€•-î      Œsphinx.addnodes”Œdocument”“”)”}”(Œ	rawsource”Œ ”Œchildren”]”(Œtranslations”ŒLanguagesNode”“”)”}”(hhh]”(h Œpending_xref”“”)”}”(hhh]”Œdocutils.nodes”ŒText”“”ŒChinese (Simplified)”…””}”Œparent”hsbaŒ
attributes”}”(Œids”]”Œclasses”]”Œnames”]”Œdupnames”]”Œbackrefs”]”Œ	refdomain”Œstd”Œreftype”Œdoc”Œ	reftarget”Œ#/translations/zh_CN/dev-tools/kmsan”Œmodname”NŒ	classname”NŒrefexplicit”ˆuŒtagname”hhhubh)”}”(hhh]”hŒChinese (Traditional)”…””}”hh2sbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ#/translations/zh_TW/dev-tools/kmsan”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒItalian”…””}”hhFsbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ#/translations/it_IT/dev-tools/kmsan”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒJapanese”…””}”hhZsbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ#/translations/ja_JP/dev-tools/kmsan”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒKorean”…””}”hhnsbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ#/translations/ko_KR/dev-tools/kmsan”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒSpanish”…””}”hh‚sbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ#/translations/sp_SP/dev-tools/kmsan”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubeh}”(h]”h ]”h"]”h$]”h&]”Œcurrent_language”ŒEnglish”uh1h
hhŒ	_document”hŒsource”NŒline”NubhŒcomment”“”)”}”(hŒ SPDX-License-Identifier: GPL-2.0”h]”hŒ SPDX-License-Identifier: GPL-2.0”…””}”hh£sbah}”(h]”h ]”h"]”h$]”h&]”Œ	xml:space”Œpreserve”uh1h¡hhhžhhŸŒ=/var/lib/git/docbuild/linux/Documentation/dev-tools/kmsan.rst”h Kubh¢)”}”(hŒCopyright (C) 2022, Google LLC.”h]”hŒCopyright (C) 2022, Google LLC.”…””}”hh´sbah}”(h]”h ]”h"]”h$]”h&]”h±h²uh1h¡hhhžhhŸh³h KubhŒsection”“”)”}”(hhh]”(hŒtitle”“”)”}”(hŒKernel Memory Sanitizer (KMSAN)”h]”hŒKernel Memory Sanitizer (KMSAN)”…””}”(hhÉhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÇhhÄhžhhŸh³h KubhŒ	paragraph”“”)”}”(hŒ¸KMSAN is a dynamic error detector aimed at finding uses of uninitialized
values. It is based on compiler instrumentation, and is quite similar to the
userspace `MemorySanitizer tool`_.”h]”(hŒ KMSAN is a dynamic error detector aimed at finding uses of uninitialized
values. It is based on compiler instrumentation, and is quite similar to the
userspace ”…””}”(hhÙhžhhŸNh NubhŒ	reference”“”)”}”(hŒ`MemorySanitizer tool`_”h]”hŒMemorySanitizer tool”…””}”(hhãhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”Œname”ŒMemorySanitizer tool”Œrefuri”Œ0https://clang.llvm.org/docs/MemorySanitizer.html”uh1háhhÙŒresolved”KubhŒ.”…””}”(hhÙhžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1h×hŸh³h KhhÄhžhubhØ)”}”(hŒAn important note is that KMSAN is not intended for production use, because it
drastically increases kernel memory footprint and slows the whole system down.”h]”hŒAn important note is that KMSAN is not intended for production use, because it
drastically increases kernel memory footprint and slows the whole system down.”…””}”(hj   hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h×hŸh³h KhhÄhžhubhÃ)”}”(hhh]”(hÈ)”}”(hŒUsage”h]”hŒUsage”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÇhj  hžhhŸh³h KubhÃ)”}”(hhh]”(hÈ)”}”(hŒBuilding the kernel”h]”hŒBuilding the kernel”…””}”(hj"  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÇhj  hžhhŸh³h KubhØ)”}”(hŒžIn order to build a kernel with KMSAN you will need a fresh Clang (14.0.6+).
Please refer to `LLVM documentation`_ for the instructions on how to build Clang.”h]”(hŒ]In order to build a kernel with KMSAN you will need a fresh Clang (14.0.6+).
Please refer to ”…””}”(hj0  hžhhŸNh Nubhâ)”}”(hŒ`LLVM documentation`_”h]”hŒLLVM documentation”…””}”(hj8  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”Œname”ŒLLVM documentation”hóŒ)https://llvm.org/docs/GettingStarted.html”uh1háhj0  hõKubhŒ, for the instructions on how to build Clang.”…””}”(hj0  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1h×hŸh³h Khj  hžhubhØ)”}”(hŒ=Now configure and build the kernel with CONFIG_KMSAN enabled.”h]”hŒ=Now configure and build the kernel with CONFIG_KMSAN enabled.”…””}”(hjS  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h×hŸh³h Khj  hžhubeh}”(h]”Œbuilding-the-kernel”ah ]”h"]”Œbuilding the kernel”ah$]”h&]”uh1hÂhj  hžhhŸh³h KubhÃ)”}”(hhh]”(hÈ)”}”(hŒExample report”h]”hŒExample report”…””}”(hjl  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÇhji  hžhhŸh³h KubhØ)”}”(hŒ&Here is an example of a KMSAN report::”h]”hŒ%Here is an example of a KMSAN report:”…””}”(hjz  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h×hŸh³h Khji  hžhubhŒliteral_block”“”)”}”(hX+  =====================================================
BUG: KMSAN: uninit-value in test_uninit_kmsan_check_memory+0x1be/0x380 [kmsan_test]
 test_uninit_kmsan_check_memory+0x1be/0x380 mm/kmsan/kmsan_test.c:273
 kunit_run_case_internal lib/kunit/test.c:333
 kunit_try_run_case+0x206/0x420 lib/kunit/test.c:374
 kunit_generic_run_threadfn_adapter+0x6d/0xc0 lib/kunit/try-catch.c:28
 kthread+0x721/0x850 kernel/kthread.c:327
 ret_from_fork+0x1f/0x30 ??:?

Uninit was stored to memory at:
 do_uninit_local_array+0xfa/0x110 mm/kmsan/kmsan_test.c:260
 test_uninit_kmsan_check_memory+0x1a2/0x380 mm/kmsan/kmsan_test.c:271
 kunit_run_case_internal lib/kunit/test.c:333
 kunit_try_run_case+0x206/0x420 lib/kunit/test.c:374
 kunit_generic_run_threadfn_adapter+0x6d/0xc0 lib/kunit/try-catch.c:28
 kthread+0x721/0x850 kernel/kthread.c:327
 ret_from_fork+0x1f/0x30 ??:?

Local variable uninit created at:
 do_uninit_local_array+0x4a/0x110 mm/kmsan/kmsan_test.c:256
 test_uninit_kmsan_check_memory+0x1a2/0x380 mm/kmsan/kmsan_test.c:271

Bytes 4-7 of 8 are uninitialized
Memory access of size 8 starts at ffff888083fe3da0

CPU: 0 PID: 6731 Comm: kunit_try_catch Tainted: G    B       E     5.16.0-rc3+ #104
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014
=====================================================”h]”hX+  =====================================================
BUG: KMSAN: uninit-value in test_uninit_kmsan_check_memory+0x1be/0x380 [kmsan_test]
 test_uninit_kmsan_check_memory+0x1be/0x380 mm/kmsan/kmsan_test.c:273
 kunit_run_case_internal lib/kunit/test.c:333
 kunit_try_run_case+0x206/0x420 lib/kunit/test.c:374
 kunit_generic_run_threadfn_adapter+0x6d/0xc0 lib/kunit/try-catch.c:28
 kthread+0x721/0x850 kernel/kthread.c:327
 ret_from_fork+0x1f/0x30 ??:?

Uninit was stored to memory at:
 do_uninit_local_array+0xfa/0x110 mm/kmsan/kmsan_test.c:260
 test_uninit_kmsan_check_memory+0x1a2/0x380 mm/kmsan/kmsan_test.c:271
 kunit_run_case_internal lib/kunit/test.c:333
 kunit_try_run_case+0x206/0x420 lib/kunit/test.c:374
 kunit_generic_run_threadfn_adapter+0x6d/0xc0 lib/kunit/try-catch.c:28
 kthread+0x721/0x850 kernel/kthread.c:327
 ret_from_fork+0x1f/0x30 ??:?

