Go to main content

Securing Systems and Attached Devices in Oracle® Solaris 11.4

Exit Print View

Updated: February 2020
 
 

KADI for Kernel Debugging on ADI Systems

KADI is designed for use on test and development systems only. KADI catches memory corruption in the kernel heap on SPARC systems that implement Application Data Integrity (ADI). KADI provides protection against buffer overflows, use-after-frees, use-after-reallocs, and double frees. Because it may decrease system stability, do not enable KADI on production systems.

KADI is suitable for developers of device drivers and other kernel modules for use on the following SPARC servers:

  • SPARC M7
  • SPARC M8
  • SPARC S7
  • SPARC T7
  • SPARC T8

KADI is enabled on debug kernels. To enable it for developers on non-debug kernels, run the following command:

$ sxadm enable kadi

You must reboot the Oracle Solaris system for the change to take effect.

To check the status of KADI on a system, type sxadm status. For example:

$ sxadm status
EXTENSION           STATUS                        FLAGS
adiheap             enabled (tagged-files)        u-c--
adistack            enabled (tagged-files)        u-c--
aslr                enabled (tagged-files)        u-c--
hw_bti              enabled                       ---r-
hw_ssb              not supported                 -----
kadi                disabled                      -kcr-
kpti                enabled                       -----
mds_no              enabled                       -----
nxheap              enabled (tagged-files)        u-c--
nxstack             enabled (all)                 u-c--
rdcl_no             enabled                       -----

For more information, see Using KADI in Writing Device Drivers in Oracle Solaris 11.4 and the sxadm(8) man page.