xref: /linux/lib/Kconfig.kasan (revision a3f143c461444c0b56360bbf468615fa814a8372)
1# SPDX-License-Identifier: GPL-2.0-only
2
3# This config refers to the generic KASAN mode.
4config HAVE_ARCH_KASAN
5	bool
6
7config HAVE_ARCH_KASAN_SW_TAGS
8	bool
9
10config HAVE_ARCH_KASAN_HW_TAGS
11	bool
12
13config HAVE_ARCH_KASAN_VMALLOC
14	bool
15
16config ARCH_DISABLE_KASAN_INLINE
17	bool
18	help
19	  Disables both inline and stack instrumentation. Selected by
20	  architectures that do not support these instrumentation types.
21
22config CC_HAS_KASAN_GENERIC
23	def_bool $(cc-option, -fsanitize=kernel-address)
24
25# GCC appears to ignore no_sanitize_address when -fsanitize=kernel-hwaddress
26# is passed. See https://bugzilla.kernel.org/show_bug.cgi?id=218854 (and
27# the linked LKML thread) for more details.
28config CC_HAS_KASAN_SW_TAGS
29	def_bool !CC_IS_GCC && $(cc-option, -fsanitize=kernel-hwaddress)
30
31# This option is only required for software KASAN modes.
32# Old GCC versions do not have proper support for no_sanitize_address.
33# See https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89124 for details.
34config CC_HAS_WORKING_NOSANITIZE_ADDRESS
35	def_bool !CC_IS_GCC || GCC_VERSION >= 80300
36
37menuconfig KASAN
38	bool "KASAN: dynamic memory safety error detector"
39	depends on (((HAVE_ARCH_KASAN && CC_HAS_KASAN_GENERIC) || \
40		     (HAVE_ARCH_KASAN_SW_TAGS && CC_HAS_KASAN_SW_TAGS)) && \
41		    CC_HAS_WORKING_NOSANITIZE_ADDRESS) || \
42		   HAVE_ARCH_KASAN_HW_TAGS
43	depends on SYSFS && !SLUB_TINY
44	select STACKDEPOT_ALWAYS_INIT
45	help
46	  Enables KASAN (Kernel Address Sanitizer) - a dynamic memory safety
47	  error detector designed to find out-of-bounds and use-after-free bugs.
48
49	  See Documentation/dev-tools/kasan.rst for details.
50
51	  For better error reports, also enable CONFIG_STACKTRACE.
52
53if KASAN
54
55config CC_HAS_KASAN_MEMINTRINSIC_PREFIX
56	def_bool (CC_IS_CLANG && $(cc-option,-fsanitize=kernel-address -mllvm -asan-kernel-mem-intrinsic-prefix=1)) || \
57		 (CC_IS_GCC && $(cc-option,-fsanitize=kernel-address --param asan-kernel-mem-intrinsic-prefix=1))
58	# Don't define it if we don't need it: compilation of the test uses
59	# this variable to decide how the compiler should treat builtins.
60	depends on !KASAN_HW_TAGS
61	help
62	  The compiler is able to prefix memintrinsics with __asan or __hwasan.
63
64choice
65	prompt "KASAN mode"
66	default KASAN_GENERIC
67	help
68	  KASAN has three modes:
69
70	  1. Generic KASAN (supported by many architectures, enabled with
71	     CONFIG_KASAN_GENERIC, similar to userspace ASan),
72	  2. Software Tag-Based KASAN (arm64 only, based on software memory
73	     tagging, enabled with CONFIG_KASAN_SW_TAGS, similar to userspace
74	     HWASan), and
75	  3. Hardware Tag-Based KASAN (arm64 only, based on hardware memory
76	     tagging, enabled with CONFIG_KASAN_HW_TAGS).
77
78	  See Documentation/dev-tools/kasan.rst for details about each mode.
79
80config KASAN_GENERIC
81	bool "Generic KASAN"
82	depends on HAVE_ARCH_KASAN && CC_HAS_KASAN_GENERIC
83	depends on CC_HAS_WORKING_NOSANITIZE_ADDRESS
84	select SLUB_DEBUG
85	select CONSTRUCTORS
86	help
87	  Enables Generic KASAN.
88
89	  Requires GCC 8.3.0+ or Clang.
90
91	  Consumes about 1/8th of available memory at kernel start and adds an
92	  overhead of ~50% for dynamic allocations.
93	  The performance slowdown is ~x3.
94
95config KASAN_SW_TAGS
96	bool "Software Tag-Based KASAN"
97	depends on HAVE_ARCH_KASAN_SW_TAGS && CC_HAS_KASAN_SW_TAGS
98	depends on CC_HAS_WORKING_NOSANITIZE_ADDRESS
99	select SLUB_DEBUG
100	select CONSTRUCTORS
101	help
102	  Enables Software Tag-Based KASAN.
103
104	  Requires Clang.
105
106	  Supported only on arm64 CPUs and relies on Top Byte Ignore.
107
108	  Consumes about 1/16th of available memory at kernel start and
109	  add an overhead of ~20% for dynamic allocations.
