diff options
author | Hauke Mehrtens <hauke.mehrtens@intel.com> | 2020-02-12 11:49:00 +0100 |
---|---|---|
committer | Hauke Mehrtens <hauke@hauke-m.de> | 2020-02-22 16:34:57 +0100 |
commit | 431594a978752a9d43f9bdac1a79dff335ad9ba3 (patch) | |
tree | ecbfe15b932dcafd33e4a5cda04443e35e0079ce /config | |
parent | d9b043c03c18e5a0e9ff5502880174ba2320a1bb (diff) | |
download | upstream-431594a978752a9d43f9bdac1a79dff335ad9ba3.tar.gz upstream-431594a978752a9d43f9bdac1a79dff335ad9ba3.tar.bz2 upstream-431594a978752a9d43f9bdac1a79dff335ad9ba3.zip |
build: Add option KERNEL_KASAN
The kernel kernel address sanitizer is able to detect some memory
bugs in the kernel like out of range array accesses.
Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
Reviewed-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Diffstat (limited to 'config')
-rw-r--r-- | config/Config-kernel.in | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/config/Config-kernel.in b/config/Config-kernel.in index e8bcf1970f..ed75dd5853 100644 --- a/config/Config-kernel.in +++ b/config/Config-kernel.in @@ -120,6 +120,58 @@ config KERNEL_UBSAN_NULL This option enables detection of memory accesses via a null pointer. +config KERNEL_KASAN + bool "Compile the kernel with KASan: runtime memory debugger" + select KERNEL_SLUB_DEBUG + depends on (x86_64 || aarch64) + help + Enables kernel address sanitizer - runtime memory debugger, + designed to find out-of-bounds accesses and use-after-free bugs. + This is strictly a debugging feature and it requires a gcc version + of 4.9.2 or later. Detection of out of bounds accesses to stack or + global variables requires gcc 5.0 or later. + This feature consumes about 1/8 of available memory and brings about + ~x3 performance slowdown. + For better error detection enable CONFIG_STACKTRACE. + Currently CONFIG_KASAN doesn't work with CONFIG_DEBUG_SLAB + (the resulting kernel does not boot). + +config KERNEL_KASAN_EXTRA + bool "KAsan: extra checks" + depends on KERNEL_KASAN && KERNEL_DEBUG_KERNEL + help + This enables further checks in the kernel address sanitizer, for now + it only includes the address-use-after-scope check that can lead + to excessive kernel stack usage, frame size warnings and longer + compile time. + https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81715 has more + + +choice + prompt "Instrumentation type" + depends on KERNEL_KASAN + default KERNEL_KASAN_OUTLINE + +config KERNEL_KASAN_OUTLINE + bool "Outline instrumentation" + help + Before every memory access compiler insert function call + __asan_load*/__asan_store*. These functions performs check + of shadow memory. This is slower than inline instrumentation, + however it doesn't bloat size of kernel's .text section so + much as inline does. + +config KERNEL_KASAN_INLINE + bool "Inline instrumentation" + help + Compiler directly inserts code checking shadow memory before + memory accesses. This is faster than outline (in some workloads + it gives about x2 boost over outline instrumentation), but + make kernel's .text size much bigger. + This requires a gcc version of 5.0 or later. + +endchoice + config KERNEL_TASKSTATS bool "Compile the kernel with task resource/io statistics and accounting" default n |