[mirror_ubuntu-hirsute-kernel.git] / lib / Kconfig.kasan

# SPDX-License-Identifier: GPL-2.0-only
# This config refers to the generic KASAN mode.
config HAVE_ARCH_KASAN
	bool

config HAVE_ARCH_KASAN_SW_TAGS
	bool

config	HAVE_ARCH_KASAN_VMALLOC
	bool

config CC_HAS_KASAN_GENERIC
	def_bool $(cc-option, -fsanitize=kernel-address)

config CC_HAS_KASAN_SW_TAGS
	def_bool $(cc-option, -fsanitize=kernel-hwaddress)

config CC_HAS_WORKING_NOSANITIZE_ADDRESS
	def_bool !CC_IS_GCC || GCC_VERSION >= 80300

menuconfig KASAN
	bool "KASAN: runtime memory debugger"
	depends on (HAVE_ARCH_KASAN && CC_HAS_KASAN_GENERIC) || \
		   (HAVE_ARCH_KASAN_SW_TAGS && CC_HAS_KASAN_SW_TAGS)
	depends on (SLUB && SYSFS) || (SLAB && !DEBUG_SLAB)
	depends on CC_HAS_WORKING_NOSANITIZE_ADDRESS
	help
	  Enables KASAN (KernelAddressSANitizer) - runtime memory debugger,
	  designed to find out-of-bounds accesses and use-after-free bugs.
	  See Documentation/dev-tools/kasan.rst for details.

if KASAN

choice
	prompt "KASAN mode"
	default KASAN_GENERIC
	help
	  KASAN has two modes: generic KASAN (similar to userspace ASan,
	  x86_64/arm64/xtensa, enabled with CONFIG_KASAN_GENERIC) and
	  software tag-based KASAN (a version based on software memory
	  tagging, arm64 only, similar to userspace HWASan, enabled with
	  CONFIG_KASAN_SW_TAGS).
	  Both generic and tag-based KASAN are strictly debugging features.

config KASAN_GENERIC
	bool "Generic mode"
	depends on HAVE_ARCH_KASAN && CC_HAS_KASAN_GENERIC
	depends on (SLUB && SYSFS) || (SLAB && !DEBUG_SLAB)
	select SLUB_DEBUG if SLUB
	select CONSTRUCTORS
	select STACKDEPOT
	help
	  Enables generic KASAN mode.
	  Supported in both GCC and Clang. With GCC it requires version 4.9.2
	  or later for basic support and version 5.0 or later for detection of
	  out-of-bounds accesses for stack and global variables and for inline
	  instrumentation mode (CONFIG_KASAN_INLINE). With Clang it requires
	  version 3.7.0 or later and it doesn't support detection of
	  out-of-bounds accesses for global variables yet.
	  This mode consumes about 1/8th of available memory at kernel start
	  and introduces an overhead of ~x1.5 for the rest of the allocations.
	  The performance slowdown is ~x3.
	  For better error detection enable CONFIG_STACKTRACE.
	  Currently CONFIG_KASAN_GENERIC doesn't work with CONFIG_DEBUG_SLAB
	  (the resulting kernel does not boot).

config KASAN_SW_TAGS
	bool "Software tag-based mode"
	depends on HAVE_ARCH_KASAN_SW_TAGS && CC_HAS_KASAN_SW_TAGS
	depends on (SLUB && SYSFS) || (SLAB && !DEBUG_SLAB)
	select SLUB_DEBUG if SLUB
	select CONSTRUCTORS
	select STACKDEPOT
	help
	  Enables software tag-based KASAN mode.
	  This mode requires Top Byte Ignore support by the CPU and therefore
	  is only supported for arm64.
	  This mode requires Clang version 7.0.0 or later.
	  This mode consumes about 1/16th of available memory at kernel start
	  and introduces an overhead of ~20% for the rest of the allocations.
	  This mode may potentially introduce problems relating to pointer
	  casting and comparison, as it embeds tags into the top byte of each
	  pointer.
	  For better error detection enable CONFIG_STACKTRACE.
	  Currently CONFIG_KASAN_SW_TAGS doesn't work with CONFIG_DEBUG_SLAB
	  (the resulting kernel does not boot).

