1# SPDX-License-Identifier: GPL-2.0-only 2 3# This config refers to the generic KASAN mode. 4config HAVE_ARCH_KASAN 5 bool 6 7config HAVE_ARCH_KASAN_SW_TAGS 8 bool 9 10config HAVE_ARCH_KASAN_HW_TAGS 11 bool 12 13config HAVE_ARCH_KASAN_VMALLOC 14 bool 15 16config ARCH_DISABLE_KASAN_INLINE 17 bool 18 help 19 Disables both inline and stack instrumentation. Selected by 20 architectures that do not support these instrumentation types. 21 22config ARCH_NEEDS_DEFER_KASAN 23 bool 24 25config ARCH_DEFER_KASAN 26 def_bool y 27 depends on KASAN && ARCH_NEEDS_DEFER_KASAN 28 help 29 Architectures should select this if they need to defer KASAN 30 initialization until shadow memory is properly set up. This 31 enables runtime control via static keys. Otherwise, KASAN uses 32 compile-time constants for better performance. 33 34config CC_HAS_KASAN_GENERIC 35 def_bool $(cc-option, -fsanitize=kernel-address) 36 37config CC_HAS_KASAN_SW_TAGS 38 def_bool $(cc-option, -fsanitize=kernel-hwaddress) 39 40# This option is only required for software KASAN modes. 41# Old GCC versions do not have proper support for no_sanitize_address. 42# See https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89124 for details. 43config CC_HAS_WORKING_NOSANITIZE_ADDRESS 44 def_bool !CC_IS_GCC || GCC_VERSION >= 80300 45 46menuconfig KASAN 47 bool "KASAN: dynamic memory safety error detector" 48 depends on (((HAVE_ARCH_KASAN && CC_HAS_KASAN_GENERIC) || \ 49 (HAVE_ARCH_KASAN_SW_TAGS && CC_HAS_KASAN_SW_TAGS)) && \ 50 CC_HAS_WORKING_NOSANITIZE_ADDRESS) || \ 51 HAVE_ARCH_KASAN_HW_TAGS 52 depends on SYSFS && !SLUB_TINY 53 select STACKDEPOT_ALWAYS_INIT 54 help 55 Enables KASAN (Kernel Address Sanitizer) - a dynamic memory safety 56 error detector designed to find out-of-bounds and use-after-free bugs. 57 58 See Documentation/dev-tools/kasan.rst for details. 59 60 For better error reports, also enable CONFIG_STACKTRACE. 61 62if KASAN 63 64config CC_HAS_KASAN_MEMINTRINSIC_PREFIX 65 def_bool (CC_IS_CLANG && $(cc-option,-fsanitize=kernel-address -mllvm -asan-kernel-mem-intrinsic-prefix=1)) || \ 66 (CC_IS_GCC && $(cc-option,-fsanitize=kernel-address --param asan-kernel-mem-intrinsic-prefix=1)) 67 # Don't define it if we don't need it: compilation of the test uses 68 # this variable to decide how the compiler should treat builtins. 69 depends on !KASAN_HW_TAGS 70 help 71 The compiler is able to prefix memintrinsics with __asan or __hwasan. 72 73choice 74 prompt "KASAN mode" 75 default KASAN_GENERIC 76 help 77 KASAN has three modes: 78 79 1. Generic KASAN (supported by many architectures, enabled with 80 CONFIG_KASAN_GENERIC, similar to userspace ASan), 81 2. Software Tag-Based KASAN (arm64 only, based on software memory 82 tagging, enabled with CONFIG_KASAN_SW_TAGS, similar to userspace 83 HWASan), and 84 3. Hardware Tag-Based KASAN (arm64 only, based on hardware memory 85 tagging, enabled with CONFIG_KASAN_HW_TAGS). 86 87 See Documentation/dev-tools/kasan.rst for details about each mode. 88 89config KASAN_GENERIC 90 bool "Generic KASAN" 91 depends on HAVE_ARCH_KASAN && CC_HAS_KASAN_GENERIC 92 depends on CC_HAS_WORKING_NOSANITIZE_ADDRESS 93 select SLUB_DEBUG 94 select CONSTRUCTORS 95 help 96 Enables Generic KASAN. 97 98 Requires GCC 8.3.0+ or Clang. 99 100 Consumes about 1/8th of available memory at kernel start and adds an 101 overhead of ~50% for dynamic allocations. 102 The performance slowdown is ~x3. 103 104config KASAN_SW_TAGS 105 bool "Software Tag-Based KASAN" 106 depends on HAVE_ARCH_KASAN_SW_TAGS && CC_HAS_KASAN_SW_TAGS 107 depends on CC_HAS_WORKING_NOSANITIZE_ADDRESS 108 select SLUB_DEBUG 109 select CONSTRUCTORS 110 help 111 Enables Software Tag-Based KASAN. 112 113 Requires GCC 11+ or Clang. 114 115 Supported only on arm64 CPUs and relies on Top Byte Ignore. 116 117 Consumes about 1/16th of available memory at kernel start and 118 add an overhead of ~20% for dynamic allocations. 119 120 May potentially introduce problems related to pointer casting and 121 comparison, as it embeds a tag into the top byte of each pointer. 