1config HAVE_ARCH_KASAN 2 bool 3 4if HAVE_ARCH_KASAN 5 6config KASAN 7 bool "KASan: runtime memory debugger" 8 depends on (SLUB && SYSFS) || (SLAB && !DEBUG_SLAB) 9 select SLUB_DEBUG if SLUB 10 select CONSTRUCTORS 11 select STACKDEPOT 12 help 13 Enables kernel address sanitizer - runtime memory debugger, 14 designed to find out-of-bounds accesses and use-after-free bugs. 15 This is strictly a debugging feature and it requires a gcc version 16 of 4.9.2 or later. Detection of out of bounds accesses to stack or 17 global variables requires gcc 5.0 or later. 18 This feature consumes about 1/8 of available memory and brings about 19 ~x3 performance slowdown. 20 For better error detection enable CONFIG_STACKTRACE. 21 Currently CONFIG_KASAN doesn't work with CONFIG_DEBUG_SLAB 22 (the resulting kernel does not boot). 23 24config KASAN_EXTRA 25 bool "KAsan: extra checks" 26 depends on KASAN && DEBUG_KERNEL && !COMPILE_TEST 27 help 28 This enables further checks in the kernel address sanitizer, for now 29 it only includes the address-use-after-scope check that can lead 30 to excessive kernel stack usage, frame size warnings and longer 31 compile time. 32 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81715 has more 33 34 35choice 36 prompt "Instrumentation type" 37 depends on KASAN 38 default KASAN_OUTLINE 39 40config KASAN_OUTLINE 41 bool "Outline instrumentation" 42 help 43 Before every memory access compiler insert function call 44 __asan_load*/__asan_store*. These functions performs check 45 of shadow memory. This is slower than inline instrumentation, 46 however it doesn't bloat size of kernel's .text section so 47 much as inline does. 48 49config KASAN_INLINE 50 bool "Inline instrumentation" 51 help 52 Compiler directly inserts code checking shadow memory before 53 memory accesses. This is faster than outline (in some workloads 54 it gives about x2 boost over outline instrumentation), but 55 make kernel's .text size much bigger. 56 This requires a gcc version of 5.0 or later. 57 58endchoice 59 60config TEST_KASAN 61 tristate "Module for testing kasan for bug detection" 62 depends on m && KASAN 63 help 64 This is a test module doing various nasty things like 65 out of bounds accesses, use after free. It is useful for testing 66 kernel debugging features like kernel address sanitizer. 67 68endif 69