83d0edfa04
As pointed out by Peter Zijlstra, __msan_poison_alloca() does not play well with IRQ code when PREEMPT_RT is on, because in that mode even GFP_ATOMIC allocations cannot be performed. Fixing this would require making stackdepot completely lockless, which is quite challenging and may be excessive for the time being. Instead, make sure KMSAN is incompatible with PREEMPT_RT, like other debug configs are. Link: https://lkml.kernel.org/r/20221102110611.1085175-4-glider@google.com Link: https://lore.kernel.org/lkml/20221025221755.3810809-1-glider@google.com/ Signed-off-by: Alexander Potapenko <glider@google.com> Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org> Cc: Dmitry Vyukov <dvyukov@google.com> Cc: Marco Elver <elver@google.com> Cc: Borislav Petkov <bp@alien8.de> Cc: Dave Hansen <dave.hansen@linux.intel.com> Cc: Ingo Molnar <mingo@redhat.com> Cc: Kees Cook <keescook@chromium.org> Cc: Masahiro Yamada <masahiroy@kernel.org> Cc: Nick Desaulniers <ndesaulniers@google.com> Cc: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
64 lines
2.3 KiB
Plaintext
64 lines
2.3 KiB
Plaintext
# SPDX-License-Identifier: GPL-2.0-only
|
|
config HAVE_ARCH_KMSAN
|
|
bool
|
|
|
|
config HAVE_KMSAN_COMPILER
|
|
# Clang versions <14.0.0 also support -fsanitize=kernel-memory, but not
|
|
# all the features necessary to build the kernel with KMSAN.
|
|
depends on CC_IS_CLANG && CLANG_VERSION >= 140000
|
|
def_bool $(cc-option,-fsanitize=kernel-memory -mllvm -msan-disable-checks=1)
|
|
|
|
config KMSAN
|
|
bool "KMSAN: detector of uninitialized values use"
|
|
depends on HAVE_ARCH_KMSAN && HAVE_KMSAN_COMPILER
|
|
depends on SLUB && DEBUG_KERNEL && !KASAN && !KCSAN
|
|
depends on !PREEMPT_RT
|
|
select STACKDEPOT
|
|
select STACKDEPOT_ALWAYS_INIT
|
|
help
|
|
KernelMemorySanitizer (KMSAN) is a dynamic detector of uses of
|
|
uninitialized values in the kernel. It is based on compiler
|
|
instrumentation provided by Clang and thus requires Clang to build.
|
|
|
|
An important note is that KMSAN is not intended for production use,
|
|
because it drastically increases kernel memory footprint and slows
|
|
the whole system down.
|
|
|
|
See <file:Documentation/dev-tools/kmsan.rst> for more details.
|
|
|
|
if KMSAN
|
|
|
|
config HAVE_KMSAN_PARAM_RETVAL
|
|
# -fsanitize-memory-param-retval is supported only by Clang >= 14.
|
|
depends on HAVE_KMSAN_COMPILER
|
|
def_bool $(cc-option,-fsanitize=kernel-memory -fsanitize-memory-param-retval)
|
|
|
|
config KMSAN_CHECK_PARAM_RETVAL
|
|
bool "Check for uninitialized values passed to and returned from functions"
|
|
default y
|
|
depends on HAVE_KMSAN_PARAM_RETVAL
|
|
help
|
|
If the compiler supports -fsanitize-memory-param-retval, KMSAN will
|
|
eagerly check every function parameter passed by value and every
|
|
function return value.
|
|
|
|
Disabling KMSAN_CHECK_PARAM_RETVAL will result in tracking shadow for
|
|
function parameters and return values across function borders. This
|
|
is a more relaxed mode, but it generates more instrumentation code and
|
|
may potentially report errors in corner cases when non-instrumented
|
|
functions call instrumented ones.
|
|
|
|
config KMSAN_KUNIT_TEST
|
|
tristate "KMSAN integration test suite" if !KUNIT_ALL_TESTS
|
|
default KUNIT_ALL_TESTS
|
|
depends on TRACEPOINTS && KUNIT
|
|
help
|
|
Test suite for KMSAN, testing various error detection scenarios,
|
|
and checking that reports are correctly output to console.
|
|
|
|
Say Y here if you want the test to be built into the kernel and run
|
|
during boot; say M if you want the test to build as a module; say N
|
|
if you are unsure.
|
|
|
|
endif
|