[linux.git] / lib / Kconfig.kasan

# SPDX-License-Identifier: GPL-2.0-only
# This config refers to the generic KASAN mode.
config HAVE_ARCH_KASAN
	bool

config HAVE_ARCH_KASAN_SW_TAGS
	bool

config HAVE_ARCH_KASAN_HW_TAGS
	bool

config HAVE_ARCH_KASAN_VMALLOC
	bool

config ARCH_DISABLE_KASAN_INLINE
	bool
	help
	  An architecture might not support inline instrumentation.
	  When this option is selected, inline and stack instrumentation are
	  disabled.

config CC_HAS_KASAN_GENERIC
	def_bool $(cc-option, -fsanitize=kernel-address)

config CC_HAS_KASAN_SW_TAGS
	def_bool $(cc-option, -fsanitize=kernel-hwaddress)

# This option is only required for software KASAN modes.
# Old GCC versions don't have proper support for no_sanitize_address.
# See https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89124 for details.
config CC_HAS_WORKING_NOSANITIZE_ADDRESS
	def_bool !CC_IS_GCC || GCC_VERSION >= 80300

menuconfig KASAN
	bool "KASAN: runtime memory debugger"
	depends on (((HAVE_ARCH_KASAN && CC_HAS_KASAN_GENERIC) || \
		     (HAVE_ARCH_KASAN_SW_TAGS && CC_HAS_KASAN_SW_TAGS)) && \
		    CC_HAS_WORKING_NOSANITIZE_ADDRESS) || \
		   HAVE_ARCH_KASAN_HW_TAGS
	depends on (SLUB && SYSFS) || (SLAB && !DEBUG_SLAB)
	select STACKDEPOT
	help
	  Enables KASAN (KernelAddressSANitizer) - runtime memory debugger,
	  designed to find out-of-bounds accesses and use-after-free bugs.
	  See Documentation/dev-tools/kasan.rst for details.

if KASAN

choice
	prompt "KASAN mode"
	default KASAN_GENERIC
	help
	  KASAN has three modes:
	  1. generic KASAN (similar to userspace ASan,
	     x86_64/arm64/xtensa, enabled with CONFIG_KASAN_GENERIC),
	  2. software tag-based KASAN (arm64 only, based on software
	     memory tagging (similar to userspace HWASan), enabled with
	     CONFIG_KASAN_SW_TAGS), and
	  3. hardware tag-based KASAN (arm64 only, based on hardware
	     memory tagging, enabled with CONFIG_KASAN_HW_TAGS).

	  All KASAN modes are strictly debugging features.

	  For better error reports enable CONFIG_STACKTRACE.

config KASAN_GENERIC
	bool "Generic mode"
	depends on HAVE_ARCH_KASAN && CC_HAS_KASAN_GENERIC
	depends on CC_HAS_WORKING_NOSANITIZE_ADDRESS
	select SLUB_DEBUG if SLUB
	select CONSTRUCTORS
	help
	  Enables generic KASAN mode.

	  This mode is supported in both GCC and Clang. With GCC it requires
	  version 8.3.0 or later. Any supported Clang version is compatible,
	  but detection of out-of-bounds accesses for global variables is
	  supported only since Clang 11.

	  This mode consumes about 1/8th of available memory at kernel start
	  and introduces an overhead of ~x1.5 for the rest of the allocations.
	  The performance slowdown is ~x3.

	  Currently CONFIG_KASAN_GENERIC doesn't work with CONFIG_DEBUG_SLAB
	  (the resulting kernel does not boot).

config KASAN_SW_TAGS
	bool "Software tag-based mode"
	depends on HAVE_ARCH_KASAN_SW_TAGS && CC_HAS_KASAN_SW_TAGS
	depends on CC_HAS_WORKING_NOSANITIZE_ADDRESS
	select SLUB_DEBUG if SLUB
	select CONSTRUCTORS
	help
	  Enables software tag-based KASAN mode.

	  This mode require software memory tagging support in the form of
	  HWASan-like compiler instrumentation.

