xref: /linux/lib/Kconfig.kasan (revision a8b70ccf10e38775785d9cb12ead916474549f99)
1config HAVE_ARCH_KASAN
2	bool
3
4if HAVE_ARCH_KASAN
5
6config KASAN
7	bool "KASan: runtime memory debugger"
8	depends on SLUB || (SLAB && !DEBUG_SLAB)
9	select CONSTRUCTORS
10	select STACKDEPOT
11	help
12	  Enables kernel address sanitizer - runtime memory debugger,
13	  designed to find out-of-bounds accesses and use-after-free bugs.
14	  This is strictly a debugging feature and it requires a gcc version
15	  of 4.9.2 or later. Detection of out of bounds accesses to stack or
16	  global variables requires gcc 5.0 or later.
17	  This feature consumes about 1/8 of available memory and brings about
18	  ~x3 performance slowdown.
19	  For better error detection enable CONFIG_STACKTRACE.
20	  Currently CONFIG_KASAN doesn't work with CONFIG_DEBUG_SLAB
21	  (the resulting kernel does not boot).
22
23config KASAN_EXTRA
24	bool "KAsan: extra checks"
25	depends on KASAN && DEBUG_KERNEL && !COMPILE_TEST
26	help
27	  This enables further checks in the kernel address sanitizer, for now
28	  it only includes the address-use-after-scope check that can lead
29	  to excessive kernel stack usage, frame size warnings and longer
30	  compile time.
31	  https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81715 has more
32
33
34choice
35	prompt "Instrumentation type"
36	depends on KASAN
37	default KASAN_OUTLINE
38
39config KASAN_OUTLINE
40	bool "Outline instrumentation"
41	help
42	  Before every memory access compiler insert function call
43	  __asan_load*/__asan_store*. These functions performs check
44	  of shadow memory. This is slower than inline instrumentation,
45	  however it doesn't bloat size of kernel's .text section so
46	  much as inline does.
47
48config KASAN_INLINE
49	bool "Inline instrumentation"
50	help
51	  Compiler directly inserts code checking shadow memory before
52	  memory accesses. This is faster than outline (in some workloads
53	  it gives about x2 boost over outline instrumentation), but
54	  make kernel's .text size much bigger.
55	  This requires a gcc version of 5.0 or later.
56
57endchoice
58
59config TEST_KASAN
60	tristate "Module for testing kasan for bug detection"
61	depends on m && KASAN
62	help
63	  This is a test module doing various nasty things like
64	  out of bounds accesses, use after free. It is useful for testing
65	  kernel debugging features like kernel address sanitizer.
66
67endif
68