generic_run_threadfn_adapter+0x16/0x30
 kthread+0x176/0x1b0
 ret_from_fork+0x22/0x30

kfence-#81: 0xffff8c3f2e2a4000-0xffff8c3f2e2a401f, size=32, cache=kmalloc-32

allocated by task 490 on cpu 1 at 34.175321s:
 test_alloc+0xfe/0x738
 test_double_free+0x76/0x171
 kunit_try_run_case+0x61/0xa0
 kunit_generic_run_threadfn_adapter+0x16/0x30
 kthread+0x176/0x1b0
 ret_from_fork+0x22/0x30

freed by task 490 on cpu 1 at 34.175348s:
 test_double_free+0xa8/0x171
 kunit_try_run_case+0x61/0xa0
 kunit_generic_run_threadfn_adapter+0x16/0x30
 kthread+0x176/0x1b0
 ret_from_fork+0x22/0x30

CPU: 1 PID: 490 Comm: kunit_try_catch Tainted: G    B             5.13.0-rc3+ #7
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014
==================================================================”h]”hX  ==================================================================
BUG: KFENCE: invalid free in test_double_free+0xdc/0x171

Invalid free of 0xffff8c3f2e2a4000 (in kfence-#81):
 test_double_free+0xdc/0x171
 kunit_try_run_case+0x61/0xa0
 kunit_generic_run_threadfn_adapter+0x16/0x30
 kthread+0x176/0x1b0
 ret_from_fork+0x22/0x30

kfence-#81: 0xffff8c3f2e2a4000-0xffff8c3f2e2a401f, size=32, cache=kmalloc-32

allocated by task 490 on cpu 1 at 34.175321s:
 test_alloc+0xfe/0x738
 test_double_free+0x76/0x171
 kunit_try_run_case+0x61/0xa0
 kunit_generic_run_threadfn_adapter+0x16/0x30
 kthread+0x176/0x1b0
 ret_from_fork+0x22/0x30

freed by task 490 on cpu 1 at 34.175348s:
 test_double_free+0xa8/0x171
 kunit_try_run_case+0x61/0xa0
 kunit_generic_run_threadfn_adapter+0x16/0x30
 kthread+0x176/0x1b0
 ret_from_fork+0x22/0x30

CPU: 1 PID: 490 Comm: kunit_try_catch Tainted: G    B             5.13.0-rc3+ #7
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014
==================================================================”…””}”hj  sbah}”(h]”h ]”h"]”h$]”h&]”hÅhÆuh1j(  h³hÇh´Khj  h²hubhì)”}”(hŒ¸KFENCE also uses pattern-based redzones on the other side of an object's guard
page, to detect out-of-bounds writes on the unprotected side of the object.
These are reported on frees::”h]”hŒ¹KFENCE also uses pattern-based redzones on the other side of an objectâ€™s guard
page, to detect out-of-bounds writes on the unprotected side of the object.
These are reported on frees:”…””}”(hj)  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hëh³hÇh´K¼hj  h²hubj)  )”}”(hX¡  ==================================================================
BUG: KFENCE: memory corruption in test_kmalloc_aligned_oob_write+0xef/0x184

Corrupted memory at 0xffff8c3f2e33aff9 [ 0xac . . . . . . ] (in kfence-#156):
 test_kmalloc_aligned_oob_write+0xef/0x184
 kunit_try_run_case+0x61/0xa0
 kunit_generic_run_threadfn_adapter+0x16/0x30
 kthread+0x176/0x1b0
 ret_from_fork+0x22/0x30

kfence-#156: 0xffff8c3f2e33afb0-0xffff8c3f2e33aff8, size=73, cache=kmalloc-96

allocated by task 502 on cpu 7 at 42.159302s:
 test_alloc+0xfe/0x738
 test_kmalloc_aligned_oob_write+0x57/0x184
 kunit_try_run_case+0x61/0xa0
 kunit_generic_run_threadfn_adapter+0x16/0x30
 kthread+0x176/0x1b0
 ret_from_fork+0x22/0x30

CPU: 7 PID: 502 Comm: kunit_try_catch Tainted: G    B             5.13.0-rc3+ #7
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014
==================================================================”h]”hX¡  ==================================================================
BUG: KFENCE: memory corruption in test_kmalloc_aligned_oob_write+0xef/0x184

Corrupted memory at 0xffff8c3f2e33aff9 [ 0xac . . . . . . ] (in kfence-#156):
 test_kmalloc_aligned_oob_write+0xef/0x184
 kunit_try_run_case+0x61/0xa0
 kunit_generic_run_threadfn_adapter+0x16/0x30
 kthread+0x176/0x1b0
 ret_from_fork+0x22/0x30

kfence-#156: 0xffff8c3f2e33afb0-0xffff8c3f2e33aff8, size=73, cache=kmalloc-96

allocated by task 502 on cpu 7 at 42.159302s:
 test_alloc+0xfe/0x738
 test_kmalloc_aligned_oob_write+0x57/0x184
 kunit_try_run_case+0x61/0xa0
 kunit_generic_run_threadfn_adapter+0x16/0x30
 kthread+0x176/0x1b0
 ret_from_fork+0x22/0x30

CPU: 7 PID: 502 Comm: kunit_try_catch Tainted: G    B             5.13.0-rc3+ #7
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014
==================================================================”…””}”hj7  sbah}”(h]”h ]”h"]”h$]”h&]”hÅhÆuh1j(  h³hÇh´KÀhj  h²hubhì)”}”(hX  For such errors, the address where the corruption occurred as well as the
invalidly written bytes (offset from the address) are shown; in this
representation, '.' denote untouched bytes. In the example above ``0xac`` is
the value written to the invalid address at offset 0, and the remaining '.'
denote that no following bytes have been touched. Note that, real values are
only shown if the kernel was booted with ``no_hash_pointers``; to avoid
information disclosure otherwise, '!' is used instead to denote invalidly
written bytes.”h]”(hŒÔFor such errors, the address where the corruption occurred as well as the
invalidly written bytes (offset from the address) are shown; in this
representation, â€˜.â€™ denote untouched bytes. In the example above ”…””}”(hjE  h²hh³Nh´NubjA  )”}”(hŒ``0xac``”h]”hŒ0xac”…””}”(hjM  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j@  hjE  ubhŒÊ is
the value written to the invalid address at offset 0, and the remaining â€˜.â€™
denote that no following bytes have been touched. Note that, real values are
only shown if the kernel was booted with ”…””}”(hjE  h²hh³Nh´NubjA  )”}”(hŒ``no_hash_pointers``”h]”hŒno_hash_pointers”…””}”(hj_  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j@  hjE  ubhŒg; to avoid
information disclosure otherwise, â€˜!â€™ is used instead to denote invalidly
written bytes.”…””}”(hjE  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hëh³hÇh´KØhj  h²hubhì)”}”(hŒÅAnd finally, KFENCE may also report on invalid accesses to any protected page
where it was not possible to determine an associated object, e.g. if adjacent
object pages had not yet been allocated::”h]”hŒÄAnd finally, KFENCE may also report on invalid accesses to any protected page
where it was not possible to determine an associated object, e.g. if adjacent
object pages had not yet been allocated:”…””}”(hjw  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hëh³hÇh´Káhj  h²hubj)  )”}”(hX  ==================================================================
BUG: KFENCE: invalid read in test_invalid_access+0x26/0xe0

Invalid read at 0xffffffffb670b00a:
 test_invalid_access+0x26/0xe0
 kunit_try_run_case+0x51/0x85
 kunit_generic_run_threadfn_adapter+0x16/0x30
 kthread+0x137/0x160
 ret_from_fork+0x22/0x30

CPU: 4 PID: 124 Comm: kunit_try_catch Tainted: G        W         5.8.0-rc6+ #7
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1 04/01/2014
==================================================================”h]”hX  ==================================================================
BUG: KFENCE: invalid read in test_invalid_access+0x26/0xe0

Invalid read at 0xffffffffb670b00a:
 test_invalid_access+0x26/0xe0
 kunit_try_run_case+0x51/0x85
 kunit_generic_run_threadfn_adapter+0x16/0x30
 kthread+0x137/0x160
 ret_from_fork+0x22/0x30

