Slides for "Sanitizing the Linux kernel: On KASAN and other Dynamic Bug-finding Tools", the talk I just gave at Linux Security Summit Europe 2022.
Covers:
🐧 Generic KASAN implementation
🔥 Other Sanitizers
🗡 Extending KASAN and KMSAN to find more bugs
docs.google.com/presentation/d
Conversation
Replying to
Hey, this is great thanks! Am I right in thinking that building a kernel with K*SAN enabled will generally catch buggy kernel module and device driver code too?
1
1
Replying to
I’ve also been experimenting with kcov enabled kernels/syzkaller recently. I’m assuming that for proprietary kernel modules that I’m not building in tree… that kcov is still successful in keeping track of the basic blocks that are covered during a syscall into those. Am I right?
1
No, I don’t think it works. Reading more into github.com/google/syzkall, disassembly should be strewn with ‘callq <addr> <__sanitizer_cov_trace_pc>’
1
1
Show replies