| config HAVE_ARCH_KASAN |
| bool |
| |
| if HAVE_ARCH_KASAN |
| |
| config KASAN |
| bool "KASan: runtime memory debugger" |
| depends on SLUB_DEBUG || (SLAB && !DEBUG_SLAB) |
| select CONSTRUCTORS |
| select STACKDEPOT if SLAB |
| help |
| Enables kernel address sanitizer - runtime memory debugger, |
| designed to find out-of-bounds accesses and use-after-free bugs. |
| This is strictly a debugging feature and it requires a gcc version |
| of 4.9.2 or later. Detection of out of bounds accesses to stack or |
| global variables requires gcc 5.0 or later. |
| This feature consumes about 1/8 of available memory and brings about |
| ~x3 performance slowdown. |
| For better error detection enable CONFIG_STACKTRACE. |
| Currently CONFIG_KASAN doesn't work with CONFIG_DEBUG_SLAB |
| (the resulting kernel does not boot). |
| |
| choice |
| prompt "Instrumentation type" |
| depends on KASAN |
| default KASAN_OUTLINE |
| |
| config KASAN_OUTLINE |
| bool "Outline instrumentation" |
| help |
| Before every memory access compiler insert function call |
| __asan_load*/__asan_store*. These functions performs check |
| of shadow memory. This is slower than inline instrumentation, |
| however it doesn't bloat size of kernel's .text section so |
| much as inline does. |
| |
| config KASAN_INLINE |
| bool "Inline instrumentation" |
| help |
| Compiler directly inserts code checking shadow memory before |
| memory accesses. This is faster than outline (in some workloads |
| it gives about x2 boost over outline instrumentation), but |
| make kernel's .text size much bigger. |
| This requires a gcc version of 5.0 or later. |
| |
| endchoice |
| |
| config TEST_KASAN |
| tristate "Module for testing kasan for bug detection" |
| depends on m && KASAN |
| help |
| This is a test module doing various nasty things like |
| out of bounds accesses, use after free. It is useful for testing |
| kernel debugging features like kernel address sanitizer. |
| |
| endif |