kmsan.9 - OpenGrok cross reference for /freebsd-src/share/man/man9/kmsan.9

Lines Matching +full:memory +full:- +full:to +full:- +full:memory
1 .\"-
17 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
33 .Nd Kernel Memory SANitizer
36 .Pa GENERIC-KMSAN
37 kernel configuration can be used to compile a KMSAN-enabled kernel using
40 Alternately, to compile KMSAN into the kernel, place the following line in your
42 .Bd -ragged -offset indent
63 is a subsystem which leverages compiler instrumentation to detect uses of
64 uninitialized memory in the kernel.
69 is compiled into the kernel, the compiler is configured to emit function
70 calls preceding memory accesses.
73 runtime component and use hidden, byte-granular shadow state to determine
75 When uninitialized memory is used as a source operand in certain operations,
76 such as control flow expressions or memory accesses, the runtime reports
78 Otherwise, the shadow state is propagated to destination operand.
82 call which copies uninitialized memory will cause the destination buffer or
83 variable to be marked uninitialized.
87 runtime will either trigger a kernel panic or print a message to the console,
92 uninitialized memory is included.
94 In addition to compiler-detected uses of uninitialized memory,
110 It is not recommended to enable
114 The sanitizer in a KMSAN-configured kernel can be disabled by setting the loader
126 marks an address range as valid or invalid according to the value of the
134 For example, when a piece of memory is freed to a kernel allocator, it will
135 typically have been marked initialized; before the memory is reused for a new
137 As another example, writes to host memory performed by devices, e.g., via DMA,
138 are not intercepted by the sanitizer; to avoid false positives, drivers should
139 mark device-written memory as initialized.
149 In particular, it associates a given uninitialized buffer with a memory type
153 runtime to track the source of uninitialized memory and is only for debugging
161 function and its sub-typed siblings validate the shadow state of the region(s)
162 of kernel memory passed as input parameters.
166 inserted into code paths to narrow down the source of uninitialized memory.
167 They are also used to perform validation in various kernel I/O paths, helping
169 uninitialized kernel memory.
179 Each address in the kernel map has a linear mapping to addresses in the
182 kernel memory.
183 A non-zero byte in the shadow map indicates that the corresponding byte of
184 kernel memory is uninitialized.
188 memory are transformed and copied.
190 The second shadow is called the origin map, and exists only to help debug
194 does not raise reports for certain operations on uninitialized memory, such
204 Unlike the shadow map, the origin map is not byte-granular, but consists of 4-byte
206 Each cell describes the corresponding four bytes of mapped kernel memory and
208 When kernel memory is allocated for some purpose, its origin is initialized
212 and the address provides the location in the kernel code where the memory was
218 Files containing assembly code are left un-instrumented.
221 These wrappers are referred to as interceptors and handle updating
222 shadow state to reflect the operations performed by the original
225 assembly code may need to use
228 This is typically only necessary in machine-dependent code.
230 Inline assembly is instrumented by the compiler to update shadow state
232 require any special handling to avoid false positives.
234 In addition to the shadow maps, the sanitizer requires some thread-local
235 storage (TLS) to track initialization and origin state for function
243 redirect the CPU to begin execution of unrelated code.
244 To ensure that thread-local sanitizer state remains consistent, the
246 When machine-dependent interrupt and exception handlers begin execution,
258 .Bd -literal -offset indent
265 		/* A 2-byte hole is here. */
284 	 * previous use of that memory.
294 	 * thus copy uninitialized kernel stack memory into userspace.
316 .%T MemorySanitizer: fast detector of uninitialized memory use in C++
327 Accesses to kernel memory outside of the kernel map are ignored by the
330 In particular, memory accesses via the direct map are not validated.
331 When memory is copied from outside the kernel map into the kernel map,
335 is configured, kernel memory allocators are configured to use the kernel map,
336 and filesystems are configured to always map data buffers into the kernel map,
339 This is a conservative policy which aims to avoid false positives, but it will
345 This is intentional, as it reduces memory usage by avoiding creating
347 However, this can allow bugs to go undetected by
350 Some kernel memory allocators provide type-stable objects, and code which uses
354 However, in some cases it may be possible to use
356 to manually annotate fields which are known to contain invalid data upon