110
111	  May potentially introduce problems related to pointer casting and
112	  comparison, as it embeds a tag into the top byte of each pointer.
113
114config KASAN_HW_TAGS
115	bool "Hardware Tag-Based KASAN"
116	depends on HAVE_ARCH_KASAN_HW_TAGS
117	help
118	  Enables Hardware Tag-Based KASAN.
119
120	  Requires GCC 10+ or Clang 12+.
121
122	  Supported only on arm64 CPUs starting from ARMv8.5 and relies on
123	  Memory Tagging Extension and Top Byte Ignore.
124
125	  Consumes about 1/32nd of available memory.
126
127	  May potentially introduce problems related to pointer casting and
128	  comparison, as it embeds a tag into the top byte of each pointer.
129
130endchoice
131
132choice
133	prompt "Instrumentation type"
134	depends on KASAN_GENERIC || KASAN_SW_TAGS
135	default KASAN_INLINE if !ARCH_DISABLE_KASAN_INLINE
136
137config KASAN_OUTLINE
138	bool "Outline instrumentation"
139	help
140	  Makes the compiler insert function calls that check whether the memory
141	  is accessible before each memory access. Slower than KASAN_INLINE, but
142	  does not bloat the size of the kernel's .text section so much.
143
144config KASAN_INLINE
145	bool "Inline instrumentation"
146	depends on !ARCH_DISABLE_KASAN_INLINE
147	help
148	  Makes the compiler directly insert memory accessibility checks before
149	  each memory access. Faster than KASAN_OUTLINE (gives ~x2 boost for
150	  some workloads), but makes the kernel's .text size much bigger.
151
152endchoice
153
154config KASAN_STACK
155	bool "Stack instrumentation (unsafe)" if CC_IS_CLANG && !COMPILE_TEST
156	depends on KASAN_GENERIC || KASAN_SW_TAGS
157	depends on !ARCH_DISABLE_KASAN_INLINE
158	default y if CC_IS_GCC
159	help
160	  Disables stack instrumentation and thus KASAN's ability to detect
161	  out-of-bounds bugs in stack variables.
162
163	  With Clang, stack instrumentation has a problem that causes excessive
164	  stack usage, see https://llvm.org/pr38809. Thus,
165	  with Clang, this option is deemed unsafe.
166
167	  This option is always disabled when compile-testing with Clang to
168	  avoid cluttering the log with stack overflow warnings.
169
170	  With GCC, enabling stack instrumentation is assumed to be safe.
171
172	  If the architecture disables inline instrumentation via
173	  ARCH_DISABLE_KASAN_INLINE, stack instrumentation gets disabled
174	  as well, as it adds inline-style instrumentation that is run
175	  unconditionally.
176
177config KASAN_VMALLOC
178	bool "Check accesses to vmalloc allocations"
179	depends on HAVE_ARCH_KASAN_VMALLOC
180	help
181	  Makes KASAN check the validity of accesses to vmalloc allocations.
182
183	  With software KASAN modes, all types vmalloc allocations are
184	  checked. Enabling this option leads to higher memory usage.
185
186	  With Hardware Tag-Based KASAN, only non-executable VM_ALLOC mappings
187	  are checked. There is no additional memory usage.
188
189config KASAN_KUNIT_TEST
190	tristate "KUnit-compatible tests of KASAN bug detection capabilities" if !KUNIT_ALL_TESTS
191	depends on KASAN && KUNIT && TRACEPOINTS
192	default KUNIT_ALL_TESTS
193	help
194	  A KUnit-based KASAN test suite. Triggers different kinds of
195	  out-of-bounds and use-after-free accesses. Useful for testing whether
196	  KASAN can detect certain bug types.
197
198	  For more information on KUnit and unit tests in general, please refer
199	  to the KUnit documentation in Documentation/dev-tools/kunit/.
200
201config KASAN_MODULE_TEST
202	tristate "KUnit-incompatible tests of KASAN bug detection capabilities"
203	depends on m && KASAN && !KASAN_HW_TAGS
204	help
205	  A part of the KASAN test suite that is not integrated with KUnit.
206	  Incompatible with Hardware Tag-Based KASAN.
207
208config KASAN_EXTRA_INFO
209	bool "Record and report more information"
210	depends on KASAN
211	help
212	  Record and report more information to help us find the cause of the
213	  bug and to help us correlate the error with other system events.
214
215	  Currently, the CPU number and timestamp are additionally
216	  recorded for each heap block at allocation and free time, and
217	  8 bytes will be added to each metadata structure that records
218	  allocation or free information.
219
220	  In Generic KASAN, each kmalloc-8 and kmalloc-16 object will add
221	  16 bytes of additional memory consumption, and each kmalloc-32
222	  object will add 8 bytes of additional memory consumption, not
223	  affecting other larger objects.
224
225	  In SW_TAGS KASAN and HW_TAGS KASAN, depending on the stack_ring_size
226	  boot parameter, it will add 8 * stack_ring_size bytes of additional
227	  memory consumption.
228
229endif # KASAN
230