From: andrey.konovalov@linux.dev To: Andrew Morton <akpm@linux-foundation.org> Cc: Andrey Konovalov <andreyknvl@gmail.com>, Marco Elver <elver@google.com>, Alexander Potapenko <glider@google.com>, Dmitry Vyukov <dvyukov@google.com>, Andrey Ryabinin <ryabinin.a.a@gmail.com>, kasan-dev@googlegroups.com, linux-mm@kvack.org, Vincenzo Frascino <vincenzo.frascino@arm.com>, Catalin Marinas <catalin.marinas@arm.com>, Will Deacon <will@kernel.org>, Mark Rutland <mark.rutland@arm.com>, linux-arm-kernel@lists.infradead.org, Peter Collingbourne <pcc@google.com>, Evgenii Stepanov <eugenis@google.com>, linux-kernel@vger.kernel.org, Andrey Konovalov <andreyknvl@google.com> Subject: [PATCH v6 38/39] kasan: documentation updates Date: Mon, 24 Jan 2022 19:05:12 +0100 [thread overview] Message-ID: <a61189128fa3f9fbcfd9884ff653d401864b8e74.1643047180.git.andreyknvl@google.com> (raw) In-Reply-To: <cover.1643047180.git.andreyknvl@google.com> From: Andrey Konovalov <andreyknvl@google.com> Update KASAN documentation: - Bump Clang version requirement for HW_TAGS as ARM64_MTE depends on AS_HAS_LSE_ATOMICS as of commit 2decad92f4731 ("arm64: mte: Ensure TIF_MTE_ASYNC_FAULT is set atomically"), which requires Clang 12. - Add description of the new kasan.vmalloc command line flag. - Mention that SW_TAGS and HW_TAGS modes now support vmalloc tagging. - Explicitly say that the "Shadow memory" section is only applicable to software KASAN modes. - Mention that shadow-based KASAN_VMALLOC is supported on arm64. Signed-off-by: Andrey Konovalov <andreyknvl@google.com> --- Documentation/dev-tools/kasan.rst | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/Documentation/dev-tools/kasan.rst b/Documentation/dev-tools/kasan.rst index 8089c559d339..7614a1fc30fa 100644 --- a/Documentation/dev-tools/kasan.rst +++ b/Documentation/dev-tools/kasan.rst @@ -30,7 +30,7 @@ Software tag-based KASAN mode is only supported in Clang. The hardware KASAN mode (#3) relies on hardware to perform the checks but still requires a compiler version that supports memory tagging instructions. -This mode is supported in GCC 10+ and Clang 11+. +This mode is supported in GCC 10+ and Clang 12+. Both software KASAN modes work with SLUB and SLAB memory allocators, while the hardware tag-based KASAN currently only supports SLUB. @@ -206,6 +206,9 @@ additional boot parameters that allow disabling KASAN or controlling features: Asymmetric mode: a bad access is detected synchronously on reads and asynchronously on writes. +- ``kasan.vmalloc=off`` or ``=on`` disables or enables tagging of vmalloc + allocations (default: ``on``). + - ``kasan.stacktrace=off`` or ``=on`` disables or enables alloc and free stack traces collection (default: ``on``). @@ -279,8 +282,8 @@ Software tag-based KASAN uses 0xFF as a match-all pointer tag (accesses through pointers with the 0xFF pointer tag are not checked). The value 0xFE is currently reserved to tag freed memory regions. -Software tag-based KASAN currently only supports tagging of slab and page_alloc -memory. +Software tag-based KASAN currently only supports tagging of slab, page_alloc, +and vmalloc memory. Hardware tag-based KASAN ~~~~~~~~~~~~~~~~~~~~~~~~ @@ -303,8 +306,8 @@ Hardware tag-based KASAN uses 0xFF as a match-all pointer tag (accesses through pointers with the 0xFF pointer tag are not checked). The value 0xFE is currently reserved to tag freed memory regions. -Hardware tag-based KASAN currently only supports tagging of slab and page_alloc -memory. +Hardware tag-based KASAN currently only supports tagging of slab, page_alloc, +and VM_ALLOC-based vmalloc memory. If the hardware does not support MTE (pre ARMv8.5), hardware tag-based KASAN will not be enabled. In this case, all KASAN boot parameters are ignored. @@ -319,6 +322,8 @@ checking gets disabled. Shadow memory ------------- +The contents of this section are only applicable to software KASAN modes. + The kernel maps memory in several different parts of the address space. The range of kernel virtual addresses is large: there is not enough real memory to support a real shadow region for every address that could be @@ -349,7 +354,7 @@ CONFIG_KASAN_VMALLOC With ``CONFIG_KASAN_VMALLOC``, KASAN can cover vmalloc space at the cost of greater memory usage. Currently, this is supported on x86, -riscv, s390, and powerpc. +arm64, riscv, s390, and powerpc. This works by hooking into vmalloc and vmap and dynamically allocating real shadow memory to back the mappings. -- 2.25.1
WARNING: multiple messages have this Message-ID (diff)
From: andrey.konovalov@linux.dev To: Andrew Morton <akpm@linux-foundation.org> Cc: Andrey Konovalov <andreyknvl@gmail.com>, Marco Elver <elver@google.com>, Alexander Potapenko <glider@google.com>, Dmitry Vyukov <dvyukov@google.com>, Andrey Ryabinin <ryabinin.a.a@gmail.com>, kasan-dev@googlegroups.com, linux-mm@kvack.org, Vincenzo Frascino <vincenzo.frascino@arm.com>, Catalin Marinas <catalin.marinas@arm.com>, Will Deacon <will@kernel.org>, Mark Rutland <mark.rutland@arm.com>, linux-arm-kernel@lists.infradead.org, Peter Collingbourne <pcc@google.com>, Evgenii Stepanov <eugenis@google.com>, linux-kernel@vger.kernel.org, Andrey Konovalov <andreyknvl@google.com> Subject: [PATCH v6 38/39] kasan: documentation updates Date: Mon, 24 Jan 2022 19:05:12 +0100 [thread overview] Message-ID: <a61189128fa3f9fbcfd9884ff653d401864b8e74.1643047180.git.andreyknvl@google.com> (raw) In-Reply-To: <cover.1643047180.git.andreyknvl@google.com> From: Andrey Konovalov <andreyknvl@google.com> Update KASAN documentation: - Bump Clang version requirement for HW_TAGS as ARM64_MTE depends on AS_HAS_LSE_ATOMICS as of commit 2decad92f4731 ("arm64: mte: Ensure TIF_MTE_ASYNC_FAULT is set atomically"), which requires Clang 12. - Add description of the new kasan.vmalloc command line flag. - Mention that SW_TAGS and HW_TAGS modes now support vmalloc tagging. - Explicitly say that the "Shadow memory" section is only applicable to software KASAN modes. - Mention that shadow-based KASAN_VMALLOC is supported on arm64. Signed-off-by: Andrey Konovalov <andreyknvl@google.com> --- Documentation/dev-tools/kasan.rst | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/Documentation/dev-tools/kasan.rst b/Documentation/dev-tools/kasan.rst index 8089c559d339..7614a1fc30fa 100644 --- a/Documentation/dev-tools/kasan.rst +++ b/Documentation/dev-tools/kasan.rst @@ -30,7 +30,7 @@ Software tag-based KASAN mode is only supported in Clang. The hardware KASAN mode (#3) relies on hardware to perform the checks but still requires a compiler version that supports memory tagging instructions. -This mode is supported in GCC 10+ and Clang 11+. +This mode is supported in GCC 10+ and Clang 12+. Both software KASAN modes work with SLUB and SLAB memory allocators, while the hardware tag-based KASAN currently only supports SLUB. @@ -206,6 +206,9 @@ additional boot parameters that allow disabling KASAN or controlling features: Asymmetric mode: a bad access is detected