endchoice

choice
	prompt "Instrumentation type"
	default KASAN_OUTLINE

config KASAN_OUTLINE
	bool "Outline instrumentation"
	help
	  Before every memory access compiler insert function call
	  __asan_load*/__asan_store*. These functions performs check
	  of shadow memory. This is slower than inline instrumentation,
	  however it doesn't bloat size of kernel's .text section so
	  much as inline does.

config KASAN_INLINE
	bool "Inline instrumentation"
	help
	  Compiler directly inserts code checking shadow memory before
	  memory accesses. This is faster than outline (in some workloads
	  it gives about x2 boost over outline instrumentation), but
	  make kernel's .text size much bigger.
	  For CONFIG_KASAN_GENERIC this requires GCC 5.0 or later.

endchoice

config KASAN_STACK_ENABLE
	bool "Enable stack instrumentation (unsafe)" if CC_IS_CLANG && !COMPILE_TEST
	help
	  The LLVM stack address sanitizer has a know problem that
	  causes excessive stack usage in a lot of functions, see
	  https://bugs.llvm.org/show_bug.cgi?id=38809
	  Disabling asan-stack makes it safe to run kernels build
	  with clang-8 with KASAN enabled, though it loses some of
	  the functionality.
	  This feature is always disabled when compile-testing with clang
	  to avoid cluttering the output in stack overflow warnings,
	  but clang users can still enable it for builds without
	  CONFIG_COMPILE_TEST.	On gcc it is assumed to always be safe
	  to use and enabled by default.

config KASAN_STACK
	int
	default 1 if KASAN_STACK_ENABLE || CC_IS_GCC
	default 0

config KASAN_S390_4_LEVEL_PAGING
	bool "KASan: use 4-level paging"
	depends on S390
	help
	  Compiling the kernel with KASan disables automatic 3-level vs
	  4-level paging selection. 3-level paging is used by default (up
	  to 3TB of RAM with KASan enabled). This options allows to force
	  4-level paging instead.

config KASAN_SW_TAGS_IDENTIFY
	bool "Enable memory corruption identification"
	depends on KASAN_SW_TAGS
	help
	  This option enables best-effort identification of bug type
	  (use-after-free or out-of-bounds) at the cost of increased
	  memory consumption.

config KASAN_VMALLOC
	bool "Back mappings in vmalloc space with real shadow memory"
	depends on HAVE_ARCH_KASAN_VMALLOC
	help
	  By default, the shadow region for vmalloc space is the read-only
	  zero page. This means that KASAN cannot detect errors involving
	  vmalloc space.

	  Enabling this option will hook in to vmap/vmalloc and back those
	  mappings with real shadow memory allocated on demand. This allows
	  for KASAN to detect more sorts of errors (and to support vmapped
	  stacks), but at the cost of higher memory usage.

config TEST_KASAN
	tristate "Module for testing KASAN for bug detection"
	depends on m
	help
	  This is a test module doing various nasty things like
	  out of bounds accesses, use after free. It is useful for testing
	  kernel debugging features like KASAN.

