summaryrefslogtreecommitdiff
path: root/lib/Kconfig.kmsan
blob: b2489dd6503fac7bd1ee4418004e2747920e527a (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
# SPDX-License-Identifier: GPL-2.0-only
config HAVE_ARCH_KMSAN
	bool

config HAVE_KMSAN_COMPILER
	# Clang versions <14.0.0 also support -fsanitize=kernel-memory, but not
	# all the features necessary to build the kernel with KMSAN.
	depends on CC_IS_CLANG && CLANG_VERSION >= 140000
	def_bool $(cc-option,-fsanitize=kernel-memory -mllvm -msan-disable-checks=1)

config KMSAN
	bool "KMSAN: detector of uninitialized values use"
	depends on HAVE_ARCH_KMSAN && HAVE_KMSAN_COMPILER
	depends on SLUB && DEBUG_KERNEL && !KASAN && !KCSAN
	select STACKDEPOT
	select STACKDEPOT_ALWAYS_INIT
	help
	  KernelMemorySanitizer (KMSAN) is a dynamic detector of uses of
	  uninitialized values in the kernel. It is based on compiler
	  instrumentation provided by Clang and thus requires Clang to build.

	  An important note is that KMSAN is not intended for production use,
	  because it drastically increases kernel memory footprint and slows
	  the whole system down.

	  See <file:Documentation/dev-tools/kmsan.rst> for more details.

if KMSAN

config HAVE_KMSAN_PARAM_RETVAL
	# -fsanitize-memory-param-retval is supported only by Clang >= 14.
	depends on HAVE_KMSAN_COMPILER
	def_bool $(cc-option,-fsanitize=kernel-memory -fsanitize-memory-param-retval)

config KMSAN_CHECK_PARAM_RETVAL
	bool "Check for uninitialized values passed to and returned from functions"
	default y
	depends on HAVE_KMSAN_PARAM_RETVAL
	help
	  If the compiler supports -fsanitize-memory-param-retval, KMSAN will
	  eagerly check every function parameter passed by value and every
	  function return value.

	  Disabling KMSAN_CHECK_PARAM_RETVAL will result in tracking shadow for
	  function parameters and return values across function borders. This
	  is a more relaxed mode, but it generates more instrumentation code and
	  may potentially report errors in corner cases when non-instrumented
	  functions call instrumented ones.

config KMSAN_KUNIT_TEST
	tristate "KMSAN integration test suite" if !KUNIT_ALL_TESTS
	default KUNIT_ALL_TESTS
	depends on TRACEPOINTS && KUNIT
	help
	  Test suite for KMSAN, testing various error detection scenarios,
	  and checking that reports are correctly output to console.

	  Say Y here if you want the test to be built into the kernel and run
	  during boot; say M if you want the test to build as a module; say N
	  if you are unsure.

endif