Kernel Address Sanitizer (KASAN) is a dynamic memory safety error detector designed to find out-of-bounds and use-after-free bugs in Linux kernel.
KASAN has three modes:
Generic KASAN
Software Tag-Based KASAN
Hardware Tag-Based KASAN
The generic and software tag mode have great impact on performance and memory. They can not be enabled in daily use.
Hardware tag mode only slightly increases memory footprint and system load. It can be kept enabled all the time.
Currently OpenWRT supports generic KASAN. This patch adds the options for software and hardware tag-based modes.
diff --git a/config/Config-kernel.in b/config/Config-kernel.in
index 7de0d17b5e..46d47118e3 100644
--- a/config/Config-kernel.in
+++ b/config/Config-kernel.in
@@ -184,16 +184,83 @@ config KERNEL_KASAN_VMALLOC
will have no effect.
if KERNEL_KASAN
- config KERNEL_KASAN_GENERIC
- def_bool y
+choice
+ prompt "KASAN mode"
+ depends on KERNEL_KASAN
+ default KERNEL_KASAN_GENERIC
+ help
+ KASAN has three modes:
+
+ 1. Generic KASAN (supported by many architectures, enabled with
+ CONFIG_KASAN_GENERIC, similar to userspace ASan),
+ 2. Software Tag-Based KASAN (arm64 only, based on software memory
+ tagging, enabled with CONFIG_KASAN_SW_TAGS, similar to userspace
+ HWASan), and
+ 3. Hardware Tag-Based KASAN (arm64 only, based on hardware memory
+ tagging, enabled with CONFIG_KASAN_HW_TAGS).
+
+config KERNEL_KASAN_GENERIC
+ bool "Generic KASAN"
+ select KERNEL_SLUB_DEBUG
+ help
+ Enables Generic KASAN.
+
+ Requires GCC 8.3.0+ or Clang.
+
+ Consumes about 1/8th of available memory at kernel start and adds an
+ overhead of ~50% for dynamic allocations.
+ The performance slowdown is ~x3.
+
+ (Incompatible with CONFIG_DEBUG_SLAB: the kernel does not boot.)
+
+config KERNEL_KASAN_SW_TAGS
+ bool "Software Tag-Based KASAN"
+ depends on aarch64
+ select KERNEL_SLUB_DEBUG
+ help
+ Enables Software Tag-Based KASAN.
+
+ Requires GCC 11+ or Clang.
+
+ Supported only on arm64 CPUs and relies on Top Byte Ignore.
+
+ Consumes about 1/16th of available memory at kernel start and
+ add an overhead of ~20% for dynamic allocations.
+
+ May potentially introduce problems related to pointer casting and
+ comparison, as it embeds a tag into the top byte of each pointer.
+
+ (Incompatible with CONFIG_DEBUG_SLAB: the kernel does not boot.)
+
+config KERNEL_KASAN_HW_TAGS
+ bool "Hardware Tag-Based KASAN"
+ depends on aarch64
+ select KERNEL_SLUB_DEBUG
+ select KERNEL_ARM64_MTE
+ help
+ Enables Hardware Tag-Based KASAN.
+
+ Requires GCC 10+ or Clang 12+.
+
+ Supported only on arm64 CPUs starting from ARMv8.5 and relies on
+ Memory Tagging Extension and Top Byte Ignore.
+
+ Consumes about 1/32nd of available memory.
+
+ May potentially introduce problems related to pointer casting and
+ comparison, as it embeds a tag into the top byte of each pointer.
+
+endchoice
+
+ config KERNEL_ARM64_MTE
+ def_bool n
- config KERNEL_KASAN_SW_TAGS
- def_bool n
endif
choice
prompt "Instrumentation type"
depends on KERNEL_KASAN
+ depends on !KERNEL_KASAN_HW_TAGS
default KERNEL_KASAN_OUTLINE
config KERNEL_KASAN_OUTLINE