Lines Matching +full:1 +full:- +full:based
5 --------
8 find out-of-bound and use-after-free bugs. KASAN has two modes: generic KASAN
9 (similar to userspace ASan) and software tag-based KASAN (similar to userspace
12 KASAN uses compile-time instrumentation to insert validity checks before every
17 out-of-bounds accesses for global variables is only supported since Clang 11.
19 Tag-based KASAN is only supported in Clang.
22 riscv architectures, and tag-based KASAN is supported only for arm64.
25 -----
32 CONFIG_KASAN_SW_TAGS (to enable software tag-based KASAN).
36 smaller binary while the latter is 1.1 - 2 times faster.
47 - For a single file (e.g. main.o)::
51 - For all files in one directory::
58 A typical out-of-bounds access generic KASAN report looks like this::
61 BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0xa8/0xbc [test_kasan]
62 Write of size 1 at addr ffff8801f44ec37b by task insmod/2760
64 CPU: 1 PID: 2760 Comm: insmod Not tainted 4.19.0-rc3+ #698
65 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014
112 which belongs to the cache kmalloc-128 of size 128
114 128-byte region [ffff8801f44ec300, ffff8801f44ec380)
116 page:ffffea0007d13b00 count:1 mapcount:0 mapping:ffff8801f7001640 index:0x0
135 freed (in case of a use-after-free bug report). Next comes a description of
144 of the corresponding memory region are accessible; number N (1 <= N <= 7) means
145 that the first N bytes are accessible, and other (8 - N) bytes are not;
146 any negative value indicates that the entire 8-byte word is inaccessible.
153 For tag-based KASAN this last report section shows the memory tags around the
158 ----------------------
165 to access, and use compile-time instrumentation to insert checks of shadow
168 Generic KASAN dedicates 1/8th of kernel memory to its shadow memory (e.g. 16TB
183 Compile-time instrumentation is used to insert memory access checks. Compiler
185 memory access of size 1, 2, 4, 8 or 16. These functions check whether memory
190 This option significantly enlarges kernel but it gives x1.1-x2 performance
196 Software tag-based KASAN
199 Tag-based KASAN uses the Top Byte Ignore (TBI) feature of modern arm64 CPUs to
201 uses shadow memory to store memory tags associated with each 16-byte memory
202 cell (therefore it dedicates 1/16th of the kernel memory for shadow memory).
204 On each memory allocation tag-based KASAN generates a random tag, tags the
206 Software tag-based KASAN uses compile-time instrumentation to insert checks
209 memory. In case of a tag mismatch tag-based KASAN prints a bug report.
211 Software tag-based KASAN also has two instrumentation modes (outline, that
218 A potential expansion of this mode is a hardware tag-based mode, which would
223 --------------------------------------------
239 other areas - such as vmalloc and vmemmap space - a single read-only
240 page is mapped over the shadow area. This read-only shadow page
250 lives in vmalloc space, it will be shadowed by the read-only page, and
280 unmapped. This will require changes in arch-specific code.
286 --------------------------------------------------
297 ok 28 - kmalloc_double_kzfree
303 not ok 4 - kmalloc_large_oob_right
308 Expected kasan_data->report_expected == kasan_data->report_found, but
309 kasan_data->report_expected == 1
310 kasan_data->report_found == 0
311 not ok 28 - kmalloc_double_kzfree
316 ok 1 - kasan
320 not ok 1 - kasan
322 (1) Loadable Module
329 (2) Built-In
332 With ``CONFIG_KUNIT`` built-in, ``CONFIG_KASAN_KUNIT_TEST`` can be built-in
334 tests enabled will run and print the results at boot as a late-init
340 With ``CONFIG_KUNIT`` and ``CONFIG_KASAN_KUNIT_TEST`` built-in, we can also
343 …cumentation <https://www.kernel.org/doc/html/latest/dev-tools/kunit/index.html>`_ for more up-to-d…
346 .. _KUnit: https://www.kernel.org/doc/html/latest/dev-tools/kunit/index.html
351 ``CONFIG_KASAN`` built-in. The type of error expected and the