Local variable uninit created at:
 do_uninit_local_array+0x4a/0x110 mm/kmsan/kmsan_test.c:256
 test_uninit_kmsan_check_memory+0x1a2/0x380 mm/kmsan/kmsan_test.c:271

Bytes 4-7 of 8 are uninitialized
Memory access of size 8 starts at ffff888083fe3da0

CPU: 0 PID: 6731 Comm: kunit_try_catch Tainted: G    B       E     5.16.0-rc3+ #104
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014
=====================================================”…””}”hjŠ  sbah}”(h]”h ]”h"]”h$]”h&]”h±h²uh1jˆ  hŸh³h Khji  hžhubhØ)”}”(hŒ¼The report says that the local variable ``uninit`` was created uninitialized in
``do_uninit_local_array()``. The third stack trace corresponds to the place
where this variable was created.”h]”(hŒ(The report says that the local variable ”…””}”(hj˜  hžhhŸNh NubhŒliteral”“”)”}”(hŒ
``uninit``”h]”hŒuninit”…””}”(hj¢  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hj˜  ubhŒ was created uninitialized in
”…””}”(hj˜  hžhhŸNh Nubj¡  )”}”(hŒ``do_uninit_local_array()``”h]”hŒdo_uninit_local_array()”…””}”(hj´  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hj˜  ubhŒQ. The third stack trace corresponds to the place
where this variable was created.”…””}”(hj˜  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1h×hŸh³h K<hji  hžhubhØ)”}”(hX  The first stack trace shows where the uninit value was used (in
``test_uninit_kmsan_check_memory()``). The tool shows the bytes which were left
uninitialized in the local variable, as well as the stack where the value was
copied to another memory location before use.”h]”(hŒ@The first stack trace shows where the uninit value was used (in
”…””}”(hjÌ  hžhhŸNh Nubj¡  )”}”(hŒ$``test_uninit_kmsan_check_memory()``”h]”hŒ test_uninit_kmsan_check_memory()”…””}”(hjÔ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hjÌ  ubhŒ§). The tool shows the bytes which were left
uninitialized in the local variable, as well as the stack where the value was
copied to another memory location before use.”…””}”(hjÌ  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1h×hŸh³h K@hji  hžhubhØ)”}”(hŒOA use of uninitialized value ``v`` is reported by KMSAN in the following cases:”h]”(hŒA use of uninitialized value ”…””}”(hjì  hžhhŸNh Nubj¡  )”}”(hŒ``v``”h]”hŒv”…””}”(hjô  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hjì  ubhŒ- is reported by KMSAN in the following cases:”…””}”(hjì  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1h×hŸh³h KEhji  hžhubhŒblock_quote”“”)”}”(hX:  - in a condition, e.g. ``if (v) { ... }``;
- in an indexing or pointer dereferencing, e.g. ``array[v]`` or ``*v``;
- when it is copied to userspace or hardware, e.g. ``copy_to_user(..., &v, ...)``;
- when it is passed as an argument to a function, and
  ``CONFIG_KMSAN_CHECK_PARAM_RETVAL`` is enabled (see below).
”h]”hŒbullet_list”“”)”}”(hhh]”(hŒ	list_item”“”)”}”(hŒ(in a condition, e.g. ``if (v) { ... }``;”h]”hØ)”}”(hj  h]”(hŒin a condition, e.g. ”…””}”(hj  hžhhŸNh Nubj¡  )”}”(hŒ``if (v) { ... }``”h]”hŒif (v) { ... }”…””}”(hj$  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hj  ubhŒ;”…””}”(hj  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1h×hŸh³h KGhj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hj  ubj  )”}”(hŒEin an indexing or pointer dereferencing, e.g. ``array[v]`` or ``*v``;”h]”hØ)”}”(hjD  h]”(hŒ.in an indexing or pointer dereferencing, e.g. ”…””}”(hjF  hžhhŸNh Nubj¡  )”}”(hŒ``array[v]``”h]”hŒarray[v]”…””}”(hjM  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hjF  ubhŒ or ”…””}”(hjF  hžhhŸNh Nubj¡  )”}”(hŒ``*v``”h]”hŒ*v”…””}”(hj_  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hjF  ubhŒ;”…””}”(hjF  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1h×hŸh³h KHhjB  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hj  ubj  )”}”(hŒPwhen it is copied to userspace or hardware, e.g. ``copy_to_user(..., &v, ...)``;”h]”hØ)”}”(hj  h]”(hŒ1when it is copied to userspace or hardware, e.g. ”…””}”(hj  hžhhŸNh Nubj¡  )”}”(hŒ``copy_to_user(..., &v, ...)``”h]”hŒcopy_to_user(..., &v, ...)”…””}”(hjˆ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hj  ubhŒ;”…””}”(hj  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1h×hŸh³h KIhj}  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hj  ubj  )”}”(hŒpwhen it is passed as an argument to a function, and
``CONFIG_KMSAN_CHECK_PARAM_RETVAL`` is enabled (see below).
”h]”hØ)”}”(hŒowhen it is passed as an argument to a function, and
``CONFIG_KMSAN_CHECK_PARAM_RETVAL`` is enabled (see below).”h]”(hŒ4when it is passed as an argument to a function, and
”…””}”(hjª  hžhhŸNh Nubj¡  )”}”(hŒ#``CONFIG_KMSAN_CHECK_PARAM_RETVAL``”h]”hŒCONFIG_KMSAN_CHECK_PARAM_RETVAL”…””}”(hj²  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hjª  ubhŒ is enabled (see below).”…””}”(hjª  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1h×hŸh³h KJhj¦  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hj  ubeh}”(h]”h ]”h"]”h$]”h&]”Œbullet”Œ-”uh1j  hŸh³h KGhj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h KGhji  hžhubhØ)”}”(hŒ¨The mentioned cases (apart from copying data to userspace or hardware, which is
a security issue) are considered undefined behavior from the C11 Standard point
of view.”h]”hŒ¨The mentioned cases (apart from copying data to userspace or hardware, which is
a security issue) are considered undefined behavior from the C11 Standard point
of view.”…””}”(hjÞ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h×hŸh³h KMhji  hžhubeh}”(h]”Œexample-report”ah ]”h"]”Œexample report”ah$]”h&]”uh1hÂhj  hžhhŸh³h KubhÃ)”}”(hhh]”(hÈ)”}”(hŒDisabling the instrumentation”h]”hŒDisabling the instrumentation”…””}”(hj÷  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÇhjô  hžhhŸh³h KRubhØ)”}”(hŒåA function can be marked with ``__no_kmsan_checks``. Doing so makes KMSAN
ignore uninitialized values in that function and mark its output as initialized.
As a result, the user will not get KMSAN reports related to that function.”h]”(hŒA function can be marked with ”…””}”(hj  hžhhŸNh Nubj¡  )”}”(hŒ``__no_kmsan_checks``”h]”hŒ__no_kmsan_checks”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hj  ubhŒ². Doing so makes KMSAN
ignore uninitialized values in that function and mark its output as initialized.
As a result, the user will not get KMSAN reports related to that function.”…””}”(hj  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1h×hŸh³h KThjô  hžhubhØ)”}”(hXI  Another function attribute supported by KMSAN is ``__no_sanitize_memory``.
Applying this attribute to a function will result in KMSAN not instrumenting
it, which can be helpful if we do not want the compiler to interfere with some
low-level code (e.g. that marked with ``noinstr`` which implicitly adds
``__no_sanitize_memory``).”h]”(hŒ1Another function attribute supported by KMSAN is ”…””}”(hj%  hžhhŸNh Nubj¡  )”}”(hŒ``__no_sanitize_memory``”h]”hŒ__no_sanitize_memory”…””}”(hj-  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hj%  ubhŒÄ.