	  Currently this mode is only implemented for arm64 CPUs and relies on
	  Top Byte Ignore. This mode requires Clang.

	  This mode consumes about 1/16th of available memory at kernel start
	  and introduces an overhead of ~20% for the rest of the allocations.
	  This mode may potentially introduce problems relating to pointer
	  casting and comparison, as it embeds tags into the top byte of each
	  pointer.

	  Currently CONFIG_KASAN_SW_TAGS doesn't work with CONFIG_DEBUG_SLAB
	  (the resulting kernel does not boot).

config KASAN_HW_TAGS
	bool "Hardware tag-based mode"
	depends on HAVE_ARCH_KASAN_HW_TAGS
	depends on SLUB
	help
	  Enables hardware tag-based KASAN mode.

	  This mode requires hardware memory tagging support, and can be used
	  by any architecture that provides it.

	  Currently this mode is only implemented for arm64 CPUs starting from
	  ARMv8.5 and relies on Memory Tagging Extension and Top Byte Ignore.

endchoice

choice
	prompt "Instrumentation type"
	depends on KASAN_GENERIC || KASAN_SW_TAGS
	default KASAN_OUTLINE

config KASAN_OUTLINE
	bool "Outline instrumentation"
	help
	  Before every memory access compiler insert function call
	  __asan_load*/__asan_store*. These functions performs check
	  of shadow memory. This is slower than inline instrumentation,
	  however it doesn't bloat size of kernel's .text section so
	  much as inline does.

config KASAN_INLINE
	bool "Inline instrumentation"
	depends on !ARCH_DISABLE_KASAN_INLINE
	help
	  Compiler directly inserts code checking shadow memory before
	  memory accesses. This is faster than outline (in some workloads
	  it gives about x2 boost over outline instrumentation), but
	  make kernel's .text size much bigger.

endchoice

config KASAN_STACK
	bool "Enable stack instrumentation (unsafe)" if CC_IS_CLANG && !COMPILE_TEST
	depends on KASAN_GENERIC || KASAN_SW_TAGS
	depends on !ARCH_DISABLE_KASAN_INLINE
	default y if CC_IS_GCC
	help
	  The LLVM stack address sanitizer has a know problem that
	  causes excessive stack usage in a lot of functions, see
	  https://bugs.llvm.org/show_bug.cgi?id=38809
	  Disabling asan-stack makes it safe to run kernels build
	  with clang-8 with KASAN enabled, though it loses some of
	  the functionality.
	  This feature is always disabled when compile-testing with clang
	  to avoid cluttering the output in stack overflow warnings,
	  but clang users can still enable it for builds without
	  CONFIG_COMPILE_TEST.	On gcc it is assumed to always be safe
	  to use and enabled by default.
	  If the architecture disables inline instrumentation, stack
	  instrumentation is also disabled as it adds inline-style
	  instrumentation that is run unconditionally.

config KASAN_TAGS_IDENTIFY
	bool "Enable memory corruption identification"
	depends on KASAN_SW_TAGS || KASAN_HW_TAGS
	help
	  This option enables best-effort identification of bug type
	  (use-after-free or out-of-bounds) at the cost of increased
	  memory consumption.

config KASAN_VMALLOC
	bool "Back mappings in vmalloc space with real shadow memory"
	depends on KASAN_GENERIC && HAVE_ARCH_KASAN_VMALLOC
	help
	  By default, the shadow region for vmalloc space is the read-only
	  zero page. This means that KASAN cannot detect errors involving
	  vmalloc space.

	  Enabling this option will hook in to vmap/vmalloc and back those
	  mappings with real shadow memory allocated on demand. This allows
	  for KASAN to detect more sorts of errors (and to support vmapped
	  stacks), but at the cost of higher memory usage.

config KASAN_KUNIT_TEST
	tristate "KUnit-compatible tests of KASAN bug detection capabilities" if !KUNIT_ALL_TESTS
	depends on KASAN && KUNIT
	default KUNIT_ALL_TESTS
	help
	  This is a KUnit test suite doing various nasty things like
	  out of bounds and use after free accesses. It is useful for testing
	  kernel debugging features like KASAN.