CPU: 4 PID: 124 Comm: kunit_try_catch Tainted: G        W         5.8.0-rc6+ #7
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1 04/01/2014
==================================================================”…””}”hj…  sbah}”(h]”h ]”h"]”h$]”h&]”hÅhÆuh1j(  h³hÇh´Kåhj  h²hubeh}”(h]”Œerror-reports”ah ]”h"]”Œerror reports”ah$]”h&]”uh1hÖhj	  h²hh³hÇh´KRubh×)”}”(hhh]”(hÜ)”}”(hŒDebugFS interface”h]”hŒDebugFS interface”…””}”(hjž  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÛhj›  h²hh³hÇh´Kôubhì)”}”(hŒ2Some debugging information is exposed via debugfs:”h]”hŒ2Some debugging information is exposed via debugfs:”…””}”(hj¬  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hëh³hÇh´Köhj›  h²hubj7  )”}”(hhh]”(j<  )”}”(hŒIThe file ``/sys/kernel/debug/kfence/stats`` provides runtime statistics.
”h]”hì)”}”(hŒHThe file ``/sys/kernel/debug/kfence/stats`` provides runtime statistics.”h]”(hŒ	The file ”…””}”(hjÁ  h²hh³Nh´NubjA  )”}”(hŒ"``/sys/kernel/debug/kfence/stats``”h]”hŒ/sys/kernel/debug/kfence/stats”…””}”(hjÉ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j@  hjÁ  ubhŒ provides runtime statistics.”…””}”(hjÁ  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hëh³hÇh´Køhj½  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j;  hjº  h²hh³hÇh´Nubj<  )”}”(hŒŒThe file ``/sys/kernel/debug/kfence/objects`` provides a list of objects
allocated via KFENCE, including those already freed but protected.
”h]”hì)”}”(hŒ‹The file ``/sys/kernel/debug/kfence/objects`` provides a list of objects
allocated via KFENCE, including those already freed but protected.”h]”(hŒ	The file ”…””}”(hjë  h²hh³Nh´NubjA  )”}”(hŒ$``/sys/kernel/debug/kfence/objects``”h]”hŒ /sys/kernel/debug/kfence/objects”…””}”(hjó  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j@  hjë  ubhŒ^ provides a list of objects
allocated via KFENCE, including those already freed but protected.”…””}”(hjë  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hëh³hÇh´Kúhjç  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j;  hjº  h²hh³hÇh´Nubeh}”(h]”h ]”h"]”h$]”h&]”j³  Œ*”uh1j6  h³hÇh´Køhj›  h²hubeh}”(h]”Œdebugfs-interface”ah ]”h"]”Œdebugfs interface”ah$]”h&]”uh1hÖhj	  h²hh³hÇh´Kôubeh}”(h]”Œusage”ah ]”h"]”Œusage”ah$]”h&]”uh1hÖhhØh²hh³hÇh´Kubh×)”}”(hhh]”(hÜ)”}”(hŒImplementation Details”h]”hŒImplementation Details”…””}”(hj+  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÛhj(  h²hh³hÇh´Kþubhì)”}”(hXy  Guarded allocations are set up based on the sample interval. After expiration
of the sample interval, the next allocation through the main allocator (SLAB or
SLUB) returns a guarded allocation from the KFENCE object pool (allocation
sizes up to PAGE_SIZE are supported). At this point, the timer is reset, and
the next allocation is set up after the expiration of the interval.”h]”hXy  Guarded allocations are set up based on the sample interval. After expiration
of the sample interval, the next allocation through the main allocator (SLAB or
SLUB) returns a guarded allocation from the KFENCE object pool (allocation
sizes up to PAGE_SIZE are supported). At this point, the timer is reset, and
the next allocation is set up after the expiration of the interval.”…””}”(hj9  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hëh³hÇh´M hj(  h²hubhì)”}”(hXœ  When using ``CONFIG_KFENCE_STATIC_KEYS=y``, KFENCE allocations are "gated"
through the main allocator's fast-path by relying on static branches via the
static keys infrastructure. The static branch is toggled to redirect the
allocation to KFENCE. Depending on sample interval, target workloads, and
system architecture, this may perform better than the simple dynamic branch.
Careful benchmarking is recommended.”h]”(hŒWhen using ”…””}”(hjG  h²hh³Nh´NubjA  )”}”(hŒ``CONFIG_KFENCE_STATIC_KEYS=y``”h]”hŒCONFIG_KFENCE_STATIC_KEYS=y”…””}”(hjO  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j@  hjG  ubhXx  , KFENCE allocations are â€œgatedâ€
through the main allocatorâ€™s fast-path by relying on static branches via the
static keys infrastructure. The static branch is toggled to redirect the
allocation to KFENCE. Depending on sample interval, target workloads, and
system architecture, this may perform better than the simple dynamic branch.
Careful benchmarking is recommended.”…””}”(hjG  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hëh³hÇh´Mhj(  h²hubhì)”}”(hX  KFENCE objects each reside on a dedicated page, at either the left or right
page boundaries selected at random. The pages to the left and right of the
object page are "guard pages", whose attributes are changed to a protected
state, and cause page faults on any attempted access. Such page faults are then
intercepted by KFENCE, which handles the fault gracefully by reporting an
out-of-bounds access, and marking the page as accessible so that the faulting
code can (wrongly) continue executing (set ``panic_on_warn`` to panic instead).”h]”(hXù  KFENCE objects each reside on a dedicated page, at either the left or right
page boundaries selected at random. The pages to the left and right of the
object page are â€œguard pagesâ€, whose attributes are changed to a protected
state, and cause page faults on any attempted access. Such page faults are then
intercepted by KFENCE, which handles the fault gracefully by reporting an
out-of-bounds access, and marking the page as accessible so that the faulting
code can (wrongly) continue executing (set ”…””}”(hjg  h²hh³Nh´NubjA  )”}”(hŒ``panic_on_warn``”h]”hŒpanic_on_warn”…””}”(hjo  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j@  hjg  ubhŒ to panic instead).”…””}”(hjg  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hëh³hÇh´Mhj(  h²hubhì)”}”(hXµ  To detect out-of-bounds writes to memory within the object's page itself,
KFENCE also uses pattern-based redzones. For each object page, a redzone is set
up for all non-object memory. For typical alignments, the redzone is only
required on the unguarded side of an object. Because KFENCE must honor the
cache's requested alignment, special alignments may result in unprotected gaps
on either side of an object, all of which are redzoned.”h]”hX¹  To detect out-of-bounds writes to memory within the objectâ€™s page itself,
KFENCE also uses pattern-based redzones. For each object page, a redzone is set
up for all non-object memory. For typical alignments, the redzone is only
required on the unguarded side of an object. Because KFENCE must honor the
cacheâ€™s requested alignment, special alignments may result in unprotected gaps
on either side of an object, all of which are redzoned.”…””}”(hj‡  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hëh³hÇh´Mhj(  h²hubhì)”}”(hŒ2The following figure illustrates the page layout::”h]”hŒ1The following figure illustrates the page layout:”…””}”(hj•  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hëh³hÇh´Mhj(  h²hubj)  )”}”(hX  ---+-----------+-----------+-----------+-----------+-----------+---
   | xxxxxxxxx | O :       | xxxxxxxxx |       : O | xxxxxxxxx |
   | xxxxxxxxx | B :       | xxxxxxxxx |       : B | xxxxxxxxx |
   | x GUARD x | J : RED-  | x GUARD x | RED-  : J | x GUARD x |
   | xxxxxxxxx | E :  ZONE | xxxxxxxxx |  ZONE : E | xxxxxxxxx |
   | xxxxxxxxx | C :       | xxxxxxxxx |       : C | xxxxxxxxx |
   | xxxxxxxxx | T :       | xxxxxxxxx |       : T | xxxxxxxxx |
---+-----------+-----------+-----------+-----------+-----------+---”h]”hX  ---+-----------+-----------+-----------+-----------+-----------+---
   | xxxxxxxxx | O :       | xxxxxxxxx |       : O | xxxxxxxxx |
   | xxxxxxxxx | B :       | xxxxxxxxx |       : B | xxxxxxxxx |
   | x GUARD x | J : RED-  | x GUARD x | RED-  : J | x GUARD x |
   | xxxxxxxxx | E :  ZONE | xxxxxxxxx |  ZONE : E | xxxxxxxxx |
   | xxxxxxxxx | C :       | xxxxxxxxx |       : C | xxxxxxxxx |
   | xxxxxxxxx | T :       | xxxxxxxxx |       : T | xxxxxxxxx |
---+-----------+-----------+-----------+-----------+-----------+---”…””}”hj£  sbah}”(h]”h ]”h"]”h$]”h&]”hÅhÆuh1j(  h³hÇh´Mhj(  h²hubhì)”}”(hX–  Upon deallocation of a KFENCE object, the object's page is again protected and
the object is marked as freed. Any further access to the object causes a fault
and KFENCE reports a use-after-free access. Freed objects are inserted at the
tail of KFENCE's freelist, so that the least recently freed objects are reused
first, and the chances of detecting use-after-frees of recently freed objects
is increased.”h]”hXš  Upon deallocation of a KFENCE object, the objectâ€™s page is again protected and
the object is marked as freed. Any further access to the object causes a fault
and KFENCE reports a use-after-free access. Freed objects are inserted at the
tail of KFENCEâ€™s freelist, so that the least recently freed objects are reused
first, and the chances of detecting use-after-frees of recently freed objects
is increased.”…””}”(hj±  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hëh³hÇh´M'hj(  h²hubhì)”}”(hX÷  If pool utilization reaches 75% (default) or above, to reduce the risk of the
pool eventually being fully occupied by allocated objects yet ensure diverse
coverage of allocations, KFENCE limits currently covered allocations of the
same source from further filling up the pool. The "source" of an allocation is
based on its partial allocation stack trace. A side-effect is that this also
limits frequent long-lived allocations (e.g. pagecache) of the same source
filling up the pool permanently, which is the most common risk for the pool
becoming full and the sampled allocation rate dropping to zero. The threshold
at which to start limiting currently covered allocations can be configured via
the boot parameter ``kfence.skip_covered_thresh`` (pool usage%).”h]”(hXÎ  If pool utilization reaches 75% (default) or above, to reduce the risk of the
pool eventually being fully occupied by allocated objects yet ensure diverse
coverage of allocations, KFENCE limits currently covered allocations of the
same source from further filling up the pool. The â€œsourceâ€ of an allocation is
based on its partial allocation stack trace. A side-effect is that this also
limits frequent long-lived allocations (e.g. pagecache) of the same source
filling up the pool permanently, which is the most common risk for the pool
becoming full and the sampled allocation rate dropping to zero. The threshold
at which to start limiting currently covered allocations can be configured via
the boot parameter ”…””}”(hj¿  h²hh³Nh´NubjA  )”}”(hŒ``kfence.skip_covered_thresh``”h]”hŒkfence.skip_covered_thresh”…””}”(hjÇ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j@  hj¿  ubhŒ (pool usage%).”…””}”(hj¿  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hëh³hÇh´M.hj(  h²hubeh}”(h]”Œimplementation-details”ah ]”h"]”Œimplementation details”ah$]”h&]”uh1hÖhhØh²hh³hÇh´Kþubh×)”}”(hhh]”(hÜ)”}”(hŒ	Interface”h]”hŒ	Interface”…””}”(hjê  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÛhjç  h²hh³hÇh´M:ubhì)”}”(hŒŒThe following describes the functions which are used by allocators as well as
page handling code to set up and deal with KFENCE allocations.”h]”hŒŒThe following describes the functions which are used by allocators as well as
page handling code to set up and deal with KFENCE allocations.”…””}”(hjø  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hëh³hÇh´M<hjç  h²hubh Œindex”“”)”}”(hhh]”h}”(h]”h ]”h"]”h$]”h&]”Œentries”]”(Œsingle”Œis_kfence_address (C function)”Œc.is_kfence_address”hNt”auh1j  hjç  h²hh³Nh´Nubh Œdesc”“”)”}”(hhh]”(h Œdesc_signature”“”)”}”(hŒ)bool is_kfence_address (const void *addr)”h]”h Œdesc_signature_line”“”)”}”(hŒ(bool is_kfence_address(const void *addr)”h]”(h Œdesc_sig_keyword_type”“”)”}”(hŒbool”h]”hŒbool”…””}”(hj*  h²hh³Nh´Nubah}”(h]”h ]”Œkt”ah"]”h$]”h&]”uh1j(  hj$  h²hh³ŒX/var/lib/git/docbuild/linux/Documentation/dev-tools/kfence:319: ./include/linux/kfence.h”h´K"ubh Œdesc_sig_space”“”)”}”(hŒ ”h]”hŒ ”…””}”(hj<  h²hh³Nh´Nubah}”(h]”h ]”Œw”ah"]”h$]”h&]”uh1j:  hj$  h²hh³j9  h´K"ubh Œ	desc_name”“”)”}”(hŒis_kfence_address”h]”h Œdesc_sig_name”“”)”}”(hŒis_kfence_address”h]”hŒis_kfence_address”…””}”(hjS  h²hh³Nh´Nubah}”(h]”h ]”Œn”ah"]”h$]”h&]”uh1jQ  hjM  ubah}”(h]”h ]”(Œsig-name”Œdescname”eh"]”h$]”h&]”hÅhÆuh1jK  hj$  h²hh³j9  h´K"ubh Œdesc_parameterlist”“”)”}”(hŒ(const void *addr)”h]”h Œdesc_parameter”“”)”}”(hŒconst void *addr”h]”(h Œdesc_sig_keyword”“”)”}”(hŒconst”h]”hŒconst”…””}”(hjx  h²hh³Nh´Nubah}”(h]”h ]”Œk”ah"]”h$]”h&]”uh1jv  hjr  ubj;  )”}”(hŒ ”h]”hŒ ”…””}”(hj‡  h²hh³Nh´Nubah}”(h]”h ]”jG  ah"]”h$]”h&]”uh1j:  hjr  ubj)  )”}”(hŒvoid”h]”hŒvoid”…””}”(hj•  h²hh³Nh´Nubah}”(h]”h ]”j5  ah"]”h$]”h&]”uh1j(  hjr  ubj;  )”}”(hŒ ”h]”hŒ ”…””}”(hj£  h²hh³Nh´Nubah}”(h]”h ]”jG  ah"]”h$]”h&]”uh1j:  hjr  ubh Œdesc_sig_punctuation”“”)”}”(hj  h]”hŒ*”…””}”(hj³  h²hh³Nh´Nubah}”(h]”h ]”Œp”ah"]”h$]”h&]”uh1j±  hjr  ubjR  )”}”(hŒaddr”h]”hŒaddr”…””}”(hjÁ  h²hh³Nh´Nubah}”(h]”h ]”j^  ah"]”h$]”h&]”uh1jQ  hjr  ubeh}”(h]”h ]”h"]”h$]”h&]”Œnoemph”ˆhÅhÆuh1jp  hjl  ubah}”(h]”h ]”h"]”h$]”h&]”hÅhÆuh1jj  hj$  h²hh³j9  h´K"ubeh}”(h]”h ]”h"]”h$]”h&]”hÅhÆŒadd_permalink”ˆuh1j"  Œsphinx_line_type”Œ
declarator”hj  h²hh³j9  h´K"ubah}”(h]”j  ah ]”(Œsig”Œ
sig-object”eh"]”h$]”h&]”Œis_multiline”ˆŒ
_toc_parts”)Œ	_toc_name”huh1j  h³j9  h´K"hj  h²hubh Œdesc_content”“”)”}”(hhh]”hì)”}”(hŒ*check if an address belongs to KFENCE pool”h]”hŒ*check if an address belongs to KFENCE pool”…””}”(hjõ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hëh³ŒX/var/lib/git/docbuild/linux/Documentation/dev-tools/kfence:319: ./include/linux/kfence.h”h´K"hjò  h²hubah}”(h]”h ]”h"]”h$]”h&]”uh1jð  hj  h²hh³j9  h´K"ubeh}”(h]”h ]”(Œc”Œfunction”eh"]”h$]”h&]”Œdomain”j  Œobjtype”j  Œdesctype”j  Œnoindex”‰Œnoindexentry”‰Œnocontentsentry”‰uh1j  h²hhjç  h³Nh´NubhŒ	container”“”)”}”(hX  **Parameters**

``const void *addr``
  address to check

**Return**

true or false depending on whether the address is within the KFENCE
object range.

**Description**

KFENCE objects live in a separate page range and are not to be intermixed
with regular heap objects (e.g. KFENCE objects must never be added to the
allocator freelists). Failing to do so may and will result in heap
corruptions, therefore is_kfence_address() must be used to check whether
an object requires specific handling.

