kasan.rst - OpenGrok cross reference for /linux/Documentation/dev-tools/kasan.rst

Lines Matching full:memory
10 Kernel Address Sanitizer (KASAN) is a dynamic memory safety error detector
21 architectures, but it has significant performance and memory overheads.
25 This mode is only supported for arm64, but its moderate memory overhead allows
26 using it for testing on memory-restricted devices with real workloads.
29 is the mode intended to be used as an in-field memory bug detector or as a
31 (Memory Tagging Extension), but it has low memory and performance overheads and
34 For details about the memory and performance impact of each KASAN mode, see the
54 before every memory access and thus require a compiler version that provides
56 these checks but still requires a compiler version that supports the memory
67 Memory types
71 stack, and global memory.
73 Software Tag-Based KASAN supports slab, page_alloc, vmalloc, and stack memory.
76 memory.
106 By default, KASAN prints a bug report only for the first invalid memory access.
236     Memory state around the buggy address:
247 where the accessed memory was allocated (in case a slab object was accessed),
250 information about the accessed memory page.
252 In the end, the report shows the memory state around the accessed address.
253 Internally, KASAN tracks memory state separately for each memory granule, which
255 memory state section of the report shows the state of one of the memory
258 For Generic KASAN, the size of each memory granule is 8. The state of each
262 memory region are accessible; number N (1 <= N <= 7) means that the first N
265 negative values to distinguish between different kinds of inaccessible memory
266 like redzones or freed memory (see mm/kasan/kasan.h).
271 For tag-based KASAN modes, this last report section shows the memory tags around
290 extra memory to record more information (more cost details in the help text of
310 Software KASAN modes use shadow memory to record whether each byte of memory is
311 safe to access and use compile-time instrumentation to insert shadow memory
312 checks before each memory access.
314 Generic KASAN dedicates 1/8th of kernel memory to its shadow memory (16TB
316 translate a memory address to its corresponding shadow address.
329 Compile-time instrumentation is used to insert memory access checks. Compiler
331 each memory access of size 1, 2, 4, 8, or 16. These functions check whether
332 memory accesses are valid or not by checking corresponding shadow memory.
335 directly inserts the code to check shadow memory. This option significantly
345 Software Tag-Based KASAN uses a software memory tagging approach to checking
349 to store a pointer tag in the top byte of kernel pointers. It uses shadow memory
350 to store memory tags associated with each 16-byte memory cell (therefore, it
351 dedicates 1/16th of the kernel memory for shadow memory).
353 On each memory allocation, Software Tag-Based KASAN generates a random tag, tags
354 the allocated memory with this tag, and embeds the same tag into the returned
358 before each memory access. These checks make sure that the tag of the memory
360 this memory. In case of a tag mismatch, Software Tag-Based KASAN prints a bug
364 emits callbacks to check memory accesses; and inline, which performs the shadow
365 memory checks inline). With outline instrumentation mode, a bug report is
372 reserved to tag freed memory regions.
378 hardware memory tagging support instead of compiler instrumentation and
379 shadow memory.
382 and based on both arm64 Memory Tagging Extension (MTE) introduced in ARMv8.5
385 Special arm64 instructions are used to assign memory tags for each allocation.
386 Same tags are assigned to pointers to those allocations. On every memory
387 access, hardware makes sure that the tag of the memory that is being accessed is
388 equal to the tag of the pointer that is used to access this memory. In case of a
393 reserved to tag freed memory regions.
405 Shadow memory
410 The kernel maps memory in several different parts of the address space.
412 memory to support a real shadow region for every address that could be
419 By default, architectures only map real memory over the shadow region
423 declares all memory accesses as permitted.
427 allocator, KASAN temporarily maps real shadow memory to cover them.
439 cost of greater memory usage. Currently, this is supported on x86,
443 allocating real shadow memory to back the mappings.
457 memory.
479 in memory allocators), these accesses are valid.
517 certain types of memory corruptions.