xref: /netbsd-src/share/man/man7/kernel_sanitizers.7 (revision 1fde49c064576f408cd09dfd32d84ffd49192653) 
1.\"	$NetBSD: kernel_sanitizers.7,v 1.6 2020/07/12 13:40:44 skrll Exp $
2.\"
3.\" Copyright (c) 2020 The NetBSD Foundation, Inc.
4.\" All rights reserved.
5.\"
6.\" This code is derived from software contributed to The NetBSD Foundation
7.\" by Maxime Villard.
8.\"
9.\" Redistribution and use in source and binary forms, with or without
10.\" modification, are permitted provided that the following conditions
11.\" are met:
12.\" 1. Redistributions of source code must retain the above copyright
13.\"    notice, this list of conditions and the following disclaimer.
14.\" 2. Redistributions in binary form must reproduce the above copyright
15.\"    notice, this list of conditions and the following disclaimer in the
16.\"    documentation and/or other materials provided with the distribution.
17.\"
18.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
19.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
20.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
21.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
22.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
23.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
24.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
25.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
26.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
27.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
28.\" POSSIBILITY OF SUCH DAMAGE.
29.\"
30.Dd July 12, 2020
31.Dt KERNEL_SANITIZERS 7
32.Os
33.Sh NAME
34.Nm kernel_sanitizers
35.Nd NetBSD Kernel Sanitizers
36.Sh DESCRIPTION
37Kernel Sanitizers are powerful kernel bug detection features that can
38automatically discover several classes of bugs at run time while the kernel
39executes.
40.Pp
41.Nx
42supports four kernel sanitizers.
43They are not mutually compatible, and only one can be enabled at a time, via
44compilation options.
45.Sh KUBSAN
46Kernel Undefined Behavior Sanitizer, specializes in finding several types of
47undefined behaviors, such a misaligned accesses and integer overflows.
48.Ss Runtime cost
49Heavy runtime checks.
50.Ss Used components
51Compiler instrumentation and an entirely MI runtime.
52.Ss Supported architectures
53aarch64 (gcc), amd64 (gcc), arm (gcc).
54[Theoretically supported on all other architectures with no MD change required]
55.Ss Files
56.Bl -tag -width XXXX -compact
57.It Pa src/common/lib/libc/misc/ubsan.c
58Core KUBSAN code.
59MI.
60.El
61.Sh KASAN
62Kernel Address Sanitizer, specializes in finding memory corruptions such as
63buffer overflows and use-after-frees.
64.Ss Runtime cost
65Heavy runtime checks, and ~12.5% increase in memory consumption.
66.Ss Used components
67Shadow memory, compiler instrumentation, special kernel wrappers, and
68light MD infrastructure.
69.Ss Supported architectures
70aarch64 (gcc), amd64 (gcc, llvm), arm (gcc).
71.Pp
72KASAN is made of six sub-features that perform memory validation:
73.Bd -literal
74          +-----------------------------------------------------+
75          |                SUPPORTED SUB-FEATURE                |
76+---------+------+-------+---------+-----------+---------+------+
77|  PORT   | HEAP | STACK | ATOMICS | BUS_SPACE | BUS_DMA | VLAs |
78+---------+------+-------+---------+-----------+---------+------+
79| amd64   | Yes  | Yes   | Yes     | Yes       | Yes     | Yes  |
80+---------+------+-------+---------+-----------+---------+------+
81| aarch64 | Yes  | Yes   | Yes     | No        | Yes     | Yes  |
82+---------+------+-------+---------+-----------+---------+------+
83| arm     | Yes  | Yes   | Yes     | No        | Yes     | Yes  |
84+---------+------+-------+---------+-----------+---------+------+
85.Ed
86.Pp
87An architecture is allowed to have only partial support.
88.Ss Files
89.Bl -tag -width XXXX -compact
90.It Pa src/sys/kern/subr_asan.c
91Core KASAN code.
92MI.
93.It Pa src/sys/sys/asan.h
94Main KASAN header.
95MI.
96.It Pa src/sys/arch/{port}/include/asan.h
97Port-specific KASAN code.
98MD.
99.El
100.Pp
101Each new port of KASAN should respect the existing naming conventions, and
102should introduce only one MD header file.
103.Sh KCSAN
104Kernel Concurrency Sanitizer, specializes in finding memory races.
105.Ss Runtime cost
106Medium runtime checks.
107.Ss Used components
108Compiler instrumentation, special kernel wrappers, and light MD infrastructure.
109.Ss Supported architectures
110amd64 (gcc).
111.Ss Files
112.Bl -tag -width XXXX -compact
113.It Pa src/sys/kern/subr_csan.c
114Core KCSAN code.
115MI.
116.It Pa src/sys/sys/csan.h
117Main KCSAN header.
118MI.
119.It Pa src/sys/arch/{port}/include/csan.h
120Port-specific KCSAN code.
121MD.
122.El
123.Pp
124Each new port of KCSAN should respect the existing naming conventions, and
125should introduce only one MD header file.
126.Sh KMSAN
127Kernel Memory Sanitizer, specializes in finding uninitialized memory.
128.Ss Runtime cost
129Heavy runtime checks, and ~200% increase in memory consumption.
130.Ss Used components
131Double shadow memory, compiler instrumentation, special kernel wrappers, and
132heavy MD infrastructure.
133.Ss Supported architectures
134amd64 (llvm).
135.Ss Files
136.Bl -tag -width XXXX -compact
137.It Pa src/sys/kern/subr_msan.c
138Core KMSAN code.
139MI.
140.It Pa src/sys/sys/msan.h
141Main KMSAN header.
142MI.
143.It Pa src/sys/arch/{port}/include/msan.h
144Port-specific KMSAN code.
145MD.
146.El
147.Pp
148Each new port of KMSAN should respect the existing naming conventions, and
149should introduce only one MD header file.
150.Sh AUTHORS
151.An -nosplit
152Support for KUBSAN was developed by
153.An Kamil Rytarowski .
154Support for KASAN, KCSAN and KMSAN was developed by
155.An Maxime Villard .
156Support for KASAN on ARM was developed by
157.An Nick Hudson .
158