Commit | Line | Data |
---|---|---|
ec8f24b7 | 1 | # SPDX-License-Identifier: GPL-2.0-only |
fe30ddca | 2 | |
2bd926b4 | 3 | # This config refers to the generic KASAN mode. |
0b24becc AR |
4 | config HAVE_ARCH_KASAN |
5 | bool | |
6 | ||
2bd926b4 AK |
7 | config HAVE_ARCH_KASAN_SW_TAGS |
8 | bool | |
9 | ||
6a63a63f AK |
10 | config HAVE_ARCH_KASAN_HW_TAGS |
11 | bool | |
12 | ||
13 | config HAVE_ARCH_KASAN_VMALLOC | |
3c5c3cfb DA |
14 | bool |
15 | ||
158f2552 DA |
16 | config ARCH_DISABLE_KASAN_INLINE |
17 | bool | |
18 | help | |
fe30ddca AK |
19 | Disables both inline and stack instrumentation. Selected by |
20 | architectures that do not support these instrumentation types. | |
158f2552 | 21 | |
2bd926b4 AK |
22 | config CC_HAS_KASAN_GENERIC |
23 | def_bool $(cc-option, -fsanitize=kernel-address) | |
24 | ||
25 | config CC_HAS_KASAN_SW_TAGS | |
26 | def_bool $(cc-option, -fsanitize=kernel-hwaddress) | |
0b24becc | 27 | |
6a63a63f | 28 | # This option is only required for software KASAN modes. |
fe30ddca | 29 | # Old GCC versions do not have proper support for no_sanitize_address. |
6a63a63f | 30 | # See https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89124 for details. |
7b861a53 | 31 | config CC_HAS_WORKING_NOSANITIZE_ADDRESS |
acf7b0bf | 32 | def_bool !CC_IS_GCC || GCC_VERSION >= 80300 |
7b861a53 | 33 | |
7a3767f8 | 34 | menuconfig KASAN |
fe30ddca | 35 | bool "KASAN: dynamic memory safety error detector" |
6a63a63f AK |
36 | depends on (((HAVE_ARCH_KASAN && CC_HAS_KASAN_GENERIC) || \ |
37 | (HAVE_ARCH_KASAN_SW_TAGS && CC_HAS_KASAN_SW_TAGS)) && \ | |
38 | CC_HAS_WORKING_NOSANITIZE_ADDRESS) || \ | |
39 | HAVE_ARCH_KASAN_HW_TAGS | |
2bd926b4 | 40 | depends on (SLUB && SYSFS) || (SLAB && !DEBUG_SLAB) |
2dba5eb1 | 41 | select STACKDEPOT_ALWAYS_INIT |
2bd926b4 | 42 | help |
fe30ddca AK |
43 | Enables KASAN (Kernel Address Sanitizer) - a dynamic memory safety |
44 | error detector designed to find out-of-bounds and use-after-free bugs. | |
45 | ||
2bd926b4 AK |
46 | See Documentation/dev-tools/kasan.rst for details. |
47 | ||
fe30ddca AK |
48 | For better error reports, also enable CONFIG_STACKTRACE. |
49 | ||
7a3767f8 ME |
50 | if KASAN |
51 | ||
2bd926b4 AK |
52 | choice |
53 | prompt "KASAN mode" | |
2bd926b4 AK |
54 | default KASAN_GENERIC |
55 | help | |
6a63a63f | 56 | KASAN has three modes: |
6a63a63f | 57 | |
fe30ddca AK |
58 | 1. Generic KASAN (supported by many architectures, enabled with |
59 | CONFIG_KASAN_GENERIC, similar to userspace ASan), | |
60 | 2. Software Tag-Based KASAN (arm64 only, based on software memory | |
61 | tagging, enabled with CONFIG_KASAN_SW_TAGS, similar to userspace | |
62 | HWASan), and | |
63 | 3. Hardware Tag-Based KASAN (arm64 only, based on hardware memory | |
64 | tagging, enabled with CONFIG_KASAN_HW_TAGS). | |
ac4766be | 65 | |
fe30ddca | 66 | See Documentation/dev-tools/kasan.rst for details about each mode. |
2bd926b4 AK |
67 | |
68 | config KASAN_GENERIC | |
fe30ddca | 69 | bool "Generic KASAN" |
2bd926b4 | 70 | depends on HAVE_ARCH_KASAN && CC_HAS_KASAN_GENERIC |
fa360bea | 71 | depends on CC_HAS_WORKING_NOSANITIZE_ADDRESS |
dd275caf | 72 | select SLUB_DEBUG if SLUB |
6a63a63f | 73 | select CONSTRUCTORS |
0b24becc | 74 | help |