**Note**

This function may be used in fast-paths, and is performance critical.
Future changes should take this into account; for instance, we want to avoid
introducing another load and therefore need to keep KFENCE_POOL_SIZE a
constant (until immediate patching support is added to the kernel).”h]”(hì)”}”(hŒ**Parameters**”h]”hŒstrong”“”)”}”(hj   h]”hŒ
Parameters”…””}”(hj$  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j"  hj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hëh³ŒX/var/lib/git/docbuild/linux/Documentation/dev-tools/kfence:319: ./include/linux/kfence.h”h´K&hj  ubhŒdefinition_list”“”)”}”(hhh]”hŒdefinition_list_item”“”)”}”(hŒ&``const void *addr``
address to check
”h]”(hŒterm”“”)”}”(hŒ``const void *addr``”h]”jA  )”}”(hjG  h]”hŒconst void *addr”…””}”(hjI  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j@  hjE  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jC  h³ŒX/var/lib/git/docbuild/linux/Documentation/dev-tools/kfence:319: ./include/linux/kfence.h”h´K#hj?  ubhŒ
definition”“”)”}”(hhh]”hì)”}”(hŒaddress to check”h]”hŒaddress to check”…””}”(hjb  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hëh³j\  h´K#hj_  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j]  hj?  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j=  h³j\  h´K#hj:  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j8  hj  ubhì)”}”(hŒ
**Return**”h]”j#  )”}”(hj„  h]”hŒReturn”…””}”(hj†  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j"  hj‚  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hëh³ŒX/var/lib/git/docbuild/linux/Documentation/dev-tools/kfence:319: ./include/linux/kfence.h”h´K%hj  ubhì)”}”(hŒQtrue or false depending on whether the address is within the KFENCE
object range.”h]”hŒQtrue or false depending on whether the address is within the KFENCE
object range.”…””}”(hjš  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hëh³ŒX/var/lib/git/docbuild/linux/Documentation/dev-tools/kfence:319: ./include/linux/kfence.h”h´K%hj  ubhì)”}”(hŒ**Description**”h]”j#  )”}”(hj«  h]”hŒDescription”…””}”(hj­  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j"  hj©  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hëh³ŒX/var/lib/git/docbuild/linux/Documentation/dev-tools/kfence:319: ./include/linux/kfence.h”h´K(hj  ubhì)”}”(hXE  KFENCE objects live in a separate page range and are not to be intermixed
with regular heap objects (e.g. KFENCE objects must never be added to the
allocator freelists). Failing to do so may and will result in heap
corruptions, therefore is_kfence_address() must be used to check whether
an object requires specific handling.”h]”hXE  KFENCE objects live in a separate page range and are not to be intermixed
with regular heap objects (e.g. KFENCE objects must never be added to the
allocator freelists). Failing to do so may and will result in heap
corruptions, therefore is_kfence_address() must be used to check whether
an object requires specific handling.”…””}”(hjÁ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hëh³ŒX/var/lib/git/docbuild/linux/Documentation/dev-tools/kfence:319: ./include/linux/kfence.h”h´K'hj  ubhì)”}”(hŒ**Note**”h]”j#  )”}”(hjÒ  h]”hŒNote”…””}”(hjÔ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j"  hjÐ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hëh³ŒX/var/lib/git/docbuild/linux/Documentation/dev-tools/kfence:319: ./include/linux/kfence.h”h´K-hj  ubhì)”}”(hX  This function may be used in fast-paths, and is performance critical.
Future changes should take this into account; for instance, we want to avoid
introducing another load and therefore need to keep KFENCE_POOL_SIZE a
constant (until immediate patching support is added to the kernel).”h]”hX  This function may be used in fast-paths, and is performance critical.
Future changes should take this into account; for instance, we want to avoid
introducing another load and therefore need to keep KFENCE_POOL_SIZE a
constant (until immediate patching support is added to the kernel).”…””}”(hjè  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hëh³ŒX/var/lib/git/docbuild/linux/Documentation/dev-tools/kfence:319: ./include/linux/kfence.h”h´K.hj  ubeh}”(h]”h ]”Œkernelindent”ah"]”h$]”h&]”uh1j  hjç  h²hh³Nh´Nubj  )”}”(hhh]”h}”(h]”h ]”h"]”h$]”h&]”Œentries”]”(j  Œ"kfence_shutdown_cache (C function)”Œc.kfence_shutdown_cache”hNt”auh1j  hjç  h²hh³Nh´Nubj  )”}”(hhh]”(j  )”}”(hŒ1void kfence_shutdown_cache (struct kmem_cache *s)”h]”j#  )”}”(hŒ0void kfence_shutdown_cache(struct kmem_cache *s)”h]”(j)  )”}”(hŒvoid”h]”hŒvoid”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”j5  ah"]”h$]”h&]”uh1j(  hj  h²hh³ŒX/var/lib/git/docbuild/linux/Documentation/dev-tools/kfence:319: ./include/linux/kfence.h”h´KLubj;  )”}”(hŒ ”h]”hŒ ”…””}”(hj&  h²hh³Nh´Nubah}”(h]”h ]”jG  ah"]”h$]”h&]”uh1j:  hj  h²hh³j%  h´KLubjL  )”}”(hŒkfence_shutdown_cache”h]”jR  )”}”(hŒkfence_shutdown_cache”h]”hŒkfence_shutdown_cache”…””}”(hj8  h²hh³Nh´Nubah}”(h]”h ]”j^  ah"]”h$]”h&]”uh1jQ  hj4  ubah}”(h]”h ]”(je  jf  eh"]”h$]”h&]”hÅhÆuh1jK  hj  h²hh³j%  h´KLubjk  )”}”(hŒ(struct kmem_cache *s)”h]”jq  )”}”(hŒstruct kmem_cache *s”h]”(jw  )”}”(hŒstruct”h]”hŒstruct”…””}”(hjT  h²hh³Nh´Nubah}”(h]”h ]”jƒ  ah"]”h$]”h&]”uh1jv  hjP  ubj;  )”}”(hŒ ”h]”hŒ ”…””}”(hjb  h²hh³Nh´Nubah}”(h]”h ]”jG  ah"]”h$]”h&]”uh1j:  hjP  ubh)”}”(hhh]”jR  )”}”(hŒ
kmem_cache”h]”hŒ
kmem_cache”…””}”(hjs  h²hh³Nh´Nubah}”(h]”h ]”j^  ah"]”h$]”h&]”uh1jQ  hjp  ubah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”j  Œreftype”Œ
identifier”Œ	reftarget”ju  Œmodname”NŒ	classname”NŒc:parent_key”Œsphinx.domains.c”Œ	LookupKey”“”)”}”Œdata”]”jŽ  ŒASTIdentifier”“”)”}”j‰  j:  sbŒc.kfence_shutdown_cache”†”asbuh1hhjP  ubj;  )”}”(hŒ ”h]”hŒ ”…””}”(hj›  h²hh³Nh´Nubah}”(h]”h ]”jG  ah"]”h$]”h&]”uh1j:  hjP  ubj²  )”}”(hj  h]”hŒ*”…””}”(hj©  h²hh³Nh´Nubah}”(h]”h ]”j½  ah"]”h$]”h&]”uh1j±  hjP  ubjR  )”}”(hŒs”h]”hŒs”…””}”(hj¶  h²hh³Nh´Nubah}”(h]”h ]”j^  ah"]”h$]”h&]”uh1jQ  hjP  ubeh}”(h]”h ]”h"]”h$]”h&]”Œnoemph”ˆhÅhÆuh1jp  hjL  ubah}”(h]”h ]”h"]”h$]”h&]”hÅhÆuh1jj  hj  h²hh³j%  h´KLubeh}”(h]”h ]”h"]”h$]”h&]”hÅhÆjâ  ˆuh1j"  jã  jä  hj  h²hh³j%  h´KLubah}”(h]”j
  ah ]”(jè  jé  eh"]”h$]”h&]”jí  ˆjî  )jï  huh1j  h³j%  h´KLhj  h²hubjñ  )”}”(hhh]”hì)”}”(hŒ*handle shutdown_cache() for KFENCE objects”h]”hŒ*handle shutdown_cache() for KFENCE objects”…””}”(hjà  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hëh³ŒX/var/lib/git/docbuild/linux/Documentation/dev-tools/kfence:319: ./include/linux/kfence.h”h´KLhjÝ  h²hubah}”(h]”h ]”h"]”h$]”h&]”uh1jð  hj  h²hh³j%  h´KLubeh}”(h]”h ]”(j  Œfunction”eh"]”h$]”h&]”j  j  j  jø  j  jø  j  ‰j  ‰j  ‰uh1j  h²hhjç  h³Nh´Nubj  )”}”(hXˆ  **Parameters**

``struct kmem_cache *s``
  cache being shut down

**Description**

Before shutting down a cache, one must ensure there are no remaining objects
allocated from it. Because KFENCE objects are not referenced from the cache
directly, we need to check them here.

Note that shutdown_cache() is internal to SL*B, and kmem_cache_destroy() does
not return if allocated objects still exist: it prints an error message and
simply aborts destruction of a cache, leaking memory.