Applying this attribute to a function will result in KMSAN not instrumenting
it, which can be helpful if we do not want the compiler to interfere with some
low-level code (e.g. that marked with ”…””}”(hj%  hžhhŸNh Nubj¡  )”}”(hŒ``noinstr``”h]”hŒnoinstr”…””}”(hj?  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hj%  ubhŒ which implicitly adds
”…””}”(hj%  hžhhŸNh Nubj¡  )”}”(hŒ``__no_sanitize_memory``”h]”hŒ__no_sanitize_memory”…””}”(hjQ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hj%  ubhŒ).”…””}”(hj%  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1h×hŸh³h KXhjô  hžhubhØ)”}”(hŒöThis however comes at a cost: stack allocations from such functions will have
incorrect shadow/origin values, likely leading to false positives. Functions
called from non-instrumented code may also receive incorrect metadata for their
parameters.”h]”hŒöThis however comes at a cost: stack allocations from such functions will have
incorrect shadow/origin values, likely leading to false positives. Functions
called from non-instrumented code may also receive incorrect metadata for their
parameters.”…””}”(hji  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h×hŸh³h K^hjô  hžhubhØ)”}”(hŒDAs a rule of thumb, avoid using ``__no_sanitize_memory`` explicitly.”h]”(hŒ As a rule of thumb, avoid using ”…””}”(hjw  hžhhŸNh Nubj¡  )”}”(hŒ``__no_sanitize_memory``”h]”hŒ__no_sanitize_memory”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hjw  ubhŒ explicitly.”…””}”(hjw  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1h×hŸh³h Kchjô  hžhubhØ)”}”(hŒFIt is also possible to disable KMSAN for a single file (e.g. main.o)::”h]”hŒEIt is also possible to disable KMSAN for a single file (e.g. main.o):”…””}”(hj—  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h×hŸh³h Kehjô  hžhubj‰  )”}”(hŒKMSAN_SANITIZE_main.o := n”h]”hŒKMSAN_SANITIZE_main.o := n”…””}”hj¥  sbah}”(h]”h ]”h"]”h$]”h&]”h±h²uh1jˆ  hŸh³h Kghjô  hžhubhØ)”}”(hŒor for the whole directory::”h]”hŒor for the whole directory:”…””}”(hj³  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h×hŸh³h Kihjô  hžhubj‰  )”}”(hŒKMSAN_SANITIZE := n”h]”hŒKMSAN_SANITIZE := n”…””}”hjÁ  sbah}”(h]”h ]”h"]”h$]”h&]”h±h²uh1jˆ  hŸh³h Kkhjô  hžhubhØ)”}”(hŒÜin the Makefile. Think of this as applying ``__no_sanitize_memory`` to every
function in the file or directory. Most users won't need KMSAN_SANITIZE, unless
their code gets broken by KMSAN (e.g. runs at early boot time).”h]”(hŒ+in the Makefile. Think of this as applying ”…””}”(hjÏ  hžhhŸNh Nubj¡  )”}”(hŒ``__no_sanitize_memory``”h]”hŒ__no_sanitize_memory”…””}”(hj×  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hjÏ  ubhŒ› to every
function in the file or directory. Most users wonâ€™t need KMSAN_SANITIZE, unless
their code gets broken by KMSAN (e.g. runs at early boot time).”…””}”(hjÏ  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1h×hŸh³h Kmhjô  hžhubhØ)”}”(hX‘  KMSAN checks can also be temporarily disabled for the current task using
``kmsan_disable_current()`` and ``kmsan_enable_current()`` calls. Each
``kmsan_enable_current()`` call must be preceded by a
``kmsan_disable_current()`` call; these call pairs may be nested. One needs to
be careful with these calls, keeping the regions short and preferring other
ways to disable instrumentation, where possible.”h]”(hŒIKMSAN checks can also be temporarily disabled for the current task using
”…””}”(hjï  hžhhŸNh Nubj¡  )”}”(hŒ``kmsan_disable_current()``”h]”hŒkmsan_disable_current()”…””}”(hj÷  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hjï  ubhŒ and ”…””}”(hjï  hžhhŸNh Nubj¡  )”}”(hŒ``kmsan_enable_current()``”h]”hŒkmsan_enable_current()”…””}”(hj	  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hjï  ubhŒ calls. Each
”…””}”(hjï  hžhhŸNh Nubj¡  )”}”(hŒ``kmsan_enable_current()``”h]”hŒkmsan_enable_current()”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hjï  ubhŒ call must be preceded by a
”…””}”(hjï  hžhhŸNh Nubj¡  )”}”(hŒ``kmsan_disable_current()``”h]”hŒkmsan_disable_current()”…””}”(hj-  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hjï  ubhŒ° call; these call pairs may be nested. One needs to
be careful with these calls, keeping the regions short and preferring other
ways to disable instrumentation, where possible.”…””}”(hjï  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1h×hŸh³h Kqhjô  hžhubeh}”(h]”Œdisabling-the-instrumentation”ah ]”h"]”Œdisabling the instrumentation”ah$]”h&]”uh1hÂhj  hžhhŸh³h KRubeh}”(h]”Œusage”ah ]”h"]”Œusage”ah$]”h&]”uh1hÂhhÄhžhhŸh³h KubhÃ)”}”(hhh]”(hÈ)”}”(hŒSupport”h]”hŒSupport”…””}”(hjX  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÇhjU  hžhhŸh³h KyubhØ)”}”(hŒÌIn order for KMSAN to work the kernel must be built with Clang, which so far is
the only compiler that has KMSAN support. The kernel instrumentation pass is
based on the userspace `MemorySanitizer tool`_.”h]”(hŒ´In order for KMSAN to work the kernel must be built with Clang, which so far is
the only compiler that has KMSAN support. The kernel instrumentation pass is
based on the userspace ”…””}”(hjf  hžhhŸNh Nubhâ)”}”(hŒ`MemorySanitizer tool`_”h]”hŒMemorySanitizer tool”…””}”(hjn  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”Œname”ŒMemorySanitizer tool”hóhôuh1háhjf  hõKubhŒ.”…””}”(hjf  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1h×hŸh³h K{hjU  hžhubhØ)”}”(hŒ7The runtime library only supports x86_64 at the moment.”h]”hŒ7The runtime library only supports x86_64 at the moment.”…””}”(hjˆ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h×hŸh³h KhjU  hžhubeh}”(h]”Œsupport”ah ]”h"]”Œsupport”ah$]”h&]”uh1hÂhhÄhžhhŸh³h KyubhÃ)”}”(hhh]”(hÈ)”}”(hŒHow KMSAN works”h]”hŒHow KMSAN works”…””}”(hj¡  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÇhjž  hžhhŸh³h K‚ubhÃ)”}”(hhh]”(hÈ)”}”(hŒKMSAN shadow memory”h]”hŒKMSAN shadow memory”…””}”(hj²  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÇhj¯  hžhhŸh³h K…ubhØ)”}”(hXx  KMSAN associates a metadata byte (also called shadow byte) with every byte of
kernel memory. A bit in the shadow byte is set if the corresponding bit of the
kernel memory byte is uninitialized. Marking the memory uninitialized (i.e.
setting its shadow bytes to ``0xff``) is called poisoning, marking it
initialized (setting the shadow bytes to ``0x00``) is called unpoisoning.”h]”(hX  KMSAN associates a metadata byte (also called shadow byte) with every byte of
kernel memory. A bit in the shadow byte is set if the corresponding bit of the
kernel memory byte is uninitialized. Marking the memory uninitialized (i.e.
setting its shadow bytes to ”…””}”(hjÀ  hžhhŸNh Nubj¡  )”}”(hŒ``0xff``”h]”hŒ0xff”…””}”(hjÈ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hjÀ  ubhŒK) is called poisoning, marking it
initialized (setting the shadow bytes to ”…””}”(hjÀ  hžhhŸNh Nubj¡  )”}”(hŒ``0x00``”h]”hŒ0x00”…””}”(hjÚ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hjÀ  ubhŒ) is called unpoisoning.”…””}”(hjÀ  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1h×hŸh³h K‡hj¯  hžhubhØ)”}”(hX   When a new variable is allocated on the stack, it is poisoned by default by
instrumentation code inserted by the compiler (unless it is a stack variable
that is immediately initialized). Any new heap allocation done without
``__GFP_ZERO`` is also poisoned.”h]”(hŒàWhen a new variable is allocated on the stack, it is poisoned by default by
instrumentation code inserted by the compiler (unless it is a stack variable
that is immediately initialized). Any new heap allocation done without
”…””}”(hjò  hžhhŸNh Nubj¡  )”}”(hŒ``__GFP_ZERO``”h]”hŒ
__GFP_ZERO”…””}”(hjú  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hjò  ubhŒ is also poisoned.”…””}”(hjò  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1h×hŸh³h Khj¯  hžhubhØ)”}”(hŒÀCompiler instrumentation also tracks the shadow values as they are used along
the code. When needed, instrumentation code invokes the runtime library in
``mm/kmsan/`` to persist shadow values.”h]”(hŒ™Compiler instrumentation also tracks the shadow values as they are used along
the code. When needed, instrumentation code invokes the runtime library in
”…””}”(hj  hžhhŸNh Nubj¡  )”}”(hŒ``mm/kmsan/``”h]”hŒ	mm/kmsan/”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hj  ubhŒ to persist shadow values.”…””}”(hj  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1h×hŸh³h K’hj¯  hžhubhØ)”}”(hXÆ  The shadow value of a basic or compound type is an array of bytes of the same
length. When a constant value is written into memory, that memory is unpoisoned.
When a value is read from memory, its shadow memory is also obtained and
propagated into all the operations which use that value. For every instruction
that takes one or more values the compiler generates code that calculates the
shadow of the result depending on those values and their shadows.”h]”hXÆ  The shadow value of a basic or compound type is an array of bytes of the same
length. When a constant value is written into memory, that memory is unpoisoned.
