|
|
@@ -120,6 +120,58 @@ config KERNEL_UBSAN_NULL
|
|
|
This option enables detection of memory accesses via a
|
|
|
null pointer.
|
|
|
|
|
|
+config KERNEL_KASAN
|
|
|
+ bool "Compile the kernel with KASan: runtime memory debugger"
|
|
|
+ select KERNEL_SLUB_DEBUG
|
|
|
+ depends on (x86_64 || aarch64)
|
|
|
+ help
|
|
|
+ Enables kernel address sanitizer - runtime memory debugger,
|
|
|
+ designed to find out-of-bounds accesses and use-after-free bugs.
|
|
|
+ This is strictly a debugging feature and it requires a gcc version
|
|
|
+ of 4.9.2 or later. Detection of out of bounds accesses to stack or
|
|
|
+ global variables requires gcc 5.0 or later.
|
|
|
+ This feature consumes about 1/8 of available memory and brings about
|
|
|
+ ~x3 performance slowdown.
|
|
|
+ For better error detection enable CONFIG_STACKTRACE.
|
|
|
+ Currently CONFIG_KASAN doesn't work with CONFIG_DEBUG_SLAB
|
|
|
+ (the resulting kernel does not boot).
|
|
|
+
|
|
|
+config KERNEL_KASAN_EXTRA
|
|
|
+ bool "KAsan: extra checks"
|
|
|
+ depends on KERNEL_KASAN && KERNEL_DEBUG_KERNEL
|
|
|
+ help
|
|
|
+ This enables further checks in the kernel address sanitizer, for now
|
|
|
+ it only includes the address-use-after-scope check that can lead
|
|
|
+ to excessive kernel stack usage, frame size warnings and longer
|
|
|
+ compile time.
|
|
|
+ https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81715 has more
|
|
|
+
|
|
|
+
|
|
|
+choice
|
|
|
+ prompt "Instrumentation type"
|
|
|
+ depends on KERNEL_KASAN
|
|
|
+ default KERNEL_KASAN_OUTLINE
|
|
|
+
|
|
|
+config KERNEL_KASAN_OUTLINE
|
|
|
+ bool "Outline instrumentation"
|
|
|
+ help
|
|
|
+ Before every memory access compiler insert function call
|
|
|
+ __asan_load*/__asan_store*. These functions performs check
|
|
|
+ of shadow memory. This is slower than inline instrumentation,
|
|
|
+ however it doesn't bloat size of kernel's .text section so
|
|
|
+ much as inline does.
|
|
|
+
|
|
|
+config KERNEL_KASAN_INLINE
|
|
|
+ bool "Inline instrumentation"
|
|
|
+ help
|
|
|
+ Compiler directly inserts code checking shadow memory before
|
|
|
+ memory accesses. This is faster than outline (in some workloads
|
|
|
+ it gives about x2 boost over outline instrumentation), but
|
|
|
+ make kernel's .text size much bigger.
|
|
|
+ This requires a gcc version of 5.0 or later.
|
|
|
+
|
|
|
+endchoice
|
|
|
+
|
|
|
config KERNEL_TASKSTATS
|
|
|
bool "Compile the kernel with task resource/io statistics and accounting"
|
|
|
default n
|
Hauke Mehrtens