Commit | Line | Data |
---|---|---|
ec8f24b7 | 1 | # SPDX-License-Identifier: GPL-2.0-only |
fe30ddca | 2 | |
2bd926b4 | 3 | # This config refers to the generic KASAN mode. |
0b24becc AR |
4 | config HAVE_ARCH_KASAN |
5 | bool | |
6 | ||
2bd926b4 AK |
7 | config HAVE_ARCH_KASAN_SW_TAGS |
8 | bool | |
9 | ||
6a63a63f AK |
10 | config HAVE_ARCH_KASAN_HW_TAGS |
11 | bool | |
12 | ||
13 | config HAVE_ARCH_KASAN_VMALLOC | |
3c5c3cfb DA |
14 | bool |
15 | ||
158f2552 DA |
16 | config ARCH_DISABLE_KASAN_INLINE |
17 | bool | |
18 | help | |
fe30ddca AK |
19 | Disables both inline and stack instrumentation. Selected by |
20 | architectures that do not support these instrumentation types. | |
158f2552 | 21 | |
2bd926b4 AK |
22 | config CC_HAS_KASAN_GENERIC |
23 | def_bool $(cc-option, -fsanitize=kernel-address) | |
24 | ||
25 | config CC_HAS_KASAN_SW_TAGS | |
26 | def_bool $(cc-option, -fsanitize=kernel-hwaddress) | |
0b24becc | 27 | |
6a63a63f | 28 | # This option is only required for software KASAN modes. |
fe30ddca | 29 | # Old GCC versions do not have proper support for no_sanitize_address. |
6a63a63f | 30 | # See https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89124 for details. |
7b861a53 | 31 | config CC_HAS_WORKING_NOSANITIZE_ADDRESS |
acf7b0bf | 32 | def_bool !CC_IS_GCC || GCC_VERSION >= 80300 |
7b861a53 | 33 | |
7a3767f8 | 34 | menuconfig KASAN |
fe30ddca | 35 | bool "KASAN: dynamic memory safety error detector" |
6a63a63f AK |
36 | depends on (((HAVE_ARCH_KASAN && CC_HAS_KASAN_GENERIC) || \ |
37 | (HAVE_ARCH_KASAN_SW_TAGS && CC_HAS_KASAN_SW_TAGS)) && \ | |
38 | CC_HAS_WORKING_NOSANITIZE_ADDRESS) || \ | |
39 | HAVE_ARCH_KASAN_HW_TAGS | |
2a19be61 | 40 | depends on SYSFS && !SLUB_TINY |
2dba5eb1 | 41 | select STACKDEPOT_ALWAYS_INIT |
2bd926b4 | 42 | help |
fe30ddca AK |
43 | Enables KASAN (Kernel Address Sanitizer) - a dynamic memory safety |
44 | error detector designed to find out-of-bounds and use-after-free bugs. | |
45 | ||
2bd926b4 AK |
46 | See Documentation/dev-tools/kasan.rst for details. |
47 | ||
fe30ddca AK |
48 | For better error reports, also enable CONFIG_STACKTRACE. |
49 | ||
7a3767f8 ME |
50 | if KASAN |
51 | ||
36be5cba ME |
52 | config CC_HAS_KASAN_MEMINTRINSIC_PREFIX |
53 | def_bool (CC_IS_CLANG && $(cc-option,-fsanitize=kernel-address -mllvm -asan-kernel-mem-intrinsic-prefix=1)) || \ | |
54 | (CC_IS_GCC && $(cc-option,-fsanitize=kernel-address --param asan-kernel-mem-intrinsic-prefix=1)) | |
55 | # Don't define it if we don't need it: compilation of the test uses | |
56 | # this variable to decide how the compiler should treat builtins. | |
57 | depends on !KASAN_HW_TAGS | |
58 | help | |
59 | The compiler is able to prefix memintrinsics with __asan or __hwasan. | |
60 | ||
2bd926b4 AK |
61 | choice |
62 | prompt "KASAN mode" | |
2bd926b4 AK |
63 | default KASAN_GENERIC |
64 | help | |
6a63a63f | 65 | KASAN has three modes: |
6a63a63f | 66 | |
fe30ddca AK |
67 | 1. Generic KASAN (supported by many architectures, enabled with |
68 | CONFIG_KASAN_GENERIC, similar to userspace ASan), | |
69 | 2. Software Tag-Based KASAN (arm64 only, based on software memory | |
70 | tagging, enabled with CONFIG_KASAN_SW_TAGS, similar to userspace | |
71 | HWASan), and | |
72 | 3. Hardware Tag-Based KASAN (arm64 only, based on hardware memory | |
73 | tagging, enabled with CONFIG_KASAN_HW_TAGS). | |
ac4766be | 74 | |
fe30ddca | 75 | See Documentation/dev-tools/kasan.rst for details about each mode. |
2bd926b4 AK |
76 | |
77 | config KASAN_GENERIC | |
fe30ddca | 78 | bool "Generic KASAN" |
