1ec8f24b7SThomas Gleixner# SPDX-License-Identifier: GPL-2.0-only 2fe30ddcaSAndrey Konovalov 32bd926b4SAndrey Konovalov# This config refers to the generic KASAN mode. 40b24beccSAndrey Ryabininconfig HAVE_ARCH_KASAN 50b24beccSAndrey Ryabinin bool 60b24beccSAndrey Ryabinin 72bd926b4SAndrey Konovalovconfig HAVE_ARCH_KASAN_SW_TAGS 82bd926b4SAndrey Konovalov bool 92bd926b4SAndrey Konovalov 106a63a63fSAndrey Konovalovconfig HAVE_ARCH_KASAN_HW_TAGS 116a63a63fSAndrey Konovalov bool 126a63a63fSAndrey Konovalov 133c5c3cfbSDaniel Axtensconfig HAVE_ARCH_KASAN_VMALLOC 143c5c3cfbSDaniel Axtens bool 153c5c3cfbSDaniel Axtens 16158f2552SDaniel Axtensconfig ARCH_DISABLE_KASAN_INLINE 17158f2552SDaniel Axtens bool 18158f2552SDaniel Axtens help 19fe30ddcaSAndrey Konovalov Disables both inline and stack instrumentation. Selected by 20fe30ddcaSAndrey Konovalov architectures that do not support these instrumentation types. 21158f2552SDaniel Axtens 222bd926b4SAndrey Konovalovconfig CC_HAS_KASAN_GENERIC 232bd926b4SAndrey Konovalov def_bool $(cc-option, -fsanitize=kernel-address) 242bd926b4SAndrey Konovalov 252bd926b4SAndrey Konovalovconfig CC_HAS_KASAN_SW_TAGS 262bd926b4SAndrey Konovalov def_bool $(cc-option, -fsanitize=kernel-hwaddress) 270b24beccSAndrey Ryabinin 286a63a63fSAndrey Konovalov# This option is only required for software KASAN modes. 29fe30ddcaSAndrey Konovalov# Old GCC versions do not have proper support for no_sanitize_address. 306a63a63fSAndrey Konovalov# See https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89124 for details. 317b861a53SMarco Elverconfig CC_HAS_WORKING_NOSANITIZE_ADDRESS 32acf7b0bfSMarco Elver def_bool !CC_IS_GCC || GCC_VERSION >= 80300 337b861a53SMarco Elver 347a3767f8SMarco Elvermenuconfig KASAN 35fe30ddcaSAndrey Konovalov bool "KASAN: dynamic memory safety error detector" 366a63a63fSAndrey Konovalov depends on (((HAVE_ARCH_KASAN && CC_HAS_KASAN_GENERIC) || \ 376a63a63fSAndrey Konovalov (HAVE_ARCH_KASAN_SW_TAGS && CC_HAS_KASAN_SW_TAGS)) && \ 386a63a63fSAndrey Konovalov CC_HAS_WORKING_NOSANITIZE_ADDRESS) || \ 396a63a63fSAndrey Konovalov HAVE_ARCH_KASAN_HW_TAGS 40e240e53aSVlastimil Babka depends on (SLUB && SYSFS && !SLUB_TINY) || (SLAB && !DEBUG_SLAB) 412dba5eb1SVlastimil Babka select STACKDEPOT_ALWAYS_INIT 422bd926b4SAndrey Konovalov help 43fe30ddcaSAndrey Konovalov Enables KASAN (Kernel Address Sanitizer) - a dynamic memory safety 44fe30ddcaSAndrey Konovalov error detector designed to find out-of-bounds and use-after-free bugs. 45fe30ddcaSAndrey Konovalov 462bd926b4SAndrey Konovalov See Documentation/dev-tools/kasan.rst for details. 472bd926b4SAndrey Konovalov 48fe30ddcaSAndrey Konovalov For better error reports, also enable CONFIG_STACKTRACE. 49fe30ddcaSAndrey Konovalov 507a3767f8SMarco Elverif KASAN 517a3767f8SMarco Elver 52*36be5cbaSMarco Elverconfig CC_HAS_KASAN_MEMINTRINSIC_PREFIX 53*36be5cbaSMarco Elver def_bool (CC_IS_CLANG && $(cc-option,-fsanitize=kernel-address -mllvm -asan-kernel-mem-intrinsic-prefix=1)) || \ 54*36be5cbaSMarco Elver (CC_IS_GCC && $(cc-option,-fsanitize=kernel-address --param asan-kernel-mem-intrinsic-prefix=1)) 55*36be5cbaSMarco Elver # Don't define it if we don't need it: compilation of the test uses 56*36be5cbaSMarco Elver # this variable to decide how the compiler should treat builtins. 