When a value is read from memory, its shadow memory is also obtained and
propagated into all the operations which use that value. For every instruction
that takes one or more values the compiler generates code that calculates the
shadow of the result depending on those values and their shadows.”…””}”(hj2  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h×hŸh³h K–hj¯  hžhubhØ)”}”(hŒ	Example::”h]”hŒExample:”…””}”(hj@  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h×hŸh³h Khj¯  hžhubj‰  )”}”(hŒ7int a = 0xff;  // i.e. 0x000000ff
int b;
int c = a | b;”h]”hŒ7int a = 0xff;  // i.e. 0x000000ff
int b;
int c = a | b;”…””}”hjN  sbah}”(h]”h ]”h"]”h$]”h&]”h±h²uh1jˆ  hŸh³h KŸhj¯  hžhubhØ)”}”(hŒ×In this case the shadow of ``a`` is ``0``, shadow of ``b`` is ``0xffffffff``,
shadow of ``c`` is ``0xffffff00``. This means that the upper three bytes of
``c`` are uninitialized, while the lower byte is initialized.”h]”(hŒIn this case the shadow of ”…””}”(hj\  hžhhŸNh Nubj¡  )”}”(hŒ``a``”h]”hŒa”…””}”(hjd  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hj\  ubhŒ is ”…””}”(hj\  hžhhŸNh Nubj¡  )”}”(hŒ``0``”h]”hŒ0”…””}”(hjv  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hj\  ubhŒ, shadow of ”…””}”(hj\  hžhhŸNh Nubj¡  )”}”(hŒ``b``”h]”hŒb”…””}”(hjˆ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hj\  ubhŒ is ”…””}”hj\  sbj¡  )”}”(hŒ``0xffffffff``”h]”hŒ
0xffffffff”…””}”(hjš  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hj\  ubhŒ,
shadow of ”…””}”(hj\  hžhhŸNh Nubj¡  )”}”(hŒ``c``”h]”hŒc”…””}”(hj¬  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hj\  ubhŒ is ”…””}”hj\  sbj¡  )”}”(hŒ``0xffffff00``”h]”hŒ
0xffffff00”…””}”(hj¾  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hj\  ubhŒ+. This means that the upper three bytes of
”…””}”(hj\  hžhhŸNh Nubj¡  )”}”(hŒ``c``”h]”hŒc”…””}”(hjÐ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hj\  ubhŒ8 are uninitialized, while the lower byte is initialized.”…””}”(hj\  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1h×hŸh³h K£hj¯  hžhubeh}”(h]”Œkmsan-shadow-memory”ah ]”h"]”Œkmsan shadow memory”ah$]”h&]”uh1hÂhjž  hžhhŸh³h K…ubhÃ)”}”(hhh]”(hÈ)”}”(hŒOrigin tracking”h]”hŒOrigin tracking”…””}”(hjó  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÇhjð  hžhhŸh³h K¨ubhØ)”}”(hXS  Every four bytes of kernel memory also have a so-called origin mapped to them.
This origin describes the point in program execution at which the uninitialized
value was created. Every origin is associated with either the full allocation
stack (for heap-allocated memory), or the function containing the uninitialized
variable (for locals).”h]”hXS  Every four bytes of kernel memory also have a so-called origin mapped to them.
This origin describes the point in program execution at which the uninitialized
value was created. Every origin is associated with either the full allocation
stack (for heap-allocated memory), or the function containing the uninitialized
variable (for locals).”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h×hŸh³h Kªhjð  hžhubhØ)”}”(hXí  When an uninitialized variable is allocated on stack or heap, a new origin
value is created, and that variable's origin is filled with that value. When a
value is read from memory, its origin is also read and kept together with the
shadow. For every instruction that takes one or more values, the origin of the
result is one of the origins corresponding to any of the uninitialized inputs.
If a poisoned value is written into memory, its origin is written to the
corresponding storage as well.”h]”hXï  When an uninitialized variable is allocated on stack or heap, a new origin
value is created, and that variableâ€™s origin is filled with that value. When a
value is read from memory, its origin is also read and kept together with the
shadow. For every instruction that takes one or more values, the origin of the
result is one of the origins corresponding to any of the uninitialized inputs.
If a poisoned value is written into memory, its origin is written to the
corresponding storage as well.”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h×hŸh³h K°hjð  hžhubhØ)”}”(hŒExample 1::”h]”hŒ
Example 1:”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h×hŸh³h K¸hjð  hžhubj‰  )”}”(hŒ!int a = 42;
int b;
int c = a + b;”h]”hŒ!int a = 42;
int b;
int c = a + b;”…””}”hj+  sbah}”(h]”h ]”h"]”h$]”h&]”h±h²uh1jˆ  hŸh³h Kºhjð  hžhubhØ)”}”(hŒ In this case the origin of ``b`` is generated upon function entry, and is
stored to the origin of ``c`` right before the addition result is written into
memory.”h]”(hŒIn this case the origin of ”…””}”(hj9  hžhhŸNh Nubj¡  )”}”(hŒ``b``”h]”hŒb”…””}”(hjA  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hj9  ubhŒB is generated upon function entry, and is
stored to the origin of ”…””}”(hj9  hžhhŸNh Nubj¡  )”}”(hŒ``c``”h]”hŒc”…””}”(hjS  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hj9  ubhŒ9 right before the addition result is written into
memory.”…””}”(hj9  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1h×hŸh³h K¾hjð  hžhubhØ)”}”(hX3  Several variables may share the same origin address, if they are stored in the
same four-byte chunk. In this case every write to either variable updates the
origin for all of them. We have to sacrifice precision in this case, because
storing origins for individual bits (and even bytes) would be too costly.”h]”hX3  Several variables may share the same origin address, if they are stored in the
same four-byte chunk. In this case every write to either variable updates the
origin for all of them. We have to sacrifice precision in this case, because
storing origins for individual bits (and even bytes) would be too costly.”…””}”(hjk  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h×hŸh³h KÂhjð  hžhubhØ)”}”(hŒExample 2::”h]”hŒ
Example 2:”…””}”(hjy  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h×hŸh³h KÇhjð  hžhubj‰  )”}”(hŒ…int combine(short a, short b) {
  union ret_t {
    int i;
    short s[2];
  } ret;
  ret.s[0] = a;
  ret.s[1] = b;
  return ret.i;
}”h]”hŒ…int combine(short a, short b) {
  union ret_t {
    int i;
    short s[2];
  } ret;
  ret.s[0] = a;
  ret.s[1] = b;
  return ret.i;
}”…””}”hj‡  sbah}”(h]”h ]”h"]”h$]”h&]”h±h²uh1jˆ  hŸh³h KÉhjð  hžhubhØ)”}”(hŒüIf ``a`` is initialized and ``b`` is not, the shadow of the result would be
0xffff0000, and the origin of the result would be the origin of ``b``.
``ret.s[0]`` would have the same origin, but it will never be used, because
that variable is initialized.”h]”(hŒIf ”…””}”(hj•  hžhhŸNh Nubj¡  )”}”(hŒ``a``”h]”hŒa”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hj•  ubhŒ is initialized and ”…””}”(hj•  hžhhŸNh Nubj¡  )”}”(hŒ``b``”h]”hŒb”…””}”(hj¯  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hj•  ubhŒk is not, the shadow of the result would be
0xffff0000, and the origin of the result would be the origin of ”…””}”(hj•  hžhhŸNh Nubj¡  )”}”(hŒ``b``”h]”hŒb”…””}”(hjÁ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hj•  ubhŒ.
