GWP-ASan and KFENCE

GWP-ASan and KFENCE are probabilistic memory detection tools for userspace and the kernel, respectively. When enabled, a small number of allocations are guarded with additional memory pages that surround the allocated memory. This allows detecting buffer overflows and use-after-frees at a negligible performance overhead. Even with a small sample rate for the guarded allocations, when deployed at scale they can effectively detect memory safety bugs. Since their introduction these tools have helped identify numerous platform bugs and have proved to be a valuable tool for improving stability and security. We encourage vendors to enable them and to closely monitor the bugs detected on end user devices.

Developers should check the presence of crashes by checking /data/tombstones, logcat or by monitoring the vendor DropboxManager pipeline for end user bugs.

For more information see our docs on debugging Android native code.

Debugging Native Android Platform Code

GWP-ASan for detecting userspace memory safety bugs

GWP-ASan was introduced in Android 11 for userspace heap allocations. When GWP-ASan detects a bug, it records a crash report with Cause: [GWP-ASan]: and terminates the process. The bug reports contain additional allocation and deallocation information that make it easier to identify the root cause.

GWP-ASan is randomly enabled, at start-up, for 1% of system processes or apps and for applications that set the android:gwpAsanMode in their AndroidManifest.xml file.

GWP-ASan

KFENCE for detecting kernel memory safety bugs

Android 12 introduced KFENCE for kernel heap allocations. When KFENCE detects a bug, it records a crash report starting with BUG: KFENCE, disables the guard pages and continues execution. This enables a kernel bug detection mechanism that minimally impacts the user experience.

To learn more about KFENCE see the documentation available at https://www.kernel.org