2bd926b4 | 79 | depends on HAVE_ARCH_KASAN && CC_HAS_KASAN_GENERIC |
fa360bea | 80 | depends on CC_HAS_WORKING_NOSANITIZE_ADDRESS |
2a19be61 | 81 | select SLUB_DEBUG |
6a63a63f | 82 | select CONSTRUCTORS |
0b24becc | 83 | help |
fe30ddca | 84 | Enables Generic KASAN. |
ac4766be | 85 | |
fe30ddca | 86 | Requires GCC 8.3.0+ or Clang. |
ac4766be | 87 | |
fe30ddca AK |
88 | Consumes about 1/8th of available memory at kernel start and adds an |
89 | overhead of ~50% for dynamic allocations. | |
2bd926b4 | 90 | The performance slowdown is ~x3. |
ac4766be | 91 | |
2bd926b4 | 92 | config KASAN_SW_TAGS |
fe30ddca | 93 | bool "Software Tag-Based KASAN" |
2bd926b4 | 94 | depends on HAVE_ARCH_KASAN_SW_TAGS && CC_HAS_KASAN_SW_TAGS |
fa360bea | 95 | depends on CC_HAS_WORKING_NOSANITIZE_ADDRESS |
2a19be61 | 96 | select SLUB_DEBUG |
6a63a63f | 97 | select CONSTRUCTORS |
2bd926b4 | 98 | help |
fe30ddca | 99 | Enables Software Tag-Based KASAN. |
ac4766be | 100 | |
fe30ddca | 101 | Requires GCC 11+ or Clang. |
6a63a63f | 102 | |
fe30ddca | 103 | Supported only on arm64 CPUs and relies on Top Byte Ignore. |
ac4766be | 104 | |
fe30ddca AK |
105 | Consumes about 1/16th of available memory at kernel start and |
106 | add an overhead of ~20% for dynamic allocations. | |
ac4766be | 107 | |
fe30ddca AK |
108 | May potentially introduce problems related to pointer casting and |
109 | comparison, as it embeds a tag into the top byte of each pointer. | |
110 | ||
6a63a63f | 111 | config KASAN_HW_TAGS |
fe30ddca | 112 | bool "Hardware Tag-Based KASAN" |
6a63a63f | 113 | depends on HAVE_ARCH_KASAN_HW_TAGS |
6a63a63f | 114 | help |
fe30ddca AK |
115 | Enables Hardware Tag-Based KASAN. |
116 | ||
117 | Requires GCC 10+ or Clang 12+. | |
6a63a63f | 118 | |
fe30ddca AK |
119 | Supported only on arm64 CPUs starting from ARMv8.5 and relies on |
120 | Memory Tagging Extension and Top Byte Ignore. | |
6a63a63f | 121 | |
fe30ddca AK |
122 | Consumes about 1/32nd of available memory. |
123 | ||
124 | May potentially introduce problems related to pointer casting and | |
125 | comparison, as it embeds a tag into the top byte of each pointer. | |
6a63a63f | 126 | |
2bd926b4 AK |
127 | endchoice |
128 | ||
0b24becc AR |
129 | choice |
130 | prompt "Instrumentation type" | |
6a63a63f | 131 | depends on KASAN_GENERIC || KASAN_SW_TAGS |
83a6fdd6 | 132 | default KASAN_INLINE if !ARCH_DISABLE_KASAN_INLINE |
0b24becc AR |
133 | |
134 | config KASAN_OUTLINE | |
135 | bool "Outline instrumentation" | |
136 | help | |
fe30ddca AK |
137 | Makes the compiler insert function calls that check whether the memory |
138 | is accessible before each memory access. Slower than KASAN_INLINE, but | |
139 | does not bloat the size of the kernel's .text section so much. | |
0b24becc AR |
140 | |
141 | config KASAN_INLINE | |
142 | bool "Inline instrumentation" | |
158f2552 | 143 | depends on !ARCH_DISABLE_KASAN_INLINE |
0b24becc | 144 | help |
fe30ddca AK |
145 | Makes the compiler directly insert memory accessibility checks before |
146 | each memory access. Faster than KASAN_OUTLINE (gives ~x2 boost for | |
147 | some workloads), but makes the kernel's .text size much bigger. | |
0b24becc AR |
148 | |
149 | endchoice | |
150 | ||
02c58773 | 151 | config KASAN_STACK |
fe30ddca | 152 | bool "Stack instrumentation (unsafe)" if CC_IS_CLANG && !COMPILE_TEST |
6a63a63f | 153 | depends on KASAN_GENERIC || KASAN_SW_TAGS |
158f2552 | 154 | depends on !ARCH_DISABLE_KASAN_INLINE |
02c58773 | 155 | default y if CC_IS_GCC |
6baec880 | 156 | help |
fe30ddca AK |