	  For more information on KUnit and unit tests in general, please refer
	  to the KUnit documentation in Documentation/dev-tools/kunit.

config KASAN_MODULE_TEST
	tristate "KUnit-incompatible tests of KASAN bug detection capabilities"
	depends on m && KASAN && !KASAN_HW_TAGS
	help
	  This is a part of the KASAN test suite that is incompatible with
	  KUnit. Currently includes tests that do bad copy_from/to_user
	  accesses.

endif # KASAN
Commit	Line	Data
ec8f24b7	1	# SPDX-License-Identifier: GPL-2.0-only
2bd926b4	2	# This config refers to the generic KASAN mode.
0b24becc AR	3	config HAVE_ARCH_KASAN
	4	bool
	5
2bd926b4 AK	6	config HAVE_ARCH_KASAN_SW_TAGS
	7	bool
	8
6a63a63f AK	9	config HAVE_ARCH_KASAN_HW_TAGS
	10	bool
	11
	12	config HAVE_ARCH_KASAN_VMALLOC
3c5c3cfb DA	13	bool
3c5c3cfb DA	14
158f2552 DA	15	config ARCH_DISABLE_KASAN_INLINE
	16	bool
	17	help
	18	An architecture might not support inline instrumentation.
	19	When this option is selected, inline and stack instrumentation are
	20	disabled.
	21
2bd926b4 AK	22	config CC_HAS_KASAN_GENERIC
	23	def_bool $(cc-option, -fsanitize=kernel-address)
	24
	25	config CC_HAS_KASAN_SW_TAGS
	26	def_bool $(cc-option, -fsanitize=kernel-hwaddress)
0b24becc	27
6a63a63f AK	28	# This option is only required for software KASAN modes.
	29	# Old GCC versions don't have proper support for no_sanitize_address.
	30	# See https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89124 for details.
7b861a53	31	config CC_HAS_WORKING_NOSANITIZE_ADDRESS
acf7b0bf	32	def_bool !CC_IS_GCC \|\| GCC_VERSION >= 80300
7b861a53	33
7a3767f8	34	menuconfig KASAN
2bd926b4	35	bool "KASAN: runtime memory debugger"
6a63a63f AK	36	depends on (((HAVE_ARCH_KASAN && CC_HAS_KASAN_GENERIC) \|\| \
	37	(HAVE_ARCH_KASAN_SW_TAGS && CC_HAS_KASAN_SW_TAGS)) && \
	38	CC_HAS_WORKING_NOSANITIZE_ADDRESS) \|\| \
	39	HAVE_ARCH_KASAN_HW_TAGS
2bd926b4	40	depends on (SLUB && SYSFS) \|\| (SLAB && !DEBUG_SLAB)
ffcc5cea	41	select STACKDEPOT
2bd926b4 AK	42	help
	43	Enables KASAN (KernelAddressSANitizer) - runtime memory debugger,
	44	designed to find out-of-bounds accesses and use-after-free bugs.
	45	See Documentation/dev-tools/kasan.rst for details.
	46
7a3767f8 ME	47	if KASAN
7a3767f8 ME	48
2bd926b4 AK	49	choice
2bd926b4 AK	50	prompt "KASAN mode"
2bd926b4 AK	51	default KASAN_GENERIC
2bd926b4 AK	52	help
6a63a63f AK	53	KASAN has three modes:
	54	1. generic KASAN (similar to userspace ASan,
	55	x86_64/arm64/xtensa, enabled with CONFIG_KASAN_GENERIC),
	56	2. software tag-based KASAN (arm64 only, based on software
	57	memory tagging (similar to userspace HWASan), enabled with
	58	CONFIG_KASAN_SW_TAGS), and
	59	3. hardware tag-based KASAN (arm64 only, based on hardware
	60	memory tagging, enabled with CONFIG_KASAN_HW_TAGS).
	61
	62	All KASAN modes are strictly debugging features.
ac4766be	63
6a63a63f	64	For better error reports enable CONFIG_STACKTRACE.
2bd926b4 AK	65
	66	config KASAN_GENERIC
	67	bool "Generic mode"
	68	depends on HAVE_ARCH_KASAN && CC_HAS_KASAN_GENERIC
fa360bea	69	depends on CC_HAS_WORKING_NOSANITIZE_ADDRESS
dd275caf	70	select SLUB_DEBUG if SLUB
6a63a63f	71	select CONSTRUCTORS
