| @@ -1,14 +1,14 @@ | | | @@ -1,14 +1,14 @@ |
1 | .\" $NetBSD: kernel_sanitizers.7,v 1.1 2020/06/23 16:08:46 maxv Exp $ | | 1 | .\" $NetBSD: kernel_sanitizers.7,v 1.2 2020/06/24 08:20:13 wiz Exp $ |
2 | .\" | | 2 | .\" |
3 | .\" Copyright (c) 2020 The NetBSD Foundation, Inc. | | 3 | .\" Copyright (c) 2020 The NetBSD Foundation, Inc. |
4 | .\" All rights reserved. | | 4 | .\" All rights reserved. |
5 | .\" | | 5 | .\" |
6 | .\" This code is derived from software contributed to The NetBSD Foundation | | 6 | .\" This code is derived from software contributed to The NetBSD Foundation |
7 | .\" by Maxime Villard. | | 7 | .\" by Maxime Villard. |
8 | .\" | | 8 | .\" |
9 | .\" Redistribution and use in source and binary forms, with or without | | 9 | .\" Redistribution and use in source and binary forms, with or without |
10 | .\" modification, are permitted provided that the following conditions | | 10 | .\" modification, are permitted provided that the following conditions |
11 | .\" are met: | | 11 | .\" are met: |
12 | .\" 1. Redistributions of source code must retain the above copyright | | 12 | .\" 1. Redistributions of source code must retain the above copyright |
13 | .\" notice, this list of conditions and the following disclaimer. | | 13 | .\" notice, this list of conditions and the following disclaimer. |
14 | .\" 2. Redistributions in binary form must reproduce the above copyright | | 14 | .\" 2. Redistributions in binary form must reproduce the above copyright |
| @@ -18,129 +18,136 @@ | | | @@ -18,129 +18,136 @@ |
18 | .\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS | | 18 | .\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS |
19 | .\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED | | 19 | .\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED |
20 | .\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | | 20 | .\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
21 | .\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS | | 21 | .\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS |
22 | .\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR | | 22 | .\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR |
23 | .\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF | | 23 | .\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF |
24 | .\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS | | 24 | .\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS |
25 | .\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN | | 25 | .\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN |
26 | .\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | | 26 | .\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
27 | .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE | | 27 | .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE |
28 | .\" POSSIBILITY OF SUCH DAMAGE. | | 28 | .\" POSSIBILITY OF SUCH DAMAGE. |
29 | .\" | | 29 | .\" |
30 | .Dd June 22, 2020 | | 30 | .Dd June 22, 2020 |
31 | .Dt kernel_sanitizers 7 | | 31 | .Dt KERNEL_SANITIZERS 7 |
32 | .Os | | 32 | .Os |
33 | .Sh NAME | | 33 | .Sh NAME |
34 | .Nm kernel_sanitizers | | 34 | .Nm kernel_sanitizers |
35 | .Nd | | 35 | .Nd NetBSD Kernel Sanitizers |
36 | .Nx | | | |
37 | Kernel Sanitizers | | | |
38 | .Sh DESCRIPTION | | 36 | .Sh DESCRIPTION |
39 | Kernel Sanitizers are powerful kernel bug detection features that can | | 37 | Kernel Sanitizers are powerful kernel bug detection features that can |
40 | automatically discover several classes of bugs at run time while the kernel | | 38 | automatically discover several classes of bugs at run time while the kernel |
41 | executes. | | 39 | executes. |
42 | .Pp | | 40 | .Pp |
43 | .Nx | | 41 | .Nx |
44 | supports four kernel sanitizers. | | 42 | supports four kernel sanitizers. |
45 | They are not mutually compatible, and only one can be enabled at a time, via | | 43 | They are not mutually compatible, and only one can be enabled at a time, via |
46 | compilation options. | | 44 | compilation options. |
47 | .Sh KUBSAN | | 45 | .Sh KUBSAN |