If the only such objects are KFENCE objects, we will not leak the entire
cache, but instead try to provide more useful debug info by making allocated
objects "zombie allocations". Objects may then still be used or freed (which
is handled gracefully), but usage will result in showing KFENCE error reports
which include stack traces to the user of the object, the original allocation
site, and caller to shutdown_cache().”h]”(hì)”}”(hŒ**Parameters**”h]”j#  )”}”(hj	  h]”hŒ
Parameters”…””}”(hj	  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j"  hj 	  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hëh³ŒX/var/lib/git/docbuild/linux/Documentation/dev-tools/kfence:319: ./include/linux/kfence.h”h´KPhjü  ubj9  )”}”(hhh]”j>  )”}”(hŒ/``struct kmem_cache *s``
cache being shut down
”h]”(jD  )”}”(hŒ``struct kmem_cache *s``”h]”jA  )”}”(hj!	  h]”hŒstruct kmem_cache *s”…””}”(hj#	  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j@  hj	  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jC  h³ŒX/var/lib/git/docbuild/linux/Documentation/dev-tools/kfence:319: ./include/linux/kfence.h”h´KMhj	  ubj^  )”}”(hhh]”hì)”}”(hŒcache being shut down”h]”hŒcache being shut down”…””}”(hj:	  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hëh³j6	  h´KMhj7	  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j]  hj	  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j=  h³j6	  h´KMhj	  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j8  hjü  ubhì)”}”(hŒ**Description**”h]”j#  )”}”(hj\	  h]”hŒDescription”…””}”(hj^	  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j"  hjZ	  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hëh³ŒX/var/lib/git/docbuild/linux/Documentation/dev-tools/kfence:319: ./include/linux/kfence.h”h´KOhjü  ubhì)”}”(hŒ¾Before shutting down a cache, one must ensure there are no remaining objects
allocated from it. Because KFENCE objects are not referenced from the cache
directly, we need to check them here.”h]”hŒ¾Before shutting down a cache, one must ensure there are no remaining objects
allocated from it. Because KFENCE objects are not referenced from the cache
directly, we need to check them here.”…””}”(hjr	  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hëh³ŒX/var/lib/git/docbuild/linux/Documentation/dev-tools/kfence:319: ./include/linux/kfence.h”h´KNhjü  ubhì)”}”(hŒÏNote that shutdown_cache() is internal to SL*B, and kmem_cache_destroy() does
not return if allocated objects still exist: it prints an error message and
simply aborts destruction of a cache, leaking memory.”h]”hŒÏNote that shutdown_cache() is internal to SL*B, and kmem_cache_destroy() does
not return if allocated objects still exist: it prints an error message and
simply aborts destruction of a cache, leaking memory.”…””}”(hj	  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hëh³ŒX/var/lib/git/docbuild/linux/Documentation/dev-tools/kfence:319: ./include/linux/kfence.h”h´KRhjü  ubhì)”}”(hX¤  If the only such objects are KFENCE objects, we will not leak the entire
cache, but instead try to provide more useful debug info by making allocated
objects "zombie allocations". Objects may then still be used or freed (which
is handled gracefully), but usage will result in showing KFENCE error reports
which include stack traces to the user of the object, the original allocation
site, and caller to shutdown_cache().”h]”hX¨  If the only such objects are KFENCE objects, we will not leak the entire
cache, but instead try to provide more useful debug info by making allocated
objects â€œzombie allocationsâ€. Objects may then still be used or freed (which
is handled gracefully), but usage will result in showing KFENCE error reports
which include stack traces to the user of the object, the original allocation
site, and caller to shutdown_cache().”…””}”(hj	  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hëh³ŒX/var/lib/git/docbuild/linux/Documentation/dev-tools/kfence:319: ./include/linux/kfence.h”h´KVhjü  ubeh}”(h]”h ]”Œkernelindent”ah"]”h$]”h&]”uh1j  hjç  h²hh³Nh´Nubj  )”}”(hhh]”h}”(h]”h ]”h"]”h$]”h&]”Œentries”]”(j  Œkfence_alloc (C function)”Œc.kfence_alloc”hNt”auh1j  hjç  h²hh³Nh´Nubj  )”}”(hhh]”(j  )”}”(hŒDvoid * kfence_alloc (struct kmem_cache *s, size_t size, gfp_t flags)”h]”j#  )”}”(hŒBvoid *kfence_alloc(struct kmem_cache *s, size_t size, gfp_t flags)”h]”(j)  )”}”(hŒvoid”h]”hŒvoid”…””}”(hj¿	  h²hh³Nh´Nubah}”(h]”h ]”j5  ah"]”h$]”h&]”uh1j(  hj»	  h²hh³ŒX/var/lib/git/docbuild/linux/Documentation/dev-tools/kfence:319: ./include/linux/kfence.h”h´Kgubj;  )”}”(hŒ ”h]”hŒ ”…””}”(hjÎ	  h²hh³Nh´Nubah}”(h]”h ]”jG  ah"]”h$]”h&]”uh1j:  hj»	  h²hh³jÍ	  h´Kgubj²  )”}”(hj  h]”hŒ*”…””}”(hjÜ	  h²hh³Nh´Nubah}”(h]”h ]”j½  ah"]”h$]”h&]”uh1j±  hj»	  h²hh³jÍ	  h´KgubjL  )”}”(hŒkfence_alloc”h]”jR  )”}”(hŒkfence_alloc”h]”hŒkfence_alloc”…””}”(hjí	  h²hh³Nh´Nubah}”(h]”h ]”j^  ah"]”h$]”h&]”uh1jQ  hjé	  ubah}”(h]”h ]”(je  jf  eh"]”h$]”h&]”hÅhÆuh1jK  hj»	  h²hh³jÍ	  h´Kgubjk  )”}”(hŒ0(struct kmem_cache *s, size_t size, gfp_t flags)”h]”(jq  )”}”(hŒstruct kmem_cache *s”h]”(jw  )”}”(hjV  h]”hŒstruct”…””}”(hj	
  h²hh³Nh´Nubah}”(h]”h ]”jƒ  ah"]”h$]”h&]”uh1jv  hj
  ubj;  )”}”(hŒ ”h]”hŒ ”…””}”(hj
  h²hh³Nh´Nubah}”(h]”h ]”jG  ah"]”h$]”h&]”uh1j:  hj
  ubh)”}”(hhh]”jR  )”}”(hŒ
kmem_cache”h]”hŒ
kmem_cache”…””}”(hj'
  h²hh³Nh´Nubah}”(h]”h ]”j^  ah"]”h$]”h&]”uh1jQ  hj$
  ubah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”j  Œreftype”j‰  Œ	reftarget”j)
  Œmodname”NŒ	classname”Nj  j  )”}”j“  ]”j–  )”}”j‰  jï	  sbŒc.kfence_alloc”†”asbuh1hhj
  ubj;  )”}”(hŒ ”h]”hŒ ”…””}”(hjG
  h²hh³Nh´Nubah}”(h]”h ]”jG  ah"]”h$]”h&]”uh1j:  hj
  ubj²  )”}”(hj  h]”hŒ*”…””}”(hjU
  h²hh³Nh´Nubah}”(h]”h ]”j½  ah"]”h$]”h&]”uh1j±  hj
  ubjR  )”}”(hj¸  h]”hŒs”…””}”(hjb
  h²hh³Nh´Nubah}”(h]”h ]”j^  ah"]”h$]”h&]”uh1jQ  hj
  ubeh}”(h]”h ]”h"]”h$]”h&]”Œnoemph”ˆhÅhÆuh1jp  hj
  ubjq  )”}”(hŒsize_t size”h]”(h)”}”(hhh]”jR  )”}”(hŒsize_t”h]”hŒsize_t”…””}”(hj}
  h²hh³Nh´Nubah}”(h]”h ]”j^  ah"]”h$]”h&]”uh1jQ  hjz
  ubah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”j  Œreftype”j‰  Œ	reftarget”j
  Œmodname”NŒ	classname”Nj  j  )”}”j“  ]”jC
  Œc.kfence_alloc”†”asbuh1hhjv
  ubj;  )”}”(hŒ ”h]”hŒ ”…””}”(hj›
  h²hh³Nh´Nubah}”(h]”h ]”jG  ah"]”h$]”h&]”uh1j:  hjv
  ubjR  )”}”(hŒsize”h]”hŒsize”…””}”(hj©
  h²hh³Nh´Nubah}”(h]”h ]”j^  ah"]”h$]”h&]”uh1jQ  hjv
  ubeh}”(h]”h ]”h"]”h$]”h&]”Œnoemph”ˆhÅhÆuh1jp  hj
  ubjq  )”}”(hŒgfp_t flags”h]”(h)”}”(hhh]”jR  )”}”(hŒgfp_t”h]”hŒgfp_t”…””}”(hjÅ
  h²hh³Nh´Nubah}”(h]”h ]”j^  ah"]”h$]”h&]”uh1jQ  hjÂ
  ubah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”j  Œreftype”j‰  Œ	reftarget”jÇ
  Œmodname”NŒ	classname”Nj  j  )”}”j“  ]”jC
  Œc.kfence_alloc”†”asbuh1hhj¾
  ubj;  )”}”(hŒ ”h]”hŒ ”…””}”(hjã
  h²hh³Nh´Nubah}”(h]”h ]”jG  ah"]”h$]”h&]”uh1j:  hj¾
  ubjR  )”}”(hŒflags”h]”hŒflags”…””}”(hjñ
  h²hh³Nh´Nubah}”(h]”h ]”j^  ah"]”h$]”h&]”uh1jQ  hj¾
  ubeh}”(h]”h ]”h"]”h$]”h&]”Œnoemph”ˆhÅhÆuh1jp  hj
  ubeh}”(h]”h ]”h"]”h$]”h&]”hÅhÆuh1jj  hj»	  h²hh³jÍ	  h´Kgubeh}”(h]”h ]”h"]”h$]”h&]”hÅhÆjâ  ˆuh1j"  jã  jä  hj·	  h²hh³jÍ	  h´Kgubah}”(h]”j²	  ah ]”(jè  jé  eh"]”h$]”h&]”jí  ˆjî  )jï  huh1j  h³jÍ	  h´Kghj´	  h²hubjñ  )”}”(hhh]”hì)”}”(hŒ/allocate a KFENCE object with a low probability”h]”hŒ/allocate a KFENCE object with a low probability”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hëh³ŒX/var/lib/git/docbuild/linux/Documentation/dev-tools/kfence:319: ./include/linux/kfence.h”h´Kghj  h²hubah}”(h]”h ]”h"]”h$]”h&]”uh1jð  hj´	  h²hh³jÍ	  h´Kgubeh}”(h]”h ]”(j  Œfunction”eh"]”h$]”h&]”j  j  j  j3  j  j3  j  ‰j  ‰j  ‰uh1j  h²hhjç  h³Nh´Nubj  )”}”(hX]  **Parameters**

``struct kmem_cache *s``
  struct kmem_cache with object requirements

``size_t size``
  exact size of the object to allocate (can be less than **s->size**
  e.g. for kmalloc caches)

``gfp_t flags``
  GFP flags

**Return**

* NULL     - must proceed with allocating as usual,
* non-NULL - pointer to a KFENCE object.