57*36be5cbaSMarco Elver depends on !KASAN_HW_TAGS 58*36be5cbaSMarco Elver help 59*36be5cbaSMarco Elver The compiler is able to prefix memintrinsics with __asan or __hwasan. 60*36be5cbaSMarco Elver 612bd926b4SAndrey Konovalovchoice 622bd926b4SAndrey Konovalov prompt "KASAN mode" 632bd926b4SAndrey Konovalov default KASAN_GENERIC 642bd926b4SAndrey Konovalov help 656a63a63fSAndrey Konovalov KASAN has three modes: 66ac4766beSMarco Elver 67fe30ddcaSAndrey Konovalov 1. Generic KASAN (supported by many architectures, enabled with 68fe30ddcaSAndrey Konovalov CONFIG_KASAN_GENERIC, similar to userspace ASan), 69fe30ddcaSAndrey Konovalov 2. Software Tag-Based KASAN (arm64 only, based on software memory 70fe30ddcaSAndrey Konovalov tagging, enabled with CONFIG_KASAN_SW_TAGS, similar to userspace 71fe30ddcaSAndrey Konovalov HWASan), and 72fe30ddcaSAndrey Konovalov 3. Hardware Tag-Based KASAN (arm64 only, based on hardware memory 73fe30ddcaSAndrey Konovalov tagging, enabled with CONFIG_KASAN_HW_TAGS). 746a63a63fSAndrey Konovalov 75fe30ddcaSAndrey Konovalov See Documentation/dev-tools/kasan.rst for details about each mode. 762bd926b4SAndrey Konovalov 772bd926b4SAndrey Konovalovconfig KASAN_GENERIC 78fe30ddcaSAndrey Konovalov bool "Generic KASAN" 792bd926b4SAndrey Konovalov depends on HAVE_ARCH_KASAN && CC_HAS_KASAN_GENERIC 80fa360beaSMarco Elver depends on CC_HAS_WORKING_NOSANITIZE_ADDRESS 81dd275cafSJason A. Donenfeld select SLUB_DEBUG if SLUB 826a63a63fSAndrey Konovalov select CONSTRUCTORS 830b24beccSAndrey Ryabinin help 84fe30ddcaSAndrey Konovalov Enables Generic KASAN. 85ac4766beSMarco Elver 86fe30ddcaSAndrey Konovalov Requires GCC 8.3.0+ or Clang. 87ac4766beSMarco Elver 88fe30ddcaSAndrey Konovalov Consumes about 1/8th of available memory at kernel start and adds an 89fe30ddcaSAndrey Konovalov overhead of ~50% for dynamic allocations. 902bd926b4SAndrey Konovalov The performance slowdown is ~x3. 91ac4766beSMarco Elver 92fe30ddcaSAndrey Konovalov (Incompatible with CONFIG_DEBUG_SLAB: the kernel does not boot.) 930b24beccSAndrey Ryabinin 942bd926b4SAndrey Konovalovconfig KASAN_SW_TAGS 95fe30ddcaSAndrey Konovalov bool "Software Tag-Based KASAN" 962bd926b4SAndrey Konovalov depends on HAVE_ARCH_KASAN_SW_TAGS && CC_HAS_KASAN_SW_TAGS 97fa360beaSMarco Elver depends on CC_HAS_WORKING_NOSANITIZE_ADDRESS 982bd926b4SAndrey Konovalov select SLUB_DEBUG if SLUB 996a63a63fSAndrey Konovalov select CONSTRUCTORS 100e7c52b84SArnd Bergmann help 101fe30ddcaSAndrey Konovalov Enables Software Tag-Based KASAN. 102ac4766beSMarco Elver 103fe30ddcaSAndrey Konovalov Requires GCC 11+ or Clang. 1046a63a63fSAndrey Konovalov 105fe30ddcaSAndrey Konovalov Supported only on arm64 CPUs and relies on Top Byte Ignore. 106ac4766beSMarco Elver 107fe30ddcaSAndrey Konovalov Consumes about 1/16th of available memory at kernel start and 108fe30ddcaSAndrey Konovalov add an overhead of ~20% for dynamic allocations. 