diff options
author | Andrey Konovalov <andreyknvl@google.com> | 2021-04-30 09:00:12 +0300 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2021-04-30 21:20:41 +0300 |
commit | 96d7d1415ae8beb3f6ec62107a97ae73db611213 (patch) | |
tree | 12406990cc38946fbad7d96729a66f474f4e5f6c | |
parent | d57a964e09c22441e9fb497d1d7a5c1983a5d1fb (diff) | |
download | linux-96d7d1415ae8beb3f6ec62107a97ae73db611213.tar.xz |
kasan: docs: clean up sections
Update KASAN documentation:
- Give some sections clearer names.
- Remove unneeded subsections in the "Tests" section.
- Move the "For developers" section and split into subsections.
Link: https://lkml.kernel.org/r/c2bbb56eaea80ad484f0ee85bb71959a3a63f1d7.1615559068.git.andreyknvl@google.com
Signed-off-by: Andrey Konovalov <andreyknvl@google.com>
Reviewed-by: Marco Elver <elver@google.com>
Cc: Alexander Potapenko <glider@google.com>
Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-rw-r--r-- | Documentation/dev-tools/kasan.rst | 54 |
1 files changed, 27 insertions, 27 deletions
diff --git a/Documentation/dev-tools/kasan.rst b/Documentation/dev-tools/kasan.rst index 6f6ab3ed7b79..2e8dfb47eb49 100644 --- a/Documentation/dev-tools/kasan.rst +++ b/Documentation/dev-tools/kasan.rst @@ -177,24 +177,6 @@ particular KASAN features. report or also panic the kernel (default: ``report``). Note, that tag checking gets disabled after the first reported bug. -For developers -~~~~~~~~~~~~~~ - -Software KASAN modes use compiler instrumentation to insert validity checks. -Such instrumentation might be incompatible with some part of the kernel, and -therefore needs to be disabled. To disable instrumentation for specific files -or directories, add a line similar to the following to the respective kernel -Makefile: - -- For a single file (e.g. main.o):: - - KASAN_SANITIZE_main.o := n - -- For all files in one directory:: - - KASAN_SANITIZE := n - - Implementation details ---------------------- @@ -308,8 +290,8 @@ support MTE (but supports TBI). Hardware tag-based KASAN only reports the first found bug. After that MTE tag checking gets disabled. -What memory accesses are sanitised by KASAN? --------------------------------------------- +Shadow memory +------------- The kernel maps memory in a number of different parts of the address space. This poses something of a problem for KASAN, which requires @@ -320,8 +302,8 @@ The range of kernel virtual addresses is large: there is not enough real memory to support a real shadow region for every address that could be accessed by the kernel. -By default -~~~~~~~~~~ +Default behaviour +~~~~~~~~~~~~~~~~~ By default, architectures only map real memory over the shadow region for the linear mapping (and potentially other small areas). For all @@ -371,8 +353,29 @@ unmapped. This will require changes in arch-specific code. This allows ``VMAP_STACK`` support on x86, and can simplify support of architectures that do not have a fixed module region. -CONFIG_KASAN_KUNIT_TEST and CONFIG_KASAN_MODULE_TEST ----------------------------------------------------- +For developers +-------------- + +Ignoring accesses +~~~~~~~~~~~~~~~~~ + +Software KASAN modes use compiler instrumentation to insert validity checks. +Such instrumentation might be incompatible with some part of the kernel, and +therefore needs to be disabled. To disable instrumentation for specific files +or directories, add a line similar to the following to the respective kernel +Makefile: + +- For a single file (e.g. main.o):: + + KASAN_SANITIZE_main.o := n + +- For all files in one directory:: + + KASAN_SANITIZE := n + + +Tests +~~~~~ KASAN tests consist of two parts: @@ -418,21 +421,18 @@ Or, if one of the tests failed:: There are a few ways to run KUnit-compatible KASAN tests. 1. Loadable module -~~~~~~~~~~~~~~~~~~ With ``CONFIG_KUNIT`` enabled, ``CONFIG_KASAN_KUNIT_TEST`` can be built as a loadable module and run on any architecture that supports KASAN by loading the module with insmod or modprobe. The module is called ``test_kasan``. 2. Built-In -~~~~~~~~~~~ With ``CONFIG_KUNIT`` built-in, ``CONFIG_KASAN_KUNIT_TEST`` can be built-in on any architecure that supports KASAN. These and any other KUnit tests enabled will run and print the results at boot as a late-init call. 3. Using kunit_tool -~~~~~~~~~~~~~~~~~~~ With ``CONFIG_KUNIT`` and ``CONFIG_KASAN_KUNIT_TEST`` built-in, it's also possible use ``kunit_tool`` to see the results of these and other KUnit tests |