**Description**

kfence_alloc() should be inserted into the heap allocation fast path,
allowing it to transparently return KFENCE-allocated objects with a low
probability using a static branch (the probability is controlled by the
kfence.sample_interval boot parameter).”h]”(hì)”}”(hŒ**Parameters**”h]”j#  )”}”(hj=  h]”hŒ
Parameters”…””}”(hj?  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j"  hj;  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hëh³ŒX/var/lib/git/docbuild/linux/Documentation/dev-tools/kfence:319: ./include/linux/kfence.h”h´Kkhj7  ubj9  )”}”(hhh]”(j>  )”}”(hŒD``struct kmem_cache *s``
struct kmem_cache with object requirements
”h]”(jD  )”}”(hŒ``struct kmem_cache *s``”h]”jA  )”}”(hj\  h]”hŒstruct kmem_cache *s”…””}”(hj^  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j@  hjZ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jC  h³ŒX/var/lib/git/docbuild/linux/Documentation/dev-tools/kfence:319: ./include/linux/kfence.h”h´KhhjV  ubj^  )”}”(hhh]”hì)”}”(hŒ*struct kmem_cache with object requirements”h]”hŒ*struct kmem_cache with object requirements”…””}”(hju  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hëh³jq  h´Khhjr  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j]  hjV  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j=  h³jq  h´KhhjS  ubj>  )”}”(hŒl``size_t size``
exact size of the object to allocate (can be less than **s->size**
e.g. for kmalloc caches)
”h]”(jD  )”}”(hŒ``size_t size``”h]”jA  )”}”(hj•  h]”hŒsize_t size”…””}”(hj—  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j@  hj“  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jC  h³ŒX/var/lib/git/docbuild/linux/Documentation/dev-tools/kfence:319: ./include/linux/kfence.h”h´Kjhj  ubj^  )”}”(hhh]”hì)”}”(hŒ[exact size of the object to allocate (can be less than **s->size**
e.g. for kmalloc caches)”h]”(hŒ7exact size of the object to allocate (can be less than ”…””}”(hj®  h²hh³Nh´Nubj#  )”}”(hŒ**s->size**”h]”hŒs->size”…””}”(hj¶  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j"  hj®  ubhŒ
e.g. for kmalloc caches)”…””}”(hj®  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hëh³ŒX/var/lib/git/docbuild/linux/Documentation/dev-tools/kfence:319: ./include/linux/kfence.h”h´Kihj«  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j]  hj  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j=  h³jª  h´KjhjS  ubj>  )”}”(hŒ``gfp_t flags``
GFP flags
”h]”(jD  )”}”(hŒ``gfp_t flags``”h]”jA  )”}”(hjá  h]”hŒgfp_t flags”…””}”(hjã  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j@  hjß  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jC  h³ŒX/var/lib/git/docbuild/linux/Documentation/dev-tools/kfence:319: ./include/linux/kfence.h”h´KkhjÛ  ubj^  )”}”(hhh]”hì)”}”(hŒ	GFP flags”h]”hŒ	GFP flags”…””}”(hjú  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hëh³jö  h´Kkhj÷  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j]  hjÛ  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j=  h³jö  h´KkhjS  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j8  hj7  ubhì)”}”(hŒ
**Return**”h]”j#  )”}”(hj  h]”hŒReturn”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j"  hj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hëh³ŒX/var/lib/git/docbuild/linux/Documentation/dev-tools/kfence:319: ./include/linux/kfence.h”h´Kmhj7  ubj7  )”}”(hhh]”(j<  )”}”(hŒ1NULL     - must proceed with allocating as usual,”h]”hì)”}”(hj7  h]”hŒ1NULL     - must proceed with allocating as usual,”…””}”(hj9  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hëh³ŒX/var/lib/git/docbuild/linux/Documentation/dev-tools/kfence:319: ./include/linux/kfence.h”h´Kmhj5  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j;  hj2  ubj<  )”}”(hŒ'non-NULL - pointer to a KFENCE object.
”h]”hì)”}”(hŒ&non-NULL - pointer to a KFENCE object.”h]”hŒ&non-NULL - pointer to a KFENCE object.”…””}”(hjQ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hëh³ŒX/var/lib/git/docbuild/linux/Documentation/dev-tools/kfence:319: ./include/linux/kfence.h”h´KnhjM  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j;  hj2  ubeh}”(h]”h ]”h"]”h$]”h&]”j³  j  uh1j6  h³jF  h´Kmhj7  ubhì)”}”(hŒ**Description**”h]”j#  )”}”(hjn  h]”hŒDescription”…””}”(hjp  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j"  hjl  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hëh³ŒX/var/lib/git/docbuild/linux/Documentation/dev-tools/kfence:319: ./include/linux/kfence.h”h´Kphj7  ubhì)”}”(hŒýkfence_alloc() should be inserted into the heap allocation fast path,
allowing it to transparently return KFENCE-allocated objects with a low
probability using a static branch (the probability is controlled by the
kfence.sample_interval boot parameter).”h]”hŒýkfence_alloc() should be inserted into the heap allocation fast path,
allowing it to transparently return KFENCE-allocated objects with a low
probability using a static branch (the probability is controlled by the
kfence.sample_interval boot parameter).”…””}”(hj„  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hëh³ŒX/var/lib/git/docbuild/linux/Documentation/dev-tools/kfence:319: ./include/linux/kfence.h”h´Kphj7  ubeh}”(h]”h ]”Œkernelindent”ah"]”h$]”h&]”uh1j  hjç  h²hh³Nh´Nubj  )”}”(hhh]”h}”(h]”h ]”h"]”h$]”h&]”Œentries”]”(j  Œkfence_ksize (C function)”Œc.kfence_ksize”hNt”auh1j  hjç  h²hh³Nh´Nubj  )”}”(hhh]”(j  )”}”(hŒ&size_t kfence_ksize (const void *addr)”h]”j#  )”}”(hŒ%size_t kfence_ksize(const void *addr)”h]”(h)”}”(hhh]”jR  )”}”(hŒsize_t”h]”hŒsize_t”…””}”(hj¶  h²hh³Nh´Nubah}”(h]”h ]”j^  ah"]”h$]”h&]”uh1jQ  hj³  ubah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”j  Œreftype”j‰  Œ	reftarget”j¸  Œmodname”NŒ	classname”Nj  j  )”}”j“  ]”j–  )”}”j‰  Œkfence_ksize”sbŒc.kfence_ksize”†”asbuh1hhj¯  h²hh³ŒX/var/lib/git/docbuild/linux/Documentation/dev-tools/kfence:319: ./include/linux/kfence.h”h´K…ubj;  )”}”(hŒ ”h]”hŒ ”…””}”(hjØ  h²hh³Nh´Nubah}”(h]”h ]”jG  ah"]”h$]”h&]”uh1j:  hj¯  h²hh³j×  h´K…ubjL  )”}”(hŒkfence_ksize”h]”jR  )”}”(hjÔ  h]”hŒkfence_ksize”…””}”(hjê  h²hh³Nh´Nubah}”(h]”h ]”j^  ah"]”h$]”h&]”uh1jQ  hjæ  ubah}”(h]”h ]”(je  jf  eh"]”h$]”h&]”hÅhÆuh1jK  hj¯  h²hh³j×  h´K…ubjk  )”}”(hŒ(const void *addr)”h]”jq  )”}”(hŒconst void *addr”h]”(jw  )”}”(hjz  h]”hŒconst”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”jƒ  ah"]”h$]”h&]”uh1jv  hj  ubj;  )”}”(hŒ ”h]”hŒ ”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”jG  ah"]”h$]”h&]”uh1j:  hj  ubj)  )”}”(hŒvoid”h]”hŒvoid”…””}”(hj   h²hh³Nh´Nubah}”(h]”h ]”j5  ah"]”h$]”h&]”uh1j(  hj  ubj;  )”}”(hŒ ”h]”hŒ ”…””}”(hj.  h²hh³Nh´Nubah}”(h]”h ]”jG  ah"]”h$]”h&]”uh1j:  hj  ubj²  )”}”(hj  h]”hŒ*”…””}”(hj<  h²hh³Nh´Nubah}”(h]”h ]”j½  ah"]”h$]”h&]”uh1j±  hj  ubjR  )”}”(hŒaddr”h]”hŒaddr”…””}”(hjI  h²hh³Nh´Nubah}”(h]”h ]”j^  ah"]”h$]”h&]”uh1jQ  hj  ubeh}”(h]”h ]”h"]”h$]”h&]”Œnoemph”ˆhÅhÆuh1jp  hjý  ubah}”(h]”h ]”h"]”h$]”h&]”hÅhÆuh1jj  hj¯  h²hh³j×  h´K…ubeh}”(h]”h ]”h"]”h$]”h&]”hÅhÆjâ  ˆuh1j"  jã  jä  hj«  h²hh³j×  h´K…ubah}”(h]”j¦  ah ]”(jè  jé  eh"]”h$]”h&]”jí  ˆjî  )jï  huh1j  h³j×  h´K…hj¨  h²hubjñ  )”}”(hhh]”hì)”}”(hŒ9get actual amount of memory allocated for a KFENCE object”h]”hŒ9get actual amount of memory allocated for a KFENCE object”…””}”(hjs  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hëh³ŒX/var/lib/git/docbuild/linux/Documentation/dev-tools/kfence:319: ./include/linux/kfence.h”•Ø„      h´K…hjp  h²hubah}”(h]”h ]”h"]”h$]”h&]”uh1jð  hj¨  h²hh³j×  h´K…ubeh}”(h]”h ]”(j  Œfunction”eh"]”h$]”h&]”j  j  j  j‹  j  j‹  j  ‰j  ‰j  ‰uh1j  h²hhjç  h³Nh´Nubj  )”}”(hX–  **Parameters**

``const void *addr``
  pointer to a heap object

**Return**

* 0     - not a KFENCE object, must call __ksize() instead,
* non-0 - this many bytes can be accessed without causing a memory error.

**Description**

kfence_ksize() returns the number of bytes requested for a KFENCE object at
allocation time. This number may be less than the object size of the
corresponding struct kmem_cache.”h]”(hì)”}”(hŒ**Parameters**”h]”j#  )”}”(hj•  h]”hŒ
Parameters”…””}”(hj—  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j"  hj“  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hëh³ŒX/var/lib/git/docbuild/linux/Documentation/dev-tools/kfence:319: ./include/linux/kfence.h”h´K‰hj  ubj9  )”}”(hhh]”j>  )”}”(hŒ.``const void *addr``
pointer to a heap object
”h]”(jD  )”}”(hŒ``const void *addr``”h]”jA  )”}”(hj´  h]”hŒconst void *addr”…””}”(hj¶  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j@  hj²  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jC  h³ŒX/var/lib/git/docbuild/linux/Documentation/dev-tools/kfence:319: ./include/linux/kfence.h”h´K†hj®  ubj^  )”}”(hhh]”hì)”}”(hŒpointer to a heap object”h]”hŒpointer to a heap object”…””}”(hjÍ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hëh³jÉ  h´K†hjÊ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j]  hj®  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j=  h³jÉ  h´K†hj«  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j8  hj  ubhì)”}”(hŒ
**Return**”h]”j#  )”}”(hjï  h]”hŒReturn”…””}”(hjñ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j"  hjí  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hëh³ŒX/var/lib/git/docbuild/linux/Documentation/dev-tools/kfence:319: ./include/linux/kfence.h”h´Kˆhj  ubj7  )”}”(hhh]”(j<  )”}”(hŒ90     - not a KFENCE object, must call __ksize() instead,”h]”hì)”}”(hj
  h]”hŒ90     - not a KFENCE object, must call __ksize() instead,”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hëh³ŒX/var/lib/git/docbuild/linux/Documentation/dev-tools/kfence:319: ./include/linux/kfence.h”h´Kˆhj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j;  hj  ubj<  )”}”(hŒHnon-0 - this many bytes can be accessed without causing a memory error.
”h]”hì)”}”(hŒGnon-0 - this many bytes can be accessed without causing a memory error.”h]”hŒGnon-0 - this many bytes can be accessed without causing a memory error.”…””}”(hj$  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hëh³ŒX/var/lib/git/docbuild/linux/Documentation/dev-tools/kfence:319: ./include/linux/kfence.h”h´K‰hj   ubah}”(h]”h ]”h"]”h$]”h&]”uh1j;  hj  ubeh}”(h]”h ]”h"]”h$]”h&]”j³  j  uh1j6  h³j  h´Kˆhj  ubhì)”}”(hŒ**Description**”h]”j#  )”}”(hjA  h]”hŒDescription”…””}”(hjC  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j"  hj?  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hëh³ŒX/var/lib/git/docbuild/linux/Documentation/dev-tools/kfence:319: ./include/linux/kfence.h”h´K‹hj  ubhì)”}”(hŒ±kfence_ksize() returns the number of bytes requested for a KFENCE object at
allocation time. This number may be less than the object size of the
corresponding struct kmem_cache.”h]”hŒ±kfence_ksize() returns the number of bytes requested for a KFENCE object at
allocation time. This number may be less than the object size of the
corresponding struct kmem_cache.”…””}”(hjW  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hëh³ŒX/var/lib/git/docbuild/linux/Documentation/dev-tools/kfence:319: ./include/linux/kfence.h”h´K‹hj  ubeh}”(h]”h ]”Œkernelindent”ah"]”h$]”h&]”uh1j  hjç  h²hh³Nh´Nubj  )”}”(hhh]”h}”(h]”h ]”h"]”h$]”h&]”Œentries”]”(j  Œ kfence_object_start (C function)”Œc.kfence_object_start”hNt”auh1j  hjç  h²hh³Nh´Nubj  )”}”(hhh]”(j  )”}”(hŒ-void * kfence_object_start (const void *addr)”h]”j#  )”}”(hŒ+void *kfence_object_start(const void *addr)”h]”(j)  )”}”(hŒvoid”h]”hŒvoid”…””}”(hj†  h²hh³Nh´Nubah}”(h]”h ]”j5  ah"]”h$]”h&]”uh1j(  hj‚  h²hh³ŒX/var/lib/git/docbuild/linux/Documentation/dev-tools/kfence:319: ./include/linux/kfence.h”h´K“ubj;  )”}”(hŒ ”h]”hŒ ”…””}”(hj•  h²hh³Nh´Nubah}”(h]”h ]”jG  ah"]”h$]”h&]”uh1j:  hj‚  h²hh³j”  h´K“ubj²  )”}”(hj  h]”hŒ*”…””}”(hj£  h²hh³Nh´Nubah}”(h]”h ]”j½  ah"]”h$]”h&]”uh1j±  hj‚  h²hh³j”  h´K“ubjL  )”}”(hŒkfence_object_start”h]”jR  )”}”(hŒkfence_object_start”h]”hŒkfence_object_start”…””}”(hj´  h²hh³Nh´Nubah}”(h]”h ]”j^  ah"]”h$]”h&]”uh1jQ  hj°  ubah}”(h]”h ]”(je  jf  eh"]”h$]”h&]”hÅhÆuh1jK  hj‚  h²hh³j”  h´K“ubjk  )”}”(hŒ(const void *addr)”h]”jq  )”}”(hŒconst void *addr”h]”(jw  )”}”(hjz  h]”hŒconst”…””}”(hjÐ  h²hh³Nh´Nubah}”(h]”h ]”jƒ  ah"]”h$]”h&]”uh1jv  hjÌ  ubj;  )”}”(hŒ ”h]”hŒ ”…””}”(hjÝ  h²hh³Nh´Nubah}”(h]”h ]”jG  ah"]”h$]”h&]”uh1j:  hjÌ  ubj)  )”}”(hŒvoid”h]”hŒvoid”…””}”(hjë  h²hh³Nh´Nubah}”(h]”h ]”j5  ah"]”h$]”h&]”uh1j(  hjÌ  ubj;  )”}”(hŒ ”h]”hŒ ”…””}”(hjù  h²hh³Nh´Nubah}”(h]”h ]”jG  ah"]”h$]”h&]”uh1j:  hjÌ  ubj²  )”}”(hj  h]”hŒ*”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”j½  ah"]”h$]”h&]”uh1j±  hjÌ  ubjR  )”}”(hŒaddr”h]”hŒaddr”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”j^  ah"]”h$]”h&]”uh1jQ  hjÌ  ubeh}”(h]”h ]”h"]”h$]”h&]”Œnoemph”ˆhÅhÆuh1jp  hjÈ  ubah}”(h]”h ]”h"]”h$]”h&]”hÅhÆuh1jj  hj‚  h²hh³j”  h´K“ubeh}”(h]”h ]”h"]”h$]”h&]”hÅhÆjâ  ˆuh1j"  jã  jä  hj~  h²hh³j”  h´K“ubah}”(h]”jy  ah ]”(jè  jé  eh"]”h$]”h&]”jí  ˆjî  )jï  huh1j  h³j”  h´K“hj{  h²hubjñ  )”}”(hhh]”hì)”}”(hŒ%find the beginning of a KFENCE object”h]”hŒ%find the beginning of a KFENCE object”…””}”(hj>  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hëh³ŒX/var/lib/git/docbuild/linux/Documentation/dev-tools/kfence:319: ./include/linux/kfence.h”h´K“hj;  h²hubah}”(h]”h ]”h"]”h$]”h&]”uh1jð  hj{  h²hh³j”  h´K“ubeh}”(h]”h ]”(j  Œfunction”eh"]”h$]”h&]”j  j  j  jV  j  jV  j  ‰j  ‰j  ‰uh1j  h²hhjç  h³Nh´Nubj  )”}”(hXæ  **Parameters**

``const void *addr``
  address within a KFENCE-allocated object

**Return**

address of the beginning of the object.

