kasan.rst - OpenGrok cross reference for /Linux-v6.1/Documentation/dev-tools/kasan.rst

Lines Matching full:memory
7 Kernel Address Sanitizer (KASAN) is a dynamic memory safety error detector
18 architectures, but it has significant performance and memory overheads.
22 This mode is only supported for arm64, but its moderate memory overhead allows
23 using it for testing on memory-restricted devices with real workloads.
26 is the mode intended to be used as an in-field memory bug detector or as a
28 (Memory Tagging Extension), but it has low memory and performance overheads and
31 For details about the memory and performance impact of each KASAN mode, see the
51 before every memory access and thus require a compiler version that provides
53 these checks but still requires a compiler version that supports the memory
64 Memory types
68 stack, and global memory.
70 Software Tag-Based KASAN supports slab, page_alloc, vmalloc, and stack memory.
73 memory.
103 By default, KASAN prints a bug report only for the first invalid memory access.
210     Memory state around the buggy address:
221 where the accessed memory was allocated (in case a slab object was accessed),
224 information about the accessed memory page.
226 In the end, the report shows the memory state around the accessed address.
227 Internally, KASAN tracks memory state separately for each memory granule, which
229 memory state section of the report shows the state of one of the memory
232 For Generic KASAN, the size of each memory granule is 8. The state of each
236 memory region are accessible; number N (1 <= N <= 7) means that the first N
239 negative values to distinguish between different kinds of inaccessible memory
240 like redzones or freed memory (see mm/kasan/kasan.h).
245 For tag-based KASAN modes, this last report section shows the memory tags around
263 Software KASAN modes use shadow memory to record whether each byte of memory is
264 safe to access and use compile-time instrumentation to insert shadow memory
265 checks before each memory access.
267 Generic KASAN dedicates 1/8th of kernel memory to its shadow memory (16TB
269 translate a memory address to its corresponding shadow address.
282 Compile-time instrumentation is used to insert memory access checks. Compiler
284 each memory access of size 1, 2, 4, 8, or 16. These functions check whether
285 memory accesses are valid or not by checking corresponding shadow memory.
288 directly inserts the code to check shadow memory. This option significantly
298 Software Tag-Based KASAN uses a software memory tagging approach to checking
302 to store a pointer tag in the top byte of kernel pointers. It uses shadow memory
303 to store memory tags associated with each 16-byte memory cell (therefore, it
304 dedicates 1/16th of the kernel memory for shadow memory).
306 On each memory allocation, Software Tag-Based KASAN generates a random tag, tags
307 the allocated memory with this tag, and embeds the same tag into the returned
311 before each memory access. These checks make sure that the tag of the memory
313 this memory. In case of a tag mismatch, Software Tag-Based KASAN prints a bug
317 emits callbacks to check memory accesses; and inline, which performs the shadow
318 memory checks inline). With outline instrumentation mode, a bug report is
325 reserved to tag freed memory regions.
331 hardware memory tagging support instead of compiler instrumentation and
332 shadow memory.
335 and based on both arm64 Memory Tagging Extension (MTE) introduced in ARMv8.5
338 Special arm64 instructions are used to assign memory tags for each allocation.
339 Same tags are assigned to pointers to those allocations. On every memory
340 access, hardware makes sure that the tag of the memory that is being accessed is
341 equal to the tag of the pointer that is used to access this memory. In case of a
346 reserved to tag freed memory regions.
358 Shadow memory
363 The kernel maps memory in several different parts of the address space.
365 memory to support a real shadow region for every address that could be
372 By default, architectures only map real memory over the shadow region
376 declares all memory accesses as permitted.
380 allocator, KASAN temporarily maps real shadow memory to cover them.
392 cost of greater memory usage. Currently, this is supported on x86,
396 allocating real shadow memory to back the mappings.
410 memory.
432 in memory allocators), these accesses are valid.
470 certain types of memory corruptions. The tests consist of two parts: