Commit | Line | Data |
---|---|---|
ec8f24b7 | 1 | # SPDX-License-Identifier: GPL-2.0-only |
fe30ddca | 2 | |
2bd926b4 | 3 | # This config refers to the generic KASAN mode. |
0b24becc AR |
4 | config HAVE_ARCH_KASAN |
5 | bool | |
6 | ||
2bd926b4 AK |
7 | config HAVE_ARCH_KASAN_SW_TAGS |
8 | bool | |
9 | ||
6a63a63f AK |
10 | config HAVE_ARCH_KASAN_HW_TAGS |
11 | bool | |
12 | ||
13 | config HAVE_ARCH_KASAN_VMALLOC | |
3c5c3cfb DA |
14 | bool |
15 | ||
158f2552 DA |
16 | config ARCH_DISABLE_KASAN_INLINE |
17 | bool | |
18 | help | |
fe30ddca AK |
19 | Disables both inline and stack instrumentation. Selected by |
20 | architectures that do not support these instrumentation types. | |
158f2552 | 21 | |
2bd926b4 AK |
22 | config CC_HAS_KASAN_GENERIC |
23 | def_bool $(cc-option, -fsanitize=kernel-address) | |
24 | ||
25 | config CC_HAS_KASAN_SW_TAGS | |
26 | def_bool $(cc-option, -fsanitize=kernel-hwaddress) | |
0b24becc | 27 | |
6a63a63f | 28 | # This option is only required for software KASAN modes. |
fe30ddca | 29 | # Old GCC versions do not have proper support for no_sanitize_address. |
6a63a63f | 30 | # See https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89124 for details. |
7b861a53 | 31 | config CC_HAS_WORKING_NOSANITIZE_ADDRESS |
acf7b0bf | 32 | def_bool !CC_IS_GCC || GCC_VERSION >= 80300 |
7b861a53 | 33 | |
7a3767f8 | 34 | menuconfig KASAN |
fe30ddca | 35 | bool "KASAN: dynamic memory safety error detector" |
6a63a63f AK |
36 | depends on (((HAVE_ARCH_KASAN && CC_HAS_KASAN_GENERIC) || \ |
37 | (HAVE_ARCH_KASAN_SW_TAGS && CC_HAS_KASAN_SW_TAGS)) && \ | |
38 | CC_HAS_WORKING_NOSANITIZE_ADDRESS) || \ | |
39 | HAVE_ARCH_KASAN_HW_TAGS | |
e240e53a | 40 | depends on (SLUB && SYSFS && !SLUB_TINY) || (SLAB && !DEBUG_SLAB) |
2dba5eb1 | 41 | select STACKDEPOT_ALWAYS_INIT |
2bd926b4 | 42 | help |
fe30ddca AK |
43 | Enables KASAN (Kernel Address Sanitizer) - a dynamic memory safety |
44 | error detector designed to find out-of-bounds and use-after-free bugs. | |
45 | ||
2bd926b4 AK |
46 | See Documentation/dev-tools/kasan.rst for details. |
47 | ||
fe30ddca AK |
48 | For better error reports, also enable CONFIG_STACKTRACE. |
49 | ||
7a3767f8 ME |
50 | if KASAN |
51 | ||
36be5cba ME |
52 | config CC_HAS_KASAN_MEMINTRINSIC_PREFIX |
53 | def_bool (CC_IS_CLANG && $(cc-option,-fsanitize=kernel-address -mllvm -asan-kernel-mem-intrinsic-prefix=1)) || \ | |
54 | (CC_IS_GCC && $(cc-option,-fsanitize=kernel-address --param asan-kernel-mem-intrinsic-prefix=1)) | |
55 | # Don't define it if we don't need it: compilation of the test uses | |
56 | # this variable to decide how the compiler should treat builtins. | |
57 | depends on !KASAN_HW_TAGS | |
58 | help | |
59 | The compiler is able to prefix memintrinsics with __asan or __hwasan. | |
60 | ||
2bd926b4 AK |
61 | choice |
62 | prompt "KASAN mode" | |
2bd926b4 AK |
63 | default KASAN_GENERIC |
64 | help | |
6a63a63f | 65 | KASAN has three modes: |
6a63a63f | 66 | |
fe30ddca AK |
67 | 1. Generic KASAN (supported by many architectures, enabled with |
68 | CONFIG_KASAN_GENERIC, similar to userspace ASan), | |
69 | 2. Software Tag-Based KASAN (arm64 only, based on software memory | |
70 | tagging, enabled with CONFIG_KASAN_SW_TAGS, similar to userspace | |
71 | HWASan), and | |
