| Message ID | 20200212104902.7779-2-hauke.mehrtens@intel.com |
|---|---|
| State | Accepted |
| Delegated to: | Hauke Mehrtens |
| Headers | show |
| Series | [OpenWrt-Devel,1/4] build: Add option KERNEL_UBSAN | expand |
On Wed, Feb 12, 2020 at 12:50 PM Hauke Mehrtens <hauke.mehrtens@intel.com> wrote: > > The kernel kernel address sanitizer is able to detect some memory > bugs in the kernel like out of range array accesses. > Reviewed-by: Alexandru Ardelean <ardeleanalex@gmail.com> > Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com> > --- > config/Config-kernel.in | 52 ++++++++++++++++++++++++++++++++ > target/linux/generic/config-4.14 | 1 + > target/linux/generic/config-4.19 | 1 + > 3 files changed, 54 insertions(+) > > diff --git a/config/Config-kernel.in b/config/Config-kernel.in > index bf1c1055f1..3059a45f48 100644 > --- a/config/Config-kernel.in > +++ b/config/Config-kernel.in > @@ -120,6 +120,58 @@ config KERNEL_UBSAN_NULL > This option enables detection of memory accesses via a > null pointer. > > +config KERNEL_KASAN > + bool "Compile the kernel with KASan: runtime memory debugger" > + select KERNEL_SLUB_DEBUG > + depends on (x86_64 || aarch64) > + help > + Enables kernel address sanitizer - runtime memory debugger, > + designed to find out-of-bounds accesses and use-after-free bugs. > + This is strictly a debugging feature and it requires a gcc version > + of 4.9.2 or later. Detection of out of bounds accesses to stack or > + global variables requires gcc 5.0 or later. > + This feature consumes about 1/8 of available memory and brings about > + ~x3 performance slowdown. > + For better error detection enable CONFIG_STACKTRACE. > + Currently CONFIG_KASAN doesn't work with CONFIG_DEBUG_SLAB > + (the resulting kernel does not boot). > + > +config KERNEL_KASAN_EXTRA > + bool "KAsan: extra checks" > + depends on KERNEL_KASAN && KERNEL_DEBUG_KERNEL > + help > + This enables further checks in the kernel address sanitizer, for now > + it only includes the address-use-after-scope check that can lead > + to excessive kernel stack usage, frame size warnings and longer > + compile time. > + https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81715 has more > + > + > +choice > + prompt "Instrumentation type" > + depends on KERNEL_KASAN > + default KERNEL_KASAN_OUTLINE > + > +config KERNEL_KASAN_OUTLINE > + bool "Outline instrumentation" > + help > + Before every memory access compiler insert function call > + __asan_load*/__asan_store*. These functions performs check > + of shadow memory. This is slower than inline instrumentation, > + however it doesn't bloat size of kernel's .text section so > + much as inline does. > + > +config KERNEL_KASAN_INLINE > + bool "Inline instrumentation" > + help > + Compiler directly inserts code checking shadow memory before > + memory accesses. This is faster than outline (in some workloads > + it gives about x2 boost over outline instrumentation), but > + make kernel's .text size much bigger. > + This requires a gcc version of 5.0 or later. > + > +endchoice > + > config KERNEL_TASKSTATS > bool "Compile the kernel with task resource/io statistics and accounting" > default n > diff --git a/target/linux/generic/config-4.14 b/target/linux/generic/config-4.14 > index 73b0d77155..5a9b82db80 100644 > --- a/target/linux/generic/config-4.14 > +++ b/target/linux/generic/config-4.14 > @@ -4927,6 +4927,7 @@ CONFIG_TCP_CONG_CUBIC=y > # CONFIG_TEST_FIRMWARE is not set > # CONFIG_TEST_HASH is not set > # CONFIG_TEST_HEXDUMP is not set > +# CONFIG_TEST_KASAN is not set > # CONFIG_TEST_KMOD is not set > # CONFIG_TEST_KSTRTOX is not set > # CONFIG_TEST_LIST_SORT is not set > diff --git a/target/linux/generic/config-4.19 b/target/linux/generic/config-4.19 > index aba7bccaf6..372cad70a6 100644 > --- a/target/linux/generic/config-4.19 > +++ b/target/linux/generic/config-4.19 > @@ -5187,6 +5187,7 @@ CONFIG_TCP_CONG_CUBIC=y > # CONFIG_TEST_HASH is not set > # CONFIG_TEST_HEXDUMP is not set > # CONFIG_TEST_IDA is not set > +# CONFIG_TEST_KASAN is not set > # CONFIG_TEST_KMOD is not set > # CONFIG_TEST_KSTRTOX is not set > # CONFIG_TEST_LIST_SORT is not set > -- > 2.17.1 > > > _______________________________________________ > openwrt-devel mailing list > openwrt-devel@lists.openwrt.org > https://lists.openwrt.org/mailman/listinfo/openwrt-devel
