~hc/RK356X_SDK_RELEASE.git

..	..	@@ -1,8 +1,15 @@
	1	+# SPDX-License-Identifier: GPL-2.0-only
1	2	# This config refers to the generic KASAN mode.
2	3	config HAVE_ARCH_KASAN
3	4	bool
4	5
5	6	config HAVE_ARCH_KASAN_SW_TAGS
	7	+ bool
	8	+
	9	+config HAVE_ARCH_KASAN_HW_TAGS
	10	+ bool
	11	+
	12	+config HAVE_ARCH_KASAN_VMALLOC
6	13	bool
7	14
8	15	config CC_HAS_KASAN_GENERIC
..	..	@@ -11,76 +18,107 @@
11	18	config CC_HAS_KASAN_SW_TAGS
12	19	def_bool $(cc-option, -fsanitize=kernel-hwaddress)
13	20
14		-config KASAN
	21	+# This option is only required for software KASAN modes.
	22	+# Old GCC versions don't have proper support for no_sanitize_address.
	23	+# See https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89124 for details.
	24	+config CC_HAS_WORKING_NOSANITIZE_ADDRESS
	25	+ def_bool !CC_IS_GCC \|\| GCC_VERSION >= 80300
	26	+
	27	+menuconfig KASAN
15	28	bool "KASAN: runtime memory debugger"
16		- depends on (HAVE_ARCH_KASAN && CC_HAS_KASAN_GENERIC) \|\| \
17		- (HAVE_ARCH_KASAN_SW_TAGS && CC_HAS_KASAN_SW_TAGS)
	29	+ depends on (((HAVE_ARCH_KASAN && CC_HAS_KASAN_GENERIC) \|\| \
	30	+ (HAVE_ARCH_KASAN_SW_TAGS && CC_HAS_KASAN_SW_TAGS)) && \
	31	+ CC_HAS_WORKING_NOSANITIZE_ADDRESS) \|\| \
	32	+ HAVE_ARCH_KASAN_HW_TAGS
18	33	depends on (SLUB && SYSFS) \|\| (SLAB && !DEBUG_SLAB)
	34	+ select STACKDEPOT
19	35	help
20	36	Enables KASAN (KernelAddressSANitizer) - runtime memory debugger,
21	37	designed to find out-of-bounds accesses and use-after-free bugs.
22	38	See Documentation/dev-tools/kasan.rst for details.
23	39
	40	+if KASAN
	41	+
24	42	choice
25	43	prompt "KASAN mode"
26		- depends on KASAN
27	44	default KASAN_GENERIC
28	45	help
29		- KASAN has two modes: generic KASAN (similar to userspace ASan,
30		- x86_64/arm64/xtensa, enabled with CONFIG_KASAN_GENERIC) and
31		- software tag-based KASAN (a version based on software memory
32		- tagging, arm64 only, similar to userspace HWASan, enabled with
33		- CONFIG_KASAN_SW_TAGS).
34		- Both generic and tag-based KASAN are strictly debugging features.
	46	+ KASAN has three modes:
	47	+ 1. generic KASAN (similar to userspace ASan,
	48	+ x86_64/arm64/xtensa, enabled with CONFIG_KASAN_GENERIC),
	49	+ 2. software tag-based KASAN (arm64 only, based on software
	50	+ memory tagging (similar to userspace HWASan), enabled with
	51	+ CONFIG_KASAN_SW_TAGS), and
	52	+ 3. hardware tag-based KASAN (arm64 only, based on hardware
	53	+ memory tagging, enabled with CONFIG_KASAN_HW_TAGS).
	54	+
	55	+ All KASAN modes are strictly debugging features.
	56	+
	57	+ For better error reports enable CONFIG_STACKTRACE.
