As part of the Linux 5.12 kernel under development enabled implementation of the mechanism KFence (Kernel Electric Fence), which checks work with memory, catching out of bounds of buffers, memory accesses after freeing and other errors of a similar class.
Similar functionality was already present in the kernel in the form of the KASAN build option (kernel address sanitizer, using the address sanitizer features in modern gcc and clang) – however, it was positioned mainly for debugging use. The mentioned subsystem differs from KASAN in its high speed of operation, which allows using this feature even on cores in production systems.
Application on production systems will make it possible to catch memory errors that do not appear in test runs and only surface on workloads or during long-term operation (with a large uptime). In addition, the use of KFence on production systems will make it possible to significantly increase the number of machines involved in checking memory operations.
KFence achieves minimal overhead, independent of load, by substituting guard pages into the heap not as memory operations are performed, but at fixed intervals. After the expiration of the next protection interval, KFence through the standard memory allocation system (SLAB or SLUB allocator) adds another page of protection based on the pool of KFence objects, and starts a new time counter report. Each KFence object is located in a separate page of memory, and the memory pages along the left and right boundaries form guard pages, the size of which is chosen at random.
Thus, pages with objects are separated from each other by protection pages, which are configured to generate a “page fault” on any access. To detect write operations outside the buffer, inside pages with objects, “red zones” based on patterns are additionally used, which occupy memory that is not used by objects, which remains when aligning the size of memory pages.