122 123config KASAN_HW_TAGS 124 bool "Hardware Tag-Based KASAN" 125 depends on HAVE_ARCH_KASAN_HW_TAGS 126 help 127 Enables Hardware Tag-Based KASAN. 128 129 Requires GCC 10+ or Clang 12+. 130 131 Supported only on arm64 CPUs starting from ARMv8.5 and relies on 132 Memory Tagging Extension and Top Byte Ignore. 133 134 Consumes about 1/32nd of available memory. 135 136 May potentially introduce problems related to pointer casting and 137 comparison, as it embeds a tag into the top byte of each pointer. 138 139endchoice 140 141choice 142 prompt "Instrumentation type" 143 depends on KASAN_GENERIC || KASAN_SW_TAGS 144 default KASAN_INLINE if !ARCH_DISABLE_KASAN_INLINE 145 146config KASAN_OUTLINE 147 bool "Outline instrumentation" 148 help 149 Makes the compiler insert function calls that check whether the memory 150 is accessible before each memory access. Slower than KASAN_INLINE, but 151 does not bloat the size of the kernel's .text section so much. 152 153config KASAN_INLINE 154 bool "Inline instrumentation" 155 depends on !ARCH_DISABLE_KASAN_INLINE 156 help 157 Makes the compiler directly insert memory accessibility checks before 158 each memory access. Faster than KASAN_OUTLINE (gives ~x2 boost for 159 some workloads), but makes the kernel's .text size much bigger. 160 161endchoice 162 163config KASAN_STACK 164 bool "Stack instrumentation (unsafe)" if CC_IS_CLANG && !COMPILE_TEST 165 depends on KASAN_GENERIC || KASAN_SW_TAGS 166 depends on !ARCH_DISABLE_KASAN_INLINE 167 default y if CC_IS_GCC 168 help 169 Disables stack instrumentation and thus KASAN's ability to detect 170 out-of-bounds bugs in stack variables. 171 172 With Clang, stack instrumentation has a problem that causes excessive 173 stack usage, see https://llvm.org/pr38809. Thus, 174 with Clang, this option is deemed unsafe. 175 176 This option is always disabled when compile-testing with Clang to 177 avoid cluttering the log with stack overflow warnings. 178 179 With GCC, enabling stack instrumentation is assumed to be safe. 180 181 If the architecture disables inline instrumentation via 182 ARCH_DISABLE_KASAN_INLINE, stack instrumentation gets disabled 183 as well, as it adds inline-style instrumentation that is run 184 unconditionally. 185 186config KASAN_VMALLOC 187 bool "Check accesses to vmalloc allocations" 188 depends on HAVE_ARCH_KASAN_VMALLOC 189 help 190 Makes KASAN check the validity of accesses to vmalloc allocations. 191 192 With software KASAN modes, all types vmalloc allocations are 193 checked. Enabling this option leads to higher memory usage. 194 195 With Hardware Tag-Based KASAN, only non-executable VM_ALLOC mappings 196 are checked. There is no additional memory usage. 197 198config KASAN_KUNIT_TEST 199 tristate "KUnit-compatible tests of KASAN bug detection capabilities" if !KUNIT_ALL_TESTS 200 depends on KASAN && KUNIT && TRACEPOINTS 201 default KUNIT_ALL_TESTS 202 help 203 A KUnit-based KASAN test suite. Triggers different kinds of 204 out-of-bounds and use-after-free accesses. Useful for testing whether 205 KASAN can detect certain bug types. 206 207 For more information on KUnit and unit tests in general, please refer 208 to the KUnit documentation in Documentation/dev-tools/kunit/. 209 210config KASAN_EXTRA_INFO 211 bool "Record and report more information" 212 depends on KASAN 213 help 214 Record and report more information to help us find the cause of the 215 bug and to help us correlate the error with other system events. 216 217 Currently, the CPU number and timestamp are additionally 218 recorded for each heap block at allocation and free time, and 219 8 bytes will be added to each metadata structure that records 220 allocation or free information. 221 222 In Generic KASAN, each kmalloc-8 and kmalloc-16 object will add 223 16 bytes of additional memory consumption, and each kmalloc-32 224 object will add 8 bytes of additional memory consumption, not 225 affecting other larger objects. 226 227 In SW_TAGS KASAN and HW_TAGS KASAN, depending on the stack_ring_size 228 boot parameter, it will add 8 * stack_ring_size bytes of additional 229 memory consumption. 230 231endif # KASAN 232