You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
KMSAN is a dynamic tool for detecting uninitialized memory accesses in the Linux kernel.
It was integrated into the Linux kernel in version 6.1.
KMSAN works by instrumenting the kernel code at compile time and checking for accesses to uninitialized memory at run time.
Contact: @ramosian-glider
Code
Linux 6.1+ contains a fully-working KMSAN implementation which can be used out of the box.
Forked kernel branches with KMSAN patches are available at https://github.com/google/kmsan. These will be kept around for posterity. Branches after 6.1 are still used for development.
cd $WORLD
# Instruction taken from https://llvm.org/docs/LibFuzzer.html
mkdir TMP_CLANG
cd TMP_CLANG
git clone https://chromium.googlesource.com/chromium/src/tools/clang
cd ..
TMP_CLANG/clang/scripts/update.py
cd $WORLD
export KMSAN_CLANG_PATH=`pwd`/third_party/llvm-build/Release+Asserts/bin/
Configure and build the kernel
cd $WORLD
git clone https://github.com/google/kmsan.git kmsan
cd kmsan
# Now configure the kernel. You basically need to enable CONFIG_KMSAN and CONFIG_KCOV,
# plus maybe some 9P options to interact with QEMU.
cp .config.example .config
make CC=$KMSAN_CLANG_PATH -j64 -k 2>&1 | tee build.log
Please refer to the Documentation in the upstream Linux kernel.
In a talk at FaMAF-UNC, I attempted to provide a comprehensive overview of the implementation details of KMSAN in 2021. The kernel part starts at 19:30, listen at 1.25x to save time).
About
KernelMemorySanitizer, a detector of uses of uninitialized memory in the Linux kernel
