build: Add option KERNEL_KASAN

The kernel kernel address sanitizer is able to detect some memory bugs in the kernel like out of range array accesses. Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com> Reviewed-by: Alexandru Ardelean <ardeleanalex@gmail.com>

build: Add option KERNEL_KASAN
431594a9 · Hauke Mehrtens · Hauke Mehrtens · d9b043c0 · 431594a9 · 431594a9
Commit 431594a9 authored 5 years ago by Hauke Mehrtens Committed by Hauke Mehrtens 5 years ago
--- a/config/Config-kernel.in
+++ b/config/Config-kernel.in
@@ -120,6 +120,58 @@ config KERNEL_UBSAN_NULL
 	  This option enables detection of memory accesses via a
 	  null pointer.
+config KERNEL_KASAN
+	bool "Compile the kernel with KASan: runtime memory debugger"
+	select KERNEL_SLUB_DEBUG
+	depends on (x86_64 || aarch64)
+	help
+	  Enables kernel address sanitizer - runtime memory debugger,
+	  designed to find out-of-bounds accesses and use-after-free bugs.
+	  This is strictly a debugging feature and it requires a gcc version
+	  of 4.9.2 or later. Detection of out of bounds accesses to stack or
+	  global variables requires gcc 5.0 or later.
+	  This feature consumes about 1/8 of available memory and brings about
+	  ~x3 performance slowdown.
+	  For better error detection enable CONFIG_STACKTRACE.
+	  Currently CONFIG_KASAN doesn't work with CONFIG_DEBUG_SLAB
+	  (the resulting kernel does not boot).
+config KERNEL_KASAN_EXTRA
+	bool "KAsan: extra checks"
+	depends on KERNEL_KASAN && KERNEL_DEBUG_KERNEL
+	help
+	  This enables further checks in the kernel address sanitizer, for now
+	  it only includes the address-use-after-scope check that can lead
+	  to excessive kernel stack usage, frame size warnings and longer
+	  compile time.
+	  https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81715 has more
+choice
+	prompt "Instrumentation type"
+	depends on KERNEL_KASAN
+	default KERNEL_KASAN_OUTLINE
+config KERNEL_KASAN_OUTLINE
+	bool "Outline instrumentation"
+	help
+	  Before every memory access compiler insert function call
+	  __asan_load*/__asan_store*. These functions performs check
+	  of shadow memory. This is slower than inline instrumentation,
+	  however it doesn't bloat size of kernel's .text section so
+	  much as inline does.
+config KERNEL_KASAN_INLINE
+	bool "Inline instrumentation"
+	help
+	  Compiler directly inserts code checking shadow memory before
+	  memory accesses. This is faster than outline (in some workloads
+	  it gives about x2 boost over outline instrumentation), but
+	  make kernel's .text size much bigger.
+	  This requires a gcc version of 5.0 or later.
+endchoice
 config KERNEL_TASKSTATS
 	bool "Compile the kernel with task resource/io statistics and accounting"
 	default n

--- a/target/linux/generic/config-4.14
+++ b/target/linux/generic/config-4.14
@@ -4927,6 +4927,7 @@ CONFIG_TCP_CONG_CUBIC=y
 # CONFIG_TEST_FIRMWARE is not set
 # CONFIG_TEST_HASH is not set
 # CONFIG_TEST_HEXDUMP is not set
+# CONFIG_TEST_KASAN is not set
 # CONFIG_TEST_KMOD is not set
 # CONFIG_TEST_KSTRTOX is not set
 # CONFIG_TEST_LIST_SORT is not set

--- a/target/linux/generic/config-4.19
+++ b/target/linux/generic/config-4.19
@@ -5187,6 +5187,7 @@ CONFIG_TCP_CONG_CUBIC=y
 # CONFIG_TEST_HASH is not set
 # CONFIG_TEST_HEXDUMP is not set
 # CONFIG_TEST_IDA is not set
+# CONFIG_TEST_KASAN is not set
 # CONFIG_TEST_KMOD is not set
 # CONFIG_TEST_KSTRTOX is not set
 # CONFIG_TEST_LIST_SORT is not set