KMSAN Patches For The Linux Kernel Updated For Catching Uninitialized Memory Problems

One of the Linux patch series that has been in the works for years in conjunction with Clang compiler side changes and already being responsible for exposing hundreds of kernel bugs is the KernelMemorySanitizer (KMSAN). Sent out today was the latest patch series working on the kernel infrastructure for catching uninitialized memory issues.

KernelMemorySanitizer is for finding errors around uninitialized memory usage and relies on compile-time LLVM/Clang instrumentation. The Clang KMSAN code dates back to 2018 and over the past few years has been several patch series for the KMSAN kernel infrastructure.

Google's Alexander Potapenko today sent out the latest patch series for that kernel infrastructure. Even for not being mainlined yet, KMSAN has been able to uncover hundreds of legitimate kernel issues. Potapenko noted, "KMSAN has reported more than 300 bugs in the past few years, most of them with the help of syzkaller. Such bugs keep getting introduced into the kernel despite new compiler warnings and other analyses (the 5.16 cycle already resulted in several KMSAN-reported bugs). Mitigations like total stack and heap initialization are unfortunately very far from being deployable. The proposed patchset contains KMSAN runtime implementation together with small changes to other subsystems needed to make KMSAN work."

Recently uncovered bugs by KMSAN can be found on syzbot for those interested.

The kernel infrastructure currently consists of more than four thousand lines of new code. Those interested in learning more about the latest KMSAN work can do so via the kernel mailing list.

There is also this 2020 presentation (PDF) by Alexander Potapenko on the KernelMemorySanitizer.