mm/kmsan/core.c
Source file repositories/reference/linux-study-clean/mm/kmsan/core.c
File Facts
- System
- Linux kernel
- Corpus path
mm/kmsan/core.c- Extension
.c- Size
- 11124 bytes
- Lines
- 388
- Domain
- Core OS
- Bucket
- Memory Management
- Inferred role
- Core OS: implementation source
- Status
- source implementation candidate
Why This File Exists
Core operating-system implementation surface: boot, tasks, memory, VFS, syscall-facing interfaces, synchronization, credentials, and isolation.
- Core operating-system implementation surface: boot, tasks, memory, VFS, syscall-facing interfaces, synchronization, credentials, and isolation.
- Allocates kernel memory; connect allocation flags and lifetime to context constraints.
- Defines or uses C structs; map object ownership, embedded links, reference counts, and lock ownership.
Dependency Surface
asm/page.hlinux/compiler.hlinux/export.hlinux/highmem.hlinux/interrupt.hlinux/kernel.hlinux/kmsan_types.hlinux/memory.hlinux/mm.hlinux/mm_types.hlinux/mmzone.hlinux/percpu-defs.hlinux/preempt.hlinux/slab.hlinux/stackdepot.hlinux/stacktrace.hlinux/types.hlinux/vmalloc.h../slab.hkmsan.h
Detected Declarations
function kmsan_internal_task_createfunction kmsan_internal_poison_memoryfunction kmsan_internal_unpoison_memoryfunction kmsan_save_stack_with_flagsfunction kmsan_internal_memmove_metadatafunction kmsan_internal_chain_originfunction kmsan_internal_set_shadow_originfunction kmsan_metadata_is_contiguousfunction kmsan_internal_check_memoryfunction kmsan_metadata_is_contiguous
Annotated Snippet
if (!shadow_src[iter]) {
shadow_dst[iter] = 0;
if (!align_shadow_dst[oiter_dst])
origin_dst[oiter_dst] = 0;
continue;
}
shadow_dst[iter] = shadow_src[iter];
old_origin = origin_src[oiter_src];
if (old_origin == prev_old_origin)
new_origin = prev_new_origin;
else {
/*
* kmsan_internal_chain_origin() may return
* NULL, but we don't want to lose the previous
* origin value.
*/
new_origin = kmsan_internal_chain_origin(old_origin);
if (!new_origin)
new_origin = old_origin;
}
origin_dst[oiter_dst] = new_origin;
prev_new_origin = new_origin;
prev_old_origin = old_origin;
}
}
depot_stack_handle_t kmsan_internal_chain_origin(depot_stack_handle_t id)
{
unsigned long entries[3];
u32 extra_bits;
int depth;
bool uaf;
depot_stack_handle_t handle;
if (!id)
return id;
/*
* Make sure we have enough spare bits in @id to hold the UAF bit and
* the chain depth.
*/
BUILD_BUG_ON((1 << STACK_DEPOT_EXTRA_BITS) <=
(KMSAN_MAX_ORIGIN_DEPTH << 1));
extra_bits = stack_depot_get_extra_bits(id);
depth = kmsan_depth_from_eb(extra_bits);
uaf = kmsan_uaf_from_eb(extra_bits);
/*
* Stop chaining origins once the depth reached KMSAN_MAX_ORIGIN_DEPTH.
* This mostly happens in the case structures with uninitialized padding
* are copied around many times. Origin chains for such structures are
* usually periodic, and it does not make sense to fully store them.
*/
if (depth == KMSAN_MAX_ORIGIN_DEPTH)
return id;
depth++;
extra_bits = kmsan_extra_bits(depth, uaf);
entries[0] = KMSAN_CHAIN_MAGIC_ORIGIN;
entries[1] = kmsan_save_stack_with_flags(__GFP_HIGH, 0);
entries[2] = id;
/*
* @entries is a local var in non-instrumented code, so KMSAN does not
* know it is initialized. Explicitly unpoison it to avoid false
* positives when stack_depot_save() passes it to instrumented code.
*/
kmsan_internal_unpoison_memory(entries, sizeof(entries), false);
handle = stack_depot_save(entries, ARRAY_SIZE(entries), __GFP_HIGH);
return stack_depot_set_extra_bits(handle, extra_bits);
}
void kmsan_internal_set_shadow_origin(void *addr, size_t size, int b,
u32 origin, bool checked)
{
u64 address = (u64)addr;
void *shadow_start;
u32 *aligned_shadow, *origin_start;
size_t pad = 0;
KMSAN_WARN_ON(!kmsan_metadata_is_contiguous(addr, size));
shadow_start = kmsan_get_metadata(addr, KMSAN_META_SHADOW);
if (!shadow_start) {
/*
* kmsan_metadata_is_contiguous() is true, so either all shadow
* and origin pages are NULL, or all are non-NULL.
*/
if (checked) {
pr_err("%s: not memsetting %ld bytes starting at %px, because the shadow is NULL\n",
__func__, size, addr);
Annotation
- Immediate include surface: `asm/page.h`, `linux/compiler.h`, `linux/export.h`, `linux/highmem.h`, `linux/interrupt.h`, `linux/kernel.h`, `linux/kmsan_types.h`, `linux/memory.h`.
- Detected declarations: `function kmsan_internal_task_create`, `function kmsan_internal_poison_memory`, `function kmsan_internal_unpoison_memory`, `function kmsan_save_stack_with_flags`, `function kmsan_internal_memmove_metadata`, `function kmsan_internal_chain_origin`, `function kmsan_internal_set_shadow_origin`, `function kmsan_metadata_is_contiguous`, `function kmsan_internal_check_memory`, `function kmsan_metadata_is_contiguous`.
- Atlas domain: Core OS / Memory Management.
- Implementation status: source implementation candidate.
Implementation Notes
- This generated page is the file-by-file coverage layer; curated subsystem chapters should link here when they synthesize a multi-file control flow.
- Core OS pages should be promoted from atlas-only to deep-reviewed when they explain data structures, invariants, locking, lifecycle, and C implementation snippets.
- Driver-family pages are intentionally pattern-oriented unless they are part of the selected PCIe/NVMe representative device path.