1# SPDX-License-Identifier: GPL-2.0-only
2# This config refers to the generic KASAN mode.
3config HAVE_ARCH_KASAN
4	bool
5
6config HAVE_ARCH_KASAN_SW_TAGS
7	bool
8
9config	HAVE_ARCH_KASAN_VMALLOC
10	bool
11
12config CC_HAS_KASAN_GENERIC
13	def_bool $(cc-option, -fsanitize=kernel-address)
14
15config CC_HAS_KASAN_SW_TAGS
16	def_bool $(cc-option, -fsanitize=kernel-hwaddress)
17
18config CC_HAS_WORKING_NOSANITIZE_ADDRESS
19	def_bool !CC_IS_GCC || GCC_VERSION >= 80300
20
21menuconfig KASAN
22	bool "KASAN: runtime memory debugger"
23	depends on (HAVE_ARCH_KASAN && CC_HAS_KASAN_GENERIC) || \
24		   (HAVE_ARCH_KASAN_SW_TAGS && CC_HAS_KASAN_SW_TAGS)
25	depends on (SLUB && SYSFS) || (SLAB && !DEBUG_SLAB)
26	depends on CC_HAS_WORKING_NOSANITIZE_ADDRESS
27	help
28	  Enables KASAN (KernelAddressSANitizer) - runtime memory debugger,
29	  designed to find out-of-bounds accesses and use-after-free bugs.
30	  See Documentation/dev-tools/kasan.rst for details.
31
32if KASAN
33
34choice
35	prompt "KASAN mode"
36	default KASAN_GENERIC
37	help
38	  KASAN has two modes: generic KASAN (similar to userspace ASan,
39	  x86_64/arm64/xtensa, enabled with CONFIG_KASAN_GENERIC) and
40	  software tag-based KASAN (a version based on software memory
41	  tagging, arm64 only, similar to userspace HWASan, enabled with
42	  CONFIG_KASAN_SW_TAGS).
43
44	  Both generic and tag-based KASAN are strictly debugging features.
45
46config KASAN_GENERIC
47	bool "Generic mode"
48	depends on HAVE_ARCH_KASAN && CC_HAS_KASAN_GENERIC
49	depends on (SLUB && SYSFS) || (SLAB && !DEBUG_SLAB)
50	select SLUB_DEBUG if SLUB
51	select CONSTRUCTORS
52	select STACKDEPOT
53	help
54	  Enables generic KASAN mode.
55
56	  This mode is supported in both GCC and Clang. With GCC it requires
57	  version 8.3.0 or later. Any supported Clang version is compatible,
58	  but detection of out-of-bounds accesses for global variables is
59	  supported only since Clang 11.
60
61	  This mode consumes about 1/8th of available memory at kernel start
62	  and introduces an overhead of ~x1.5 for the rest of the allocations.
63	  The performance slowdown is ~x3.
64
65	  For better error detection enable CONFIG_STACKTRACE.
66
67	  Currently CONFIG_KASAN_GENERIC doesn't work with CONFIG_DEBUG_SLAB
68	  (the resulting kernel does not boot).
69
70config KASAN_SW_TAGS
71	bool "Software tag-based mode"
72	depends on HAVE_ARCH_KASAN_SW_TAGS && CC_HAS_KASAN_SW_TAGS
73	depends on (SLUB && SYSFS) || (SLAB && !DEBUG_SLAB)
74	select SLUB_DEBUG if SLUB
75	select CONSTRUCTORS
76	select STACKDEPOT
77	help
78	  Enables software tag-based KASAN mode.
79
80	  This mode requires Top Byte Ignore support by the CPU and therefore
81	  is only supported for arm64. This mode requires Clang.
82
83	  This mode consumes about 1/16th of available memory at kernel start
84	  and introduces an overhead of ~20% for the rest of the allocations.
85	  This mode may potentially introduce problems relating to pointer
86	  casting and comparison, as it embeds tags into the top byte of each
87	  pointer.
