Documentation/dev-tools/kmsan.rst

95 incorrect shadow/origin values, likely leading to false positives. Functions
160 Origin tracking
163 Every four bytes of kernel memory also have a so-called origin mapped to them.
164 This origin describes the point in program execution at which the uninitialized
165 value was created. Every origin is associated with either the full allocation
169 When an uninitialized variable is allocated on stack or heap, a new origin
170 value is created, and that variable's origin is filled with that value. When a
171 value is read from memory, its origin is also read and kept together with the
172 shadow. For every instruction that takes one or more values, the origin of the
174 If a poisoned value is written into memory, its origin is written to the
183 In this case the origin of ``b`` is generated upon function entry, and is
184 stored to the origin of ``c`` right before the addition result is written into
187 Several variables may share the same origin address, if they are stored in the
189 origin for all of them. We have to sacrifice precision in this case, because
205 0xffff0000, and the origin of the result would be the origin of ``b``.
206 ``ret.s[0]`` would have the same origin, but it will never be used, because
209 If both function arguments are uninitialized, only the origin of the second
212 Origin chaining
215 To ease debugging, KMSAN creates a new origin for every store of an
216 uninitialized value to memory. The new origin references both its creation stack
217 and the previous origin the value had. This may cause increased memory
218 consumption, so we limit the length of origin chains in the runtime.
230 pair of pointers to the shadow and origin addresses of the given memory::
233     void *shadow, *origin;
243 The compiler makes sure that for every loaded value its shadow and origin
245 origin are also stored using the metadata pointers.
250 A special function is used to create a new origin value for a local variable and
251 set the origin of that variable to that value::
299 initialized or copied, making sure shadow and origin values are copied alongside
312   void __msan_warning(u32 origin)
373 origin pages::
377     struct page *shadow, *origin;
381 At boot-time, the kernel allocates shadow and origin pages for every available
386 This means that in general for two contiguous memory pages their shadow/origin
388 boundary of a memory block, accesses to shadow/origin memory may potentially
399 pages with non-contiguous metadata, it returns pointers to fake shadow/origin regions::
408 range, its shadow and origin. KMSAN reduces the vmalloc area by 3/4, making only
416 shadow and origin pages are similarly mapped into contiguous regions.