Announcement

Collapse
No announcement yet.

Kernel Electric-Fence: Linux 5.12 Merges KFence For Low-Overhead Memory Safety Feature

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    Kernel Electric-Fence: Linux 5.12 Merges KFence For Low-Overhead Memory Safety Feature

    Phoronix: Kernel Electric-Fence: Linux 5.12 Merges KFence For Low-Overhead Memory Safety Feature

    Linus Torvalds just merged a set of patches that includes KFence. Short for the Kernel Electric Fence, KFence is a low-overhead memory safety error detector/validator that is suitable for use in production kernel builds...

    Kernel Electric-Fence: Linux 5.12 Merges KFence For Low-Overhead Memory Safety Feature - Phoronix
    http://www.phoronix.com/scan.php?page=news_item&px=Linux-5.12-KFence
    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite
    Tags: None
  • #2
    But is it faster/lower memory than just using rust/etc?

    Comment

    • #3
      Originally posted by elatllat View Post
      But is it faster/lower memory than just using rust/etc?
      This is for kernel memory issues, not anything user-space... The Linux kernel isn't being rewritten in full in Rust anytime soon.
      Michael Larabel
      https://www.michaellarabel.com/
      • Likes 1

      Comment

      • #4
        Originally posted by elatllat View Post
        But is it faster/lower memory than just using rust/etc?
        Yes kfence is. But its also not checking for all the things rust is or requiring code rewrite like rust would. This kfence is close to zero because its really using the MMU and mostly minor difference in MMU permission setting to generate errors of something does something it should not. Yes allocating and deallocating memory is playing with page tables/MMU stuff anyhow at different points so most of the operations would have to be done anyhow difference here being permissions set and having a error handler when some thing does something it should not.

        kfence.rst « dev-tools « Documentation - kernel/git/torvalds/linux.git - Linux kernel source tree
        https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/dev-tools/kfence.rst


        Code:
        Guarded allocations are set up based on the sample interval. After expiration of the sample interval, the next allocation through the main allocator (SLAB or SLUB) returns a guarded allocation from the KFENCE object pool (allocation sizes up to PAGE_SIZE are supported). At this point, the timer is reset, and the next allocation is set up after the expiration of the interval. To "gate" a KFENCE allocation through the main allocator's fast-path without overhead, KFENCE relies on static branches via the static keys infrastructure. The static branch is toggled to redirect the allocation to KFENCE.
        This is description of the core of KFENCE. Its really simple you free something instead of straight up making it memory that can be reused its added to a pool of memory if accessed will generate error that is trapped for a time frame. Guard pages around allocations can pick up buffer overflows and other errors like this. This does not prevent all the errors rust will or mathematically secure like sel4 is will but does a better job than nothing.
        • Likes 6

        Comment

        • #5
          Everything about this post and thread triggered me

          Originally posted by Michael View Post
          The Linux kernel isn't being rewritten in full in Rust anytime soon.
          I felt a great disturbance in the Force, as if millions of voices suddenly cried out in terror and were suddenly silenced.


          Does anyone remember "Don't whiz on the electric fence"? Because this is how I'm going to be imagining memory errors now.

          Comment

          • #6
            I assume this won't help with under volting...

            https://youtu.be/zKIliM-pHFs

            Comment

            • #7
              Originally posted by skeevy420 View Post
              Everything about this post and thread triggered me

              I felt a great disturbance in the Force, as if millions of voices suddenly cried out in terror and were suddenly silenced.

              Does anyone remember "Don't whiz on the electric fence"? Because this is how I'm going to be imagining memory errors now.

              Originally posted by elatllat View Post
              I assume this won't help with under volting...
              Both of you its the wrong electric fence. https://en.wikipedia.org/wiki/Electric_Fence There is a bit of software that is called Electric Fence and its used as a description for a particular type of memory protection.

              Mind you newer people might know it as duma.
              DUMA library
              http://duma.sourceforge.net/
              DUMA


              utilizes the MMU (memory management unit) of the CPU:
              allocates and protects an extra memory page to detect any illegal access beyond the top of the buffer (or bottom, at the user's option)
              Basically its when you are using MMU permissions to find buffer overflows, use after frees.... this can be called electric fence/electric fencing when you are talking software development.

              Software development particular usage of term "electric fence"/"electric fencing" is different. Its a little hard to pee on the software development form of a electric fence.

              Yes this form of protection absolutely does not help with undervolt problems.

              Comment

              Previous template Next
              Working...
              X