88
89	  For better error detection enable CONFIG_STACKTRACE.
90
91	  Currently CONFIG_KASAN_SW_TAGS doesn't work with CONFIG_DEBUG_SLAB
92	  (the resulting kernel does not boot).
93
94endchoice
95
96choice
97	prompt "Instrumentation type"
98	default KASAN_OUTLINE
99
100config KASAN_OUTLINE
101	bool "Outline instrumentation"
102	help
103	  Before every memory access compiler insert function call
104	  __asan_load*/__asan_store*. These functions performs check
105	  of shadow memory. This is slower than inline instrumentation,
106	  however it doesn't bloat size of kernel's .text section so
107	  much as inline does.
108
109config KASAN_INLINE
110	bool "Inline instrumentation"
111	help
112	  Compiler directly inserts code checking shadow memory before
113	  memory accesses. This is faster than outline (in some workloads
114	  it gives about x2 boost over outline instrumentation), but
115	  make kernel's .text size much bigger.
116
117endchoice
118
119config KASAN_STACK_ENABLE
120	bool "Enable stack instrumentation (unsafe)" if CC_IS_CLANG && !COMPILE_TEST
121	help
122	  The LLVM stack address sanitizer has a know problem that
123	  causes excessive stack usage in a lot of functions, see
124	  https://bugs.llvm.org/show_bug.cgi?id=38809
125	  Disabling asan-stack makes it safe to run kernels build
126	  with clang-8 with KASAN enabled, though it loses some of
127	  the functionality.
128	  This feature is always disabled when compile-testing with clang
129	  to avoid cluttering the output in stack overflow warnings,
130	  but clang users can still enable it for builds without
131	  CONFIG_COMPILE_TEST.	On gcc it is assumed to always be safe
132	  to use and enabled by default.
133
134config KASAN_STACK
135	int
136	default 1 if KASAN_STACK_ENABLE || CC_IS_GCC
137	default 0
138
139config KASAN_S390_4_LEVEL_PAGING
140	bool "KASan: use 4-level paging"
141	depends on S390
142	help
143	  Compiling the kernel with KASan disables automatic 3-level vs
144	  4-level paging selection. 3-level paging is used by default (up
145	  to 3TB of RAM with KASan enabled). This options allows to force
146	  4-level paging instead.
147
148config KASAN_SW_TAGS_IDENTIFY
149	bool "Enable memory corruption identification"
150	depends on KASAN_SW_TAGS
151	help
152	  This option enables best-effort identification of bug type
153	  (use-after-free or out-of-bounds) at the cost of increased
154	  memory consumption.
155
156config KASAN_VMALLOC
157	bool "Back mappings in vmalloc space with real shadow memory"
158	depends on HAVE_ARCH_KASAN_VMALLOC
159	help
160	  By default, the shadow region for vmalloc space is the read-only
161	  zero page. This means that KASAN cannot detect errors involving
162	  vmalloc space.
163
164	  Enabling this option will hook in to vmap/vmalloc and back those
165	  mappings with real shadow memory allocated on demand. This allows
166	  for KASAN to detect more sorts of errors (and to support vmapped
167	  stacks), but at the cost of higher memory usage.
168
169config KASAN_KUNIT_TEST
170	tristate "KUnit-compatible tests of KASAN bug detection capabilities" if !KUNIT_ALL_TESTS
171	depends on KASAN && KUNIT
172	default KUNIT_ALL_TESTS
173	help
174	  This is a KUnit test suite doing various nasty things like
175	  out of bounds and use after free accesses. It is useful for testing
176	  kernel debugging features like KASAN.
177
178	  For more information on KUnit and unit tests in general, please refer
179	  to the KUnit documentation in Documentation/dev-tools/kunit
180
181config TEST_KASAN_MODULE
182	tristate "KUnit-incompatible tests of KASAN bug detection capabilities"
183	depends on m && KASAN
184	help
185	  This is a part of the KASAN test suite that is incompatible with
186	  KUnit. Currently includes tests that do bad copy_from/to_user
187	  accesses.
188
189endif # KASAN
190