[linux.git] / lib / Kconfig.kasan

# This config refers to the generic KASAN mode.
config HAVE_ARCH_KASAN
	bool

config HAVE_ARCH_KASAN_SW_TAGS
	bool

config CC_HAS_KASAN_GENERIC
	def_bool $(cc-option, -fsanitize=kernel-address)

config CC_HAS_KASAN_SW_TAGS
	def_bool $(cc-option, -fsanitize=kernel-hwaddress)

config KASAN
	bool "KASAN: runtime memory debugger"
	depends on (HAVE_ARCH_KASAN && CC_HAS_KASAN_GENERIC) || \
		   (HAVE_ARCH_KASAN_SW_TAGS && CC_HAS_KASAN_SW_TAGS)
	depends on (SLUB && SYSFS) || (SLAB && !DEBUG_SLAB)
	help
	  Enables KASAN (KernelAddressSANitizer) - runtime memory debugger,
	  designed to find out-of-bounds accesses and use-after-free bugs.
	  See Documentation/dev-tools/kasan.rst for details.

choice
	prompt "KASAN mode"
	depends on KASAN
	default KASAN_GENERIC
	help
	  KASAN has two modes: generic KASAN (similar to userspace ASan,
	  x86_64/arm64/xtensa, enabled with CONFIG_KASAN_GENERIC) and
	  software tag-based KASAN (a version based on software memory
	  tagging, arm64 only, similar to userspace HWASan, enabled with
	  CONFIG_KASAN_SW_TAGS).
	  Both generic and tag-based KASAN are strictly debugging features.

config KASAN_GENERIC
	bool "Generic mode"
	depends on HAVE_ARCH_KASAN && CC_HAS_KASAN_GENERIC
	depends on (SLUB && SYSFS) || (SLAB && !DEBUG_SLAB)
	select SLUB_DEBUG if SLUB
	select CONSTRUCTORS
	select STACKDEPOT
	help
	  Enables generic KASAN mode.
	  Supported in both GCC and Clang. With GCC it requires version 4.9.2
	  or later for basic support and version 5.0 or later for detection of
	  out-of-bounds accesses for stack and global variables and for inline
	  instrumentation mode (CONFIG_KASAN_INLINE). With Clang it requires
	  version 3.7.0 or later and it doesn't support detection of
	  out-of-bounds accesses for global variables yet.
	  This mode consumes about 1/8th of available memory at kernel start
	  and introduces an overhead of ~x1.5 for the rest of the allocations.
	  The performance slowdown is ~x3.
	  For better error detection enable CONFIG_STACKTRACE.
	  Currently CONFIG_KASAN_GENERIC doesn't work with CONFIG_DEBUG_SLAB
	  (the resulting kernel does not boot).

config KASAN_SW_TAGS
	bool "Software tag-based mode"
	depends on HAVE_ARCH_KASAN_SW_TAGS && CC_HAS_KASAN_SW_TAGS
	depends on (SLUB && SYSFS) || (SLAB && !DEBUG_SLAB)
	select SLUB_DEBUG if SLUB
	select CONSTRUCTORS
	select STACKDEPOT
	help
	  Enables software tag-based KASAN mode.
	  This mode requires Top Byte Ignore support by the CPU and therefore
	  is only supported for arm64.
	  This mode requires Clang version 7.0.0 or later.
	  This mode consumes about 1/16th of available memory at kernel start
	  and introduces an overhead of ~20% for the rest of the allocations.
	  This mode may potentially introduce problems relating to pointer
	  casting and comparison, as it embeds tags into the top byte of each
	  pointer.
	  For better error detection enable CONFIG_STACKTRACE.
	  Currently CONFIG_KASAN_SW_TAGS doesn't work with CONFIG_DEBUG_SLAB
	  (the resulting kernel does not boot).

endchoice

choice
	prompt "Instrumentation type"
	depends on KASAN
	default KASAN_OUTLINE

config KASAN_OUTLINE
	bool "Outline instrumentation"
	help
	  Before every memory access compiler insert function call
	  __asan_load*/__asan_store*. These functions performs check
	  of shadow memory. This is slower than inline instrumentation,
	  however it doesn't bloat size of kernel's .text section so
	  much as inline does.

config KASAN_INLINE
	bool "Inline instrumentation"
	help
	  Compiler directly inserts code checking shadow memory before
	  memory accesses. This is faster than outline (in some workloads
	  it gives about x2 boost over outline instrumentation), but
	  make kernel's .text size much bigger.
	  For CONFIG_KASAN_GENERIC this requires GCC 5.0 or later.

