forked from Minki/linux
51 lines
1.9 KiB
Plaintext
51 lines
1.9 KiB
Plaintext
|
# SPDX-License-Identifier: GPL-2.0-only
|
||
|
config HAVE_ARCH_KMSAN
|
||
|
bool
|
||
|
|
||
|
config HAVE_KMSAN_COMPILER
|
||
|
# Clang versions <14.0.0 also support -fsanitize=kernel-memory, but not
|
||
|
# all the features necessary to build the kernel with KMSAN.
|
||
|
depends on CC_IS_CLANG && CLANG_VERSION >= 140000
|
||
|
def_bool $(cc-option,-fsanitize=kernel-memory -mllvm -msan-disable-checks=1)
|
||
|
|
||
|
config KMSAN
|
||
|
bool "KMSAN: detector of uninitialized values use"
|
||
|
depends on HAVE_ARCH_KMSAN && HAVE_KMSAN_COMPILER
|
||
|
depends on SLUB && DEBUG_KERNEL && !KASAN && !KCSAN
|
||
|
select STACKDEPOT
|
||
|
select STACKDEPOT_ALWAYS_INIT
|
||
|
help
|
||
|
KernelMemorySanitizer (KMSAN) is a dynamic detector of uses of
|
||
|
uninitialized values in the kernel. It is based on compiler
|
||
|
instrumentation provided by Clang and thus requires Clang to build.
|
||
|
|
||
|
An important note is that KMSAN is not intended for production use,
|
||
|
because it drastically increases kernel memory footprint and slows
|
||
|
the whole system down.
|
||
|
|
||
|
See <file:Documentation/dev-tools/kmsan.rst> for more details.
|
||
|
|
||
|
if KMSAN
|
||
|
|
||
|
config HAVE_KMSAN_PARAM_RETVAL
|
||
|
# -fsanitize-memory-param-retval is supported only by Clang >= 14.
|
||
|
depends on HAVE_KMSAN_COMPILER
|
||
|
def_bool $(cc-option,-fsanitize=kernel-memory -fsanitize-memory-param-retval)
|
||
|
|
||
|
config KMSAN_CHECK_PARAM_RETVAL
|
||
|
bool "Check for uninitialized values passed to and returned from functions"
|
||
|
default y
|
||
|
depends on HAVE_KMSAN_PARAM_RETVAL
|
||
|
help
|
||
|
If the compiler supports -fsanitize-memory-param-retval, KMSAN will
|
||
|
eagerly check every function parameter passed by value and every
|
||
|
function return value.
|
||
|
|
||
|
Disabling KMSAN_CHECK_PARAM_RETVAL will result in tracking shadow for
|
||
|
function parameters and return values across function borders. This
|
||
|
is a more relaxed mode, but it generates more instrumentation code and
|
||
|
may potentially report errors in corner cases when non-instrumented
|
||
|
functions call instrumented ones.
|
||
|
|
||
|
endif
|