Alexander Potapenko | f80be45 | 2022-09-15 17:03:45 +0200 | [diff] [blame] | 1 | # SPDX-License-Identifier: GPL-2.0-only |
| 2 | config HAVE_ARCH_KMSAN |
| 3 | bool |
| 4 | |
| 5 | config HAVE_KMSAN_COMPILER |
| 6 | # Clang versions <14.0.0 also support -fsanitize=kernel-memory, but not |
| 7 | # all the features necessary to build the kernel with KMSAN. |
| 8 | depends on CC_IS_CLANG && CLANG_VERSION >= 140000 |
| 9 | def_bool $(cc-option,-fsanitize=kernel-memory -mllvm -msan-disable-checks=1) |
| 10 | |
| 11 | config KMSAN |
| 12 | bool "KMSAN: detector of uninitialized values use" |
| 13 | depends on HAVE_ARCH_KMSAN && HAVE_KMSAN_COMPILER |
| 14 | depends on SLUB && DEBUG_KERNEL && !KASAN && !KCSAN |
Alexander Potapenko | 83d0edf | 2022-11-02 12:06:10 +0100 | [diff] [blame] | 15 | depends on !PREEMPT_RT |
Alexander Potapenko | f80be45 | 2022-09-15 17:03:45 +0200 | [diff] [blame] | 16 | select STACKDEPOT |
| 17 | select STACKDEPOT_ALWAYS_INIT |
| 18 | help |
| 19 | KernelMemorySanitizer (KMSAN) is a dynamic detector of uses of |
| 20 | uninitialized values in the kernel. It is based on compiler |
| 21 | instrumentation provided by Clang and thus requires Clang to build. |
| 22 | |
| 23 | An important note is that KMSAN is not intended for production use, |
| 24 | because it drastically increases kernel memory footprint and slows |
| 25 | the whole system down. |
| 26 | |
| 27 | See <file:Documentation/dev-tools/kmsan.rst> for more details. |
| 28 | |
| 29 | if KMSAN |
| 30 | |
| 31 | config HAVE_KMSAN_PARAM_RETVAL |
| 32 | # -fsanitize-memory-param-retval is supported only by Clang >= 14. |
| 33 | depends on HAVE_KMSAN_COMPILER |
| 34 | def_bool $(cc-option,-fsanitize=kernel-memory -fsanitize-memory-param-retval) |
| 35 | |
| 36 | config KMSAN_CHECK_PARAM_RETVAL |
| 37 | bool "Check for uninitialized values passed to and returned from functions" |
| 38 | default y |
| 39 | depends on HAVE_KMSAN_PARAM_RETVAL |
| 40 | help |
| 41 | If the compiler supports -fsanitize-memory-param-retval, KMSAN will |
| 42 | eagerly check every function parameter passed by value and every |
| 43 | function return value. |
| 44 | |
| 45 | Disabling KMSAN_CHECK_PARAM_RETVAL will result in tracking shadow for |
| 46 | function parameters and return values across function borders. This |
| 47 | is a more relaxed mode, but it generates more instrumentation code and |
| 48 | may potentially report errors in corner cases when non-instrumented |
| 49 | functions call instrumented ones. |
| 50 | |
Alexander Potapenko | 8ed691b | 2022-09-15 17:03:58 +0200 | [diff] [blame] | 51 | config KMSAN_KUNIT_TEST |
| 52 | tristate "KMSAN integration test suite" if !KUNIT_ALL_TESTS |
| 53 | default KUNIT_ALL_TESTS |
| 54 | depends on TRACEPOINTS && KUNIT |
| 55 | help |
| 56 | Test suite for KMSAN, testing various error detection scenarios, |
| 57 | and checking that reports are correctly output to console. |
| 58 | |
| 59 | Say Y here if you want the test to be built into the kernel and run |
| 60 | during boot; say M if you want the test to build as a module; say N |
| 61 | if you are unsure. |
| 62 | |
Alexander Potapenko | f80be45 | 2022-09-15 17:03:45 +0200 | [diff] [blame] | 63 | endif |