aboutsummaryrefslogtreecommitdiffstats
path: root/config/Config-kernel.in
diff options
context:
space:
mode:
authorHauke Mehrtens <hauke.mehrtens@intel.com>2020-02-12 11:49:00 +0100
committerHauke Mehrtens <hauke@hauke-m.de>2020-02-22 16:34:57 +0100
commit431594a978752a9d43f9bdac1a79dff335ad9ba3 (patch)
treeecbfe15b932dcafd33e4a5cda04443e35e0079ce /config/Config-kernel.in
parentd9b043c03c18e5a0e9ff5502880174ba2320a1bb (diff)
downloadupstream-431594a978752a9d43f9bdac1a79dff335ad9ba3.tar.gz
upstream-431594a978752a9d43f9bdac1a79dff335ad9ba3.tar.bz2
upstream-431594a978752a9d43f9bdac1a79dff335ad9ba3.zip
build: Add option KERNEL_KASAN
The kernel kernel address sanitizer is able to detect some memory bugs in the kernel like out of range array accesses. Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com> Reviewed-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Diffstat (limited to 'config/Config-kernel.in')
-rw-r--r--config/Config-kernel.in52
1 files changed, 52 insertions, 0 deletions
diff --git a/config/Config-kernel.in b/config/Config-kernel.in
index e8bcf1970f..ed75dd5853 100644
--- a/config/Config-kernel.in
+++ b/config/Config-kernel.in
@@ -120,6 +120,58 @@ config KERNEL_UBSAN_NULL
This option enables detection of memory accesses via a
null pointer.
+config KERNEL_KASAN
+ bool "Compile the kernel with KASan: runtime memory debugger"
+ select KERNEL_SLUB_DEBUG
+ depends on (x86_64 || aarch64)
+ help
+ Enables kernel address sanitizer - runtime memory debugger,
+ designed to find out-of-bounds accesses and use-after-free bugs.
+ This is strictly a debugging feature and it requires a gcc version
+ of 4.9.2 or later. Detection of out of bounds accesses to stack or
+ global variables requires gcc 5.0 or later.
+ This feature consumes about 1/8 of available memory and brings about
+ ~x3 performance slowdown.
+ For better error detection enable CONFIG_STACKTRACE.
+ Currently CONFIG_KASAN doesn't work with CONFIG_DEBUG_SLAB
+ (the resulting kernel does not boot).
+
+config KERNEL_KASAN_EXTRA
+ bool "KAsan: extra checks"
+ depends on KERNEL_KASAN && KERNEL_DEBUG_KERNEL
+ help
+ This enables further checks in the kernel address sanitizer, for now
+ it only includes the address-use-after-scope check that can lead
+ to excessive kernel stack usage, frame size warnings and longer
+ compile time.
+ https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81715 has more
+
+
+choice
+ prompt "Instrumentation type"
+ depends on KERNEL_KASAN
+ default KERNEL_KASAN_OUTLINE
+
+config KERNEL_KASAN_OUTLINE
+ bool "Outline instrumentation"
+ help
+ Before every memory access compiler insert function call
+ __asan_load*/__asan_store*. These functions performs check
+ of shadow memory. This is slower than inline instrumentation,
+ however it doesn't bloat size of kernel's .text section so
+ much as inline does.
+
+config KERNEL_KASAN_INLINE
+ bool "Inline instrumentation"
+ help
+ Compiler directly inserts code checking shadow memory before
+ memory accesses. This is faster than outline (in some workloads
+ it gives about x2 boost over outline instrumentation), but
+ make kernel's .text size much bigger.
+ This requires a gcc version of 5.0 or later.
+
+endchoice
+
config KERNEL_TASKSTATS
bool "Compile the kernel with task resource/io statistics and accounting"
default n