35	58
36	59	config KASAN_GENERIC
37	60	bool "Generic mode"
38	61	depends on HAVE_ARCH_KASAN && CC_HAS_KASAN_GENERIC
39		- depends on (SLUB && SYSFS) \|\| (SLAB && !DEBUG_SLAB)
	62	+ depends on CC_HAS_WORKING_NOSANITIZE_ADDRESS
40	63	select SLUB_DEBUG if SLUB
41	64	select CONSTRUCTORS
42		- select STACKDEPOT
43	65	help
44	66	Enables generic KASAN mode.
45		- Supported in both GCC and Clang. With GCC it requires version 4.9.2
46		- or later for basic support and version 5.0 or later for detection of
47		- out-of-bounds accesses for stack and global variables and for inline
48		- instrumentation mode (CONFIG_KASAN_INLINE). With Clang it requires
49		- version 3.7.0 or later and it doesn't support detection of
50		- out-of-bounds accesses for global variables yet.
	67	+
	68	+ This mode is supported in both GCC and Clang. With GCC it requires
	69	+ version 8.3.0 or later. Any supported Clang version is compatible,
	70	+ but detection of out-of-bounds accesses for global variables is
	71	+ supported only since Clang 11.
	72	+
51	73	This mode consumes about 1/8th of available memory at kernel start
52	74	and introduces an overhead of ~x1.5 for the rest of the allocations.
53	75	The performance slowdown is ~x3.
54		- For better error detection enable CONFIG_STACKTRACE.
	76	+
55	77	Currently CONFIG_KASAN_GENERIC doesn't work with CONFIG_DEBUG_SLAB
56	78	(the resulting kernel does not boot).
57	79
58	80	config KASAN_SW_TAGS
59	81	bool "Software tag-based mode"
60	82	depends on HAVE_ARCH_KASAN_SW_TAGS && CC_HAS_KASAN_SW_TAGS
61		- depends on (SLUB && SYSFS) \|\| (SLAB && !DEBUG_SLAB)
	83	+ depends on CC_HAS_WORKING_NOSANITIZE_ADDRESS
62	84	select SLUB_DEBUG if SLUB
63	85	select CONSTRUCTORS
64		- select STACKDEPOT
65	86	help
66	87	Enables software tag-based KASAN mode.
67		- This mode requires Top Byte Ignore support by the CPU and therefore
68		- is only supported for arm64.
69		- This mode requires Clang version 7.0.0 or later.
	88	+
	89	+ This mode require software memory tagging support in the form of
	90	+ HWASan-like compiler instrumentation.
	91	+
	92	+ Currently this mode is only implemented for arm64 CPUs and relies on
	93	+ Top Byte Ignore. This mode requires Clang.
	94	+
70	95	This mode consumes about 1/16th of available memory at kernel start
71	96	and introduces an overhead of ~20% for the rest of the allocations.
72	97	This mode may potentially introduce problems relating to pointer
73	98	casting and comparison, as it embeds tags into the top byte of each
74	99	pointer.
75		- For better error detection enable CONFIG_STACKTRACE.
	100	+
76	101	Currently CONFIG_KASAN_SW_TAGS doesn't work with CONFIG_DEBUG_SLAB
77	102	(the resulting kernel does not boot).
	103	+
	104	+config KASAN_HW_TAGS
	105	+ bool "Hardware tag-based mode"
	106	+ depends on HAVE_ARCH_KASAN_HW_TAGS
	107	+ depends on SLUB
	108	+ help
	109	+ Enables hardware tag-based KASAN mode.
	110	+
	111	+ This mode requires hardware memory tagging support, and can be used
	112	+ by any architecture that provides it.
	113	+
	114	+ Currently this mode is only implemented for arm64 CPUs starting from
	115	+ ARMv8.5 and relies on Memory Tagging Extension and Top Byte Ignore.
78	116
79	117	endchoice
80	118
81	119	choice
82	120	prompt "Instrumentation type"
83		- depends on KASAN
	121	+ depends on KASAN_GENERIC \|\| KASAN_SW_TAGS
84	122	default KASAN_OUTLINE
85	123
86	124	config KASAN_OUTLINE
..	..	@@ -99,13 +137,13 @@
99	137	memory accesses. This is faster than outline (in some workloads
100	138	it gives about x2 boost over outline instrumentation), but
101	139	make kernel's .text size much bigger.
