GWP-ASan and KFENCE are probabilistic memory detection tools for userspace and the kernel, respectively. When enabled, a small number of allocations are guarded with additional memory pages that surround the allocated memory. This allows detecting buffer overflows and use-after-frees at a negligible performance overhead. Even with a small sample rate for the guarded allocations, when deployed at scale they can effectively detect memory safety bugs. Since their introduction these tools have helped identify numerous platform bugs and have proved to be a valuable tool for improving stability and security. We encourage vendors to enable them and to closely monitor the bugs detected on end user devices.
Developers should check the presence of crashes by checking
/data/tombstones
, logcat
or by monitoring the vendor
DropboxManager
pipeline for end user bugs.
For more information see our docs on debugging Android native code.
Debugging Native Android Platform CodeGWP-ASan for detecting userspace memory safety bugs
GWP-ASan was introduced in Android 11 for userspace
heap allocations. When GWP-ASan detects a bug, it records a crash report with
Cause: [GWP-ASan]:
and terminates the process. The bug reports
contain additional allocation and deallocation information that make it easier
to identify the root cause.
GWP-ASan is randomly enabled, at start-up, for 1% of system processes or
apps and for applications that set the android:gwpAsanMode
in their
AndroidManifest.xml
file.
KFENCE for detecting kernel memory safety bugs
Android 12 introduced KFENCE for kernel heap
allocations. When KFENCE detects a bug, it records a crash report starting
with BUG: KFENCE,
disables the guard pages and continues execution.
This enables a kernel bug detection mechanism that minimally impacts the user
experience.
To learn more about KFENCE see the documentation available at https://www.kernel.org