48 | Kernel Undefined Behavior Sanitizer, specializes in finding several types of | | 46 | Kernel Undefined Behavior Sanitizer, specializes in finding several types of |
49 | undefined behaviors, such a misaligned accesses and integer overflows. | | 47 | undefined behaviors, such a misaligned accesses and integer overflows. |
50 | .Ss Runtime cost | | 48 | .Ss Runtime cost |
51 | Heavy runtime checks. | | 49 | Heavy runtime checks. |
52 | .Ss Used components | | 50 | .Ss Used components |
53 | Compiler instrumentation and an entirely MI runtime. | | 51 | Compiler instrumentation and an entirely MI runtime. |
54 | .Ss Supported architectures | | 52 | .Ss Supported architectures |
55 | aarch64 (gcc), amd64 (gcc). | | 53 | aarch64 (gcc), amd64 (gcc). |
56 | [Theoretically supported on all other architectures with no MD change required] | | 54 | [Theoretically supported on all other architectures with no MD change required] |
57 | .Ss Files | | 55 | .Ss Files |
58 | .Pp | | | |
59 | .Bl -tag -width XXXX -compact | | 56 | .Bl -tag -width XXXX -compact |
60 | .It Pa src/common/lib/libc/misc/ | | 57 | .It Pa src/common/lib/libc/misc/ |
61 | Core KUBSAN code. MI. | | 58 | Core KUBSAN code. |
| | | 59 | MI. |
62 | .El | | 60 | .El |
63 | .Sh KASAN | | 61 | .Sh KASAN |
64 | Kernel Address Sanitizer, specializes in finding memory corruptions such as | | 62 | Kernel Address Sanitizer, specializes in finding memory corruptions such as |
65 | buffer overflows and use-after-frees. | | 63 | buffer overflows and use-after-frees. |
66 | .Pp | | | |
67 | .Ss Runtime cost | | 64 | .Ss Runtime cost |
68 | Heavy runtime checks, and ~12.5% increase in memory consumption. | | 65 | Heavy runtime checks, and ~12.5% increase in memory consumption. |
69 | .Ss Used components | | 66 | .Ss Used components |
70 | Shadow memory, compiler instrumentation, special kernel wrappers, and | | 67 | Shadow memory, compiler instrumentation, special kernel wrappers, and |
71 | light MD infrastructure. | | 68 | light MD infrastructure. |
72 | .Ss Supported architectures | | 69 | .Ss Supported architectures |
73 | aarch64 (gcc), amd64 (gcc, llvm). | | 70 | aarch64 (gcc), amd64 (gcc, llvm). |
74 | .Pp | | 71 | .Pp |
75 | KASAN is made of six sub-features that perform memory validation: | | 72 | KASAN is made of six sub-features that perform memory validation: |
76 | .Bd -literal | | 73 | .Bd -literal |
77 | +-----------------------------------------------------+ | | 74 | +-----------------------------------------------------+ |
78 | | SUPPORTED SUB-FEATURE | | | 75 | | SUPPORTED SUB-FEATURE | |
79 | +---------+------+-------+---------+-----------+---------+------+ | | 76 | +---------+------+-------+---------+-----------+---------+------+ |
80 | | PORT | HEAP | STACK | ATOMICS | BUS_SPACE | BUS_DMA | VLAs | | | 77 | | PORT | HEAP | STACK | ATOMICS | BUS_SPACE | BUS_DMA | VLAs | |
81 | +---------+------+-------+---------+-----------+---------+------+ | | 78 | +---------+------+-------+---------+-----------+---------+------+ |
82 | | amd64 | Yes | Yes | Yes | Yes | Yes | Yes | | | 79 | | amd64 | Yes | Yes | Yes | Yes | Yes | Yes | |
83 | +---------+------+-------+---------+-----------+---------+------+ | | 80 | +---------+------+-------+---------+-----------+---------+------+ |
84 | | aarch64 | Yes | Yes | Yes | No | Yes | Yes | | | 81 | | aarch64 | Yes | Yes | Yes | No | Yes | Yes | |
85 | +---------+------+-------+---------+-----------+---------+------+ | | 82 | +---------+------+-------+---------+-----------+---------+------+ |
86 | .Ed | | 83 | .Ed |
87 | .Pp | | 84 | .Pp |
88 | An architecture is allowed to have only partial support. | | 85 | An architecture is allowed to have only partial support. |
89 | .Ss Files | | 86 | .Ss Files |
90 | .Bl -tag -width XXXX -compact | | 87 | .Bl -tag -width XXXX -compact |
91 | .It Pa src/sys/kern/subr_asan.c | | 88 | .It Pa src/sys/kern/subr_asan.c |
92 | Core KASAN code. MI. | | 89 | Core KASAN code. |
| | | 90 | MI. |
93 | .It Pa src/sys/sys/asan.h | | 91 | .It Pa src/sys/sys/asan.h |
94 | Main KASAN header. MI. | | 92 | Main KASAN header. |
| | | 93 | MI. |
95 | .It Pa src/sys/arch/{port}/include/asan.h | | 94 | .It Pa src/sys/arch/{port}/include/asan.h |
