Commit | Line | Data |
---|---|---|
ec8f24b7 | 1 | # SPDX-License-Identifier: GPL-2.0-only |
2bd926b4 | 2 | # This config refers to the generic KASAN mode. |
0b24becc AR |
3 | config HAVE_ARCH_KASAN |
4 | bool | |
5 | ||
2bd926b4 AK |
6 | config HAVE_ARCH_KASAN_SW_TAGS |
7 | bool | |
8 | ||
3c5c3cfb DA |
9 | config HAVE_ARCH_KASAN_VMALLOC |
10 | bool | |
11 | ||
2bd926b4 AK |
12 | config CC_HAS_KASAN_GENERIC |
13 | def_bool $(cc-option, -fsanitize=kernel-address) | |
14 | ||
15 | config CC_HAS_KASAN_SW_TAGS | |
16 | def_bool $(cc-option, -fsanitize=kernel-hwaddress) | |
0b24becc | 17 | |
7b861a53 | 18 | config CC_HAS_WORKING_NOSANITIZE_ADDRESS |
acf7b0bf | 19 | def_bool !CC_IS_GCC || GCC_VERSION >= 80300 |
7b861a53 | 20 | |
7a3767f8 | 21 | menuconfig KASAN |
2bd926b4 AK |
22 | bool "KASAN: runtime memory debugger" |
23 | depends on (HAVE_ARCH_KASAN && CC_HAS_KASAN_GENERIC) || \ | |
24 | (HAVE_ARCH_KASAN_SW_TAGS && CC_HAS_KASAN_SW_TAGS) | |
25 | depends on (SLUB && SYSFS) || (SLAB && !DEBUG_SLAB) | |
7b861a53 | 26 | depends on CC_HAS_WORKING_NOSANITIZE_ADDRESS |
2bd926b4 AK |
27 | help |
28 | Enables KASAN (KernelAddressSANitizer) - runtime memory debugger, | |
29 | designed to find out-of-bounds accesses and use-after-free bugs. | |
30 | See Documentation/dev-tools/kasan.rst for details. | |
31 | ||
7a3767f8 ME |
32 | if KASAN |
33 | ||
2bd926b4 AK |
34 | choice |
35 | prompt "KASAN mode" | |
2bd926b4 AK |
36 | default KASAN_GENERIC |
37 | help | |
38 | KASAN has two modes: generic KASAN (similar to userspace ASan, | |
39 | x86_64/arm64/xtensa, enabled with CONFIG_KASAN_GENERIC) and | |
40 | software tag-based KASAN (a version based on software memory | |
41 | tagging, arm64 only, similar to userspace HWASan, enabled with | |
42 | CONFIG_KASAN_SW_TAGS). | |
ac4766be | 43 | |
2bd926b4 AK |
44 | Both generic and tag-based KASAN are strictly debugging features. |
45 | ||
46 | config KASAN_GENERIC | |
47 | bool "Generic mode" | |
48 | depends on HAVE_ARCH_KASAN && CC_HAS_KASAN_GENERIC | |
03758dbb | 49 | depends on (SLUB && SYSFS) || (SLAB && !DEBUG_SLAB) |
dd275caf | 50 | select SLUB_DEBUG if SLUB |
bebf56a1 | 51 | select CONSTRUCTORS |
80a9201a | 52 | select STACKDEPOT |
0b24becc | 53 | help |
2bd926b4 | 54 | Enables generic KASAN mode. |
ac4766be ME |
55 | |
56 | This mode is supported in both GCC and Clang. With GCC it requires | |
527f6750 ME |
57 | version 8.3.0 or later. Any supported Clang version is compatible, |
58 | but detection of out-of-bounds accesses for global variables is | |
59 | supported only since Clang 11. | |
ac4766be | 60 | |
2bd926b4 AK |
61 | This mode consumes about 1/8th of available memory at kernel start |
62 | and introduces an overhead of ~x1.5 for the rest of the allocations. | |
63 | The performance slowdown is ~x3. | |
ac4766be | 64 | |
89d3c87e | 65 | For better error detection enable CONFIG_STACKTRACE. |
ac4766be | 66 | |
2bd926b4 | 67 | Currently CONFIG_KASAN_GENERIC doesn't work with CONFIG_DEBUG_SLAB |
7ed2f9e6 | 68 | (the resulting kernel does not boot). |
0b24becc | 69 | |
2bd926b4 AK |
70 | config KASAN_SW_TAGS |
71 | bool "Software tag-based mode" | |
72 | depends on HAVE_ARCH_KASAN_SW_TAGS && CC_HAS_KASAN_SW_TAGS | |
73 | depends on (SLUB && SYSFS) || (SLAB && !DEBUG_SLAB) | |
74 | select SLUB_DEBUG if SLUB | |
75 | select CONSTRUCTORS | |
76 | select STACKDEPOT | |
77 | help | |
78 | Enables software tag-based KASAN mode. | |
ac4766be | 79 | |
2bd926b4 | 80 | This mode requires Top Byte Ignore support by the CPU and therefore |
527f6750 | 81 | is only supported for arm64. This mode requires Clang. |
ac4766be | 82 | |
2bd926b4 AK |
83 | This mode consumes about 1/16th of available memory at kernel start |
84 | and introduces an overhead of ~20% for the rest of the allocations. | |
85 | This mode may potentially introduce problems relating to pointer | |
86 | casting and comparison, as it embeds tags into the top byte of each | |
87 | pointer. | |
ac4766be | 88 | |
2bd926b4 | 89 | For better error detection enable CONFIG_STACKTRACE. |
ac4766be | 90 | |
2bd926b4 AK |
91 | Currently CONFIG_KASAN_SW_TAGS doesn't work with CONFIG_DEBUG_SLAB |
92 | (the resulting kernel does not boot). | |
93 | ||
94 | endchoice | |
95 | ||
0b24becc AR |
96 | choice |
97 | prompt "Instrumentation type" | |
