From: Hauke Mehrtens Date: Wed, 12 Feb 2020 10:49:00 +0000 (+0100) Subject: build: Add option KERNEL_KASAN X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=431594a978752a9d43f9bdac1a79dff335ad9ba3;p=openwrt%2Fstaging%2Fblogic.git build: Add option KERNEL_KASAN The kernel kernel address sanitizer is able to detect some memory bugs in the kernel like out of range array accesses. Signed-off-by: Hauke Mehrtens Reviewed-by: Alexandru Ardelean --- diff --git a/config/Config-kernel.in b/config/Config-kernel.in index e8bcf1970fd3..ed75dd585355 100644 --- a/config/Config-kernel.in +++ b/config/Config-kernel.in @@ -120,6 +120,58 @@ config KERNEL_UBSAN_NULL This option enables detection of memory accesses via a null pointer. +config KERNEL_KASAN + bool "Compile the kernel with KASan: runtime memory debugger" + select KERNEL_SLUB_DEBUG + depends on (x86_64 || aarch64) + help + Enables kernel address sanitizer - runtime memory debugger, + designed to find out-of-bounds accesses and use-after-free bugs. + This is strictly a debugging feature and it requires a gcc version + of 4.9.2 or later. Detection of out of bounds accesses to stack or + global variables requires gcc 5.0 or later. + This feature consumes about 1/8 of available memory and brings about + ~x3 performance slowdown. + For better error detection enable CONFIG_STACKTRACE. + Currently CONFIG_KASAN doesn't work with CONFIG_DEBUG_SLAB + (the resulting kernel does not boot). + +config KERNEL_KASAN_EXTRA + bool "KAsan: extra checks" + depends on KERNEL_KASAN && KERNEL_DEBUG_KERNEL + help + This enables further checks in the kernel address sanitizer, for now + it only includes the address-use-after-scope check that can lead + to excessive kernel stack usage, frame size warnings and longer + compile time. + https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81715 has more + + +choice + prompt "Instrumentation type" + depends on KERNEL_KASAN + default KERNEL_KASAN_OUTLINE + +config KERNEL_KASAN_OUTLINE + bool "Outline instrumentation" + help + Before every memory access compiler insert function call + __asan_load*/__asan_store*. These functions performs check + of shadow memory. This is slower than inline instrumentation, + however it doesn't bloat size of kernel's .text section so + much as inline does. + +config KERNEL_KASAN_INLINE + bool "Inline instrumentation" + help + Compiler directly inserts code checking shadow memory before + memory accesses. This is faster than outline (in some workloads + it gives about x2 boost over outline instrumentation), but + make kernel's .text size much bigger. + This requires a gcc version of 5.0 or later. + +endchoice + config KERNEL_TASKSTATS bool "Compile the kernel with task resource/io statistics and accounting" default n diff --git a/target/linux/generic/config-4.14 b/target/linux/generic/config-4.14 index 73b0d77155e9..5a9b82db8097 100644 --- a/target/linux/generic/config-4.14 +++ b/target/linux/generic/config-4.14 @@ -4927,6 +4927,7 @@ CONFIG_TCP_CONG_CUBIC=y # CONFIG_TEST_FIRMWARE is not set # CONFIG_TEST_HASH is not set # CONFIG_TEST_HEXDUMP is not set +# CONFIG_TEST_KASAN is not set # CONFIG_TEST_KMOD is not set # CONFIG_TEST_KSTRTOX is not set # CONFIG_TEST_LIST_SORT is not set diff --git a/target/linux/generic/config-4.19 b/target/linux/generic/config-4.19 index aba7bccaf62b..372cad70a6e8 100644 --- a/target/linux/generic/config-4.19 +++ b/target/linux/generic/config-4.19 @@ -5187,6 +5187,7 @@ CONFIG_TCP_CONG_CUBIC=y # CONFIG_TEST_HASH is not set # CONFIG_TEST_HEXDUMP is not set # CONFIG_TEST_IDA is not set +# CONFIG_TEST_KASAN is not set # CONFIG_TEST_KMOD is not set # CONFIG_TEST_KSTRTOX is not set # CONFIG_TEST_LIST_SORT is not set