”…””}”(hj•  hžhhŸNh Nubj¡  )”}”(hŒ``ret.s[0]``”h]”hŒret.s[0]”…””}”(hjÓ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hj•  ubhŒ] would have the same origin, but it will never be used, because
that variable is initialized.”…””}”(hj•  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1h×hŸh³h KÓhjð  hžhubhØ)”}”(hŒbIf both function arguments are uninitialized, only the origin of the second
argument is preserved.”h]”hŒbIf both function arguments are uninitialized, only the origin of the second
argument is preserved.”…””}”(hjë  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h×hŸh³h KØhjð  hžhubhÃ)”}”(hhh]”(hÈ)”}”(hŒOrigin chaining”h]”hŒOrigin chaining”…””}”(hjü  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÇhjù  hžhhŸh³h KÜubhØ)”}”(hX   To ease debugging, KMSAN creates a new origin for every store of an
uninitialized value to memory. The new origin references both its creation stack
and the previous origin the value had. This may cause increased memory
consumption, so we limit the length of origin chains in the runtime.”h]”hX   To ease debugging, KMSAN creates a new origin for every store of an
uninitialized value to memory. The new origin references both its creation stack
and the previous origin the value had. This may cause increased memory
consumption, so we limit the length of origin chains in the runtime.”…””}”(hj
  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h×hŸh³h KÞhjù  hžhubeh}”(h]”Œorigin-chaining”ah ]”h"]”Œorigin chaining”ah$]”h&]”uh1hÂhjð  hžhhŸh³h KÜubeh}”(h]”Œorigin-tracking”ah ]”h"]”Œorigin tracking”ah$]”h&]”uh1hÂhjž  hžhhŸh³h K¨ubhÃ)”}”(hhh]”(hÈ)”}”(hŒClang instrumentation API”h]”hŒClang instrumentation API”…””}”(hj+  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÇhj(  hžhhŸh³h KäubhØ)”}”(hŒtClang instrumentation pass inserts calls to functions defined in
``mm/kmsan/nstrumentation.c`` into the kernel code.”h]”(hŒAClang instrumentation pass inserts calls to functions defined in
”…””}”(hj9  hžhhŸNh Nubj¡  )”}”(hŒ``mm/kmsan/nstrumentation.c``”h]”hŒmm/kmsan/nstrumentation.c”…””}”(hjA  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hj9  ubhŒ into the kernel code.”…””}”(hj9  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1h×hŸh³h Kæhj(  hžhubhÃ)”}”(hhh]”(hÈ)”}”(hŒShadow manipulation”h]”hŒShadow manipulation”…””}”(hj\  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÇhjY  hžhhŸh³h KêubhØ)”}”(hŒ˜For every memory access the compiler emits a call to a function that returns a
pair of pointers to the shadow and origin addresses of the given memory::”h]”hŒ—For every memory access the compiler emits a call to a function that returns a
pair of pointers to the shadow and origin addresses of the given memory:”…””}”(hjj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h×hŸh³h KìhjY  hžhubj‰  )”}”(hXn  typedef struct {
  void *shadow, *origin;
} shadow_origin_ptr_t

shadow_origin_ptr_t __msan_metadata_ptr_for_load_{1,2,4,8}(void *addr)
shadow_origin_ptr_t __msan_metadata_ptr_for_store_{1,2,4,8}(void *addr)
shadow_origin_ptr_t __msan_metadata_ptr_for_load_n(void *addr, uintptr_t size)
shadow_origin_ptr_t __msan_metadata_ptr_for_store_n(void *addr, uintptr_t size)”h]”hXn  typedef struct {
  void *shadow, *origin;
} shadow_origin_ptr_t

shadow_origin_ptr_t __msan_metadata_ptr_for_load_{1,2,4,8}(void *addr)
shadow_origin_ptr_t __msan_metadata_ptr_for_store_{1,2,4,8}(void *addr)
shadow_origin_ptr_t __msan_metadata_ptr_for_load_n(void *addr, uintptr_t size)
shadow_origin_ptr_t __msan_metadata_ptr_for_store_n(void *addr, uintptr_t size)”…””}”hjx  sbah}”(h]”h ]”h"]”h$]”h&]”h±h²uh1jˆ  hŸh³h KïhjY  hžhubhØ)”}”(hŒ4The function name depends on the memory access size.”h]”hŒ4The function name depends on the memory access size.”…””}”(hj†  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h×hŸh³h KøhjY  hžhubhØ)”}”(hŒËThe compiler makes sure that for every loaded value its shadow and origin
values are read from memory. When a value is stored to memory, its shadow and
origin are also stored using the metadata pointers.”h]”hŒËThe compiler makes sure that for every loaded value its shadow and origin
values are read from memory. When a value is stored to memory, its shadow and
origin are also stored using the metadata pointers.”…””}”(hj”  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h×hŸh³h KúhjY  hžhubeh}”(h]”Œshadow-manipulation”ah ]”h"]”Œshadow manipulation”ah$]”h&]”uh1hÂhj(  hžhhŸh³h KêubhÃ)”}”(hhh]”(hÈ)”}”(hŒHandling locals”h]”hŒHandling locals”…””}”(hj­  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÇhjª  hžhhŸh³h KÿubhØ)”}”(hŒ€A special function is used to create a new origin value for a local variable and
set the origin of that variable to that value::”h]”hŒA special function is used to create a new origin value for a local variable and
set the origin of that variable to that value:”…””}”(hj»  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h×hŸh³h Mhjª  hžhubj‰  )”}”(hŒBvoid __msan_poison_alloca(void *addr, uintptr_t size, char *descr)”h]”hŒBvoid __msan_poison_alloca(void *addr, uintptr_t size, char *descr)”…””}”hjÉ  sbah}”(h]”h ]”h"]”h$]”h&]”h±h²uh1jˆ  hŸh³h Mhjª  hžhubeh}”(h]”Œhandling-locals”ah ]”h"]”Œhandling locals”ah$]”h&]”uh1hÂhj(  hžhhŸh³h KÿubhÃ)”}”(hhh]”(hÈ)”}”(hŒAccess to per-task data”h]”hŒAccess to per-task data”…””}”(hjâ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÇhjß  hžhhŸh³h MubhØ)”}”(hŒhAt the beginning of every instrumented function KMSAN inserts a call to
``__msan_get_context_state()``::”h]”(hŒHAt the beginning of every instrumented function KMSAN inserts a call to
”…””}”(hjð  hžhhŸNh Nubj¡  )”}”(hŒ``__msan_get_context_state()``”h]”hŒ__msan_get_context_state()”…””}”(hjø  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hjð  ubhŒ:”…””}”(hjð  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1h×hŸh³h M	hjß  hžhubj‰  )”}”(hŒ3kmsan_context_state *__msan_get_context_state(void)”h]”hŒ3kmsan_context_state *__msan_get_context_state(void)”…””}”hj  sbah}”(h]”h ]”h"]”h$]”h&]”h±h²uh1jˆ  hŸh³h Mhjß  hžhubhØ)”}”(hŒB``kmsan_context_state`` is declared in ``include/linux/kmsan.h``::”h]”(j¡  )”}”(hŒ``kmsan_context_state``”h]”hŒkmsan_context_state”…””}”(hj"  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hj  ubhŒ is declared in ”…””}”(hj  hžhhŸNh Nubj¡  )”}”(hŒ``include/linux/kmsan.h``”h]”hŒinclude/linux/kmsan.h”…””}”(hj4  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hj  ubhŒ:”…””}”(hj  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1h×hŸh³h Mhjß  hžhubj‰  )”}”(hX/  struct kmsan_context_state {
  char param_tls[KMSAN_PARAM_SIZE];
  char retval_tls[KMSAN_RETVAL_SIZE];
  char va_arg_tls[KMSAN_PARAM_SIZE];
  char va_arg_origin_tls[KMSAN_PARAM_SIZE];
  u64 va_arg_overflow_size_tls;
  char param_origin_tls[KMSAN_PARAM_SIZE];
  depot_stack_handle_t retval_origin_tls;
};”h]”hX/  struct kmsan_context_state {
  char param_tls[KMSAN_PARAM_SIZE];
  char retval_tls[KMSAN_RETVAL_SIZE];
  char va_arg_tls[KMSAN_PARAM_SIZE];
  char va_arg_origin_tls[KMSAN_PARAM_SIZE];
  u64 va_arg_overflow_size_tls;
  char param_origin_tls[KMSAN_PARAM_SIZE];
  depot_stack_handle_t retval_origin_tls;
};”…””}”hjL  sbah}”(h]”h ]”h"]”h$]”h&]”h±h²uh1jˆ  hŸh³h Mhjß  hžhubhØ)”}”(hŒ¼This structure is used by KMSAN to pass parameter shadows and origins between
instrumented functions (unless the parameters are checked immediately by
``CONFIG_KMSAN_CHECK_PARAM_RETVAL``).”h]”(hŒ—This structure is used by KMSAN to pass parameter shadows and origins between
instrumented functions (unless the parameters are checked immediately by
”…””}”(hjZ  hžhhŸNh Nubj¡  )”}”(hŒ#``CONFIG_KMSAN_CHECK_PARAM_RETVAL``”h]”hŒCONFIG_KMSAN_CHECK_PARAM_RETVAL”…””}”(hjb  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hjZ  ubhŒ).”…””}”(hjZ  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1h×hŸh³h Mhjß  hžhubeh}”(h]”Œaccess-to-per-task-data”ah ]”h"]”Œaccess to per-task data”ah$]”h&]”uh1hÂhj(  hžhhŸh³h MubhÃ)”}”(hhh]”(hÈ)”}”(hŒ)Passing uninitialized values to functions”h]”hŒ)Passing uninitialized values to functions”…””}”(hj…  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÇhj‚  hžhhŸh³h MubhØ)”}”(hŒÁClang's MemorySanitizer instrumentation has an option,
``-fsanitize-memory-param-retval``, which makes the compiler check function
parameters passed by value, as well as function return values.”h]”(hŒ9Clangâ€™s MemorySanitizer instrumentation has an option,
”…””}”(hj“  hžhhŸNh Nubj¡  )”}”(hŒ"``-fsanitize-memory-param-retval``”h]”hŒ-fsanitize-memory-param-retval”…””}”(hj›  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hj“  ubhŒh, which makes the compiler check function
parameters passed by value, as well as function return values.”…””}”(hj“  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1h×hŸh³h M!hj‚  hžhubhØ)”}”(hŒÇThe option is controlled by ``CONFIG_KMSAN_CHECK_PARAM_RETVAL``, which is
enabled by default to let KMSAN report uninitialized values earlier.