endif # KASAN
Commit	Line	Data
ec8f24b7	1	# SPDX-License-Identifier: GPL-2.0-only
2bd926b4	2	# This config refers to the generic KASAN mode.
0b24becc AR	3	config HAVE_ARCH_KASAN
	4	bool
	5
2bd926b4 AK	6	config HAVE_ARCH_KASAN_SW_TAGS
	7	bool
	8
3c5c3cfb DA	9	config HAVE_ARCH_KASAN_VMALLOC
	10	bool
	11
2bd926b4 AK	12	config CC_HAS_KASAN_GENERIC
	13	def_bool $(cc-option, -fsanitize=kernel-address)
	14
	15	config CC_HAS_KASAN_SW_TAGS
	16	def_bool $(cc-option, -fsanitize=kernel-hwaddress)
0b24becc	17
7b861a53	18	config CC_HAS_WORKING_NOSANITIZE_ADDRESS
acf7b0bf	19	def_bool !CC_IS_GCC \|\| GCC_VERSION >= 80300
7b861a53	20
7a3767f8	21	menuconfig KASAN
2bd926b4 AK	22	bool "KASAN: runtime memory debugger"
	23	depends on (HAVE_ARCH_KASAN && CC_HAS_KASAN_GENERIC) \|\| \
	24	(HAVE_ARCH_KASAN_SW_TAGS && CC_HAS_KASAN_SW_TAGS)
	25	depends on (SLUB && SYSFS) \|\| (SLAB && !DEBUG_SLAB)
7b861a53	26	depends on CC_HAS_WORKING_NOSANITIZE_ADDRESS
2bd926b4 AK	27	help
	28	Enables KASAN (KernelAddressSANitizer) - runtime memory debugger,
	29	designed to find out-of-bounds accesses and use-after-free bugs.
	30	See Documentation/dev-tools/kasan.rst for details.
	31
7a3767f8 ME	32	if KASAN
7a3767f8 ME	33
2bd926b4 AK	34	choice
2bd926b4 AK	35	prompt "KASAN mode"
2bd926b4 AK	36	default KASAN_GENERIC
	37	help
	38	KASAN has two modes: generic KASAN (similar to userspace ASan,
	39	x86_64/arm64/xtensa, enabled with CONFIG_KASAN_GENERIC) and
	40	software tag-based KASAN (a version based on software memory
	41	tagging, arm64 only, similar to userspace HWASan, enabled with
	42	CONFIG_KASAN_SW_TAGS).
	43	Both generic and tag-based KASAN are strictly debugging features.
	44
	45	config KASAN_GENERIC
	46	bool "Generic mode"
	47	depends on HAVE_ARCH_KASAN && CC_HAS_KASAN_GENERIC
03758dbb	48	depends on (SLUB && SYSFS) \|\| (SLAB && !DEBUG_SLAB)
dd275caf	49	select SLUB_DEBUG if SLUB
bebf56a1	50	select CONSTRUCTORS
80a9201a	51	select STACKDEPOT
0b24becc	52	help
2bd926b4 AK	53	Enables generic KASAN mode.
	54	Supported in both GCC and Clang. With GCC it requires version 4.9.2
	55	or later for basic support and version 5.0 or later for detection of
	56	out-of-bounds accesses for stack and global variables and for inline
	57	instrumentation mode (CONFIG_KASAN_INLINE). With Clang it requires
	58	version 3.7.0 or later and it doesn't support detection of
	59	out-of-bounds accesses for global variables yet.
	60	This mode consumes about 1/8th of available memory at kernel start
	61	and introduces an overhead of ~x1.5 for the rest of the allocations.
	62	The performance slowdown is ~x3.
89d3c87e	63	For better error detection enable CONFIG_STACKTRACE.
2bd926b4	64	Currently CONFIG_KASAN_GENERIC doesn't work with CONFIG_DEBUG_SLAB
7ed2f9e6	65	(the resulting kernel does not boot).
0b24becc	66
2bd926b4 AK	67	config KASAN_SW_TAGS
	68	bool "Software tag-based mode"
	69	depends on HAVE_ARCH_KASAN_SW_TAGS && CC_HAS_KASAN_SW_TAGS
	70	depends on (SLUB && SYSFS) \|\| (SLAB && !DEBUG_SLAB)
	71	select SLUB_DEBUG if SLUB
	72	select CONSTRUCTORS
	73	select STACKDEPOT
	74	help
	75	Enables software tag-based KASAN mode.
	76	This mode requires Top Byte Ignore support by the CPU and therefore
	77	is only supported for arm64.
	78	This mode requires Clang version 7.0.0 or later.
	79	This mode consumes about 1/16th of available memory at kernel start
	80	and introduces an overhead of ~20% for the rest of the allocations.
	81	This mode may potentially introduce problems relating to pointer
	82	casting and comparison, as it embeds tags into the top byte of each
	83	pointer.
	84	For better error detection enable CONFIG_STACKTRACE.
