lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Thu, 10 Jul 2014 17:59:47 +0400
From:	Andrey Ryabinin <>
To:	Vegard Nossum <>,
	Andi Kleen <>
Cc:	Dave Hansen <>,
	LKML <>,
	Dmitry Vyukov <>,
	Konstantin Serebryany <>,
	Alexey Preobrazhensky <>,
	Andrey Konovalov <>,
	Yuri Gribov <>,
	Konstantin Khlebnikov <>,
	Sasha Levin <>,
	Michal Marek <>,
	Russell King <>,
	Thomas Gleixner <>,
	Ingo Molnar <>,
	Christoph Lameter <>,
	Pekka Enberg <>,
	David Rientjes <>,
	Joonsoo Kim <>,
	Andrew Morton <>,
	kbuild <>,,
	x86 maintainers <>,
	Linux Memory Management List <>
Subject: Re: [RFC/PATCH RESEND -next 00/21] Address sanitizer for kernel
 (kasan) - dynamic memory error detector.

On 07/10/14 01:59, Vegard Nossum wrote:
> On 9 July 2014 23:44, Andi Kleen <> wrote:
>> Dave Hansen <> writes:
>>> You're also claiming that "KASAN is better than all of
>> better as in finding more bugs, but surely not better as in
>> "do so with less overhead"
>>> CONFIG_DEBUG_PAGEALLOC".  So should we just disallow (or hide)
>>> DEBUG_PAGEALLOC on kernels where KASAN is available?
>> I don't think DEBUG_PAGEALLOC/SLUB debug and kasan really conflict.
>> DEBUG_PAGEALLOC/SLUB is "much lower overhead but less bugs found".
>> KASAN is "slow but thorough" There are niches for both.
>> But I could see KASAN eventually deprecating kmemcheck, which
>> is just incredible slow.
> FWIW, I definitely agree with this -- if KASAN can do everything that
> kmemcheck can, it is no doubt the right way forward.

AFAIK kmemcheck could catch reads of uninitialized memory.
KASAN can't do it now, but It should be possible to implementation.
There is such tool for userspace -

However detection of reads of uninitialized  memory will require a different
shadow encoding. Therefore I think it would be better to make it as a separate feature, incompatible with kasan.

> Vegard

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
More majordomo info at
Please read the FAQ at

Powered by blists - more mailing lists