endchoice

config KASAN_STACK_ENABLE
	bool "Enable stack instrumentation (unsafe)" if CC_IS_CLANG && !COMPILE_TEST
	default !(CLANG_VERSION < 90000)
	depends on KASAN
	help
	  The LLVM stack address sanitizer has a know problem that
	  causes excessive stack usage in a lot of functions, see
	  https://bugs.llvm.org/show_bug.cgi?id=38809
	  Disabling asan-stack makes it safe to run kernels build
	  with clang-8 with KASAN enabled, though it loses some of
	  the functionality.
	  This feature is always disabled when compile-testing with clang-8
	  or earlier to avoid cluttering the output in stack overflow
	  warnings, but clang-8 users can still enable it for builds without
	  CONFIG_COMPILE_TEST.  On gcc and later clang versions it is
	  assumed to always be safe to use and enabled by default.

config KASAN_STACK
	int
	default 1 if KASAN_STACK_ENABLE || CC_IS_GCC
	default 0

config KASAN_S390_4_LEVEL_PAGING
	bool "KASan: use 4-level paging"
	depends on KASAN && S390
	help
	  Compiling the kernel with KASan disables automatic 3-level vs
	  4-level paging selection. 3-level paging is used by default (up
	  to 3TB of RAM with KASan enabled). This options allows to force
	  4-level paging instead.