**Description**

SL[AU]B-allocated objects are laid out within a page one by one, so it is
easy to calculate the beginning of an object given a pointer inside it and
the object size. The same is not true for KFENCE, which places a single
object at either end of the page. This helper function is used to find the
beginning of a KFENCE-allocated object.”h]”(hì)”}”(hŒ**Parameters**”h]”j#  )”}”(hj`  h]”hŒ
Parameters”…””}”(hjb  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j"  hj^  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hëh³ŒX/var/lib/git/docbuild/linux/Documentation/dev-tools/kfence:319: ./include/linux/kfence.h”h´K—hjZ  ubj9  )”}”(hhh]”j>  )”}”(hŒ>``const void *addr``
address within a KFENCE-allocated object
”h]”(jD  )”}”(hŒ``const void *addr``”h]”jA  )”}”(hj  h]”hŒconst void *addr”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j@  hj}  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jC  h³ŒX/var/lib/git/docbuild/linux/Documentation/dev-tools/kfence:319: ./include/linux/kfence.h”h´K”hjy  ubj^  )”}”(hhh]”hì)”}”(hŒ(address within a KFENCE-allocated object”h]”hŒ(address within a KFENCE-allocated object”…””}”(hj˜  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hëh³j”  h´K”hj•  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j]  hjy  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j=  h³j”  h´K”hjv  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j8  hjZ  ubhì)”}”(hŒ
**Return**”h]”j#  )”}”(hjº  h]”hŒReturn”…””}”(hj¼  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j"  hj¸  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hëh³ŒX/var/lib/git/docbuild/linux/Documentation/dev-tools/kfence:319: ./include/linux/kfence.h”h´K–hjZ  ubhì)”}”(hŒ'address of the beginning of the object.”h]”hŒ'address of the beginning of the object.”…””}”(hjÐ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hëh³ŒX/var/lib/git/docbuild/linux/Documentation/dev-tools/kfence:319: ./include/linux/kfence.h”h´K–hjZ  ubhì)”}”(hŒ**Description**”h]”j#  )”}”(hjá  h]”hŒDescription”…””}”(hjã  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j"  hjß  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hëh³ŒX/var/lib/git/docbuild/linux/Documentation/dev-tools/kfence:319: ./include/linux/kfence.h”h´K˜hjZ  ubhì)”}”(hXO  SL[AU]B-allocated objects are laid out within a page one by one, so it is
easy to calculate the beginning of an object given a pointer inside it and
the object size. The same is not true for KFENCE, which places a single
object at either end of the page. This helper function is used to find the
beginning of a KFENCE-allocated object.”h]”hXO  SL[AU]B-allocated objects are laid out within a page one by one, so it is
easy to calculate the beginning of an object given a pointer inside it and
the object size. The same is not true for KFENCE, which places a single
object at either end of the page. This helper function is used to find the
beginning of a KFENCE-allocated object.”…””}”(hj÷  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hëh³ŒX/var/lib/git/docbuild/linux/Documentation/dev-tools/kfence:319: ./include/linux/kfence.h”h´K—hjZ  ubeh}”(h]”h ]”Œkernelindent”ah"]”h$]”h&]”uh1j  hjç  h²hh³Nh´Nubj  )”}”(hhh]”h}”(h]”h ]”h"]”h$]”h&]”Œentries”]”(j  Œ__kfence_free (C function)”Œc.__kfence_free”hNt”auh1j  hjç  h²hh³Nh´Nubj  )”}”(hhh]”(j  )”}”(hŒvoid __kfence_free (void *addr)”h]”j#  )”}”(hŒvoid __kfence_free(void *addr)”h]”(j)  )”}”(hŒvoid”h]”hŒvoid”…””}”(hj&  h²hh³Nh´Nubah}”(h]”h ]”j5  ah"]”h$]”h&]”uh1j(  hj"  h²hh³ŒX/var/lib/git/docbuild/linux/Documentation/dev-tools/kfence:319: ./include/linux/kfence.h”h´K¡ubj;  )”}”(hŒ ”h]”hŒ ”…””}”(hj5  h²hh³Nh´Nubah}”(h]”h ]”jG  ah"]”h$]”h&]”uh1j:  hj"  h²hh³j4  h´K¡ubjL  )”}”(hŒ__kfence_free”h]”jR  )”}”(hŒ__kfence_free”h]”hŒ__kfence_free”…””}”(hjG  h²hh³Nh´Nubah}”(h]”h ]”j^  ah"]”h$]”h&]”uh1jQ  hjC  ubah}”(h]”h ]”(je  jf  eh"]”h$]”h&]”hÅhÆuh1jK  hj"  h²hh³j4  h´K¡ubjk  )”}”(hŒ(void *addr)”h]”jq  )”}”(hŒ
void *addr”h]”(j)  )”}”(hŒvoid”h]”hŒvoid”…””}”(hjc  h²hh³Nh´Nubah}”(h]”h ]”j5  ah"]”h$]”h&]”uh1j(  hj_  ubj;  )”}”(hŒ ”h]”hŒ ”…””}”(hjq  h²hh³Nh´Nubah}”(h]”h ]”jG  ah"]”h$]”h&]”uh1j:  hj_  ubj²  )”}”(hj  h]”hŒ*”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”j½  ah"]”h$]”h&]”uh1j±  hj_  ubjR  )”}”(hŒaddr”h]”hŒaddr”…””}”(hjŒ  h²hh³Nh´Nubah}”(h]”h ]”j^  ah"]”h$]”h&]”uh1jQ  hj_  ubeh}”(h]”h ]”h"]”h$]”h&]”Œnoemph”ˆhÅhÆuh1jp  hj[  ubah}”(h]”h ]”h"]”h$]”h&]”hÅhÆuh1jj  hj"  h²hh³j4  h´K¡ubeh}”(h]”h ]”h"]”h$]”h&]”hÅhÆjâ  ˆuh1j"  jã  jä  hj  h²hh³j4  h´K¡ubah}”(h]”j  ah ]”(jè  jé  eh"]”h$]”h&]”jí  ˆjî  )jï  huh1j  h³j4  h´K¡hj  h²hubjñ  )”}”(hhh]”hì)”}”(hŒ+release a KFENCE heap object to KFENCE pool”h]”hŒ+release a KFENCE heap object to KFENCE pool”…””}”(hj¶  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hëh³ŒX/var/lib/git/docbuild/linux/Documentation/dev-tools/kfence:319: ./include/linux/kfence.h”h´K¡hj³  h²hubah}”(h]”h ]”h"]”h$]”h&]”uh1jð  hj  h²hh³j4  h´K¡ubeh}”(h]”h ]”(j  Œfunction”eh"]”h$]”h&]”j  j  j  jÎ  j  jÎ  j  ‰j  ‰j  ‰uh1j  h²hhjç  h³Nh´Nubj  )”}”(hŒ–**Parameters**

``void *addr``
  object to be freed

**Description**

Requires: is_kfence_address(addr)

Release a KFENCE object and mark it as freed.”h]”(hì)”}”(hŒ**Parameters**”h]”j#  )”}”(hjØ  h]”hŒ
Parameters”…””}”(hjÚ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j"  hjÖ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hëh³ŒX/var/lib/git/docbuild/linux/Documentation/dev-tools/kfence:319: ./include/linux/kfence.h”h´K¥hjÒ  ubj9  )”}”(hhh]”j>  )”}”(hŒ"``void *addr``
object to be freed
”h]”(jD  )”}”(hŒ``void *addr``”h]”jA  )”}”(hj÷  h]”hŒ
void *addr”…””}”(hjù  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j@  hjõ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jC  h³ŒX/var/lib/git/docbuild/linux/Documentation/dev-tools/kfence:319: ./include/linux/kfence.h”h´K¢hjñ  ubj^  )”}”(hhh]”hì)”}”(hŒobject to be freed”h]”hŒobject to be freed”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hëh³j  h´K¢hj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j]  hjñ  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j=  h³j  h´K¢hjî  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j8  hjÒ  ubhì)”}”(hŒ**Description**”h]”j#  )”}”(hj2  h]”hŒDescription”…””}”(hj4  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j"  hj0  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hëh³ŒX/var/lib/git/docbuild/linux/Documentation/dev-tools/kfence:319: ./include/linux/kfence.h”h´K¤hjÒ  ubhì)”}”(hŒ!Requires: is_kfence_address(addr)”h]”hŒ!Requires: is_kfence_address(addr)”…””}”(hjH  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hëh³ŒX/var/lib/git/docbuild/linux/Documentation/dev-tools/kfence:319: ./include/linux/kfence.h”h´K£hjÒ  ubhì)”}”(hŒ-Release a KFENCE object and mark it as freed.”h]”hŒ-Release a KFENCE object and mark it as freed.”…””}”(hjW  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hëh³ŒX/var/lib/git/docbuild/linux/Documentation/dev-tools/kfence:319: ./include/linux/kfence.h”h´K¥hjÒ  ubeh}”(h]”h ]”Œkernelindent”ah"]”h$]”h&]”uh1j  hjç  h²hh³Nh´Nubj  )”}”(hhh]”h}”(h]”h ]”h"]”h$]”h&]”Œentries”]”(j  Œkfence_free (C function)”Œc.kfence_free”hNt”auh1j  hjç  h²hh³Nh´Nubj  )”}”(hhh]”(j  )”}”(hŒbool kfence_free (void *addr)”h]”j#  )”}”(hŒbool kfence_free(void *addr)”h]”(j)  )”}”(hj,  h]”hŒbool”…””}”(hj†  h²hh³Nh´Nubah}”(h]”h ]”j5  ah"]”h$]”h&]”uh1j(  hj‚  h²hh³ŒX/var/lib/git/docbuild/linux/Documentation/dev-tools/kfence:319: ./include/linux/kfence.h”h´K«ubj;  )”}”(hŒ ”h]”hŒ ”…””}”(hj”  h²hh³Nh´Nubah}”(h]”h ]”jG  ah"]”h$]”h&]”uh1j:  hj‚  h²hh³j“  h´K«ubjL  )”}”(hŒkfence_free”h]”jR  )”}”(hŒkfence_free”h]”hŒkfence_free”…””}”(hj¦  h²hh³Nh´Nubah}”(h]”h ]”j^  ah"]”h$]”h&]”uh1jQ  hj¢  ubah}”(h]”h ]”(je  jf  eh"]”h$]”h&]”hÅhÆuh1jK  hj‚  h²hh³j“  h´K«ubjk  )”}”(hŒ(void *addr)”h]”jq  )”}”(hŒ
void *addr”h]”(j)  )”}”(hŒvoid”h]”hŒvoid”…””}”(hjÂ  h²hh³Nh´Nubah}”(h]”h ]”j5  ah"]”h$]”h&]”uh1j(  hj¾  ubj;  )”}”(hŒ ”h]”hŒ ”…””}”(hjÐ  h²hh³Nh´Nubah}”(h]”h ]”jG  ah"]”h$]”h&]”uh1j:  hj¾  ubj²  )”}”(hj  h]”hŒ*”…””}”(hjÞ  h²hh³Nh´Nubah}”(h]”h ]”j½  ah"]”h$]”h&]”uh1j±  hj¾  ubjR  )”}”(hŒaddr”h]”hŒaddr”…””}”(hjë  h²hh³Nh´Nubah}”(h]”h ]”j^  ah"]”h$]”h&]”uh1jQ  hj¾  ubeh}”(h]”h ]”h"]”h$]”h&]”Œnoemph”ˆhÅhÆuh1jp  hjº  ubah}”(h]”h ]”h"]”h$]”h&]”hÅhÆuh1jj  hj‚  h²hh³j“  h´K«ubeh}”(h]”h ]”h"]”h$]”h&]”hÅhÆjâ  ˆuh1j"  jã  jä  hj~  h²hh³j“  h´K«ubah}”(h]”jy  ah ]”(jè  jé  eh"]”h$]”h&]”jí  ˆjî  )jï  huh1j  h³j“  h´K«hj{  h²hubjñ  )”}”(hhh]”hì)”}”(hŒ6try to release an arbitrary heap object to KFENCE pool”h]”hŒ6try to release an arbitrary heap object to KFENCE pool”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hëh³ŒX/var/lib/git/docbuild/linux/Documentation/dev-tools/kfence:319: ./include/linux/kfence.h”h´K«hj  h²hubah}”(h]”h ]”h"]”h$]”h&]”uh1jð  hj{  h²hh³j“  h´K«ubeh}”(h]”h ]”(j  Œfunction”eh"]”h$]”h&]”j  j  j  j-  j  j-  j  ‰j  ‰j  ‰uh1j  h²hhjç  h³Nh´Nubj  )”}”(hXÆ  **Parameters**

``void *addr``
  object to be freed

**Return**

* false - object doesn't belong to KFENCE pool and was ignored,
* true  - object was released to KFENCE pool.