diff --git a/config/Config-kernel.in b/config/Config-kernel.in index bf1c1055f1..3059a45f48 100644 --- a/config/Config-kernel.in +++ b/config/Config-kernel.in @@ -120,6 +120,58 @@ config KERNEL_UBSAN_NULL This option enables detection of memory accesses via a null pointer. +config KERNEL_KASAN + bool "Compile the kernel with KASan: runtime memory debugger" + select KERNEL_SLUB_DEBUG + depends on (x86_64 || aarch64) + help + Enables kernel address sanitizer - runtime memory debugger, + designed to find out-of-bounds accesses and use-after-free bugs. + This is strictly a debugging feature and it requires a gcc version + of 4.9.2 or later. Detection of out of bounds accesses to stack or + global variables requires gcc 5.0 or later. + This feature consumes about 1/8 of available memory and brings about + ~x3 performance slowdown. + For better error detection enable CONFIG_STACKTRACE. + Currently CONFIG_KASAN doesn't work with CONFIG_DEBUG_SLAB + (the resulting kernel does not boot). + +config KERNEL_KASAN_EXTRA + bool "KAsan: extra checks" + depends on KERNEL_KASAN && KERNEL_DEBUG_KERNEL + help + This enables further checks in the kernel address sanitizer, for now + it only includes the address-use-after-scope check that can lead + to excessive kernel stack usage, frame size warnings and longer + compile time. + https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81715 has more + + +choice + prompt "Instrumentation type" + depends on KERNEL_KASAN + default KERNEL_KASAN_OUTLINE + +config KERNEL_KASAN_OUTLINE + bool "Outline instrumentation" + help + Before every memory access compiler insert function call + __asan_load*/__asan_store*. These functions performs check + of shadow memory. This is slower than inline instrumentation, + however it doesn't bloat size of kernel's .text section so + much as inline does. + +config KERNEL_KASAN_INLINE + bool "Inline instrumentation" + help + Compiler directly inserts code checking shadow memory before + memory accesses. This is faster than outline (in some workloads + it gives about x2 boost over outline instrumentation), but + make kernel's .text size much bigger. + This requires a gcc version of 5.0 or later. + +endchoice + config KERNEL_TASKSTATS bool "Compile the kernel with task resource/io statistics and accounting" default n diff --git a/target/linux/generic/config-4.14 b/target/linux/generic/config-4.14 index 73b0d77155..5a9b82db80 100644 --- a/target/linux/generic/config-4.14 +++ b/target/linux/generic/config-4.14 @@ -4927,6 +4927,7 @@ CONFIG_TCP_CONG_CUBIC=y # CONFIG_TEST_FIRMWARE is not set # CONFIG_TEST_HASH is not set # CONFIG_TEST_HEXDUMP is not set +# CONFIG_TEST_KASAN is not set # CONFIG_TEST_KMOD is not set # CONFIG_TEST_KSTRTOX is not set # CONFIG_TEST_LIST_SORT is not set diff --git a/target/linux/generic/config-4.19 b/target/linux/generic/config-4.19 index aba7bccaf6..372cad70a6 100644 --- a/target/linux/generic/config-4.19 +++ b/target/linux/generic/config-4.19 @@ -5187,6 +5187,7 @@ CONFIG_TCP_CONG_CUBIC=y # CONFIG_TEST_HASH is not set # CONFIG_TEST_HEXDUMP is not set # CONFIG_TEST_IDA is not set +# CONFIG_TEST_KASAN is not set # CONFIG_TEST_KMOD is not set # CONFIG_TEST_KSTRTOX is not set # CONFIG_TEST_LIST_SORT is not set
The kernel kernel address sanitizer is able to detect some memory bugs in the kernel like out of range array accesses. Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com> --- config/Config-kernel.in | 52 ++++++++++++++++++++++++++++++++ target/linux/generic/config-4.14 | 1 + target/linux/generic/config-4.19 | 1 + 3 files changed, 54 insertions(+)