109ac4766beSMarco Elver 110fe30ddcaSAndrey Konovalov May potentially introduce problems related to pointer casting and 111fe30ddcaSAndrey Konovalov comparison, as it embeds a tag into the top byte of each pointer. 112fe30ddcaSAndrey Konovalov 113fe30ddcaSAndrey Konovalov (Incompatible with CONFIG_DEBUG_SLAB: the kernel does not boot.) 114e7c52b84SArnd Bergmann 1156a63a63fSAndrey Konovalovconfig KASAN_HW_TAGS 116fe30ddcaSAndrey Konovalov bool "Hardware Tag-Based KASAN" 1176a63a63fSAndrey Konovalov depends on HAVE_ARCH_KASAN_HW_TAGS 1186a63a63fSAndrey Konovalov depends on SLUB 1196a63a63fSAndrey Konovalov help 120fe30ddcaSAndrey Konovalov Enables Hardware Tag-Based KASAN. 1216a63a63fSAndrey Konovalov 122fe30ddcaSAndrey Konovalov Requires GCC 10+ or Clang 12+. 1236a63a63fSAndrey Konovalov 124fe30ddcaSAndrey Konovalov Supported only on arm64 CPUs starting from ARMv8.5 and relies on 125fe30ddcaSAndrey Konovalov Memory Tagging Extension and Top Byte Ignore. 126fe30ddcaSAndrey Konovalov 127fe30ddcaSAndrey Konovalov Consumes about 1/32nd of available memory. 128fe30ddcaSAndrey Konovalov 129fe30ddcaSAndrey Konovalov May potentially introduce problems related to pointer casting and 130fe30ddcaSAndrey Konovalov comparison, as it embeds a tag into the top byte of each pointer. 1316a63a63fSAndrey Konovalov 1322bd926b4SAndrey Konovalovendchoice 1332bd926b4SAndrey Konovalov 1340b24beccSAndrey Ryabininchoice 1350b24beccSAndrey Ryabinin prompt "Instrumentation type" 1366a63a63fSAndrey Konovalov depends on KASAN_GENERIC || KASAN_SW_TAGS 1370b24beccSAndrey Ryabinin default KASAN_OUTLINE 1380b24beccSAndrey Ryabinin 1390b24beccSAndrey Ryabininconfig KASAN_OUTLINE 1400b24beccSAndrey Ryabinin bool "Outline instrumentation" 1410b24beccSAndrey Ryabinin help 142fe30ddcaSAndrey Konovalov Makes the compiler insert function calls that check whether the memory 143fe30ddcaSAndrey Konovalov is accessible before each memory access. Slower than KASAN_INLINE, but 144fe30ddcaSAndrey Konovalov does not bloat the size of the kernel's .text section so much. 1450b24beccSAndrey Ryabinin 1460b24beccSAndrey Ryabininconfig KASAN_INLINE 1470b24beccSAndrey Ryabinin bool "Inline instrumentation" 148158f2552SDaniel Axtens depends on !ARCH_DISABLE_KASAN_INLINE 1490b24beccSAndrey Ryabinin help 150fe30ddcaSAndrey Konovalov Makes the compiler directly insert memory accessibility checks before 151fe30ddcaSAndrey Konovalov each memory access. Faster than KASAN_OUTLINE (gives ~x2 boost for 152fe30ddcaSAndrey Konovalov some workloads), but makes the kernel's .text size much bigger. 1530b24beccSAndrey Ryabinin 1540b24beccSAndrey Ryabininendchoice 1550b24beccSAndrey Ryabinin 15602c58773SWalter Wuconfig KASAN_STACK 157fe30ddcaSAndrey Konovalov bool "Stack instrumentation (unsafe)" if CC_IS_CLANG && !COMPILE_TEST 1586a63a63fSAndrey Konovalov depends on KASAN_GENERIC || KASAN_SW_TAGS 159158f2552SDaniel Axtens depends on !ARCH_DISABLE_KASAN_INLINE 16002c58773SWalter Wu default y if CC_IS_GCC 1616baec880SArnd Bergmann help 162fe30ddcaSAndrey Konovalov Disables stack instrumentation and thus KASAN's ability to detect 163fe30ddcaSAndrey Konovalov out-of-bounds bugs in stack variables. 