forked from Minki/linux
bebf56a1b1
This feature let us to detect accesses out of bounds of global variables. This will work as for globals in kernel image, so for globals in modules. Currently this won't work for symbols in user-specified sections (e.g. __init, __read_mostly, ...) The idea of this is simple. Compiler increases each global variable by redzone size and add constructors invoking __asan_register_globals() function. Information about global variable (address, size, size with redzone ...) passed to __asan_register_globals() so we could poison variable's redzone. This patch also forces module_alloc() to return 8*PAGE_SIZE aligned address making shadow memory handling ( kasan_module_alloc()/kasan_module_free() ) more simple. Such alignment guarantees that each shadow page backing modules address space correspond to only one module_alloc() allocation. Signed-off-by: Andrey Ryabinin <a.ryabinin@samsung.com> Cc: Dmitry Vyukov <dvyukov@google.com> Cc: Konstantin Serebryany <kcc@google.com> Cc: Dmitry Chernenkov <dmitryc@google.com> Signed-off-by: Andrey Konovalov <adech.fo@gmail.com> Cc: Yuri Gribov <tetra2005@gmail.com> Cc: Konstantin Khlebnikov <koct9i@gmail.com> Cc: Sasha Levin <sasha.levin@oracle.com> Cc: Christoph Lameter <cl@linux.com> Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com> Cc: Dave Hansen <dave.hansen@intel.com> Cc: Andi Kleen <andi@firstfloor.org> Cc: Ingo Molnar <mingo@elte.hu> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: "H. Peter Anvin" <hpa@zytor.com> Cc: Christoph Lameter <cl@linux.com> Cc: Pekka Enberg <penberg@kernel.org> Cc: David Rientjes <rientjes@google.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
55 lines
1.6 KiB
Plaintext
55 lines
1.6 KiB
Plaintext
config HAVE_ARCH_KASAN
|
|
bool
|
|
|
|
if HAVE_ARCH_KASAN
|
|
|
|
config KASAN
|
|
bool "KASan: runtime memory debugger"
|
|
depends on SLUB_DEBUG
|
|
select CONSTRUCTORS
|
|
help
|
|
Enables kernel address sanitizer - runtime memory debugger,
|
|
designed to find out-of-bounds accesses and use-after-free bugs.
|
|
This is strictly debugging feature. It consumes about 1/8
|
|
of available memory and brings about ~x3 performance slowdown.
|
|
For better error detection enable CONFIG_STACKTRACE,
|
|
and add slub_debug=U to boot cmdline.
|
|
|
|
config KASAN_SHADOW_OFFSET
|
|
hex
|
|
default 0xdffffc0000000000 if X86_64
|
|
|
|
choice
|
|
prompt "Instrumentation type"
|
|
depends on KASAN
|
|
default KASAN_OUTLINE
|
|
|
|
config KASAN_OUTLINE
|
|
bool "Outline instrumentation"
|
|
help
|
|
Before every memory access compiler insert function call
|
|
__asan_load*/__asan_store*. These functions performs check
|
|
of shadow memory. This is slower than inline instrumentation,
|
|
however it doesn't bloat size of kernel's .text section so
|
|
much as inline does.
|
|
|
|
config KASAN_INLINE
|
|
bool "Inline instrumentation"
|
|
help
|
|
Compiler directly inserts code checking shadow memory before
|
|
memory accesses. This is faster than outline (in some workloads
|
|
it gives about x2 boost over outline instrumentation), but
|
|
make kernel's .text size much bigger.
|
|
|
|
endchoice
|
|
|
|
config TEST_KASAN
|
|
tristate "Module for testing kasan for bug detection"
|
|
depends on m && KASAN
|
|
help
|
|
This is a test module doing various nasty things like
|
|
out of bounds accesses, use after free. It is useful for testing
|
|
kernel debugging features like kernel address sanitizer.
|
|
|
|
endif
|