Please refer to the `LKML discussion`_ for more details.”h]”(hŒThe option is controlled by ”…””}”(hj³  hžhhŸNh Nubj¡  )”}”(hŒ#``CONFIG_KMSAN_CHECK_PARAM_RETVAL``”h]”hŒCONFIG_KMSAN_CHECK_PARAM_RETVAL”…””}”(hj»  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hj³  ubhŒd, which is
enabled by default to let KMSAN report uninitialized values earlier.
Please refer to the ”…””}”(hj³  hžhhŸNh Nubhâ)”}”(hŒ`LKML discussion`_”h]”hŒLKML discussion”…””}”(hjÍ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”Œname”ŒLKML discussion”hóŒGhttps://lore.kernel.org/all/20220614144853.3693273-1-glider@google.com/”uh1háhj³  hõKubhŒ for more details.”…””}”(hj³  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1h×hŸh³h M%hj‚  hžhubhØ)”}”(hŒéBecause of the way the checks are implemented in LLVM (they are only applied to
parameters marked as ``noundef``), not all parameters are guaranteed to be
checked, so we cannot give up the metadata storage in ``kmsan_context_state``.”h]”(hŒeBecause of the way the checks are implemented in LLVM (they are only applied to
parameters marked as ”…””}”(hjè  hžhhŸNh Nubj¡  )”}”(hŒ``noundef``”h]”hŒnoundef”…””}”(hjð  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hjè  ubhŒa), not all parameters are guaranteed to be
checked, so we cannot give up the metadata storage in ”…””}”(hjè  hžhhŸNh Nubj¡  )”}”(hŒ``kmsan_context_state``”h]”hŒkmsan_context_state”…””}”(hj	  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hjè  ubhŒ.”…””}”(hjè  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1h×hŸh³h M)hj‚  hžhubeh}”(h]”Œ)passing-uninitialized-values-to-functions”ah ]”h"]”Œ)passing uninitialized values to functions”ah$]”h&]”uh1hÂhj(  hžhhŸh³h MubhÃ)”}”(hhh]”(hÈ)”}”(hŒString functions”h]”hŒString functions”…””}”(hj%	  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÇhj"	  hžhhŸh³h M.ubhØ)”}”(hŒþThe compiler replaces calls to ``memcpy()``/``memmove()``/``memset()`` with the
following functions. These functions are also called when data structures are
initialized or copied, making sure shadow and origin values are copied alongside
with the data::”h]”(hŒThe compiler replaces calls to ”…””}”(hj3	  hžhhŸNh Nubj¡  )”}”(hŒ``memcpy()``”h]”hŒmemcpy()”…””}”(hj;	  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hj3	  ubhŒ/”…””}”(hj3	  hžhhŸNh Nubj¡  )”}”(hŒ``memmove()``”h]”hŒ	memmove()”…””}”(hjM	  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hj3	  ubhŒ/”…””}”hj3	  sbj¡  )”}”(hŒ``memset()``”h]”hŒmemset()”…””}”(hj_	  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hj3	  ubhŒ· with the
following functions. These functions are also called when data structures are
initialized or copied, making sure shadow and origin values are copied alongside
with the data:”…””}”(hj3	  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1h×hŸh³h M0hj"	  hžhubj‰  )”}”(hŒ¡void *__msan_memcpy(void *dst, void *src, uintptr_t n)
void *__msan_memmove(void *dst, void *src, uintptr_t n)
void *__msan_memset(void *dst, int c, uintptr_t n)”h]”hŒ¡void *__msan_memcpy(void *dst, void *src, uintptr_t n)
void *__msan_memmove(void *dst, void *src, uintptr_t n)
void *__msan_memset(void *dst, int c, uintptr_t n)”…””}”hjw	  sbah}”(h]”h ]”h"]”h$]”h&]”h±h²uh1jˆ  hŸh³h M5hj"	  hžhubeh}”(h]”Œstring-functions”ah ]”h"]”Œstring functions”ah$]”h&]”uh1hÂhj(  hžhhŸh³h M.ubhÃ)”}”(hhh]”(hÈ)”}”(hŒError reporting”h]”hŒError reporting”…””}”(hj	  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÇhj	  hžhhŸh³h M:ubhØ)”}”(hŒ~For each use of a value the compiler emits a shadow check that calls
``__msan_warning()`` in the case that value is poisoned::”h]”(hŒEFor each use of a value the compiler emits a shadow check that calls
”…””}”(hjž	  hžhhŸNh Nubj¡  )”}”(hŒ``__msan_warning()``”h]”hŒ__msan_warning()”…””}”(hj¦	  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hjž	  ubhŒ$ in the case that value is poisoned:”…””}”(hjž	  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1h×hŸh³h M<hj	  hžhubj‰  )”}”(hŒvoid __msan_warning(u32 origin)”h]”hŒvoid __msan_warning(u32 origin)”…””}”hj¾	  sbah}”(h]”h ]”h"]”h$]”h&]”h±h²uh1jˆ  hŸh³h M?hj	  hžhubhØ)”}”(hŒC``__msan_warning()`` causes KMSAN runtime to print an error report.”h]”(j¡  )”}”(hŒ``__msan_warning()``”h]”hŒ__msan_warning()”…””}”(hjÐ	  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hjÌ	  ubhŒ/ causes KMSAN runtime to print an error report.”…””}”(hjÌ	  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1h×hŸh³h MAhj	  hžhubeh}”(h]”Œerror-reporting”ah ]”h"]”Œerror reporting”ah$]”h&]”uh1hÂhj(  hžhhŸh³h M:ubhÃ)”}”(hhh]”(hÈ)”}”(hŒInline assembly instrumentation”h]”hŒInline assembly instrumentation”…””}”(hjó	  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÇhjð	  hžhhŸh³h MDubhØ)”}”(hŒ?KMSAN instruments every inline assembly output with a call to::”h]”hŒ>KMSAN instruments every inline assembly output with a call to:”…””}”(hj
  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h×hŸh³h MFhjð	  hžhubj‰  )”}”(hŒ<void __msan_instrument_asm_store(void *addr, uintptr_t size)”h]”hŒ<void __msan_instrument_asm_store(void *addr, uintptr_t size)”…””}”hj
  sbah}”(h]”h ]”h"]”h$]”h&]”h±h²uh1jˆ  hŸh³h MHhjð	  hžhubhØ)”}”(hŒ$, which unpoisons the memory region.”h]”hŒ$, which unpoisons the memory region.”…””}”(hj
  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h×hŸh³h MJhjð	  hžhubhØ)”}”(hŒ~This approach may mask certain errors, but it also helps to avoid a lot of
false positives in bitwise operations, atomics etc.”h]”hŒ~This approach may mask certain errors, but it also helps to avoid a lot of
false positives in bitwise operations, atomics etc.”…””}”(hj+
  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h×hŸh³h MLhjð	  hžhubhØ)”}”(hŒ{Sometimes the pointers passed into inline assembly do not point to valid memory.
In such cases they are ignored at runtime.”h]”hŒ{Sometimes the pointers passed into inline assembly do not point to valid memory.
In such cases they are ignored at runtime.”…””}”(hj9
  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h×hŸh³h MOhjð	  hžhubeh}”(h]”Œinline-assembly-instrumentation”ah ]”h"]”Œinline assembly instrumentation”ah$]”h&]”uh1hÂhj(  hžhhŸh³h MDubeh}”(h]”Œclang-instrumentation-api”ah ]”h"]”Œclang instrumentation api”ah$]”h&]”uh1hÂhjž  hžhhŸh³h KäubhÃ)”}”(hhh]”(hÈ)”}”(hŒRuntime library”h]”hŒRuntime library”…””}”(hjZ
  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÇhjW
  hžhhŸh³h MTubhØ)”}”(hŒ%The code is located in ``mm/kmsan/``.”h]”(hŒThe code is located in ”…””}”(hjh
  hžhhŸNh Nubj¡  )”}”(hŒ``mm/kmsan/``”h]”hŒ	mm/kmsan/”…””}”(hjp
  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hjh
  ubhŒ.”…””}”(hjh
  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1h×hŸh³h MVhjW
  hžhubhÃ)”}”(hhh]”(hÈ)”}”(hŒPer-task KMSAN state”h]”hŒPer-task KMSAN state”…””}”(hj‹
  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÇhjˆ
  hžhhŸh³h MYubhØ)”}”(hŒEvery task_struct has an associated KMSAN task state that holds the KMSAN
context (see above) and a per-task counter disallowing KMSAN reports::”h]”hŒEvery task_struct has an associated KMSAN task state that holds the KMSAN
context (see above) and a per-task counter disallowing KMSAN reports:”…””}”(hj™
  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h×hŸh³h M[hjˆ
  hžhubj‰  )”}”(hŒ¡struct kmsan_context {
  ...
  unsigned int depth;
  struct kmsan_context_state cstate;
  ...
}

struct task_struct {
  ...
  struct kmsan_context kmsan;
  ...