fe30ddca | 75 | Enables Generic KASAN. |
ac4766be | 76 | |
fe30ddca | 77 | Requires GCC 8.3.0+ or Clang. |
ac4766be | 78 | |
fe30ddca AK |
79 | Consumes about 1/8th of available memory at kernel start and adds an |
80 | overhead of ~50% for dynamic allocations. | |
2bd926b4 | 81 | The performance slowdown is ~x3. |
ac4766be | 82 | |
fe30ddca | 83 | (Incompatible with CONFIG_DEBUG_SLAB: the kernel does not boot.) |
0b24becc | 84 | |
2bd926b4 | 85 | config KASAN_SW_TAGS |
fe30ddca | 86 | bool "Software Tag-Based KASAN" |
2bd926b4 | 87 | depends on HAVE_ARCH_KASAN_SW_TAGS && CC_HAS_KASAN_SW_TAGS |
fa360bea | 88 | depends on CC_HAS_WORKING_NOSANITIZE_ADDRESS |
2bd926b4 | 89 | select SLUB_DEBUG if SLUB |
6a63a63f | 90 | select CONSTRUCTORS |
2bd926b4 | 91 | help |
fe30ddca | 92 | Enables Software Tag-Based KASAN. |
ac4766be | 93 | |
fe30ddca | 94 | Requires GCC 11+ or Clang. |
6a63a63f | 95 | |
fe30ddca | 96 | Supported only on arm64 CPUs and relies on Top Byte Ignore. |
ac4766be | 97 | |
fe30ddca AK |
98 | Consumes about 1/16th of available memory at kernel start and |
99 | add an overhead of ~20% for dynamic allocations. | |
ac4766be | 100 | |
fe30ddca AK |
101 | May potentially introduce problems related to pointer casting and |
102 | comparison, as it embeds a tag into the top byte of each pointer. | |
103 | ||
104 | (Incompatible with CONFIG_DEBUG_SLAB: the kernel does not boot.) | |
2bd926b4 | 105 | |
6a63a63f | 106 | config KASAN_HW_TAGS |
fe30ddca | 107 | bool "Hardware Tag-Based KASAN" |
6a63a63f AK |
108 | depends on HAVE_ARCH_KASAN_HW_TAGS |
109 | depends on SLUB | |
110 | help | |
fe30ddca AK |
111 | Enables Hardware Tag-Based KASAN. |
112 | ||
113 | Requires GCC 10+ or Clang 12+. | |
6a63a63f | 114 | |
fe30ddca AK |
115 | Supported only on arm64 CPUs starting from ARMv8.5 and relies on |
116 | Memory Tagging Extension and Top Byte Ignore. | |
6a63a63f | 117 | |
fe30ddca AK |
118 | Consumes about 1/32nd of available memory. |
119 | ||
120 | May potentially introduce problems related to pointer casting and | |
121 | comparison, as it embeds a tag into the top byte of each pointer. | |
6a63a63f | 122 | |
2bd926b4 AK |
123 | endchoice |
124 | ||
0b24becc AR |
125 | choice |
126 | prompt "Instrumentation type" | |
6a63a63f | 127 | depends on KASAN_GENERIC || KASAN_SW_TAGS |
0b24becc AR |
128 | default KASAN_OUTLINE |
129 | ||
130 | config KASAN_OUTLINE | |
131 | bool "Outline instrumentation" | |
132 | help | |
fe30ddca AK |
133 | Makes the compiler insert function calls that check whether the memory |
134 | is accessible before each memory access. Slower than KASAN_INLINE, but | |
135 | does not bloat the size of the kernel's .text section so much. | |
0b24becc AR |
136 | |
137 | config KASAN_INLINE | |
138 | bool "Inline instrumentation" | |
158f2552 | 139 | depends on !ARCH_DISABLE_KASAN_INLINE |
0b24becc | 140 | help |
fe30ddca AK |
141 | Makes the compiler directly insert memory accessibility checks before |
142 | each memory access. Faster than KASAN_OUTLINE (gives ~x2 boost for | |
143 | some workloads), but makes the kernel's .text size much bigger. | |
0b24becc AR |
144 | |
145 | endchoice | |
146 | ||
02c58773 | 147 | config KASAN_STACK |