**Description**

Release a KFENCE object and mark it as freed. May be called on any object,
even non-KFENCE objects, to simplify integration of the hooks into the
allocator's free codepath. The allocator must check the return value to
determine if it was a KFENCE object or not.”h]”(hì)”}”(hŒ**Parameters**”h]”j#  )”}”(hj7  h]”hŒ
Parameters”…””}”(hj9  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j"  hj5  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hëh³ŒX/var/lib/git/docbuild/linux/Documentation/dev-tools/kfence:319: ./include/linux/kfence.h”h´K¯hj1  ubj9  )”}”(hhh]”j>  )”}”(hŒ"``void *addr``
object to be freed
”h]”(jD  )”}”(hŒ``void *addr``”h]”jA  )”}”(hjV  h]”hŒ
void *addr”…””}”(hjX  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j@  hjT  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jC  h³ŒX/var/lib/git/docbuild/linux/Documentation/dev-tools/kfence:319: ./include/linux/kfence.h”h´K¬hjP  ubj^  )”}”(hhh]”hì)”}”(hŒobject to be freed”h]”hŒobject to be freed”…””}”(hjo  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hëh³jk  h´K¬hjl  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j]  hjP  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j=  h³jk  h´K¬hjM  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j8  hj1  ubhì)”}”(hŒ
**Return**”h]”j#  )”}”(hj‘  h]”hŒReturn”…””}”(hj“  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j"  hj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hëh³ŒX/var/lib/git/docbuild/linux/Documentation/dev-tools/kfence:319: ./include/linux/kfence.h”h´K®hj1  ubj7  )”}”(hhh]”(j<  )”}”(hŒ=false - object doesn't belong to KFENCE pool and was ignored,”h]”hì)”}”(hj¬  h]”hŒ?false - object doesnâ€™t belong to KFENCE pool and was ignored,”…””}”(hj®  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hëh³ŒX/var/lib/git/docbuild/linux/Documentation/dev-tools/kfence:319: ./include/linux/kfence.h”h´K®hjª  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j;  hj§  ubj<  )”}”(hŒ,true  - object was released to KFENCE pool.
”h]”hì)”}”(hŒ+true  - object was released to KFENCE pool.”h]”hŒ+true  - object was released to KFENCE pool.”…””}”(hjÆ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hëh³ŒX/var/lib/git/docbuild/linux/Documentation/dev-tools/kfence:319: ./include/linux/kfence.h”h´K¯hjÂ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j;  hj§  ubeh}”(h]”h ]”h"]”h$]”h&]”j³  j  uh1j6  h³j»  h´K®hj1  ubhì)”}”(hŒ**Description**”h]”j#  )”}”(hjã  h]”hŒDescription”…””}”(hjå  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j"  hjá  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hëh³ŒX/var/lib/git/docbuild/linux/Documentation/dev-tools/kfence:319: ./include/linux/kfence.h”h´K±hj1  ubhì)”}”(hX  Release a KFENCE object and mark it as freed. May be called on any object,
even non-KFENCE objects, to simplify integration of the hooks into the
allocator's free codepath. The allocator must check the return value to
determine if it was a KFENCE object or not.”h]”hX  Release a KFENCE object and mark it as freed. May be called on any object,
even non-KFENCE objects, to simplify integration of the hooks into the
allocatorâ€™s free codepath. The allocator must check the return value to
determine if it was a KFENCE object or not.”…””}”(hjù  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hëh³ŒX/var/lib/git/docbuild/linux/Documentation/dev-tools/kfence:319: ./include/linux/kfence.h”h´K±hj1  ubeh}”(h]”h ]”Œkernelindent”ah"]”h$]”h&]”uh1j  hjç  h²hh³Nh´Nubj  )”}”(hhh]”h}”(h]”h ]”h"]”h$]”h&]”Œentries”]”(j  Œ%kfence_handle_page_fault (C function)”Œc.kfence_handle_page_fault”hNt”auh1j  hjç  h²hh³Nh´Nubj  )”}”(hhh]”(j  )”}”(hŒWbool kfence_handle_page_fault (unsigned long addr, bool is_write, struct pt_regs *regs)”h]”j#  )”}”(hŒVbool kfence_handle_page_fault(unsigned long addr, bool is_write, struct pt_regs *regs)”h]”(j)  )”}”(hj,  h]”hŒbool”…””}”(hj(  h²hh³Nh´Nubah}”(h]”h ]”j5  ah"]”h$]”h&]”uh1j(  hj$  h²hh³ŒX/var/lib/git/docbuild/linux/Documentation/dev-tools/kfence:319: ./include/linux/kfence.h”h´KÀubj;  )”}”(hŒ ”h]”hŒ ”…””}”(hj6  h²hh³Nh´Nubah}”(h]”h ]”jG  ah"]”h$]”h&]”uh1j:  hj$  h²hh³j5  h´KÀubjL  )”}”(hŒkfence_handle_page_fault”h]”jR  )”}”(hŒkfence_handle_page_fault”h]”hŒkfence_handle_page_fault”…””}”(hjH  h²hh³Nh´Nubah}”(h]”h ]”j^  ah"]”h$]”h&]”uh1jQ  hjD  ubah}”(h]”h ]”(je  jf  eh"]”h$]”h&]”hÅhÆuh1jK  hj$  h²hh³j5  h´KÀubjk  )”}”(hŒ9(unsigned long addr, bool is_write, struct pt_regs *regs)”h]”(jq  )”}”(hŒunsigned long addr”h]”(j)  )”}”(hŒunsigned”h]”hŒunsigned”…””}”(hjd  h²hh³Nh´Nubah}”(h]”h ]”j5  ah"]”h$]”h&]”uh1j(  hj`  ubj;  )”}”(hŒ ”h]”hŒ ”…””}”(hjr  h²hh³Nh´Nubah}”(h]”h ]”jG  ah"]”h$]”h&]”uh1j:  hj`  ubj)  )”}”(hŒlong”h]”hŒlong”…””}”(hj€  h²hh³Nh´Nubah}”(h]”h ]”j5  ah"]”h$]”h&]”uh1j(  hj`  ubj;  )”}”(hŒ ”h]”hŒ ”…””}”(hjŽ  h²hh³Nh´Nubah}”(h]”h ]”jG  ah"]”h$]”h&]”uh1j:  hj`  ubjR  )”}”(hŒaddr”h]”hŒaddr”…””}”(hjœ  h²hh³Nh´Nubah}”(h]”h ]”j^  ah"]”h$]”h&]”uh1jQ  hj`  ubeh}”(h]”h ]”h"]”h$]”h&]”Œnoemph”ˆhÅhÆuh1jp  hj\  ubjq  )”}”(hŒbool is_write”h]”(j)  )”}”(hj,  h]”hŒbool”…””}”(hjµ  h²hh³Nh´Nubah}”(h]”h ]”j5  ah"]”h$]”h&]”uh1j(  hj±  ubj;  )”}”(hŒ ”h]”hŒ ”…””}”(hjÂ  h²hh³Nh´Nubah}”(h]”h ]”jG  ah"]”h$]”h&]”uh1j:  hj±  ubjR  )”}”(hŒis_write”h]”hŒis_write”…””}”(hjÐ  h²hh³Nh´Nubah}”(h]”h ]”j^  ah"]”h$]”h&]”uh1jQ  hj±  ubeh}”(h]”h ]”h"]”h$]”h&]”Œnoemph”ˆhÅhÆuh1jp  hj\  ubjq  )”}”(hŒstruct pt_regs *regs”h]”(jw  )”}”(hjV  h]”hŒstruct”…””}”(hjé  h²hh³Nh´Nubah}”(h]”h ]”jƒ  ah"]”h$]”h&]”uh1jv  hjå  ubj;  )”}”(hŒ ”h]”hŒ ”…””}”(hjö  h²hh³Nh´Nubah}”(h]”h ]”jG  ah"]”h$]”h&]”uh1j:  hjå  ubh)”}”(hhh]”jR  )”}”(hŒpt_regs”h]”hŒpt_regs”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”j^  ah"]”h$]”h&]”uh1jQ  hj  ubah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”j  Œreftype”j‰  Œ	reftarget”j	  Œmodname”NŒ	classname”Nj  j  )”}”j“  ]”j–  )”}”j‰  jJ  sbŒc.kfence_handle_page_fault”†”asbuh1hhjå  ubj;  )”}”(hŒ ”h]”hŒ ”…””}”(hj'  h²hh³Nh´Nubah}”(h]”h ]”jG  ah"]”h$]”h&]”uh1j:  hjå  ubj²  )”}”(hj  h]”hŒ*”…””}”(hj5  h²hh³Nh´Nubah}”(h]”h ]”j½  ah"]”h$]”h&]”uh1j±  hjå  ubjR  )”}”(hŒregs”h]”hŒregs”…””}”(hjB  h²hh³Nh´Nubah}”(h]”h ]”j^  ah"]”h$]”h&]”uh1jQ  hjå  ubeh}”(h]”h ]”h"]”h$]”h&]”Œnoemph”ˆhÅhÆuh1jp  hj\  ubeh}”(h]”h ]”h"]”h$]”h&]”hÅhÆuh1jj  hj$  h²hh³j5  h´KÀubeh}”(h]”h ]”h"]”h$]”h&]”hÅhÆjâ  ˆuh1j"  jã  jä  hj   h²hh³j5  h´KÀubah}”(h]”j  ah ]”(jè  jé  eh"]”h$]”h&]”jí  ˆjî  )jï  huh1j  h³j5  h´KÀhj  h²hubjñ  )”}”(hhh]”hì)”}”(hŒ,perform page fault handling for KFENCE pages”h]”hŒ,perform page fault handling for KFENCE pages”…””}”(hjl  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hëh³ŒX/var/lib/git/docbuild/linux/Documentation/dev-tools/kfence:319: ./include/linux/kfence.h”h´KÀhji  h²hubah}”(h]”h ]”h"]”h$]”h&]”uh1jð  hj  h²hh³j5  h´KÀubeh}”(h]”h ]”(j  Œfunction”eh"]”h$]”h&]”j  j  j  j„  j  j„  j  ‰j  ‰j  ‰uh1j  h²hhjç  h³Nh´Nubj  )”}”(hXL  **Parameters**

``unsigned long addr``
  faulting address

``bool is_write``
  is access a write

``struct pt_regs *regs``
  current struct pt_regs (can be NULL, but shows full stack trace)

**Return**

* false - address outside KFENCE pool,
* true  - page fault handled by KFENCE, no additional handling required.