72 | 3. Hardware Tag-Based KASAN (arm64 only, based on hardware memory | |
73 | tagging, enabled with CONFIG_KASAN_HW_TAGS). | |
ac4766be | 74 | |
fe30ddca | 75 | See Documentation/dev-tools/kasan.rst for details about each mode. |
2bd926b4 AK |
76 | |
77 | config KASAN_GENERIC | |
fe30ddca | 78 | bool "Generic KASAN" |
2bd926b4 | 79 | depends on HAVE_ARCH_KASAN && CC_HAS_KASAN_GENERIC |
fa360bea | 80 | depends on CC_HAS_WORKING_NOSANITIZE_ADDRESS |
dd275caf | 81 | select SLUB_DEBUG if SLUB |
6a63a63f | 82 | select CONSTRUCTORS |
0b24becc | 83 | help |
fe30ddca | 84 | Enables Generic KASAN. |
ac4766be | 85 | |
fe30ddca | 86 | Requires GCC 8.3.0+ or Clang. |
ac4766be | 87 | |
fe30ddca AK |
88 | Consumes about 1/8th of available memory at kernel start and adds an |
89 | overhead of ~50% for dynamic allocations. | |
2bd926b4 | 90 | The performance slowdown is ~x3. |
ac4766be | 91 | |
fe30ddca | 92 | (Incompatible with CONFIG_DEBUG_SLAB: the kernel does not boot.) |
0b24becc | 93 | |
2bd926b4 | 94 | config KASAN_SW_TAGS |
fe30ddca | 95 | bool "Software Tag-Based KASAN" |
2bd926b4 | 96 | depends on HAVE_ARCH_KASAN_SW_TAGS && CC_HAS_KASAN_SW_TAGS |
fa360bea | 97 | depends on CC_HAS_WORKING_NOSANITIZE_ADDRESS |
2bd926b4 | 98 | select SLUB_DEBUG if SLUB |
6a63a63f | 99 | select CONSTRUCTORS |
2bd926b4 | 100 | help |
fe30ddca | 101 | Enables Software Tag-Based KASAN. |
ac4766be | 102 | |
fe30ddca | 103 | Requires GCC 11+ or Clang. |
6a63a63f | 104 | |
fe30ddca | 105 | Supported only on arm64 CPUs and relies on Top Byte Ignore. |
ac4766be | 106 | |
fe30ddca AK |
107 | Consumes about 1/16th of available memory at kernel start and |
108 | add an overhead of ~20% for dynamic allocations. | |
ac4766be | 109 | |
fe30ddca AK |
110 | May potentially introduce problems related to pointer casting and |
111 | comparison, as it embeds a tag into the top byte of each pointer. | |
112 | ||
113 | (Incompatible with CONFIG_DEBUG_SLAB: the kernel does not boot.) | |
2bd926b4 | 114 | |
6a63a63f | 115 | config KASAN_HW_TAGS |
fe30ddca | 116 | bool "Hardware Tag-Based KASAN" |
6a63a63f AK |
117 | depends on HAVE_ARCH_KASAN_HW_TAGS |
118 | depends on SLUB | |
119 | help | |
fe30ddca AK |
120 | Enables Hardware Tag-Based KASAN. |
121 | ||
122 | Requires GCC 10+ or Clang 12+. | |
6a63a63f | 123 | |
fe30ddca AK |
124 | Supported only on arm64 CPUs starting from ARMv8.5 and relies on |
125 | Memory Tagging Extension and Top Byte Ignore. | |
6a63a63f | 126 | |
fe30ddca AK |
127 | Consumes about 1/32nd of available memory. |
128 | ||
129 | May potentially introduce problems related to pointer casting and | |
130 | comparison, as it embeds a tag into the top byte of each pointer. | |
6a63a63f | 131 | |
2bd926b4 AK |
132 | endchoice |
133 | ||
0b24becc AR |
134 | choice |
135 | prompt "Instrumentation type" | |
6a63a63f | 136 | depends on KASAN_GENERIC || KASAN_SW_TAGS |
0b24becc AR |
137 | default KASAN_OUTLINE |
138 | ||
139 | config KASAN_OUTLINE | |
140 | bool "Outline instrumentation" | |
141 | help | |
fe30ddca AK |
142 | Makes the compiler insert function calls that check whether the memory |
143 | is accessible before each memory access. Slower than KASAN_INLINE, but | |
144 | does not bloat the size of the kernel's .text section so much. | |
0b24becc AR |
145 | |
146 | config KASAN_INLINE | |
147 | bool "Inline instrumentation" | |
158f2552 | 148 | depends on !ARCH_DISABLE_KASAN_INLINE |
0b24becc | 149 | help |
fe30ddca AK |
150 | Makes the compiler directly insert memory accessibility checks before |
151 | each memory access. Faster than KASAN_OUTLINE (gives ~x2 boost for | |
152 | some workloads), but makes the kernel's .text size much bigger. | |
0b24becc AR |
153 | |
154 | endchoice | |
155 | ||
02c58773 | 156 | config KASAN_STACK |
fe30ddca | 157 | bool "Stack instrumentation (unsafe)" if CC_IS_CLANG && !COMPILE_TEST |
6a63a63f | 158 | depends on KASAN_GENERIC || KASAN_SW_TAGS |
158f2552 | 159 | depends on !ARCH_DISABLE_KASAN_INLINE |
02c58773 | 160 | default y if CC_IS_GCC |
6baec880 | 161 | help |
fe30ddca AK |
162 | Disables stack instrumentation and thus KASAN's ability to detect |
163 | out-of-bounds bugs in stack variables. | |
164 | ||
165 | With Clang, stack instrumentation has a problem that causes excessive | |
166 | stack usage, see https://bugs.llvm.org/show_bug.cgi?id=38809. Thus, | |
167 | with Clang, this option is deemed unsafe. | |
168 | ||
169 | This option is always disabled when compile-testing with Clang to | |
170 | avoid cluttering the log with stack overflow warnings. | |
171 | ||
172 | With GCC, enabling stack instrumentation is assumed to be safe. | |
173 | ||
174 | If the architecture disables inline instrumentation via | |
175 | ARCH_DISABLE_KASAN_INLINE, stack instrumentation gets disabled | |
176 | as well, as it adds inline-style instrumentation that is run | |
177 | unconditionally. | |
6baec880 | 178 | |
3c5c3cfb | 179 | config KASAN_VMALLOC |
fbefb423 AK |
180 | bool "Check accesses to vmalloc allocations" |
181 | depends on HAVE_ARCH_KASAN_VMALLOC | |
3c5c3cfb | 182 | help |
fe30ddca | 183 | Makes KASAN check the validity of accesses to vmalloc allocations. |
fbefb423 | 184 | |
fe30ddca AK |
185 | With software KASAN modes, all types vmalloc allocations are |
186 | checked. Enabling this option leads to higher memory usage. | |
fbefb423 | 187 | |
fe30ddca AK |
188 | With Hardware Tag-Based KASAN, only non-executable VM_ALLOC mappings |
189 | are checked. There is no additional memory usage. | |
3c5c3cfb | 190 | |
73228c7e PA |
191 | config KASAN_KUNIT_TEST |
192 | tristate "KUnit-compatible tests of KASAN bug detection capabilities" if !KUNIT_ALL_TESTS | |
7ce0ea19 | 193 | depends on KASAN && KUNIT && TRACEPOINTS |
73228c7e | 194 | default KUNIT_ALL_TESTS |
3f15801c | 195 | help |
fe30ddca AK |
196 | A KUnit-based KASAN test suite. Triggers different kinds of |
197 | out-of-bounds and use-after-free accesses. Useful for testing whether | |
198 | KASAN can detect certain bug types. | |
7a3767f8 | 199 | |
73228c7e | 200 | For more information on KUnit and unit tests in general, please refer |
fe30ddca | 201 | to the KUnit documentation in Documentation/dev-tools/kunit/. |
73228c7e | 202 | |
5d92bdff | 203 | config KASAN_MODULE_TEST |
73228c7e | 204 | tristate "KUnit-incompatible tests of KASAN bug detection capabilities" |
f05842cf | 205 | depends on m && KASAN && !KASAN_HW_TAGS |
73228c7e | 206 | help |
fe30ddca AK |
207 | A part of the KASAN test suite that is not integrated with KUnit. |
208 | Incompatible with Hardware Tag-Based KASAN. | |
73228c7e | 209 | |
7a3767f8 | 210 | endif # KASAN |