config TEST_KASAN
	tristate "Module for testing KASAN for bug detection"
	depends on m && KASAN
	help
	  This is a test module doing various nasty things like
	  out of bounds accesses, use after free. It is useful for testing
	  kernel debugging features like KASAN.
Commit	Line	Data
2bd926b4	1	# This config refers to the generic KASAN mode.
0b24becc AR	2	config HAVE_ARCH_KASAN
	3	bool
	4
2bd926b4 AK	5	config HAVE_ARCH_KASAN_SW_TAGS
	6	bool
	7
	8	config CC_HAS_KASAN_GENERIC
	9	def_bool $(cc-option, -fsanitize=kernel-address)
	10
	11	config CC_HAS_KASAN_SW_TAGS
	12	def_bool $(cc-option, -fsanitize=kernel-hwaddress)
0b24becc AR	13
0b24becc AR	14	config KASAN
2bd926b4 AK	15	bool "KASAN: runtime memory debugger"
	16	depends on (HAVE_ARCH_KASAN && CC_HAS_KASAN_GENERIC) \|\| \
	17	(HAVE_ARCH_KASAN_SW_TAGS && CC_HAS_KASAN_SW_TAGS)
	18	depends on (SLUB && SYSFS) \|\| (SLAB && !DEBUG_SLAB)
	19	help
	20	Enables KASAN (KernelAddressSANitizer) - runtime memory debugger,
	21	designed to find out-of-bounds accesses and use-after-free bugs.
	22	See Documentation/dev-tools/kasan.rst for details.
	23
	24	choice
	25	prompt "KASAN mode"
	26	depends on KASAN
	27	default KASAN_GENERIC
	28	help
	29	KASAN has two modes: generic KASAN (similar to userspace ASan,
	30	x86_64/arm64/xtensa, enabled with CONFIG_KASAN_GENERIC) and
	31	software tag-based KASAN (a version based on software memory
	32	tagging, arm64 only, similar to userspace HWASan, enabled with
	33	CONFIG_KASAN_SW_TAGS).
	34	Both generic and tag-based KASAN are strictly debugging features.
	35
	36	config KASAN_GENERIC
	37	bool "Generic mode"
	38	depends on HAVE_ARCH_KASAN && CC_HAS_KASAN_GENERIC
03758dbb	39	depends on (SLUB && SYSFS) \|\| (SLAB && !DEBUG_SLAB)
dd275caf	40	select SLUB_DEBUG if SLUB
bebf56a1	41	select CONSTRUCTORS
80a9201a	42	select STACKDEPOT
0b24becc	43	help
2bd926b4 AK	44	Enables generic KASAN mode.
	45	Supported in both GCC and Clang. With GCC it requires version 4.9.2
	46	or later for basic support and version 5.0 or later for detection of
	47	out-of-bounds accesses for stack and global variables and for inline
	48	instrumentation mode (CONFIG_KASAN_INLINE). With Clang it requires
	49	version 3.7.0 or later and it doesn't support detection of
	50	out-of-bounds accesses for global variables yet.
	51	This mode consumes about 1/8th of available memory at kernel start
	52	and introduces an overhead of ~x1.5 for the rest of the allocations.
	53	The performance slowdown is ~x3.
89d3c87e	54	For better error detection enable CONFIG_STACKTRACE.
2bd926b4	55	Currently CONFIG_KASAN_GENERIC doesn't work with CONFIG_DEBUG_SLAB
7ed2f9e6	56	(the resulting kernel does not boot).
0b24becc	57
2bd926b4 AK	58	config KASAN_SW_TAGS
	59	bool "Software tag-based mode"
	60	depends on HAVE_ARCH_KASAN_SW_TAGS && CC_HAS_KASAN_SW_TAGS
	61	depends on (SLUB && SYSFS) \|\| (SLAB && !DEBUG_SLAB)
	62	select SLUB_DEBUG if SLUB
	63	select CONSTRUCTORS
	64	select STACKDEPOT
	65	help
	66	Enables software tag-based KASAN mode.
	67	This mode requires Top Byte Ignore support by the CPU and therefore
	68	is only supported for arm64.
	69	This mode requires Clang version 7.0.0 or later.
	70	This mode consumes about 1/16th of available memory at kernel start
	71	and introduces an overhead of ~20% for the rest of the allocations.
	72	This mode may potentially introduce problems relating to pointer
	73	casting and comparison, as it embeds tags into the top byte of each
	74	pointer.
	75	For better error detection enable CONFIG_STACKTRACE.
	76	Currently CONFIG_KASAN_SW_TAGS doesn't work with CONFIG_DEBUG_SLAB
	77	(the resulting kernel does not boot).
	78
	79	endchoice
	80
0b24becc AR	81	choice
	82	prompt "Instrumentation type"
	83	depends on KASAN
	84	default KASAN_OUTLINE
	85
	86	config KASAN_OUTLINE
	87	bool "Outline instrumentation"
	88	help
	89	Before every memory access compiler insert function call
	90	__asan_load/__asan_store. These functions performs check
	91	of shadow memory. This is slower than inline instrumentation,
	92	however it doesn't bloat size of kernel's .text section so
	93	much as inline does.
	94
	95	config KASAN_INLINE
	96	bool "Inline instrumentation"
	97	help
	98	Compiler directly inserts code checking shadow memory before
	99	memory accesses. This is faster than outline (in some workloads
	100	it gives about x2 boost over outline instrumentation), but
	101	make kernel's .text size much bigger.
2bd926b4	102	For CONFIG_KASAN_GENERIC this requires GCC 5.0 or later.
0b24becc AR	103
	104	endchoice
	105
6baec880 AB	106	config KASAN_STACK_ENABLE
	107	bool "Enable stack instrumentation (unsafe)" if CC_IS_CLANG && !COMPILE_TEST
	108	default !(CLANG_VERSION < 90000)
	109	depends on KASAN
	110	help
	111	The LLVM stack address sanitizer has a know problem that
	112	causes excessive stack usage in a lot of functions, see
	113	https://bugs.llvm.org/show_bug.cgi?id=38809
	114	Disabling asan-stack makes it safe to run kernels build
	115	with clang-8 with KASAN enabled, though it loses some of
	116	the functionality.
	117	This feature is always disabled when compile-testing with clang-8
	118	or earlier to avoid cluttering the output in stack overflow
	119	warnings, but clang-8 users can still enable it for builds without
	120	CONFIG_COMPILE_TEST. On gcc and later clang versions it is
	121	assumed to always be safe to use and enabled by default.
	122
	123	config KASAN_STACK
	124	int
	125	default 1 if KASAN_STACK_ENABLE \|\| CC_IS_GCC
	126	default 0
	127
5dff0381 VG	128	config KASAN_S390_4_LEVEL_PAGING
	129	bool "KASan: use 4-level paging"
	130	depends on KASAN && S390
	131	help
	132	Compiling the kernel with KASan disables automatic 3-level vs
	133	4-level paging selection. 3-level paging is used by default (up
	134	to 3TB of RAM with KASan enabled). This options allows to force
	135	4-level paging instead.
	136
3f15801c	137	config TEST_KASAN
2bd926b4	138	tristate "Module for testing KASAN for bug detection"
3f15801c AR	139	depends on m && KASAN
	140	help
	141	This is a test module doing various nasty things like
	142	out of bounds accesses, use after free. It is useful for testing
2bd926b4	143	kernel debugging features like KASAN.