0b24becc	72	help
2bd926b4	73	Enables generic KASAN mode.
ac4766be ME	74
ac4766be ME	75	This mode is supported in both GCC and Clang. With GCC it requires
527f6750 ME	76	version 8.3.0 or later. Any supported Clang version is compatible,
	77	but detection of out-of-bounds accesses for global variables is
	78	supported only since Clang 11.
ac4766be	79
2bd926b4 AK	80	This mode consumes about 1/8th of available memory at kernel start
	81	and introduces an overhead of ~x1.5 for the rest of the allocations.
	82	The performance slowdown is ~x3.
ac4766be	83
2bd926b4	84	Currently CONFIG_KASAN_GENERIC doesn't work with CONFIG_DEBUG_SLAB
7ed2f9e6	85	(the resulting kernel does not boot).
0b24becc	86
2bd926b4 AK	87	config KASAN_SW_TAGS
	88	bool "Software tag-based mode"
	89	depends on HAVE_ARCH_KASAN_SW_TAGS && CC_HAS_KASAN_SW_TAGS
fa360bea	90	depends on CC_HAS_WORKING_NOSANITIZE_ADDRESS
2bd926b4	91	select SLUB_DEBUG if SLUB
6a63a63f	92	select CONSTRUCTORS
2bd926b4 AK	93	help
2bd926b4 AK	94	Enables software tag-based KASAN mode.
ac4766be	95
6a63a63f AK	96	This mode require software memory tagging support in the form of
	97	HWASan-like compiler instrumentation.
	98
	99	Currently this mode is only implemented for arm64 CPUs and relies on
	100	Top Byte Ignore. This mode requires Clang.
ac4766be	101
2bd926b4 AK	102	This mode consumes about 1/16th of available memory at kernel start
	103	and introduces an overhead of ~20% for the rest of the allocations.
	104	This mode may potentially introduce problems relating to pointer
	105	casting and comparison, as it embeds tags into the top byte of each
	106	pointer.
ac4766be	107
2bd926b4 AK	108	Currently CONFIG_KASAN_SW_TAGS doesn't work with CONFIG_DEBUG_SLAB
	109	(the resulting kernel does not boot).
	110
6a63a63f AK	111	config KASAN_HW_TAGS
	112	bool "Hardware tag-based mode"
	113	depends on HAVE_ARCH_KASAN_HW_TAGS
	114	depends on SLUB
	115	help
	116	Enables hardware tag-based KASAN mode.
	117
	118	This mode requires hardware memory tagging support, and can be used
	119	by any architecture that provides it.
	120
	121	Currently this mode is only implemented for arm64 CPUs starting from
	122	ARMv8.5 and relies on Memory Tagging Extension and Top Byte Ignore.
	123
2bd926b4 AK	124	endchoice
2bd926b4 AK	125
0b24becc AR	126	choice
0b24becc AR	127	prompt "Instrumentation type"
6a63a63f	128	depends on KASAN_GENERIC \|\| KASAN_SW_TAGS
0b24becc AR	129	default KASAN_OUTLINE
	130
	131	config KASAN_OUTLINE
	132	bool "Outline instrumentation"
	133	help
	134	Before every memory access compiler insert function call
	135	__asan_load/__asan_store. These functions performs check
	136	of shadow memory. This is slower than inline instrumentation,
	137	however it doesn't bloat size of kernel's .text section so
	138	much as inline does.
	139
	140	config KASAN_INLINE
	141	bool "Inline instrumentation"
158f2552	142	depends on !ARCH_DISABLE_KASAN_INLINE
0b24becc AR	143	help
	144	Compiler directly inserts code checking shadow memory before
	145	memory accesses. This is faster than outline (in some workloads
	146	it gives about x2 boost over outline instrumentation), but
