Re: [PATCH v6 00/11] Kernel address sanitizer - runtime memory debugger.

From: Sasha Levin
Date: Tue Nov 18 2014 - 16:10:57 EST


On 11/18/2014 03:58 PM, Andrew Morton wrote:
> On Tue, 11 Nov 2014 10:21:42 +0300 Andrey Ryabinin <a.ryabinin@xxxxxxxxxxx> wrote:
>
>> Hi Andrew,
>>
>> Now we have stable GCC(4.9.2) which supports kasan and from my point of view patchset is ready for merging.
>> I could have sent v7 (it's just rebased v6), but I see no point in doing that and bothering people,
>> unless you are ready to take it.
>
> It's a huge pile of tricky code we'll need to maintain. To justify its
> inclusion I think we need to be confident that kasan will find a
> significant number of significant bugs that
> kmemcheck/debug_pagealloc/slub_debug failed to detect.
>
> How do we get that confidence? I've seen a small number of
> minorish-looking kasan-detected bug reports go past, maybe six or so.
> That's in a 20-year-old code base, so one new minor bug discovered per
> three years? Not worth it!

It's worth noting here that not all bugs discovered by kasan belong to
the -mm tree. Bugs which are more severe, such as:

http://openwall.com/lists/oss-security/2014/07/17/1

Are the result of fuzzing with kasan. So while it's indeed not a huge number,
it's way more than 6 and not only minor issues.


Thanks,
Sasha
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/