config HAVE_ARCH_KASAN bool if HAVE_ARCH_KASAN config KASAN bool "KASan: runtime memory debugger" depends on SLUB_DEBUG select CONSTRUCTORS help Enables kernel address sanitizer - runtime memory debugger, designed to find out-of-bounds accesses and use-after-free bugs. This is strictly a debugging feature and it requires a gcc version of 4.9.2 or later. Detection of out of bounds accesses to stack or global variables requires gcc 5.0 or later. This feature consumes about 1/8 of available memory and brings about ~x3 performance slowdown. For better error detection enable CONFIG_STACKTRACE, and add slub_debug=U to boot cmdline. See KASAN_SANITIZE_ALL for selectively compiling files and directories with this compiler feature enabled. config KASAN_SHADOW_OFFSET hex default 0xdffffc0000000000 if X86_64 choice prompt "Instrumentation type" depends on KASAN default KASAN_OUTLINE config KASAN_OUTLINE bool "Outline instrumentation" help Before every memory access compiler insert function call __asan_load*/__asan_store*. These functions performs check of shadow memory. This is slower than inline instrumentation, however it doesn't bloat size of kernel's .text section so much as inline does. config KASAN_INLINE bool "Inline instrumentation" help Compiler directly inserts code checking shadow memory before memory accesses. This is faster than outline (in some workloads it gives about x2 boost over outline instrumentation), but make kernel's .text size much bigger. This requires a gcc version of 5.0 or later. endchoice config KASAN_SANITIZE_ALL bool "KASan: Enable Instrumentation for entire kernel" depends on KASAN default y help Enable compilation with $(CFLAGS_KASAN) by default. KASAN_SANITIZE := n - exclude all files in a directory KASAN_SANITIZE_file_name.o := n - exclude a single file Setting KASAN_SANITIZE_ALL to 'n' allows enabling kasan in only certain files or directories. KASAN_SANITIZE := y - include all files in a directory KASAN_SANITIZE_file_name.o := y - include single file KASAN_SANITIZE does not affect subdirectories. KASAN_SANITIZE_file_name.o has priority over KASAN_SANITIZE. config TEST_KASAN tristate "Module for testing kasan for bug detection" depends on m && KASAN help This is a test module doing various nasty things like out of bounds accesses, use after free. It is useful for testing kernel debugging features like kernel address sanitizer. endif