123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263 |
- config HAVE_ARCH_KASAN
- bool
- if HAVE_ARCH_KASAN
- config KASAN
- bool "KASan: runtime memory debugger"
- depends on SLUB || (SLAB && !DEBUG_SLAB)
- select CONSTRUCTORS
- select STACKDEPOT
- help
- Enables kernel address sanitizer - runtime memory debugger,
- designed to find out-of-bounds accesses and use-after-free bugs.
- This is strictly a debugging feature and it requires a gcc version
- of 4.9.2 or later. Detection of out of bounds accesses to stack or
- global variables requires gcc 5.0 or later.
- This feature consumes about 1/8 of available memory and brings about
- ~x3 performance slowdown.
- For better error detection enable CONFIG_STACKTRACE.
- Currently CONFIG_KASAN doesn't work with CONFIG_DEBUG_SLAB
- (the resulting kernel does not boot).
- choice
- prompt "Instrumentation type"
- depends on KASAN
- default KASAN_OUTLINE
- config KASAN_OUTLINE
- bool "Outline instrumentation"
- help
- Before every memory access compiler insert function call
- __asan_load*/__asan_store*. These functions performs check
- of shadow memory. This is slower than inline instrumentation,
- however it doesn't bloat size of kernel's .text section so
- much as inline does.
- config KASAN_INLINE
- bool "Inline instrumentation"
- help
- Compiler directly inserts code checking shadow memory before
- memory accesses. This is faster than outline (in some workloads
- it gives about x2 boost over outline instrumentation), but
- make kernel's .text size much bigger.
- This requires a gcc version of 5.0 or later.
- config KASAN_PANIC_ON_WARN
- bool "Cause a Kernel Panic When KASan bug is detected"
- help
- Select this option to upgrade warnings for potentially memory
- corruption detected form KASan to panics, for easier detection
- and debug.
- endchoice
- config TEST_KASAN
- tristate "Module for testing kasan for bug detection"
- depends on m && KASAN
- help
- This is a test module doing various nasty things like
- out of bounds accesses, use after free. It is useful for testing
- kernel debugging features like kernel address sanitizer.
- endif
|