fe30ddca | 148 | bool "Stack instrumentation (unsafe)" if CC_IS_CLANG && !COMPILE_TEST |
6a63a63f | 149 | depends on KASAN_GENERIC || KASAN_SW_TAGS |
158f2552 | 150 | depends on !ARCH_DISABLE_KASAN_INLINE |
02c58773 | 151 | default y if CC_IS_GCC |
6baec880 | 152 | help |
fe30ddca AK |
153 | Disables stack instrumentation and thus KASAN's ability to detect |
154 | out-of-bounds bugs in stack variables. | |
155 | ||
156 | With Clang, stack instrumentation has a problem that causes excessive | |
157 | stack usage, see https://bugs.llvm.org/show_bug.cgi?id=38809. Thus, | |
158 | with Clang, this option is deemed unsafe. | |
159 | ||
160 | This option is always disabled when compile-testing with Clang to | |
161 | avoid cluttering the log with stack overflow warnings. | |
162 | ||
163 | With GCC, enabling stack instrumentation is assumed to be safe. | |
164 | ||
165 | If the architecture disables inline instrumentation via | |
166 | ARCH_DISABLE_KASAN_INLINE, stack instrumentation gets disabled | |
167 | as well, as it adds inline-style instrumentation that is run | |
168 | unconditionally. | |
6baec880 | 169 | |
f06f78ab | 170 | config KASAN_TAGS_IDENTIFY |
fe30ddca | 171 | bool "Memory corruption type identification" |
7a22bdc3 | 172 | depends on KASAN_SW_TAGS || KASAN_HW_TAGS |
ae8f06b3 | 173 | help |
fe30ddca AK |
174 | Enables best-effort identification of the bug types (use-after-free |
175 | or out-of-bounds) at the cost of increased memory consumption. | |
176 | Only applicable for the tag-based KASAN modes. | |
ae8f06b3 | 177 | |
3c5c3cfb | 178 | config KASAN_VMALLOC |
fbefb423 AK |
179 | bool "Check accesses to vmalloc allocations" |
180 | depends on HAVE_ARCH_KASAN_VMALLOC | |
3c5c3cfb | 181 | help |
fe30ddca | 182 | Makes KASAN check the validity of accesses to vmalloc allocations. |
fbefb423 | 183 | |
fe30ddca AK |
184 | With software KASAN modes, all types vmalloc allocations are |
185 | checked. Enabling this option leads to higher memory usage. | |
fbefb423 | 186 | |
fe30ddca AK |
187 | With Hardware Tag-Based KASAN, only non-executable VM_ALLOC mappings |
188 | are checked. There is no additional memory usage. | |
3c5c3cfb | 189 | |
73228c7e PA |
190 | config KASAN_KUNIT_TEST |
191 | tristate "KUnit-compatible tests of KASAN bug detection capabilities" if !KUNIT_ALL_TESTS | |
192 | depends on KASAN && KUNIT | |
193 | default KUNIT_ALL_TESTS | |
3f15801c | 194 | help |
fe30ddca AK |
195 | A KUnit-based KASAN test suite. Triggers different kinds of |
196 | out-of-bounds and use-after-free accesses. Useful for testing whether | |
197 | KASAN can detect certain bug types. | |
7a3767f8 | 198 | |
73228c7e | 199 | For more information on KUnit and unit tests in general, please refer |
fe30ddca | 200 | to the KUnit documentation in Documentation/dev-tools/kunit/. |
73228c7e | 201 | |
5d92bdff | 202 | config KASAN_MODULE_TEST |
73228c7e | 203 | tristate "KUnit-incompatible tests of KASAN bug detection capabilities" |
f05842cf | 204 | depends on m && KASAN && !KASAN_HW_TAGS |
73228c7e | 205 | help |
fe30ddca AK |
206 | A part of the KASAN test suite that is not integrated with KUnit. |
207 | Incompatible with Hardware Tag-Based KASAN. | |
73228c7e | 208 | |
7a3767f8 | 209 | endif # KASAN |