}”h]”hŒ¡struct kmsan_context {
  ...
  unsigned int depth;
  struct kmsan_context_state cstate;
  ...
}

struct task_struct {
  ...
  struct kmsan_context kmsan;
  ...
}”…””}”hj§
  sbah}”(h]”h ]”h"]”h$]”h&]”h±h²uh1jˆ  hŸh³h M^hjˆ
  hžhubeh}”(h]”Œper-task-kmsan-state”ah ]”h"]”Œper-task kmsan state”ah$]”h&]”uh1hÂhjW
  hžhhŸh³h MYubhÃ)”}”(hhh]”(hÈ)”}”(hŒKMSAN contexts”h]”hŒKMSAN contexts”…””}”(hjÀ
  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÇhj½
  hžhhŸh³h MlubhØ)”}”(hŒ‹When running in a kernel task context, KMSAN uses ``current->kmsan.cstate`` to
hold the metadata for function parameters and return values.”h]”(hŒ2When running in a kernel task context, KMSAN uses ”…””}”(hjÎ
  hžhhŸNh Nubj¡  )”}”(hŒ``current->kmsan.cstate``”h]”hŒcurrent->kmsan.cstate”…””}”(hjÖ
  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hjÎ
  ubhŒ@ to
hold the metadata for function parameters and return values.”…””}”(hjÎ
  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1h×hŸh³h Mnhj½
  hžhubhØ)”}”(hŒBut in the case the kernel is running in the interrupt, softirq or NMI context,
where ``current`` is unavailable, KMSAN switches to per-cpu interrupt state::”h]”(hŒVBut in the case the kernel is running in the interrupt, softirq or NMI context,
where ”…””}”(hjî
  hžhhŸNh Nubj¡  )”}”(hŒ``current``”h]”hŒcurrent”…””}”(hjö
  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hjî
  ubhŒ; is unavailable, KMSAN switches to per-cpu interrupt state:”…””}”(hjî
  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1h×hŸh³h Mqhj½
  hžhubj‰  )”}”(hŒ3DEFINE_PER_CPU(struct kmsan_ctx, kmsan_percpu_ctx);”h]”hŒ3DEFINE_PER_CPU(struct kmsan_ctx, kmsan_percpu_ctx);”…””}”hj  sbah}”(h]”h ]”h"]”h$]”h&]”h±h²uh1jˆ  hŸh³h Mthj½
  hžhubeh}”(h]”Œkmsan-contexts”ah ]”h"]”Œkmsan contexts”ah$]”h&]”uh1hÂhjW
  hžhhŸh³h MlubhÃ)”}”(hhh]”(hÈ)”}”(hŒMetadata allocation”h]”hŒMetadata allocation”…””}”(hj'  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÇhj$  hžhhŸh³h MwubhØ)”}”(hŒHThere are several places in the kernel for which the metadata is stored.”h]”hŒHThere are several places in the kernel for which the metadata is stored.”…””}”(hj5  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h×hŸh³h Myhj$  hžhubhØ)”}”(hŒW1. Each ``struct page`` instance contains two pointers to its shadow and
origin pages::”h]”(hŒ1. Each ”…””}”(hjC  hžhhŸNh Nubj¡  )”}”(hŒ``struct page``”h]”hŒstruct page”…””}”(hjK  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hjC  ubhŒ? instance contains two pointers to its shadow and
origin pages:”…””}”(hjC  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1h×hŸh³h M{hj$  hžhubj‰  )”}”(hŒ<struct page {
  ...
  struct page *shadow, *origin;
  ...
};”h]”hŒ<struct page {
  ...
  struct page *shadow, *origin;
  ...
};”…””}”hjc  sbah}”(h]”h ]”h"]”h$]”h&]”h±h²uh1jˆ  hŸh³h M~hj$  hžhubhØ)”}”(hŒòAt boot-time, the kernel allocates shadow and origin pages for every available
kernel page. This is done quite late, when the kernel address space is already
fragmented, so normal data pages may arbitrarily interleave with the metadata
pages.”h]”hŒòAt boot-time, the kernel allocates shadow and origin pages for every available
kernel page. This is done quite late, when the kernel address space is already
fragmented, so normal data pages may arbitrarily interleave with the metadata
pages.”…””}”(hjq  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h×hŸh³h M„hj$  hžhubhØ)”}”(hX  This means that in general for two contiguous memory pages their shadow/origin
pages may not be contiguous. Consequently, if a memory access crosses the
boundary of a memory block, accesses to shadow/origin memory may potentially
corrupt other pages or read incorrect values from them.”h]”hX  This means that in general for two contiguous memory pages their shadow/origin
pages may not be contiguous. Consequently, if a memory access crosses the
boundary of a memory block, accesses to shadow/origin memory may potentially
corrupt other pages or read incorrect values from them.”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h×hŸh³h M‰hj$  hžhubhØ)”}”(hŒÒIn practice, contiguous memory pages returned by the same ``alloc_pages()``
call will have contiguous metadata, whereas if these pages belong to two
different allocations their metadata pages can be fragmented.”h]”(hŒ:In practice, contiguous memory pages returned by the same ”…””}”(hj  hžhhŸNh Nubj¡  )”}”(hŒ``alloc_pages()``”h]”hŒalloc_pages()”…””}”(hj•  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hj  ubhŒ‡
call will have contiguous metadata, whereas if these pages belong to two
different allocations their metadata pages can be fragmented.”…””}”(hj  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1h×hŸh³h MŽhj$  hžhubhØ)”}”(hŒ}For the kernel data (``.data``, ``.bss`` etc.) and percpu memory regions
there also are no guarantees on metadata contiguity.”h]”(hŒFor the kernel data (”…””}”(hj­  hžhhŸNh Nubj¡  )”}”(hŒ	``.data``”h]”hŒ.data”…””}”(hjµ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hj­  ubhŒ, ”…””}”(hj­  hžhhŸNh Nubj¡  )”}”(hŒ``.bss``”h]”hŒ.bss”…””}”(hjÇ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hj­  ubhŒU etc.) and percpu memory regions
there also are no guarantees on metadata contiguity.”…””}”(hj­  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1h×hŸh³h M’hj$  hžhubhØ)”}”(hŒ¥In the case ``__msan_metadata_ptr_for_XXX_YYY()`` hits the border between two
pages with non-contiguous metadata, it returns pointers to fake shadow/origin regions::”h]”(hŒIn the case ”…””}”(hjß  hžhhŸNh Nubj¡  )”}”(hŒ%``__msan_metadata_ptr_for_XXX_YYY()``”h]”hŒ!__msan_metadata_ptr_for_XXX_YYY()”…””}”(hjç  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hjß  ubhŒs hits the border between two
pages with non-contiguous metadata, it returns pointers to fake shadow/origin regions:”…””}”(hjß  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1h×hŸh³h M•hj$  hžhubj‰  )”}”(hŒŠchar dummy_load_page[PAGE_SIZE] __attribute__((aligned(PAGE_SIZE)));
char dummy_store_page[PAGE_SIZE] __attribute__((aligned(PAGE_SIZE)));”h]”hŒŠchar dummy_load_page[PAGE_SIZE] __attribute__((aligned(PAGE_SIZE)));
char dummy_store_page[PAGE_SIZE] __attribute__((aligned(PAGE_SIZE)));”…””}”hjÿ  sbah}”(h]”h ]”h"]”h$]”h&]”h±h²uh1jˆ  hŸh³h M˜hj$  hžhubhØ)”}”(hŒ~``dummy_load_page`` is zero-initialized, so reads from it always yield zeroes.
All stores to ``dummy_store_page`` are ignored.”h]”(j¡  )”}”(hŒ``dummy_load_page``”h]”hŒdummy_load_page”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hj  ubhŒJ is zero-initialized, so reads from it always yield zeroes.
