summaryrefslogtreecommitdiff
path: root/lib/Kconfig.kasan
blob: 0e6dc4f85f510d3872d6e19296203e8b33a93bf7 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
config HAVE_ARCH_KASAN
	bool

if HAVE_ARCH_KASAN

config KASAN
	bool "KASan: runtime memory debugger"
	depends on SLUB || (SLAB && !DEBUG_SLAB)
	select CONSTRUCTORS
	select STACKDEPOT
	help
	  Enables kernel address sanitizer - runtime memory debugger,
	  designed to find out-of-bounds accesses and use-after-free bugs.
	  This is strictly a debugging feature and it requires a gcc version
	  of 4.9.2 or later. Detection of out of bounds accesses to stack or
	  global variables requires gcc 5.0 or later.
	  This feature consumes about 1/8 of available memory and brings about
	  ~x3 performance slowdown.
	  For better error detection enable CONFIG_STACKTRACE.
	  See KASAN_SANITIZE_ALL for selectively compiling files and directories
	  with this compiler feature enabled.
	  Currently CONFIG_KASAN doesn't work with CONFIG_DEBUG_SLAB
	  (the resulting kernel does not boot).

choice
	prompt "Instrumentation type"
	depends on KASAN
	default KASAN_OUTLINE

config KASAN_OUTLINE
	bool "Outline instrumentation"
	help
	  Before every memory access compiler insert function call
	  __asan_load*/__asan_store*. These functions performs check
	  of shadow memory. This is slower than inline instrumentation,
	  however it doesn't bloat size of kernel's .text section so
	  much as inline does.

config KASAN_INLINE
	bool "Inline instrumentation"
	help
	  Compiler directly inserts code checking shadow memory before
	  memory accesses. This is faster than outline (in some workloads
	  it gives about x2 boost over outline instrumentation), but
	  make kernel's .text size much bigger.
	  This requires a gcc version of 5.0 or later.

endchoice

config KASAN_SANITIZE_ALL
	bool "KASan: Enable Instrumentation for entire kernel"
	depends on KASAN
	default y
	help
	  Enable compilation with $(CFLAGS_KASAN) by default.
	  KASAN_SANITIZE := n - exclude all files in a directory
	  KASAN_SANITIZE_file_name.o := n - exclude a single file
	  Setting KASAN_SANITIZE_ALL to 'n' allows enabling kasan in
	  only certain files or directories.
	  KASAN_SANITIZE := y - include all files in a directory
	  KASAN_SANITIZE_file_name.o := y - include single file

	  KASAN_SANITIZE does not affect subdirectories.
	  KASAN_SANITIZE_file_name.o has priority over KASAN_SANITIZE.

config TEST_KASAN
	tristate "Module for testing kasan for bug detection"
	depends on m && KASAN
	help
	  This is a test module doing various nasty things like
	  out of bounds accesses, use after free. It is useful for testing
	  kernel debugging features like kernel address sanitizer.

endif