[OpenWrt-Devel] [PATCH 2/4] build: Add option KERNEL_KASAN

Alexandru Ardelean ardeleanalex at gmail.com
Thu Feb 13 04:29:52 EST 2020 

On Wed, Feb 12, 2020 at 12:50 PM Hauke Mehrtens
<hauke.mehrtens at intel.com> wrote:
>
> The kernel kernel address sanitizer is able to detect some memory
> bugs in the kernel like out of range array accesses.
>

Reviewed-by: Alexandru Ardelean <ardeleanalex at gmail.com>

> Signed-off-by: Hauke Mehrtens <hauke.mehrtens at intel.com>
> ---
>  config/Config-kernel.in          | 52 ++++++++++++++++++++++++++++++++
>  target/linux/generic/config-4.14 |  1 +
>  target/linux/generic/config-4.19 |  1 +
>  3 files changed, 54 insertions(+)
>
> diff --git a/config/Config-kernel.in b/config/Config-kernel.in
> index bf1c1055f1..3059a45f48 100644
> --- a/config/Config-kernel.in
> +++ b/config/Config-kernel.in
> @@ -120,6 +120,58 @@ config KERNEL_UBSAN_NULL
>           This option enables detection of memory accesses via a
>           null pointer.
>
> +config KERNEL_KASAN
> +       bool "Compile the kernel with KASan: runtime memory debugger"
> +       select KERNEL_SLUB_DEBUG
> +       depends on (x86_64 || aarch64)
> +       help
> +         Enables kernel address sanitizer - runtime memory debugger,
> +         designed to find out-of-bounds accesses and use-after-free bugs.
> +         This is strictly a debugging feature and it requires a gcc version
> +         of 4.9.2 or later. Detection of out of bounds accesses to stack or
> +         global variables requires gcc 5.0 or later.
> +         This feature consumes about 1/8 of available memory and brings about
> +         ~x3 performance slowdown.
> +         For better error detection enable CONFIG_STACKTRACE.
> +         Currently CONFIG_KASAN doesn't work with CONFIG_DEBUG_SLAB
> +         (the resulting kernel does not boot).
> +
> +config KERNEL_KASAN_EXTRA
> +       bool "KAsan: extra checks"
> +       depends on KERNEL_KASAN && KERNEL_DEBUG_KERNEL
> +       help
> +         This enables further checks in the kernel address sanitizer, for now
> +         it only includes the address-use-after-scope check that can lead
> +         to excessive kernel stack usage, frame size warnings and longer
> +         compile time.
> +         https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81715 has more
> +
> +
> +choice
> +       prompt "Instrumentation type"
> +       depends on KERNEL_KASAN
> +       default KERNEL_KASAN_OUTLINE
> +
> +config KERNEL_KASAN_OUTLINE
> +       bool "Outline instrumentation"
> +       help
> +         Before every memory access compiler insert function call
> +         __asan_load*/__asan_store*. These functions performs check
> +         of shadow memory. This is slower than inline instrumentation,
> +         however it doesn't bloat size of kernel's .text section so
> +         much as inline does.
> +
> +config KERNEL_KASAN_INLINE
> +       bool "Inline instrumentation"
> +       help
> +         Compiler directly inserts code checking shadow memory before
> +         memory accesses. This is faster than outline (in some workloads
> +         it gives about x2 boost over outline instrumentation), but
> +         make kernel's .text size much bigger.
> +         This requires a gcc version of 5.0 or later.
> +
> +endchoice
> +
>  config KERNEL_TASKSTATS
>         bool "Compile the kernel with task resource/io statistics and accounting"
>         default n
> diff --git a/target/linux/generic/config-4.14 b/target/linux/generic/config-4.14
> index 73b0d77155..5a9b82db80 100644
> --- a/target/linux/generic/config-4.14
> +++ b/target/linux/generic/config-4.14
> @@ -4927,6 +4927,7 @@ CONFIG_TCP_CONG_CUBIC=y
>  # CONFIG_TEST_FIRMWARE is not set
>  # CONFIG_TEST_HASH is not set
>  # CONFIG_TEST_HEXDUMP is not set
> +# CONFIG_TEST_KASAN is not set
>  # CONFIG_TEST_KMOD is not set
>  # CONFIG_TEST_KSTRTOX is not set
>  # CONFIG_TEST_LIST_SORT is not set
> diff --git a/target/linux/generic/config-4.19 b/target/linux/generic/config-4.19
> index aba7bccaf6..372cad70a6 100644
> --- a/target/linux/generic/config-4.19
> +++ b/target/linux/generic/config-4.19
> @@ -5187,6 +5187,7 @@ CONFIG_TCP_CONG_CUBIC=y
>  # CONFIG_TEST_HASH is not set
>  # CONFIG_TEST_HEXDUMP is not set
>  # CONFIG_TEST_IDA is not set
> +# CONFIG_TEST_KASAN is not set
>  # CONFIG_TEST_KMOD is not set
>  # CONFIG_TEST_KSTRTOX is not set
>  # CONFIG_TEST_LIST_SORT is not set
> --
> 2.17.1
>
>
> _______________________________________________
> openwrt-devel mailing list
> openwrt-devel at lists.openwrt.org
> https://lists.openwrt.org/mailman/listinfo/openwrt-devel

_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

More information about the openwrt-devel mailing list