102		- For CONFIG_KASAN_GENERIC this requires GCC 5.0 or later.
103	140
104	141	endchoice
105	142
106		-config KASAN_STACK_ENABLE
	143	+config KASAN_STACK
107	144	bool "Enable stack instrumentation (unsafe)" if CC_IS_CLANG && !COMPILE_TEST
108		- depends on KASAN
	145	+ depends on KASAN_GENERIC \|\| KASAN_SW_TAGS
	146	+ default y if CC_IS_GCC
109	147	help
110	148	The LLVM stack address sanitizer has a know problem that
111	149	causes excessive stack usage in a lot of functions, see
..	..	@@ -119,15 +157,54 @@
119	157	CONFIG_COMPILE_TEST. On gcc it is assumed to always be safe
120	158	to use and enabled by default.
121	159
122		-config KASAN_STACK
123		- int
124		- default 1 if KASAN_STACK_ENABLE \|\| CC_IS_GCC
125		- default 0
126		-
127		-config TEST_KASAN
128		- tristate "Module for testing KASAN for bug detection"
129		- depends on m && KASAN
	160	+config KASAN_S390_4_LEVEL_PAGING
	161	+ bool "KASan: use 4-level paging"
	162	+ depends on S390
130	163	help
131		- This is a test module doing various nasty things like
132		- out of bounds accesses, use after free. It is useful for testing
	164	+ Compiling the kernel with KASan disables automatic 3-level vs
	165	+ 4-level paging selection. 3-level paging is used by default (up
	166	+ to 3TB of RAM with KASan enabled). This options allows to force
	167	+ 4-level paging instead.
	168	+
	169	+config KASAN_SW_TAGS_IDENTIFY
	170	+ bool "Enable memory corruption identification"
	171	+ depends on KASAN_SW_TAGS
	172	+ help
	173	+ This option enables best-effort identification of bug type
	174	+ (use-after-free or out-of-bounds) at the cost of increased
	175	+ memory consumption.
	176	+
	177	+config KASAN_VMALLOC
	178	+ bool "Back mappings in vmalloc space with real shadow memory"
	179	+ depends on KASAN_GENERIC && HAVE_ARCH_KASAN_VMALLOC
	180	+ help
	181	+ By default, the shadow region for vmalloc space is the read-only
	182	+ zero page. This means that KASAN cannot detect errors involving
	183	+ vmalloc space.
	184	+
	185	+ Enabling this option will hook in to vmap/vmalloc and back those
	186	+ mappings with real shadow memory allocated on demand. This allows
	187	+ for KASAN to detect more sorts of errors (and to support vmapped
	188	+ stacks), but at the cost of higher memory usage.
	189	+
	190	+config KASAN_KUNIT_TEST
	191	+ tristate "KUnit-compatible tests of KASAN bug detection capabilities" if !KUNIT_ALL_TESTS
	192	+ depends on KASAN && KUNIT
	193	+ default KUNIT_ALL_TESTS
	194	+ help
	195	+ This is a KUnit test suite doing various nasty things like
	196	+ out of bounds and use after free accesses. It is useful for testing
133	197	kernel debugging features like KASAN.
	198	+
	199	+ For more information on KUnit and unit tests in general, please refer
	200	+ to the KUnit documentation in Documentation/dev-tools/kunit.
	201	+
	202	+config KASAN_MODULE_TEST
	203	+ tristate "KUnit-incompatible tests of KASAN bug detection capabilities"
	204	+ depends on m && KASAN && !KASAN_HW_TAGS
	205	+ help
	206	+ This is a part of the KASAN test suite that is incompatible with
	207	+ KUnit. Currently includes tests that do bad copy_from/to_user
	208	+ accesses.
	209	+
	210	+endif # KASAN