xref: /openbmc/linux/lib/Kconfig.kmsan (revision 7ae9fb1b7ecbb5d85d07857943f677fd1a559b18)
1f80be457SAlexander Potapenko# SPDX-License-Identifier: GPL-2.0-only
2f80be457SAlexander Potapenkoconfig HAVE_ARCH_KMSAN
3f80be457SAlexander Potapenko	bool
4f80be457SAlexander Potapenko
5f80be457SAlexander Potapenkoconfig HAVE_KMSAN_COMPILER
6f80be457SAlexander Potapenko	# Clang versions <14.0.0 also support -fsanitize=kernel-memory, but not
7f80be457SAlexander Potapenko	# all the features necessary to build the kernel with KMSAN.
8f80be457SAlexander Potapenko	depends on CC_IS_CLANG && CLANG_VERSION >= 140000
9f80be457SAlexander Potapenko	def_bool $(cc-option,-fsanitize=kernel-memory -mllvm -msan-disable-checks=1)
10f80be457SAlexander Potapenko
11f80be457SAlexander Potapenkoconfig KMSAN
12f80be457SAlexander Potapenko	bool "KMSAN: detector of uninitialized values use"
13f80be457SAlexander Potapenko	depends on HAVE_ARCH_KMSAN && HAVE_KMSAN_COMPILER
14f80be457SAlexander Potapenko	depends on SLUB && DEBUG_KERNEL && !KASAN && !KCSAN
15*83d0edfaSAlexander Potapenko	depends on !PREEMPT_RT
16f80be457SAlexander Potapenko	select STACKDEPOT
17f80be457SAlexander Potapenko	select STACKDEPOT_ALWAYS_INIT
18f80be457SAlexander Potapenko	help
19f80be457SAlexander Potapenko	  KernelMemorySanitizer (KMSAN) is a dynamic detector of uses of
20f80be457SAlexander Potapenko	  uninitialized values in the kernel. It is based on compiler
21f80be457SAlexander Potapenko	  instrumentation provided by Clang and thus requires Clang to build.
22f80be457SAlexander Potapenko
23f80be457SAlexander Potapenko	  An important note is that KMSAN is not intended for production use,
24f80be457SAlexander Potapenko	  because it drastically increases kernel memory footprint and slows
25f80be457SAlexander Potapenko	  the whole system down.
26f80be457SAlexander Potapenko
27f80be457SAlexander Potapenko	  See <file:Documentation/dev-tools/kmsan.rst> for more details.
28f80be457SAlexander Potapenko
29f80be457SAlexander Potapenkoif KMSAN
30f80be457SAlexander Potapenko
31f80be457SAlexander Potapenkoconfig HAVE_KMSAN_PARAM_RETVAL
32f80be457SAlexander Potapenko	# -fsanitize-memory-param-retval is supported only by Clang >= 14.
33f80be457SAlexander Potapenko	depends on HAVE_KMSAN_COMPILER
34f80be457SAlexander Potapenko	def_bool $(cc-option,-fsanitize=kernel-memory -fsanitize-memory-param-retval)
35f80be457SAlexander Potapenko
36f80be457SAlexander Potapenkoconfig KMSAN_CHECK_PARAM_RETVAL
37f80be457SAlexander Potapenko	bool "Check for uninitialized values passed to and returned from functions"
38f80be457SAlexander Potapenko	default y
39f80be457SAlexander Potapenko	depends on HAVE_KMSAN_PARAM_RETVAL
40f80be457SAlexander Potapenko	help
41f80be457SAlexander Potapenko	  If the compiler supports -fsanitize-memory-param-retval, KMSAN will
42f80be457SAlexander Potapenko	  eagerly check every function parameter passed by value and every
43f80be457SAlexander Potapenko	  function return value.
44f80be457SAlexander Potapenko
45f80be457SAlexander Potapenko	  Disabling KMSAN_CHECK_PARAM_RETVAL will result in tracking shadow for
46f80be457SAlexander Potapenko	  function parameters and return values across function borders. This
47f80be457SAlexander Potapenko	  is a more relaxed mode, but it generates more instrumentation code and
48f80be457SAlexander Potapenko	  may potentially report errors in corner cases when non-instrumented
49f80be457SAlexander Potapenko	  functions call instrumented ones.
50f80be457SAlexander Potapenko
518ed691b0SAlexander Potapenkoconfig KMSAN_KUNIT_TEST
528ed691b0SAlexander Potapenko	tristate "KMSAN integration test suite" if !KUNIT_ALL_TESTS
538ed691b0SAlexander Potapenko	default KUNIT_ALL_TESTS
548ed691b0SAlexander Potapenko	depends on TRACEPOINTS && KUNIT
558ed691b0SAlexander Potapenko	help
568ed691b0SAlexander Potapenko	  Test suite for KMSAN, testing various error detection scenarios,
578ed691b0SAlexander Potapenko	  and checking that reports are correctly output to console.
588ed691b0SAlexander Potapenko
598ed691b0SAlexander Potapenko	  Say Y here if you want the test to be built into the kernel and run
608ed691b0SAlexander Potapenko	  during boot; say M if you want the test to build as a module; say N
618ed691b0SAlexander Potapenko	  if you are unsure.
628ed691b0SAlexander Potapenko
63f80be457SAlexander Potapenkoendif
64