linux/lib/Kconfig.kmsan

51 lines
1.9 KiB
Plaintext
Raw Normal View History

kmsan: add KMSAN runtime core For each memory location KernelMemorySanitizer maintains two types of metadata: 1. The so-called shadow of that location - а byte:byte mapping describing whether or not individual bits of memory are initialized (shadow is 0) or not (shadow is 1). 2. The origins of that location - а 4-byte:4-byte mapping containing 4-byte IDs of the stack traces where uninitialized values were created. Each struct page now contains pointers to two struct pages holding KMSAN metadata (shadow and origins) for the original struct page. Utility routines in mm/kmsan/core.c and mm/kmsan/shadow.c handle the metadata creation, addressing, copying and checking. mm/kmsan/report.c performs error reporting in the cases an uninitialized value is used in a way that leads to undefined behavior. KMSAN compiler instrumentation is responsible for tracking the metadata along with the kernel memory. mm/kmsan/instrumentation.c provides the implementation for instrumentation hooks that are called from files compiled with -fsanitize=kernel-memory. To aid parameter passing (also done at instrumentation level), each task_struct now contains a struct kmsan_task_state used to track the metadata of function parameters and return values for that task. Finally, this patch provides CONFIG_KMSAN that enables KMSAN, and declares CFLAGS_KMSAN, which are applied to files compiled with KMSAN. The KMSAN_SANITIZE:=n Makefile directive can be used to completely disable KMSAN instrumentation for certain files. Similarly, KMSAN_ENABLE_CHECKS:=n disables KMSAN checks and makes newly created stack memory initialized. Users can also use functions from include/linux/kmsan-checks.h to mark certain memory regions as uninitialized or initialized (this is called "poisoning" and "unpoisoning") or check that a particular region is initialized. Link: https://lkml.kernel.org/r/20220915150417.722975-12-glider@google.com Signed-off-by: Alexander Potapenko <glider@google.com> Acked-by: Marco Elver <elver@google.com> Cc: Alexander Viro <viro@zeniv.linux.org.uk> Cc: Alexei Starovoitov <ast@kernel.org> Cc: Andrey Konovalov <andreyknvl@gmail.com> Cc: Andrey Konovalov <andreyknvl@google.com> Cc: Andy Lutomirski <luto@kernel.org> Cc: Arnd Bergmann <arnd@arndb.de> Cc: Borislav Petkov <bp@alien8.de> Cc: Christoph Hellwig <hch@lst.de> Cc: Christoph Lameter <cl@linux.com> Cc: David Rientjes <rientjes@google.com> Cc: Dmitry Vyukov <dvyukov@google.com> Cc: Eric Biggers <ebiggers@google.com> Cc: Eric Biggers <ebiggers@kernel.org> Cc: Eric Dumazet <edumazet@google.com> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: Herbert Xu <herbert@gondor.apana.org.au> Cc: Ilya Leoshkevich <iii@linux.ibm.com> Cc: Ingo Molnar <mingo@redhat.com> Cc: Jens Axboe <axboe@kernel.dk> Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com> Cc: Kees Cook <keescook@chromium.org> Cc: Mark Rutland <mark.rutland@arm.com> Cc: Matthew Wilcox <willy@infradead.org> Cc: Michael S. Tsirkin <mst@redhat.com> Cc: Pekka Enberg <penberg@kernel.org> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Petr Mladek <pmladek@suse.com> Cc: Stephen Rothwell <sfr@canb.auug.org.au> Cc: Steven Rostedt <rostedt@goodmis.org> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Vasily Gorbik <gor@linux.ibm.com> Cc: Vegard Nossum <vegard.nossum@oracle.com> Cc: Vlastimil Babka <vbabka@suse.cz> Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
2022-09-15 15:03:45 +00:00
# SPDX-License-Identifier: GPL-2.0-only
config HAVE_ARCH_KMSAN
bool
config HAVE_KMSAN_COMPILER
# Clang versions <14.0.0 also support -fsanitize=kernel-memory, but not
# all the features necessary to build the kernel with KMSAN.
depends on CC_IS_CLANG && CLANG_VERSION >= 140000
def_bool $(cc-option,-fsanitize=kernel-memory -mllvm -msan-disable-checks=1)
config KMSAN
bool "KMSAN: detector of uninitialized values use"
depends on HAVE_ARCH_KMSAN && HAVE_KMSAN_COMPILER
depends on SLUB && DEBUG_KERNEL && !KASAN && !KCSAN
select STACKDEPOT
select STACKDEPOT_ALWAYS_INIT
help
KernelMemorySanitizer (KMSAN) is a dynamic detector of uses of
uninitialized values in the kernel. It is based on compiler
instrumentation provided by Clang and thus requires Clang to build.
An important note is that KMSAN is not intended for production use,
because it drastically increases kernel memory footprint and slows
the whole system down.
See <file:Documentation/dev-tools/kmsan.rst> for more details.
if KMSAN
config HAVE_KMSAN_PARAM_RETVAL
# -fsanitize-memory-param-retval is supported only by Clang >= 14.
depends on HAVE_KMSAN_COMPILER
def_bool $(cc-option,-fsanitize=kernel-memory -fsanitize-memory-param-retval)
config KMSAN_CHECK_PARAM_RETVAL
bool "Check for uninitialized values passed to and returned from functions"
default y
depends on HAVE_KMSAN_PARAM_RETVAL
help
If the compiler supports -fsanitize-memory-param-retval, KMSAN will
eagerly check every function parameter passed by value and every
function return value.
Disabling KMSAN_CHECK_PARAM_RETVAL will result in tracking shadow for
function parameters and return values across function borders. This
is a more relaxed mode, but it generates more instrumentation code and
may potentially report errors in corner cases when non-instrumented
functions call instrumented ones.
endif