164fe30ddcaSAndrey Konovalov 165fe30ddcaSAndrey Konovalov With Clang, stack instrumentation has a problem that causes excessive 166fe30ddcaSAndrey Konovalov stack usage, see https://bugs.llvm.org/show_bug.cgi?id=38809. Thus, 167fe30ddcaSAndrey Konovalov with Clang, this option is deemed unsafe. 168fe30ddcaSAndrey Konovalov 169fe30ddcaSAndrey Konovalov This option is always disabled when compile-testing with Clang to 170fe30ddcaSAndrey Konovalov avoid cluttering the log with stack overflow warnings. 171fe30ddcaSAndrey Konovalov 172fe30ddcaSAndrey Konovalov With GCC, enabling stack instrumentation is assumed to be safe. 173fe30ddcaSAndrey Konovalov 174fe30ddcaSAndrey Konovalov If the architecture disables inline instrumentation via 175fe30ddcaSAndrey Konovalov ARCH_DISABLE_KASAN_INLINE, stack instrumentation gets disabled 176fe30ddcaSAndrey Konovalov as well, as it adds inline-style instrumentation that is run 177fe30ddcaSAndrey Konovalov unconditionally. 1786baec880SArnd Bergmann 1793c5c3cfbSDaniel Axtensconfig KASAN_VMALLOC 180fbefb423SAndrey Konovalov bool "Check accesses to vmalloc allocations" 181fbefb423SAndrey Konovalov depends on HAVE_ARCH_KASAN_VMALLOC 1823c5c3cfbSDaniel Axtens help 183fe30ddcaSAndrey Konovalov Makes KASAN check the validity of accesses to vmalloc allocations. 1843c5c3cfbSDaniel Axtens 185fe30ddcaSAndrey Konovalov With software KASAN modes, all types vmalloc allocations are 186fe30ddcaSAndrey Konovalov checked. Enabling this option leads to higher memory usage. 187fbefb423SAndrey Konovalov 188fe30ddcaSAndrey Konovalov With Hardware Tag-Based KASAN, only non-executable VM_ALLOC mappings 189fe30ddcaSAndrey Konovalov are checked. There is no additional memory usage. 1903c5c3cfbSDaniel Axtens 19173228c7eSPatricia Alfonsoconfig KASAN_KUNIT_TEST 19273228c7eSPatricia Alfonso tristate "KUnit-compatible tests of KASAN bug detection capabilities" if !KUNIT_ALL_TESTS 1937ce0ea19SAndrey Konovalov depends on KASAN && KUNIT && TRACEPOINTS 19473228c7eSPatricia Alfonso default KUNIT_ALL_TESTS 1953f15801cSAndrey Ryabinin help 196fe30ddcaSAndrey Konovalov A KUnit-based KASAN test suite. Triggers different kinds of 197fe30ddcaSAndrey Konovalov out-of-bounds and use-after-free accesses. Useful for testing whether 198fe30ddcaSAndrey Konovalov KASAN can detect certain bug types. 1997a3767f8SMarco Elver 20073228c7eSPatricia Alfonso For more information on KUnit and unit tests in general, please refer 201fe30ddcaSAndrey Konovalov to the KUnit documentation in Documentation/dev-tools/kunit/. 20273228c7eSPatricia Alfonso 2035d92bdffSAndrey Konovalovconfig KASAN_MODULE_TEST 20473228c7eSPatricia Alfonso tristate "KUnit-incompatible tests of KASAN bug detection capabilities" 205f05842cfSAndrey Konovalov depends on m && KASAN && !KASAN_HW_TAGS 20673228c7eSPatricia Alfonso help 207fe30ddcaSAndrey Konovalov A part of the KASAN test suite that is not integrated with KUnit. 208fe30ddcaSAndrey Konovalov Incompatible with Hardware Tag-Based KASAN. 20973228c7eSPatricia Alfonso 2107a3767f8SMarco Elverendif # KASAN 211