Commit 96d7d141 authored by Andrey Konovalov's avatar Andrey Konovalov Committed by Linus Torvalds

kasan: docs: clean up sections

Update KASAN documentation:

 - Give some sections clearer names.

 - Remove unneeded subsections in the "Tests" section.

 - Move the "For developers" section and split into subsections.

Link: https://lkml.kernel.org/r/c2bbb56eaea80ad484f0ee85bb71959a3a63f1d7.1615559068.git.andreyknvl@google.comSigned-off-by: default avatarAndrey Konovalov <andreyknvl@google.com>
Reviewed-by: default avatarMarco Elver <elver@google.com>
Cc: Alexander Potapenko <glider@google.com>
Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent d57a964e
...@@ -177,24 +177,6 @@ particular KASAN features. ...@@ -177,24 +177,6 @@ particular KASAN features.
report or also panic the kernel (default: ``report``). Note, that tag report or also panic the kernel (default: ``report``). Note, that tag
checking gets disabled after the first reported bug. checking gets disabled after the first reported bug.
For developers
~~~~~~~~~~~~~~
Software KASAN modes use compiler instrumentation to insert validity checks.
Such instrumentation might be incompatible with some part of the kernel, and
therefore needs to be disabled. To disable instrumentation for specific files
or directories, add a line similar to the following to the respective kernel
Makefile:
- For a single file (e.g. main.o)::
KASAN_SANITIZE_main.o := n
- For all files in one directory::
KASAN_SANITIZE := n
Implementation details Implementation details
---------------------- ----------------------
...@@ -308,8 +290,8 @@ support MTE (but supports TBI). ...@@ -308,8 +290,8 @@ support MTE (but supports TBI).
Hardware tag-based KASAN only reports the first found bug. After that MTE tag Hardware tag-based KASAN only reports the first found bug. After that MTE tag
checking gets disabled. checking gets disabled.
What memory accesses are sanitised by KASAN? Shadow memory
-------------------------------------------- -------------
The kernel maps memory in a number of different parts of the address The kernel maps memory in a number of different parts of the address
space. This poses something of a problem for KASAN, which requires space. This poses something of a problem for KASAN, which requires
...@@ -320,8 +302,8 @@ The range of kernel virtual addresses is large: there is not enough ...@@ -320,8 +302,8 @@ The range of kernel virtual addresses is large: there is not enough
real memory to support a real shadow region for every address that real memory to support a real shadow region for every address that
could be accessed by the kernel. could be accessed by the kernel.
By default Default behaviour
~~~~~~~~~~ ~~~~~~~~~~~~~~~~~
By default, architectures only map real memory over the shadow region By default, architectures only map real memory over the shadow region
for the linear mapping (and potentially other small areas). For all for the linear mapping (and potentially other small areas). For all
...@@ -371,8 +353,29 @@ unmapped. This will require changes in arch-specific code. ...@@ -371,8 +353,29 @@ unmapped. This will require changes in arch-specific code.
This allows ``VMAP_STACK`` support on x86, and can simplify support of This allows ``VMAP_STACK`` support on x86, and can simplify support of
architectures that do not have a fixed module region. architectures that do not have a fixed module region.
CONFIG_KASAN_KUNIT_TEST and CONFIG_KASAN_MODULE_TEST For developers
---------------------------------------------------- --------------
Ignoring accesses
~~~~~~~~~~~~~~~~~
Software KASAN modes use compiler instrumentation to insert validity checks.
Such instrumentation might be incompatible with some part of the kernel, and
therefore needs to be disabled. To disable instrumentation for specific files
or directories, add a line similar to the following to the respective kernel
Makefile:
- For a single file (e.g. main.o)::
KASAN_SANITIZE_main.o := n
- For all files in one directory::
KASAN_SANITIZE := n
Tests
~~~~~
KASAN tests consist of two parts: KASAN tests consist of two parts:
...@@ -418,21 +421,18 @@ Or, if one of the tests failed:: ...@@ -418,21 +421,18 @@ Or, if one of the tests failed::
There are a few ways to run KUnit-compatible KASAN tests. There are a few ways to run KUnit-compatible KASAN tests.
1. Loadable module 1. Loadable module
~~~~~~~~~~~~~~~~~~
With ``CONFIG_KUNIT`` enabled, ``CONFIG_KASAN_KUNIT_TEST`` can be built as With ``CONFIG_KUNIT`` enabled, ``CONFIG_KASAN_KUNIT_TEST`` can be built as
a loadable module and run on any architecture that supports KASAN by loading a loadable module and run on any architecture that supports KASAN by loading
the module with insmod or modprobe. The module is called ``test_kasan``. the module with insmod or modprobe. The module is called ``test_kasan``.
2. Built-In 2. Built-In
~~~~~~~~~~~
With ``CONFIG_KUNIT`` built-in, ``CONFIG_KASAN_KUNIT_TEST`` can be built-in With ``CONFIG_KUNIT`` built-in, ``CONFIG_KASAN_KUNIT_TEST`` can be built-in
on any architecure that supports KASAN. These and any other KUnit tests enabled on any architecure that supports KASAN. These and any other KUnit tests enabled
will run and print the results at boot as a late-init call. will run and print the results at boot as a late-init call.
3. Using kunit_tool 3. Using kunit_tool
~~~~~~~~~~~~~~~~~~~
With ``CONFIG_KUNIT`` and ``CONFIG_KASAN_KUNIT_TEST`` built-in, it's also With ``CONFIG_KUNIT`` and ``CONFIG_KASAN_KUNIT_TEST`` built-in, it's also
possible use ``kunit_tool`` to see the results of these and other KUnit tests possible use ``kunit_tool`` to see the results of these and other KUnit tests
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment