projects / linux-block.git / blame
| Commit | Line | Data |
|---|---|---|
| ec8f24b7 | 1 | # SPDX-License-Identifier: GPL-2.0-only |
| fe30ddca | 2 | |
| 2bd926b4 | 3 | # This config refers to the generic KASAN mode. |
| 0b24becc AR |
4 | config HAVE_ARCH_KASAN |
| 5 | bool | |
| 6 | ||
| 2bd926b4 AK |
7 | config HAVE_ARCH_KASAN_SW_TAGS |
| 8 | bool | |
| 9 | ||
| 6a63a63f AK |
10 | config HAVE_ARCH_KASAN_HW_TAGS |
| 11 | bool | |
| 12 | ||
| 13 | config HAVE_ARCH_KASAN_VMALLOC | |
| 3c5c3cfb DA |
14 | bool |
| 15 | ||
| 158f2552 DA |
16 | config ARCH_DISABLE_KASAN_INLINE |
| 17 | bool | |
| 18 | help | |
| fe30ddca AK |
19 | Disables both inline and stack instrumentation. Selected by |
| 20 | architectures that do not support these instrumentation types. | |
| 158f2552 | 21 | |
| 2bd926b4 AK |
22 | config CC_HAS_KASAN_GENERIC |
| 23 | def_bool $(cc-option, -fsanitize=kernel-address) | |
| 24 | ||
| 25 | config CC_HAS_KASAN_SW_TAGS | |
| 26 | def_bool $(cc-option, -fsanitize=kernel-hwaddress) | |
| 0b24becc | 27 | |
| 6a63a63f | 28 | # This option is only required for software KASAN modes. |
| fe30ddca | 29 | # Old GCC versions do not have proper support for no_sanitize_address. |
| 6a63a63f | 30 | # See https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89124 for details. |
| 7b861a53 | 31 | config CC_HAS_WORKING_NOSANITIZE_ADDRESS |
| acf7b0bf | 32 | def_bool !CC_IS_GCC || GCC_VERSION >= 80300 |
| 7b861a53 | 33 | |
| 7a3767f8 | 34 | menuconfig KASAN |
| fe30ddca | 35 | bool "KASAN: dynamic memory safety error detector" |
| 6a63a63f AK |
36 | depends on (((HAVE_ARCH_KASAN && CC_HAS_KASAN_GENERIC) || \ |
| 37 | (HAVE_ARCH_KASAN_SW_TAGS && CC_HAS_KASAN_SW_TAGS)) && \ | |
| 38 | CC_HAS_WORKING_NOSANITIZE_ADDRESS) || \ | |
| 39 | HAVE_ARCH_KASAN_HW_TAGS | |
| e240e53a | 40 | depends on (SLUB && SYSFS && !SLUB_TINY) || (SLAB && !DEBUG_SLAB) |
| 2dba5eb1 | 41 | select STACKDEPOT_ALWAYS_INIT |
| 2bd926b4 | 42 | help |
| fe30ddca AK |
43 | Enables KASAN (Kernel Address Sanitizer) - a dynamic memory safety |
| 44 | error detector designed to find out-of-bounds and use-after-free bugs. | |
| 45 | ||
| 2bd926b4 AK |
46 | See Documentation/dev-tools/kasan.rst for details. |
| 47 | ||
| fe30ddca AK |
48 | For better error reports, also enable CONFIG_STACKTRACE. |
| 49 | ||
| 7a3767f8 ME |
50 | if KASAN |
| 51 | ||
| 2bd926b4 AK |
52 | choice |
| 53 | prompt "KASAN mode" | |
| 2bd926b4 AK |
54 | default KASAN_GENERIC |
| 55 | help | |
| 6a63a63f | 56 | KASAN has three modes: |
| 6a63a63f | 57 | |
| fe30ddca AK |
58 | 1. Generic KASAN (supported by many architectures, enabled with |
| 59 | CONFIG_KASAN_GENERIC, similar to userspace ASan), | |
| 60 | 2. Software Tag-Based KASAN (arm64 only, based on software memory | |
| 61 | tagging, enabled with CONFIG_KASAN_SW_TAGS, similar to userspace | |
| 62 | HWASan), and | |
| 63 | 3. Hardware Tag-Based KASAN (arm64 only, based on hardware memory | |
| 64 | tagging, enabled with CONFIG_KASAN_HW_TAGS). | |
| ac4766be | 65 | |
| fe30ddca | 66 | See Documentation/dev-tools/kasan.rst for details about each mode. |
| 2bd926b4 AK |
67 | |
| 68 | config KASAN_GENERIC | |
| fe30ddca | 69 | bool "Generic KASAN" |
| 2bd926b4 | 70 | depends on HAVE_ARCH_KASAN && CC_HAS_KASAN_GENERIC |
| fa360bea | 71 | depends on CC_HAS_WORKING_NOSANITIZE_ADDRESS |
| dd275caf | 72 | select SLUB_DEBUG if SLUB |
| 6a63a63f | 73 | select CONSTRUCTORS |
| 0b24becc | 74 | help |
| fe30ddca | 75 | Enables Generic KASAN. |
| ac4766be | 76 | |
| fe30ddca | 77 | Requires GCC 8.3.0+ or Clang. |
| ac4766be | 78 | |
| fe30ddca AK |
79 | Consumes about 1/8th of available memory at kernel start and adds an |
| 80 | overhead of ~50% for dynamic allocations. | |
| 2bd926b4 | 81 | The performance slowdown is ~x3. |
| ac4766be | 82 | |
| fe30ddca | 83 | (Incompatible with CONFIG_DEBUG_SLAB: the kernel does not boot.) |
| 0b24becc | 84 | |
| 2bd926b4 | 85 | config KASAN_SW_TAGS |
| fe30ddca | 86 | bool "Software Tag-Based KASAN" |
| 2bd926b4 | 87 | depends on HAVE_ARCH_KASAN_SW_TAGS && CC_HAS_KASAN_SW_TAGS |
| fa360bea | 88 | depends on CC_HAS_WORKING_NOSANITIZE_ADDRESS |
| 2bd926b4 | 89 | select SLUB_DEBUG if SLUB |
| 6a63a63f | 90 | select CONSTRUCTORS |
| 2bd926b4 | 91 | help |
| fe30ddca | 92 | Enables Software Tag-Based KASAN. |
| ac4766be | 93 | |
| fe30ddca | 94 | Requires GCC 11+ or Clang. |
| 6a63a63f | 95 | |
| fe30ddca | 96 | Supported only on arm64 CPUs and relies on Top Byte Ignore. |
| ac4766be | 97 | |
| fe30ddca AK |
98 | Consumes about 1/16th of available memory at kernel start and |
| 99 | add an overhead of ~20% for dynamic allocations. | |
| ac4766be | 100 | |
| fe30ddca AK |
101 | May potentially introduce problems related to pointer casting and |
| 102 | comparison, as it embeds a tag into the top byte of each pointer. | |
| 103 | ||
| 104 | (Incompatible with CONFIG_DEBUG_SLAB: the kernel does not boot.) | |
| 2bd926b4 | 105 | |
| 6a63a63f | 106 | config KASAN_HW_TAGS |
| fe30ddca | 107 | bool "Hardware Tag-Based KASAN" |
| 6a63a63f AK |
108 | depends on HAVE_ARCH_KASAN_HW_TAGS |
| 109 | depends on SLUB | |
| 110 | help | |
| fe30ddca AK |
111 | Enables Hardware Tag-Based KASAN. |
| 112 | ||
| 113 | Requires GCC 10+ or Clang 12+. | |
| 6a63a63f | 114 | |
| fe30ddca AK |
115 | Supported only on arm64 CPUs starting from ARMv8.5 and relies on |
| 116 | Memory Tagging Extension and Top Byte Ignore. | |
| 6a63a63f | 117 | |
| fe30ddca AK |
118 | Consumes about 1/32nd of available memory. |
| 119 | ||
| 120 | May potentially introduce problems related to pointer casting and | |
| 121 | comparison, as it embeds a tag into the top byte of each pointer. | |
| 6a63a63f | 122 | |
| 2bd926b4 AK |
123 | endchoice |
| 124 | ||
| 0b24becc AR |
125 | choice |
| 126 | prompt "Instrumentation type" | |
| 6a63a63f | 127 | depends on KASAN_GENERIC || KASAN_SW_TAGS |
| 0b24becc AR |
128 | default KASAN_OUTLINE |
| 129 | ||
| 130 | config KASAN_OUTLINE | |
| 131 | bool "Outline instrumentation" | |
| 132 | help | |
| fe30ddca AK |
133 | Makes the compiler insert function calls that check whether the memory |
| 134 | is accessible before each memory access. Slower than KASAN_INLINE, but | |
| 135 | does not bloat the size of the kernel's .text section so much. | |
| 0b24becc AR |
136 | |
| 137 | config KASAN_INLINE | |
| 138 | bool "Inline instrumentation" | |
| 158f2552 | 139 | depends on !ARCH_DISABLE_KASAN_INLINE |
| 0b24becc | 140 | help |
| fe30ddca AK |