157 | Disables stack instrumentation and thus KASAN's ability to detect |
158 | out-of-bounds bugs in stack variables. | |
159 | ||
160 | With Clang, stack instrumentation has a problem that causes excessive | |
2947a456 | 161 | stack usage, see https://llvm.org/pr38809. Thus, |
fe30ddca AK |
162 | with Clang, this option is deemed unsafe. |
163 | ||
164 | This option is always disabled when compile-testing with Clang to | |
165 | avoid cluttering the log with stack overflow warnings. | |
166 | ||
167 | With GCC, enabling stack instrumentation is assumed to be safe. | |
168 | ||
169 | If the architecture disables inline instrumentation via | |
170 | ARCH_DISABLE_KASAN_INLINE, stack instrumentation gets disabled | |
171 | as well, as it adds inline-style instrumentation that is run | |
172 | unconditionally. | |
6baec880 | 173 | |
3c5c3cfb | 174 | config KASAN_VMALLOC |
fbefb423 AK |
175 | bool "Check accesses to vmalloc allocations" |
176 | depends on HAVE_ARCH_KASAN_VMALLOC | |
3c5c3cfb | 177 | help |
fe30ddca | 178 | Makes KASAN check the validity of accesses to vmalloc allocations. |
fbefb423 | 179 | |
fe30ddca AK |
180 | With software KASAN modes, all types vmalloc allocations are |
181 | checked. Enabling this option leads to higher memory usage. | |
fbefb423 | 182 | |
fe30ddca AK |
183 | With Hardware Tag-Based KASAN, only non-executable VM_ALLOC mappings |
184 | are checked. There is no additional memory usage. | |
3c5c3cfb | 185 | |
73228c7e PA |
186 | config KASAN_KUNIT_TEST |
187 | tristate "KUnit-compatible tests of KASAN bug detection capabilities" if !KUNIT_ALL_TESTS | |
7ce0ea19 | 188 | depends on KASAN && KUNIT && TRACEPOINTS |
73228c7e | 189 | default KUNIT_ALL_TESTS |
3f15801c | 190 | help |
fe30ddca AK |
191 | A KUnit-based KASAN test suite. Triggers different kinds of |
192 | out-of-bounds and use-after-free accesses. Useful for testing whether | |
193 | KASAN can detect certain bug types. | |
7a3767f8 | 194 | |
73228c7e | 195 | For more information on KUnit and unit tests in general, please refer |
fe30ddca | 196 | to the KUnit documentation in Documentation/dev-tools/kunit/. |
73228c7e | 197 | |
5d92bdff | 198 | config KASAN_MODULE_TEST |
73228c7e | 199 | tristate "KUnit-incompatible tests of KASAN bug detection capabilities" |
f05842cf | 200 | depends on m && KASAN && !KASAN_HW_TAGS |
73228c7e | 201 | help |
fe30ddca AK |
202 | A part of the KASAN test suite that is not integrated with KUnit. |
203 | Incompatible with Hardware Tag-Based KASAN. | |
73228c7e | 204 | |
5d4c6ac9 JD |
205 | config KASAN_EXTRA_INFO |
206 | bool "Record and report more information" | |
207 | depends on KASAN | |
208 | help | |
209 | Record and report more information to help us find the cause of the | |
210 | bug and to help us correlate the error with other system events. | |
211 | ||
212 | Currently, the CPU number and timestamp are additionally | |
213 | recorded for each heap block at allocation and free time, and | |
214 | 8 bytes will be added to each metadata structure that records | |
215 | allocation or free information. | |
216 | ||
217 | In Generic KASAN, each kmalloc-8 and kmalloc-16 object will add | |
218 | 16 bytes of additional memory consumption, and each kmalloc-32 | |
219 | object will add 8 bytes of additional memory consumption, not | |
220 | affecting other larger objects. | |
221 | ||
222 | In SW_TAGS KASAN and HW_TAGS KASAN, depending on the stack_ring_size | |
223 | boot parameter, it will add 8 * stack_ring_size bytes of additional | |
224 | memory consumption. | |
225 | ||
7a3767f8 | 226 | endif # KASAN |