blob: bd38aab05929813acae4db2cd09f609a83d2025c
1 | config HAVE_ARCH_KASAN |
2 | bool |
3 | |
4 | if HAVE_ARCH_KASAN |
5 | |
6 | config KASAN |
7 | bool "KASan: runtime memory debugger" |
8 | depends on SLUB || (SLAB && !DEBUG_SLAB) |
9 | select CONSTRUCTORS |
10 | select STACKDEPOT |
11 | help |
12 | Enables kernel address sanitizer - runtime memory debugger, |
13 | designed to find out-of-bounds accesses and use-after-free bugs. |
14 | This is strictly a debugging feature and it requires a gcc version |
15 | of 4.9.2 or later. Detection of out of bounds accesses to stack or |
16 | global variables requires gcc 5.0 or later. |
17 | This feature consumes about 1/8 of available memory and brings about |
18 | ~x3 performance slowdown. |
19 | For better error detection enable CONFIG_STACKTRACE. |
20 | Currently CONFIG_KASAN doesn't work with CONFIG_DEBUG_SLAB |
21 | (the resulting kernel does not boot). |
22 | |
23 | choice |
24 | prompt "Instrumentation type" |
25 | depends on KASAN |
26 | default KASAN_OUTLINE |
27 | |
28 | config KASAN_OUTLINE |
29 | bool "Outline instrumentation" |
30 | help |
31 | Before every memory access compiler insert function call |
32 | __asan_load*/__asan_store*. These functions performs check |
33 | of shadow memory. This is slower than inline instrumentation, |
34 | however it doesn't bloat size of kernel's .text section so |
35 | much as inline does. |
36 | |
37 | config KASAN_INLINE |
38 | bool "Inline instrumentation" |
39 | help |
40 | Compiler directly inserts code checking shadow memory before |
41 | memory accesses. This is faster than outline (in some workloads |
42 | it gives about x2 boost over outline instrumentation), but |
43 | make kernel's .text size much bigger. |
44 | This requires a gcc version of 5.0 or later. |
45 | |
46 | endchoice |
47 | |
48 | config TEST_KASAN |
49 | tristate "Module for testing kasan for bug detection" |
50 | depends on m && KASAN |
51 | help |
52 | This is a test module doing various nasty things like |
53 | out of bounds accesses, use after free. It is useful for testing |
54 | kernel debugging features like kernel address sanitizer. |
55 | |
56 | endif |
57 |