Sanitizing the Linux Kernel — On KASAN and other Dynamic Bug-finding Tools

The presentation discusses the importance of bug detectors in cybersecurity and DevOps, and how to extend existing sanitizers or build custom detectors.

• Bug detectors are crucial in cybersecurity and DevOps
• Existing sanitizers can be extended or custom detectors can be built
• Inter-object overflow is a difficult problem to solve
• Compiler instrumentation approach is a useful tool for building custom detectors

The presenter mentions the possibility of building detectors for different kinds of logical bugs, such as missing tlb flashes, and taking inspiration from existing sanitizers, such as the compiler instrumentation approach.

The go-to tools for detecting bugs in the Linux kernel are the Sanitizers. Most notably — Kernel Address Sanitizer (KASAN). KASAN detects memory safety issues: out-of-bounds and use-after-free bugs in slab, page_alloc, vmalloc, stack, and global memory. The speaker will talk about KASAN's implementation and practical usage and will also briefly cover other Sanitizers.