96 | Port-specific KASAN code. MD. | | 95 | Port-specific KASAN code. |
| | | 96 | MD. |
97 | .El | | 97 | .El |
98 | .Pp | | 98 | .Pp |
99 | Each new port of KASAN should respect the existing naming conventions, and | | 99 | Each new port of KASAN should respect the existing naming conventions, and |
100 | should introduce only one MD header file. | | 100 | should introduce only one MD header file. |
101 | .Sh KCSAN | | 101 | .Sh KCSAN |
102 | Kernel Concurrency Sanitizer, specializes in finding memory races. | | 102 | Kernel Concurrency Sanitizer, specializes in finding memory races. |
103 | .Ss Runtime cost | | 103 | .Ss Runtime cost |
104 | Medium runtime checks. | | 104 | Medium runtime checks. |
105 | .Ss Used components | | 105 | .Ss Used components |
106 | Compiler instrumentation, special kernel wrappers, and light MD infrastructure. | | 106 | Compiler instrumentation, special kernel wrappers, and light MD infrastructure. |
107 | .Ss Supported architectures | | 107 | .Ss Supported architectures |
108 | amd64 (gcc). | | 108 | amd64 (gcc). |
109 | .Ss Files | | 109 | .Ss Files |
110 | .Bl -tag -width XXXX -compact | | 110 | .Bl -tag -width XXXX -compact |
111 | .It Pa src/sys/kern/subr_csan.c | | 111 | .It Pa src/sys/kern/subr_csan.c |
112 | Core KCSAN code. MI. | | 112 | Core KCSAN code. |
| | | 113 | MI. |
113 | .It Pa src/sys/sys/csan.h | | 114 | .It Pa src/sys/sys/csan.h |
114 | Main KCSAN header. MI. | | 115 | Main KCSAN header. |
| | | 116 | MI. |
115 | .It Pa src/sys/arch/{port}/include/csan.h | | 117 | .It Pa src/sys/arch/{port}/include/csan.h |
116 | Port-specific KCSAN code. MD. | | 118 | Port-specific KCSAN code. |
| | | 119 | MD. |
117 | .El | | 120 | .El |
118 | .Pp | | 121 | .Pp |
119 | Each new port of KCSAN should respect the existing naming conventions, and | | 122 | Each new port of KCSAN should respect the existing naming conventions, and |
120 | should introduce only one MD header file. | | 123 | should introduce only one MD header file. |
121 | .Sh KMSAN | | 124 | .Sh KMSAN |
122 | Kernel Memory Sanitizer, specializes in finding uninitialized memory. | | 125 | Kernel Memory Sanitizer, specializes in finding uninitialized memory. |
123 | .Ss Runtime cost | | 126 | .Ss Runtime cost |
124 | Heavy runtime checks, and ~100% increase in memory consumption. | | 127 | Heavy runtime checks, and ~100% increase in memory consumption. |
125 | .Ss Used components | | 128 | .Ss Used components |
126 | Shadow memory, compiler instrumentation, special kernel wrappers, and heavy MD | | 129 | Shadow memory, compiler instrumentation, special kernel wrappers, and heavy MD |
127 | infrastructure. | | 130 | infrastructure. |
128 | .Ss Supported architectures | | 131 | .Ss Supported architectures |
129 | amd64 (llvm). | | 132 | amd64 (llvm). |
130 | .Ss Files | | 133 | .Ss Files |
131 | .Bl -tag -width XXXX -compact | | 134 | .Bl -tag -width XXXX -compact |
132 | .It Pa src/sys/kern/subr_msan.c | | 135 | .It Pa src/sys/kern/subr_msan.c |
133 | Core KMSAN code. MI. | | 136 | Core KMSAN code. |
| | | 137 | MI. |
134 | .It Pa src/sys/sys/msan.h | | 138 | .It Pa src/sys/sys/msan.h |
135 | Main KMSAN header. MI. | | 139 | Main KMSAN header. |
| | | 140 | MI. |
136 | .It Pa src/sys/arch/{port}/include/msan.h | | 141 | .It Pa src/sys/arch/{port}/include/msan.h |
137 | Port-specific KMSAN code. MD. | | 142 | Port-specific KMSAN code. |
| | | 143 | MD. |
138 | .El | | 144 | .El |
139 | .Pp | | 145 | .Pp |
140 | Each new port of KMSAN should respect the existing naming conventions, and | | 146 | Each new port of KMSAN should respect the existing naming conventions, and |
141 | should introduce only one MD header file. | | 147 | should introduce only one MD header file. |
142 | .Sh AUTHORS | | 148 | .Sh AUTHORS |
| | | 149 | .An -nosplit |
143 | Support for KUBSAN was developed by | | 150 | Support for KUBSAN was developed by |
144 | .An Kamil Rytarowski . | | 151 | .An Kamil Rytarowski . |
145 | Support for KASAN, KCSAN and KMSAN was developed by | | 152 | Support for KASAN, KCSAN and KMSAN was developed by |
146 | .An Maxime Villard . | | 153 | .An Maxime Villard . |