Implementing the Kernel Memory Sanitizer for PowerPC
Emu (Nurin) | Tue 16 Apr 10:45 a.m.–11:30 a.m.
Presented by
-
Nicholas is a Linux kernel developer at IBM in the kernel hardening team. His primarily works on the PowerPC architecture implementing tools to help detect memory safety violations. He has also contributed to various projects including QEMU, Clang and trex, a suite of speculative execution attack demonstrations to test for vulnerabilities.
In the past Nicholas has worked as a tutor at the Australian National University and coordinator of the Canberra Computer Science Enrichment Program teaching computer science to undergraduate and high school students.
Abstract
The Kernel Memory Sanitizer (KMSAN) is a tool with the lofty goal of catching memory safety errors in the Linux Kernel missed by most other memory sanitizers such as KASAN or KFENCE. In particular it can detect uses of uninitialized memory that may affect the control flow of the kernel or leak information to user space. KMSAN relies on close cooperation between the kernel and the compiler to correctly instrument the various memory regions and play nice with the myriad of ways the kernel stores data in and interacts with memory. Initially this tool was only implemented on x86, and I ambitiously set the goal of writing the second public implementation for PowerPC (and got beaten to it by a couple of weeks by s390).
This talk dives into the inner workings of KMSAN, just how it manages to instrument every memory access and catch memory safety errors and give you surprisingly helpful error messages, and the challenges of truly making it work across multiple architectures.
The Kernel Memory Sanitizer (KMSAN) is a tool with the lofty goal of catching memory safety errors in the Linux Kernel missed by most other memory sanitizers such as KASAN or KFENCE. In particular it can detect uses of uninitialized memory that may affect the control flow of the kernel or leak information to user space. KMSAN relies on close cooperation between the kernel and the compiler to correctly instrument the various memory regions and play nice with the myriad of ways the kernel stores data in and interacts with memory. Initially this tool was only implemented on x86, and I ambitiously set the goal of writing the second public implementation for PowerPC (and got beaten to it by a couple of weeks by s390). This talk dives into the inner workings of KMSAN, just how it manages to instrument every memory access and catch memory safety errors and give you surprisingly helpful error messages, and the challenges of truly making it work across multiple architectures.