blob: befb127507c0b1cb05f6f83b81464e99f4ac4fb0 [file] [log] [blame]
Andrey Ryabinin0b24bec2015-02-13 14:39:17 -08001config HAVE_ARCH_KASAN
2 bool
3
4if HAVE_ARCH_KASAN
5
6config KASAN
7 bool "KASan: runtime memory debugger"
Arnd Bergmann03758db2018-07-26 16:37:12 -07008 depends on (SLUB && SYSFS) || (SLAB && !DEBUG_SLAB)
Jason A. Donenfelddd275ca2018-06-27 23:26:20 -07009 select SLUB_DEBUG if SLUB
Andrey Ryabininbebf56a2015-02-13 14:40:17 -080010 select CONSTRUCTORS
Alexander Potapenko80a92012016-07-28 15:49:07 -070011 select STACKDEPOT
Andrey Ryabinin0b24bec2015-02-13 14:39:17 -080012 help
13 Enables kernel address sanitizer - runtime memory debugger,
14 designed to find out-of-bounds accesses and use-after-free bugs.
Joe Perches01e76902015-05-05 16:23:38 -070015 This is strictly a debugging feature and it requires a gcc version
16 of 4.9.2 or later. Detection of out of bounds accesses to stack or
17 global variables requires gcc 5.0 or later.
18 This feature consumes about 1/8 of available memory and brings about
19 ~x3 performance slowdown.
Andrey Ryabinin89d3c872015-11-05 18:51:23 -080020 For better error detection enable CONFIG_STACKTRACE.
Alexander Potapenko7ed2f9e2016-03-25 14:21:59 -070021 Currently CONFIG_KASAN doesn't work with CONFIG_DEBUG_SLAB
22 (the resulting kernel does not boot).
Andrey Ryabinin0b24bec2015-02-13 14:39:17 -080023
Arnd Bergmanne7c52b82018-02-06 15:41:41 -080024config KASAN_EXTRA
25 bool "KAsan: extra checks"
26 depends on KASAN && DEBUG_KERNEL && !COMPILE_TEST
27 help
28 This enables further checks in the kernel address sanitizer, for now
29 it only includes the address-use-after-scope check that can lead
30 to excessive kernel stack usage, frame size warnings and longer
31 compile time.
32 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81715 has more
33
34
Andrey Ryabinin0b24bec2015-02-13 14:39:17 -080035choice
36 prompt "Instrumentation type"
37 depends on KASAN
38 default KASAN_OUTLINE
39
40config KASAN_OUTLINE
41 bool "Outline instrumentation"
42 help
43 Before every memory access compiler insert function call
44 __asan_load*/__asan_store*. These functions performs check
45 of shadow memory. This is slower than inline instrumentation,
46 however it doesn't bloat size of kernel's .text section so
47 much as inline does.
48
49config KASAN_INLINE
50 bool "Inline instrumentation"
51 help
52 Compiler directly inserts code checking shadow memory before
53 memory accesses. This is faster than outline (in some workloads
54 it gives about x2 boost over outline instrumentation), but
55 make kernel's .text size much bigger.
Joe Perches01e76902015-05-05 16:23:38 -070056 This requires a gcc version of 5.0 or later.
Andrey Ryabinin0b24bec2015-02-13 14:39:17 -080057
58endchoice
59
Andrey Ryabinin3f158012015-02-13 14:39:53 -080060config TEST_KASAN
61 tristate "Module for testing kasan for bug detection"
62 depends on m && KASAN
63 help
64 This is a test module doing various nasty things like
65 out of bounds accesses, use after free. It is useful for testing
66 kernel debugging features like kernel address sanitizer.
67
Andrey Ryabinin0b24bec2015-02-13 14:39:17 -080068endif