1# SPDX-License-Identifier: GPL-2.0
2
3ifdef CONFIG_CC_HAS_KASAN_MEMINTRINSIC_PREFIX
4# Safe for compiler to generate meminstrinsic calls in uninstrumented files.
5CFLAGS_KASAN_NOSANITIZE :=
6else
7# Don't let compiler generate memintrinsic calls in uninstrumented files
8# because they are instrumented.
9CFLAGS_KASAN_NOSANITIZE := -fno-builtin
10endif
11
12KASAN_SHADOW_OFFSET ?= $(CONFIG_KASAN_SHADOW_OFFSET)
13
14cc-param = $(call cc-option, -mllvm -$(1), $(call cc-option, --param $(1)))
15rustc-param = $(call rustc-option, -Cllvm-args=-$(1),)
16
17check-args = $(foreach arg,$(2),$(call $(1),$(arg)))
18
19kasan_params :=
20
21ifdef CONFIG_KASAN_STACK
22	stack_enable := 1
23else
24	stack_enable := 0
25endif
26
27ifdef CONFIG_KASAN_GENERIC
28
29ifdef CONFIG_KASAN_INLINE
30	# When the number of memory accesses in a function is less than this
31	# call threshold number, the compiler will use inline instrumentation.
32	# 10000 is chosen offhand as a sufficiently large number to make all
33	# kernel functions to be instrumented inline.
34	call_threshold := 10000
35else
36	call_threshold := 0
37endif
38
39# First, enable -fsanitize=kernel-address together with providing the shadow
40# mapping offset, as for GCC, -fasan-shadow-offset fails without -fsanitize
41# (GCC accepts the shadow mapping offset via -fasan-shadow-offset instead of
42# a --param like the other KASAN parameters).
43# Instead of ifdef-checking the compiler, rely on cc-option.
44CFLAGS_KASAN := $(call cc-option, -fsanitize=kernel-address \
45		-fasan-shadow-offset=$(KASAN_SHADOW_OFFSET), \
46		$(call cc-option, -fsanitize=kernel-address \
47		-mllvm -asan-mapping-offset=$(KASAN_SHADOW_OFFSET)))
48
49# The minimum supported `rustc` version has a minimum supported LLVM
50# version late enough that we can assume support for -asan-mapping-offset.
51RUSTFLAGS_KASAN := -Zsanitizer=kernel-address \
52		   -Zsanitizer-recover=kernel-address \
53		   -Cllvm-args=-asan-mapping-offset=$(KASAN_SHADOW_OFFSET)
54
55# Now, add other parameters enabled similarly in GCC, Clang, and rustc.
56# As some of them are not supported by older compilers, these will be filtered
57# through `cc-param` or `rust-param` as applicable.
58kasan_params += asan-instrumentation-with-call-threshold=$(call_threshold) \
59		asan-stack=$(stack_enable) \
60		asan-instrument-allocas=1 \
61		asan-globals=1
62
63# Instrument memcpy/memset/memmove calls by using instrumented __asan_mem*()
64# instead. With compilers that don't support this option, compiler-inserted
65# memintrinsics won't be checked by KASAN on GENERIC_ENTRY architectures.
66kasan_params += asan-kernel-mem-intrinsic-prefix=1
67
68endif # CONFIG_KASAN_GENERIC
69
70ifdef CONFIG_KASAN_SW_TAGS
71
72CFLAGS_KASAN := -fsanitize=kernel-hwaddress
73
74# This sets flags that will enable SW_TAGS KASAN once enabled in Rust. These
75# will not work today, and is guarded against in dependencies for CONFIG_RUST.
76RUSTFLAGS_KASAN := -Zsanitizer=kernel-hwaddress \
77		   -Zsanitizer-recover=kernel-hwaddress
78
79ifdef CONFIG_KASAN_INLINE
80	kasan_params += hwasan-mapping-offset=$(KASAN_SHADOW_OFFSET)
81else
82	kasan_params += hwasan-instrument-with-calls=1
83endif
84
85kasan_params += hwasan-instrument-stack=$(stack_enable) \
86		hwasan-use-short-granules=0 \
87		hwasan-inline-all-checks=0
88
89# Instrument memcpy/memset/memmove calls by using instrumented __hwasan_mem*().
90ifeq ($(call clang-min-version, 150000)$(call gcc-min-version, 130000),y)
91	kasan_params += hwasan-kernel-mem-intrinsic-prefix=1
92endif
93
94endif # CONFIG_KASAN_SW_TAGS
95
96# Add all as-supported KASAN LLVM parameters requested by the configuration.
97CFLAGS_KASAN += $(call check-args, cc-param, $(kasan_params))
98
99ifdef CONFIG_RUST
100	# Avoid calling `rustc-param` unless Rust is enabled.
101	RUSTFLAGS_KASAN += $(call check-args, rustc-param, $(kasan_params))
102endif # CONFIG_RUST
103
104export CFLAGS_KASAN CFLAGS_KASAN_NOSANITIZE RUSTFLAGS_KASAN
105