All stores to ”…””}”(hj  hžhhŸNh Nubj¡  )”}”(hŒ``dummy_store_page``”h]”hŒdummy_store_page”…””}”(hj#  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hj  ubhŒ are ignored.”…””}”(hj  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1h×hŸh³h M›hj$  hžhubhØ)”}”(hXé  2. For vmalloc memory and modules, there is a direct mapping between the memory
range, its shadow and origin. KMSAN reduces the vmalloc area by 3/4, making only
the first quarter available to ``vmalloc()``. The second quarter of the vmalloc
area contains shadow memory for the first quarter, the third one holds the
origins. A small part of the fourth quarter contains shadow and origins for the
kernel modules. Please refer to ``arch/x86/include/asm/pgtable_64_types.h`` for
more details.”h]”(hŒÀ2. For vmalloc memory and modules, there is a direct mapping between the memory
range, its shadow and origin. KMSAN reduces the vmalloc area by 3/4, making only
the first quarter available to ”…””}”(hj;  hžhhŸNh Nubj¡  )”}”(hŒ``vmalloc()``”h]”hŒ	vmalloc()”…””}”(hjC  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hj;  ubhŒß. The second quarter of the vmalloc
area contains shadow memory for the first quarter, the third one holds the
origins. A small part of the fourth quarter contains shadow and origins for the
kernel modules. Please refer to ”…””}”(hj;  hžhhŸNh Nubj¡  )”}”(hŒ+``arch/x86/include/asm/pgtable_64_types.h``”h]”hŒ'arch/x86/include/asm/pgtable_64_types.h”…””}”(hjU  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j   hj;  ubhŒ for
more details.”…””}”(hj;  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1h×hŸh³h Mžhj$  hžhubhØ)”}”(hŒ”When an array of pages is mapped into a contiguous virtual memory space, their
shadow and origin pages are similarly mapped into contiguous regions.”h]”hŒ”When an array of pages is mapped into a contiguous virtual memory space, their
shadow and origin pages are similarly mapped into contiguous regions.”…””}”(hjm  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h×hŸh³h M¦hj$  hžhubeh}”(h]”Œmetadata-allocation”ah ]”h"]”Œmetadata allocation”ah$]”h&]”uh1hÂhjW
  hžhhŸh³h Mwubeh}”(h]”Œruntime-library”ah ]”h"]”Œruntime library”ah$]”h&]”uh1hÂhjž  hžhhŸh³h MTubeh}”(h]”Œhow-kmsan-works”ah ]”h"]”Œhow kmsan works”ah$]”h&]”uh1hÂhhÄhžhhŸh³h K‚ubhÃ)”}”(hhh]”(hÈ)”}”(hŒ
References”h]”hŒ
References”…””}”(hj–  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÇhj“  hžhhŸh³h MªubhØ)”}”(hŒÙE. Stepanov, K. Serebryany. `MemorySanitizer: fast detector of uninitialized
memory use in C++
<https://static.googleusercontent.com/media/research.google.com/en//pubs/archive/43308.pdf>`_.
In Proceedings of CGO 2015.”h]”(hŒE. Stepanov, K. Serebryany. ”…””}”(hj¤  hžhhŸNh Nubhâ)”}”(hŒ `MemorySanitizer: fast detector of uninitialized
memory use in C++
<https://static.googleusercontent.com/media/research.google.com/en//pubs/archive/43308.pdf>`_”h]”hŒAMemorySanitizer: fast detector of uninitialized
memory use in C++”…””}”(hj¬  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”Œname”ŒAMemorySanitizer: fast detector of uninitialized memory use in C++”hóŒYhttps://static.googleusercontent.com/media/research.google.com/en//pubs/archive/43308.pdf”uh1háhj¤  ubhŒtarget”“”)”}”(hŒ\
<https://static.googleusercontent.com/media/research.google.com/en//pubs/archive/43308.pdf>”h]”h}”(h]”Œ>memorysanitizer-fast-detector-of-uninitialized-memory-use-in-c”ah ]”h"]”ŒAmemorysanitizer: fast detector of uninitialized memory use in c++”ah$]”h&]”Œrefuri”j¼  uh1j½  Œ
referenced”Khj¤  ubhŒ.
In Proceedings of CGO 2015.”…””}”(hj¤  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1h×hŸh³h M¬hj“  hžhubj¾  )”}”(hŒJ.. _MemorySanitizer tool: https://clang.llvm.org/docs/MemorySanitizer.html”h]”h}”(h]”Œmemorysanitizer-tool”ah ]”h"]”Œmemorysanitizer tool”ah$]”h&]”hóhôuh1j½  h M±hj“  hžhhŸh³jÌ  Kubj¾  )”}”(hŒA.. _LLVM documentation: https://llvm.org/docs/GettingStarted.html”h]”h}”(h]”Œllvm-documentation”ah ]”h"]”Œllvm documentation”ah$]”h&]”hójH  uh1j½  h M²hj“  hžhhŸh³jÌ  Kubj¾  )”}”(hŒ\.. _LKML discussion: https://lore.kernel.org/all/20220614144853.3693273-1-glider@google.com/”h]”h}”(h]”Œlkml-discussion”ah ]”h"]”Œlkml discussion”ah$]”h&]”hójÝ  uh1j½  h M³hj“  hžhhŸh³jÌ  Kubeh}”(h]”Œ
references”ah ]”h"]”Œ
references”ah$]”h&]”uh1hÂhhÄhžhhŸh³h Mªubeh}”(h]”Œkernel-memory-sanitizer-kmsan”ah ]”h"]”Œkernel memory sanitizer (kmsan)”ah$]”h&]”uh1hÂhhhžhhŸh³h Kubeh}”(h]”h ]”h"]”h$]”h&]”Œsource”h³uh1hŒcurrent_source”NŒcurrent_line”NŒsettings”Œdocutils.frontend”ŒValues”“”)”}”(hÇNŒ	generator”NŒ	datestamp”NŒsource_link”NŒ
source_url”NŒtoc_backlinks”Œentry”Œfootnote_backlinks”KŒsectnum_xform”KŒstrip_comments”NŒstrip_elements_with_classes”NŒstrip_classes”NŒreport_level”KŒ
halt_level”KŒexit_status_level”KŒdebug”NŒwarning_stream”NŒ	traceback”ˆŒinput_encoding”Œ	utf-8-sig”Œinput_encoding_error_handler”Œstrict”Œoutput_encoding”Œutf-8”Œoutput_encoding_error_handler”j.  Œerror_encoding”Œutf-8”Œerror_encoding_error_handler”Œbackslashreplace”Œlanguage_code”Œen”Œrecord_dependencies”NŒconfig”NŒ	id_prefix”hŒauto_id_prefix”Œid”Œdump_settings”NŒdump_internals”NŒdump_transforms”NŒdump_pseudo_xml”NŒexpose_internals”NŒstrict_visitor”NŒ_disable_config”NŒ_source”h³Œ_destination”NŒ_config_files”]”Œ7/var/lib/git/docbuild/linux/Documentation/docutils.conf”aŒfile_insertion_enabled”ˆŒraw_enabled”KŒline_length_limit”M'Œpep_references”NŒpep_base_url”Œhttps://peps.python.org/”Œpep_file_url_template”Œpep-%04d”Œrfc_references”NŒrfc_base_url”Œ&https://datatracker.ietf.org/doc/html/”Œ	tab_width”KŒtrim_footnote_reference_space”‰Œsyntax_highlight”Œlong”Œsmart_quotes”ˆŒsmartquotes_locales”]”Œcharacter_level_inline_markup”‰Œdoctitle_xform”‰Œdocinfo_xform”KŒsectsubtitle_xform”‰Œimage_loading”Œlink”Œembed_stylesheet”‰Œcloak_email_addresses”ˆŒsection_self_link”‰Œenv”NubŒreporter”NŒindirect_targets”]”Œsubstitution_defs”}”Œsubstitution_names”}”Œrefnames”}”(Œmemorysanitizer tool”]”(hãjn  eŒllvm documentation”]”j8  aŒlkml discussion”]”jÍ  auŒrefids”}”Œnameids”}”(j  j  jR  jO  jf  jc  jñ  jî  jJ  jG  j›  j˜  j  j  jí  jê  j%  j"  j  j  jT
  jQ
  j§  j¤  jÜ  jÙ  j  j|  j	  j	  jŠ	  j‡	  jí	  jê	  jL
  jI
  jˆ  j…  jº
  j·
  j!  j  j€  j}  j   jý  jÈ  jÅ  jà  jÝ  jì  jé  jø  jõ  uŒ	nametypes”}”(j  ‰jR  ‰jf  ‰jñ  ‰jJ  ‰j›  ‰j  ‰jí  ‰j%  ‰j  ‰jT
  ‰j§  ‰jÜ  ‰j  ‰j	  ‰jŠ	  ‰jí	  ‰jL
  ‰jˆ  ‰jº
  ‰j!  ‰j€  ‰j   ‰jÈ  ˆjà  ˆjì  ˆjø  ˆuh}”(j  hÄjO  j  jc  j  jî  ji  jG  jô  j˜  jU  j  jž  jê  j¯  j"  jð  j  jù  jQ
  j(  j¤  jY  jÙ  jª  j|  jß  j	  j‚  j‡	  j"	  jê	  j	  jI
  jð	  j…  jW
  j·
  jˆ
  j  j½
  j}  j$  jý  j“  jÅ  j¿  jÝ  j×  jé  jã  jõ  jï  uŒfootnote_refs”}”Œcitation_refs”}”Œautofootnotes”]”Œautofootnote_refs”]”Œsymbol_footnotes”]”Œsymbol_footnote_refs”]”Œ	footnotes”]”Œ	citations”]”Œautofootnote_start”KŒsymbol_footnote_start”K Œ
id_counter”Œcollections”ŒCounter”“”}”…”R”Œparse_messages”]”Œtransform_messages”]”Œtransformer”NŒinclude_log”]”Œ
decoration”Nhžhub.