	147	make kernel's .text size much bigger.
	148
	149	endchoice
	150
02c58773	151	config KASAN_STACK
6baec880	152	bool "Enable stack instrumentation (unsafe)" if CC_IS_CLANG && !COMPILE_TEST
6a63a63f	153	depends on KASAN_GENERIC \|\| KASAN_SW_TAGS
158f2552	154	depends on !ARCH_DISABLE_KASAN_INLINE
02c58773	155	default y if CC_IS_GCC
6baec880 AB	156	help
	157	The LLVM stack address sanitizer has a know problem that
	158	causes excessive stack usage in a lot of functions, see
	159	https://bugs.llvm.org/show_bug.cgi?id=38809
	160	Disabling asan-stack makes it safe to run kernels build
	161	with clang-8 with KASAN enabled, though it loses some of
	162	the functionality.
ebb6d35a AB	163	This feature is always disabled when compile-testing with clang
	164	to avoid cluttering the output in stack overflow warnings,
	165	but clang users can still enable it for builds without
	166	CONFIG_COMPILE_TEST. On gcc it is assumed to always be safe
	167	to use and enabled by default.
158f2552 DA	168	If the architecture disables inline instrumentation, stack
	169	instrumentation is also disabled as it adds inline-style
	170	instrumentation that is run unconditionally.
6baec880	171
f06f78ab	172	config KASAN_TAGS_IDENTIFY
ae8f06b3	173	bool "Enable memory corruption identification"
7a22bdc3	174	depends on KASAN_SW_TAGS \|\| KASAN_HW_TAGS
ae8f06b3 WW	175	help
	176	This option enables best-effort identification of bug type
	177	(use-after-free or out-of-bounds) at the cost of increased
	178	memory consumption.
	179
3c5c3cfb DA	180	config KASAN_VMALLOC
3c5c3cfb DA	181	bool "Back mappings in vmalloc space with real shadow memory"
71f6af6d	182	depends on KASAN_GENERIC && HAVE_ARCH_KASAN_VMALLOC
3c5c3cfb DA	183	help
	184	By default, the shadow region for vmalloc space is the read-only
	185	zero page. This means that KASAN cannot detect errors involving
	186	vmalloc space.
	187
	188	Enabling this option will hook in to vmap/vmalloc and back those
	189	mappings with real shadow memory allocated on demand. This allows
	190	for KASAN to detect more sorts of errors (and to support vmapped
	191	stacks), but at the cost of higher memory usage.
	192
73228c7e PA	193	config KASAN_KUNIT_TEST
	194	tristate "KUnit-compatible tests of KASAN bug detection capabilities" if !KUNIT_ALL_TESTS
	195	depends on KASAN && KUNIT
	196	default KUNIT_ALL_TESTS
3f15801c	197	help
73228c7e PA	198	This is a KUnit test suite doing various nasty things like
73228c7e PA	199	out of bounds and use after free accesses. It is useful for testing
2bd926b4	200	kernel debugging features like KASAN.
7a3767f8	201
73228c7e	202	For more information on KUnit and unit tests in general, please refer
f05842cf	203	to the KUnit documentation in Documentation/dev-tools/kunit.
73228c7e	204
5d92bdff	205	config KASAN_MODULE_TEST
73228c7e	206	tristate "KUnit-incompatible tests of KASAN bug detection capabilities"
f05842cf	207	depends on m && KASAN && !KASAN_HW_TAGS
73228c7e PA	208	help
	209	This is a part of the KASAN test suite that is incompatible with
	210	KUnit. Currently includes tests that do bad copy_from/to_user
	211	accesses.
	212
7a3767f8	213	endif # KASAN