0b24becc AR |
98 | default KASAN_OUTLINE |
99 | ||
100 | config KASAN_OUTLINE | |
101 | bool "Outline instrumentation" | |
102 | help | |
103 | Before every memory access compiler insert function call | |
104 | __asan_load*/__asan_store*. These functions performs check | |
105 | of shadow memory. This is slower than inline instrumentation, | |
106 | however it doesn't bloat size of kernel's .text section so | |
107 | much as inline does. | |
108 | ||
109 | config KASAN_INLINE | |
110 | bool "Inline instrumentation" | |
111 | help | |
112 | Compiler directly inserts code checking shadow memory before | |
113 | memory accesses. This is faster than outline (in some workloads | |
114 | it gives about x2 boost over outline instrumentation), but | |
115 | make kernel's .text size much bigger. | |
116 | ||
117 | endchoice | |
118 | ||
6baec880 AB |
119 | config KASAN_STACK_ENABLE |
120 | bool "Enable stack instrumentation (unsafe)" if CC_IS_CLANG && !COMPILE_TEST | |
6baec880 AB |
121 | help |
122 | The LLVM stack address sanitizer has a know problem that | |
123 | causes excessive stack usage in a lot of functions, see | |
124 | https://bugs.llvm.org/show_bug.cgi?id=38809 | |
125 | Disabling asan-stack makes it safe to run kernels build | |
126 | with clang-8 with KASAN enabled, though it loses some of | |
127 | the functionality. | |
ebb6d35a AB |
128 | This feature is always disabled when compile-testing with clang |
129 | to avoid cluttering the output in stack overflow warnings, | |
130 | but clang users can still enable it for builds without | |
131 | CONFIG_COMPILE_TEST. On gcc it is assumed to always be safe | |
132 | to use and enabled by default. | |
6baec880 AB |
133 | |
134 | config KASAN_STACK | |
135 | int | |
136 | default 1 if KASAN_STACK_ENABLE || CC_IS_GCC | |
137 | default 0 | |
138 | ||
5dff0381 VG |
139 | config KASAN_S390_4_LEVEL_PAGING |
140 | bool "KASan: use 4-level paging" | |
7a3767f8 | 141 | depends on S390 |
5dff0381 VG |
142 | help |
143 | Compiling the kernel with KASan disables automatic 3-level vs | |
144 | 4-level paging selection. 3-level paging is used by default (up | |
145 | to 3TB of RAM with KASan enabled). This options allows to force | |
146 | 4-level paging instead. | |
147 | ||
ae8f06b3 WW |
148 | config KASAN_SW_TAGS_IDENTIFY |
149 | bool "Enable memory corruption identification" | |
150 | depends on KASAN_SW_TAGS | |
151 | help | |
152 | This option enables best-effort identification of bug type | |
153 | (use-after-free or out-of-bounds) at the cost of increased | |
154 | memory consumption. | |
155 | ||
3c5c3cfb DA |
156 | config KASAN_VMALLOC |
157 | bool "Back mappings in vmalloc space with real shadow memory" | |
7a3767f8 | 158 | depends on HAVE_ARCH_KASAN_VMALLOC |
3c5c3cfb DA |
159 | help |
160 | By default, the shadow region for vmalloc space is the read-only | |
161 | zero page. This means that KASAN cannot detect errors involving | |
162 | vmalloc space. | |
163 | ||
164 | Enabling this option will hook in to vmap/vmalloc and back those | |
165 | mappings with real shadow memory allocated on demand. This allows | |
166 | for KASAN to detect more sorts of errors (and to support vmapped | |
167 | stacks), but at the cost of higher memory usage. | |
168 | ||
73228c7e PA |
169 | config KASAN_KUNIT_TEST |
170 | tristate "KUnit-compatible tests of KASAN bug detection capabilities" if !KUNIT_ALL_TESTS | |
171 | depends on KASAN && KUNIT | |
172 | default KUNIT_ALL_TESTS | |
3f15801c | 173 | help |
73228c7e PA |
174 | This is a KUnit test suite doing various nasty things like |
175 | out of bounds and use after free accesses. It is useful for testing | |
2bd926b4 | 176 | kernel debugging features like KASAN. |
7a3767f8 | 177 | |
73228c7e PA |
178 | For more information on KUnit and unit tests in general, please refer |
179 | to the KUnit documentation in Documentation/dev-tools/kunit | |
180 | ||
181 | config TEST_KASAN_MODULE | |
182 | tristate "KUnit-incompatible tests of KASAN bug detection capabilities" | |
183 | depends on m && KASAN | |
184 | help | |
185 | This is a part of the KASAN test suite that is incompatible with | |
186 | KUnit. Currently includes tests that do bad copy_from/to_user | |
187 | accesses. | |
188 | ||
7a3767f8 | 189 | endif # KASAN |