**Description**

A page fault inside KFENCE pool indicates a memory error, such as an
out-of-bounds access, a use-after-free or an invalid memory access. In these
cases KFENCE prints an error message and marks the offending page as
present, so that the kernel can proceed.”h]”(hì)”}”(hŒ**Parameters**”h]”j#  )”}”(hjŽ  h]”hŒ
Parameters”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j"  hjŒ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hëh³ŒX/var/lib/git/docbuild/linux/Documentation/dev-tools/kfence:319: ./include/linux/kfence.h”h´KÄhjˆ  ubj9  )”}”(hhh]”(j>  )”}”(hŒ(``unsigned long addr``
faulting address
”h]”(jD  )”}”(hŒ``unsigned long addr``”h]”jA  )”}”(hj­  h]”hŒunsigned long addr”…””}”(hj¯  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j@  hj«  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jC  h³ŒX/var/lib/git/docbuild/linux/Documentation/dev-tools/kfence:319: ./include/linux/kfence.h”h´KÁhj§  ubj^  )”}”(hhh]”hì)”}”(hŒfaulting address”h]”hŒfaulting address”…””}”(hjÆ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hëh³jÂ  h´KÁhjÃ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j]  hj§  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j=  h³jÂ  h´KÁhj¤  ubj>  )”}”(hŒ$``bool is_write``
is access a write
”h]”(jD  )”}”(hŒ``bool is_write``”h]”jA  )”}”(hjæ  h]”hŒbool is_write”…””}”(hjè  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j@  hjä  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jC  h³ŒX/var/lib/git/docbuild/linux/Documentation/dev-tools/kfence:319: ./include/linux/kfence.h”h´KÂhjà  ubj^  )”}”(hhh]”hì)”}”(hŒis access a write”h]”hŒis access a write”…””}”(hjÿ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hëh³jû  h´KÂhjü  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j]  hjà  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j=  h³jû  h´KÂhj¤  ubj>  )”}”(hŒZ``struct pt_regs *regs``
current struct pt_regs (can be NULL, but shows full stack trace)
”h]”(jD  )”}”(hŒ``struct pt_regs *regs``”h]”jA  )”}”(hj  h]”hŒstruct pt_regs *regs”…””}”(hj!  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j@  hj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jC  h³ŒX/var/lib/git/docbuild/linux/Documentation/dev-tools/kfence:319: ./include/linux/kfence.h”h´KÃhj  ubj^  )”}”(hhh]”hì)”}”(hŒ@current struct pt_regs (can be NULL, but shows full stack trace)”h]”hŒ@current struct pt_regs (can be NULL, but shows full stack trace)”…””}”(hj8  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hëh³j4  h´KÃhj5  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j]  hj  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j=  h³j4  h´KÃhj¤  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j8  hjˆ  ubhì)”}”(hŒ
**Return**”h]”j#  )”}”(hjZ  h]”hŒReturn”…””}”(hj\  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j"  hjX  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hëh³ŒX/var/lib/git/docbuild/linux/Documentation/dev-tools/kfence:319: ./include/linux/kfence.h”h´KÅhjˆ  ubj7  )”}”(hhh]”(j<  )”}”(hŒ$false - address outside KFENCE pool,”h]”hì)”}”(hju  h]”hŒ$false - address outside KFENCE pool,”…””}”(hjw  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hëh³ŒX/var/lib/git/docbuild/linux/Documentation/dev-tools/kfence:319: ./include/linux/kfence.h”h´KÅhjs  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j;  hjp  ubj<  )”}”(hŒGtrue  - page fault handled by KFENCE, no additional handling required.
”h]”hì)”}”(hŒFtrue  - page fault handled by KFENCE, no additional handling required.”h]”hŒFtrue  - page fault handled by KFENCE, no additional handling required.”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hëh³ŒX/var/lib/git/docbuild/linux/Documentation/dev-tools/kfence:319: ./include/linux/kfence.h”h´KÆhj‹  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j;  hjp  ubeh}”(h]”h ]”h"]”h$]”h&]”j³  j  uh1j6  h³j„  h´KÅhjˆ  ubhì)”}”(hŒ**Description**”h]”j#  )”}”(hj¬  h]”hŒDescription”…””}”(hj®  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j"  hjª  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hëh³ŒX/var/lib/git/docbuild/linux/Documentation/dev-tools/kfence:319: ./include/linux/kfence.h”h´KÈhjˆ  ubhì)”}”(hŒÿA page fault inside KFENCE pool indicates a memory error, such as an
out-of-bounds access, a use-after-free or an invalid memory access. In these
cases KFENCE prints an error message and marks the offending page as
present, so that the kernel can proceed.”h]”hŒÿA page fault inside KFENCE pool indicates a memory error, such as an
out-of-bounds access, a use-after-free or an invalid memory access. In these
cases KFENCE prints an error message and marks the offending page as
present, so that the kernel can proceed.”…””}”(hjÂ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hëh³ŒX/var/lib/git/docbuild/linux/Documentation/dev-tools/kfence:319: ./include/linux/kfence.h”h´KÈhjˆ  ubeh}”(h]”h ]”Œkernelindent”ah"]”h$]”h&]”uh1j  hjç  h²hh³Nh´Nubeh}”(h]”Œ	interface”ah ]”h"]”Œ	interface”ah$]”h&]”uh1hÖhhØh²hh³hÇh´M:ubh×)”}”(hhh]”(hÜ)”}”(hŒRelated Tools”h]”hŒRelated Tools”…””}”(hjã  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÛhjà  h²hh³hÇh´MGubhì)”}”(hXÔ  In userspace, a similar approach is taken by `GWP-ASan
<http://llvm.org/docs/GwpAsan.html>`_. GWP-ASan also relies on guard pages and
a sampling strategy to detect memory unsafety bugs at scale. KFENCE's design is
directly influenced by GWP-ASan, and can be seen as its kernel sibling. Another
similar but non-sampling approach, that also inspired the name "KFENCE", can be
found in the userspace `Electric Fence Malloc Debugger
<https://linux.die.net/man/3/efence>`_.”h]”(hŒ-In userspace, a similar approach is taken by ”…””}”(hjñ  h²hh³Nh´NubhŒ	reference”“”)”}”(hŒ/`GWP-ASan
<http://llvm.org/docs/GwpAsan.html>`_”h]”hŒGWP-ASan”…””}”(hjû  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œname”ŒGWP-ASan”Œrefuri”Œ!http://llvm.org/docs/GwpAsan.html”uh1jù  hjñ  ubhŒtarget”“”)”}”(hŒ$
<http://llvm.org/docs/GwpAsan.html>”h]”h}”(h]”Œgwp-asan”ah ]”h"]”Œgwp-asan”ah$]”h&]”Œrefuri”j  uh1j  Œ
referenced”Khjñ  ubhX7  . GWP-ASan also relies on guard pages and
a sampling strategy to detect memory unsafety bugs at scale. KFENCEâ€™s design is
directly influenced by GWP-ASan, and can be seen as its kernel sibling. Another
similar but non-sampling approach, that also inspired the name â€œKFENCEâ€, can be
found in the userspace ”…””}”(hjñ  h²hh³Nh´Nubjú  )”}”(hŒF`Electric Fence Malloc Debugger
<https://linux.die.net/man/3/efence>`_”h]”hŒElectric Fence Malloc Debugger”…””}”(hj!  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œname”ŒElectric Fence Malloc Debugger”j  Œ"https://linux.die.net/man/3/efence”uh1jù  hjñ  ubj  )”}”(hŒ%
<https://linux.die.net/man/3/efence>”h]”h}”(h]”Œelectric-fence-malloc-debugger”ah ]”h"]”Œelectric fence malloc debugger”ah$]”h&]”Œrefuri”j1  uh1j  j  Khjñ  ubhŒ.”…””}”(hjñ  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hëh³hÇh´MIhjà  h²hubhì)”}”(hŒðIn the kernel, several tools exist to debug memory access errors, and in
particular KASAN can detect all bug classes that KFENCE can detect. While KASAN
is more precise, relying on compiler instrumentation, this comes at a
performance cost.”h]”hŒðIn the kernel, several tools exist to debug memory access errors, and in
particular KASAN can detect all bug classes that KFENCE can detect. While KASAN
is more precise, relying on compiler instrumentation, this comes at a
performance cost.”…””}”(hjI  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hëh³hÇh´MQhjà  h²hubhì)”}”(hXÌ  It is worth highlighting that KASAN and KFENCE are complementary, with
different target environments. For instance, KASAN is the better debugging-aid,
where test cases or reproducers exists: due to the lower chance to detect the
error, it would require more effort using KFENCE to debug. Deployments at scale
that cannot afford to enable KASAN, however, would benefit from using KFENCE to
discover bugs due to code paths not exercised by test cases or fuzzers.”h]”hXÌ  It is worth highlighting that KASAN and KFENCE are complementary, with
different target environments. For instance, KASAN is the better debugging-aid,
where test cases or reproducers exists: due to the lower chance to detect the
error, it would require more effort using KFENCE to debug. Deployments at scale
that cannot afford to enable KASAN, however, would benefit from using KFENCE to
discover bugs due to code paths not exercised by test cases or fuzzers.”…””}”(hjW  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hëh³hÇh´MVhjà  h²hubeh}”(h]”Œrelated-tools”ah ]”h"]”Œrelated tools”ah$]”h&]”uh1hÖhhØh²hh³hÇh´MGubeh}”(h]”Œkernel-electric-fence-kfence”ah ]”h"]”Œkernel electric-fence (kfence)”ah$]”h&]”uh1hÖhhh²hh³hÇh´Kubeh}”(h]”h ]”h"]”h$]”h&]”Œsource”hÇuh1hŒcurrent_source”NŒcurrent_line”NŒsettings”Œdocutils.frontend”ŒValues”“”)”}”(hÛNŒ	generator”NŒ	datestamp”NŒsource_link”NŒ
source_url”NŒtoc_backlinks”Œentry”Œfootnote_backlinks”KŒsectnum_xform”KŒstrip_comments”NŒstrip_elements_with_classes”NŒstrip_classes”NŒreport_level”KŒ
halt_level”KŒexit_status_level”KŒdebug”NŒwarning_stream”NŒ	traceback”ˆŒinput_encoding”Œ	utf-8-sig”Œinput_encoding_error_handler”Œstrict”Œoutput_encoding”Œutf-8”Œoutput_encoding_error_handler”j˜  Œerror_encoding”Œutf-8”Œerror_encoding_error_handler”Œbackslashreplace”Œlanguage_code”Œen”Œrecord_dependencies”NŒconfig”NŒ	id_prefix”hŒauto_id_prefix”Œid”Œdump_settings”NŒdump_internals”NŒdump_transforms”NŒdump_pseudo_xml”NŒexpose_internals”NŒstrict_visitor”NŒ_disable_config”NŒ_source”hÇŒ_destination”NŒ_config_files”]”Œ7/var/lib/git/docbuild/linux/Documentation/docutils.conf”aŒfile_insertion_enabled”ˆŒraw_enabled”KŒline_length_limit”M'Œpep_references”NŒpep_base_url”Œhttps://peps.python.org/”Œpep_file_url_template”Œpep-%04d”Œrfc_references”NŒrfc_base_url”Œ&https://datatracker.ietf.org/doc/html/”Œ	tab_width”KŒtrim_footnote_reference_space”‰Œsyntax_highlight”Œlong”Œsmart_quotes”ˆŒsmartquotes_locales”]”Œcharacter_level_inline_markup”‰Œdoctitle_xform”‰Œdocinfo_xform”KŒsectsubtitle_xform”‰Œimage_loading”Œlink”Œembed_stylesheet”‰Œcloak_email_addresses”ˆŒsection_self_link”‰Œenv”NubŒreporter”NŒindirect_targets”]”Œsubstitution_defs”}”Œsubstitution_names”}”Œrefnames”}”Œrefids”}”Œnameids”}”(jr  jo  j%  j"  j  jÿ  j˜  j•  j  j  jä  já  jÝ  jÚ  jj  jg  j  j  j;  j8  uŒ	nametypes”}”(jr  ‰j%  ‰j  ‰j˜  ‰j  ‰jä  ‰jÝ  ‰jj  ‰j  ˆj;  ˆuh}”(jo  hØj"  j	  jÿ  jˆ  j•  j  j  j›  já  j(  jÚ  jç  j  j  j
  j  j²	  j·	  j¦  j«  jy  j~  j  j  jy  j~  j  j   jg  jà  j  j  j8  j2  uŒfootnote_refs”}”Œcitation_refs”}”Œautofootnotes”]”Œautofootnote_refs”]”Œsymbol_footnotes”]”Œsymbol_footnote_refs”]”Œ	footnotes”]”Œ	citations”]”Œautofootnote_start”KŒsymbol_footnote_start”K Œ
id_counter”Œcollections”ŒCounter”“”}”…”R”Œparse_messages”]”Œtransform_messages”]”Œtransformer”NŒinclude_log”]”Œ
decoration”Nh²hub.