	85	Currently CONFIG_KASAN_SW_TAGS doesn't work with CONFIG_DEBUG_SLAB
	86	(the resulting kernel does not boot).
	87
	88	endchoice
	89
0b24becc AR	90	choice
0b24becc AR	91	prompt "Instrumentation type"
0b24becc AR	92	default KASAN_OUTLINE
	93
	94	config KASAN_OUTLINE
	95	bool "Outline instrumentation"
	96	help
	97	Before every memory access compiler insert function call
	98	__asan_load/__asan_store. These functions performs check
	99	of shadow memory. This is slower than inline instrumentation,
	100	however it doesn't bloat size of kernel's .text section so
	101	much as inline does.
	102
	103	config KASAN_INLINE
	104	bool "Inline instrumentation"
	105	help
	106	Compiler directly inserts code checking shadow memory before
	107	memory accesses. This is faster than outline (in some workloads
	108	it gives about x2 boost over outline instrumentation), but
	109	make kernel's .text size much bigger.
2bd926b4	110	For CONFIG_KASAN_GENERIC this requires GCC 5.0 or later.
0b24becc AR	111
	112	endchoice
	113
6baec880 AB	114	config KASAN_STACK_ENABLE
6baec880 AB	115	bool "Enable stack instrumentation (unsafe)" if CC_IS_CLANG && !COMPILE_TEST
6baec880 AB	116	help
	117	The LLVM stack address sanitizer has a know problem that
	118	causes excessive stack usage in a lot of functions, see
	119	https://bugs.llvm.org/show_bug.cgi?id=38809
	120	Disabling asan-stack makes it safe to run kernels build
	121	with clang-8 with KASAN enabled, though it loses some of
	122	the functionality.
ebb6d35a AB	123	This feature is always disabled when compile-testing with clang
	124	to avoid cluttering the output in stack overflow warnings,
	125	but clang users can still enable it for builds without
	126	CONFIG_COMPILE_TEST. On gcc it is assumed to always be safe
	127	to use and enabled by default.
6baec880 AB	128
	129	config KASAN_STACK
	130	int
	131	default 1 if KASAN_STACK_ENABLE \|\| CC_IS_GCC
	132	default 0
	133
5dff0381 VG	134	config KASAN_S390_4_LEVEL_PAGING
5dff0381 VG	135	bool "KASan: use 4-level paging"
7a3767f8	136	depends on S390
5dff0381 VG	137	help
	138	Compiling the kernel with KASan disables automatic 3-level vs
	139	4-level paging selection. 3-level paging is used by default (up
	140	to 3TB of RAM with KASan enabled). This options allows to force
	141	4-level paging instead.
	142
ae8f06b3 WW	143	config KASAN_SW_TAGS_IDENTIFY
	144	bool "Enable memory corruption identification"
	145	depends on KASAN_SW_TAGS
	146	help
	147	This option enables best-effort identification of bug type
	148	(use-after-free or out-of-bounds) at the cost of increased
	149	memory consumption.
	150
3c5c3cfb DA	151	config KASAN_VMALLOC
3c5c3cfb DA	152	bool "Back mappings in vmalloc space with real shadow memory"
7a3767f8	153	depends on HAVE_ARCH_KASAN_VMALLOC
3c5c3cfb DA	154	help
	155	By default, the shadow region for vmalloc space is the read-only
	156	zero page. This means that KASAN cannot detect errors involving
	157	vmalloc space.
	158
	159	Enabling this option will hook in to vmap/vmalloc and back those
	160	mappings with real shadow memory allocated on demand. This allows
	161	for KASAN to detect more sorts of errors (and to support vmapped
	162	stacks), but at the cost of higher memory usage.
	163
3f15801c	164	config TEST_KASAN
2bd926b4	165	tristate "Module for testing KASAN for bug detection"
7a3767f8	166	depends on m
3f15801c AR	167	help
	168	This is a test module doing various nasty things like
	169	out of bounds accesses, use after free. It is useful for testing
2bd926b4	170	kernel debugging features like KASAN.
7a3767f8 ME	171
7a3767f8 ME	172	endif # KASAN