141 | Makes the compiler directly insert memory accessibility checks before |
| 142 | each memory access. Faster than KASAN_OUTLINE (gives ~x2 boost for | |
| 143 | some workloads), but makes the kernel's .text size much bigger. | |
| 0b24becc AR |
144 | |
| 145 | endchoice | |
| 146 | ||
| 02c58773 | 147 | config KASAN_STACK |
| fe30ddca | 148 | bool "Stack instrumentation (unsafe)" if CC_IS_CLANG && !COMPILE_TEST |
| 6a63a63f | 149 | depends on KASAN_GENERIC || KASAN_SW_TAGS |
| 158f2552 | 150 | depends on !ARCH_DISABLE_KASAN_INLINE |
| 02c58773 | 151 | default y if CC_IS_GCC |
| 6baec880 | 152 | help |
| fe30ddca AK |
153 | Disables stack instrumentation and thus KASAN's ability to detect |
| 154 | out-of-bounds bugs in stack variables. | |
| 155 | ||
| 156 | With Clang, stack instrumentation has a problem that causes excessive | |
| 157 | stack usage, see https://bugs.llvm.org/show_bug.cgi?id=38809. Thus, | |
| 158 | with Clang, this option is deemed unsafe. | |
| 159 | ||
| 160 | This option is always disabled when compile-testing with Clang to | |
| 161 | avoid cluttering the log with stack overflow warnings. | |
| 162 | ||
| 163 | With GCC, enabling stack instrumentation is assumed to be safe. | |
| 164 | ||
| 165 | If the architecture disables inline instrumentation via | |
| 166 | ARCH_DISABLE_KASAN_INLINE, stack instrumentation gets disabled | |
| 167 | as well, as it adds inline-style instrumentation that is run | |
| 168 | unconditionally. | |
| 6baec880 | 169 | |
| 3c5c3cfb | 170 | config KASAN_VMALLOC |
| fbefb423 AK |
171 | bool "Check accesses to vmalloc allocations" |
| 172 | depends on HAVE_ARCH_KASAN_VMALLOC | |
| 3c5c3cfb | 173 | help |
| fe30ddca | 174 | Makes KASAN check the validity of accesses to vmalloc allocations. |
| fbefb423 | 175 | |
| fe30ddca AK |
176 | With software KASAN modes, all types vmalloc allocations are |
| 177 | checked. Enabling this option leads to higher memory usage. | |
| fbefb423 | 178 | |
| fe30ddca AK |
179 | With Hardware Tag-Based KASAN, only non-executable VM_ALLOC mappings |
| 180 | are checked. There is no additional memory usage. | |
| 3c5c3cfb | 181 | |
| 73228c7e PA |
182 | config KASAN_KUNIT_TEST |
| 183 | tristate "KUnit-compatible tests of KASAN bug detection capabilities" if !KUNIT_ALL_TESTS | |
| 7ce0ea19 | 184 | depends on KASAN && KUNIT && TRACEPOINTS |
| 73228c7e | 185 | default KUNIT_ALL_TESTS |
| 3f15801c | 186 | help |
| fe30ddca AK |
187 | A KUnit-based KASAN test suite. Triggers different kinds of |
| 188 | out-of-bounds and use-after-free accesses. Useful for testing whether | |
| 189 | KASAN can detect certain bug types. | |
| 7a3767f8 | 190 | |
| 73228c7e | 191 | For more information on KUnit and unit tests in general, please refer |
| fe30ddca | 192 | to the KUnit documentation in Documentation/dev-tools/kunit/. |
| 73228c7e | 193 | |
| 5d92bdff | 194 | config KASAN_MODULE_TEST |
| 73228c7e | 195 | tristate "KUnit-incompatible tests of KASAN bug detection capabilities" |
| f05842cf | 196 | depends on m && KASAN && !KASAN_HW_TAGS |
| 73228c7e | 197 | help |
| fe30ddca AK |
198 | A part of the KASAN test suite that is not integrated with KUnit. |
| 199 | Incompatible with Hardware Tag-Based KASAN. | |
| 73228c7e | 200 | |
| 7a3767f8 | 201 | endif # KASAN |