synchronously on reads and asynchronously on writes. +- ``kasan.vmalloc=off`` or ``=on`` disables or enables tagging of vmalloc + allocations (default: ``on``). + - ``kasan.stacktrace=off`` or ``=on`` disables or enables alloc and free stack traces collection (default: ``on``). @@ -279,8 +282,8 @@ Software tag-based KASAN uses 0xFF as a match-all pointer tag (accesses through pointers with the 0xFF pointer tag are not checked). The value 0xFE is currently reserved to tag freed memory regions. -Software tag-based KASAN currently only supports tagging of slab and page_alloc -memory. +Software tag-based KASAN currently only supports tagging of slab, page_alloc, +and vmalloc memory. Hardware tag-based KASAN ~~~~~~~~~~~~~~~~~~~~~~~~ @@ -303,8 +306,8 @@ Hardware tag-based KASAN uses 0xFF as a match-all pointer tag (accesses through pointers with the 0xFF pointer tag are not checked). The value 0xFE is currently reserved to tag freed memory regions. -Hardware tag-based KASAN currently only supports tagging of slab and page_alloc -memory. +Hardware tag-based KASAN currently only supports tagging of slab, page_alloc, +and VM_ALLOC-based vmalloc memory. If the hardware does not support MTE (pre ARMv8.5), hardware tag-based KASAN will not be enabled. In this case, all KASAN boot parameters are ignored. @@ -319,6 +322,8 @@ checking gets disabled. Shadow memory ------------- +The contents of this section are only applicable to software KASAN modes. + The kernel maps memory in several different parts of the address space. The range of kernel virtual addresses is large: there is not enough real memory to support a real shadow region for every address that could be @@ -349,7 +354,7 @@ CONFIG_KASAN_VMALLOC With ``CONFIG_KASAN_VMALLOC``, KASAN can cover vmalloc space at the cost of greater memory usage. Currently, this is supported on x86, -riscv, s390, and powerpc. +arm64, riscv, s390, and powerpc. This works by hooking into vmalloc and vmap and dynamically allocating real shadow memory to back the mappings. -- 2.25.1 _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2022-01-24 18:08 UTC|newest] Thread overview: 113+ messages / expand[flat|nested] mbox.gz Atom feed top 2022-01-24 18:02 [PATCH v6 00/39] kasan, vmalloc, arm64: add vmalloc tagging support for SW/HW_TAGS andrey.konovalov 2022-01-24 18:02 ` andrey.konovalov 2022-01-24 18:02 ` [PATCH v6 01/39] kasan, page_alloc: deduplicate should_skip_kasan_poison andrey.konovalov 2022-01-24 18:02 ` andrey.konovalov 2022-01-24 18:02 ` [PATCH v6 02/39] kasan, page_alloc: move tag_clear_highpage out of kernel_init_free_pages andrey.konovalov 2022-01-24 18:02 ` andrey.konovalov 2022-01-24 18:02 ` [PATCH v6 03/39] kasan, page_alloc: merge kasan_free_pages into free_pages_prepare andrey.konovalov 2022-01-24 18:02 ` andrey.konovalov 2022-01-24 18:02 ` [PATCH v6 04/39] kasan, page_alloc: simplify kasan_poison_pages call site andrey.konovalov 2022-01-24 18:02 ` andrey.konovalov 2022-01-24 18:02 ` [PATCH v6 05/39] kasan, page_alloc: init memory of skipped pages on free andrey.konovalov 2022-01-24 18:02 ` andrey.konovalov 2022-01-24 18:02 ` [PATCH v6 06/39] kasan: drop skip_kasan_poison variable in free_pages_prepare andrey.konovalov 2022-01-24 18:02 ` andrey.konovalov 2022-01-24 18:02 ` [PATCH v6 07/39] mm: clarify __GFP_ZEROTAGS comment andrey.konovalov 2022-01-24 18:02 ` andrey.konovalov 2022-01-24 18:02 ` [PATCH v6 08/39] kasan: only apply __GFP_ZEROTAGS when memory is zeroed andrey.konovalov 2022-01-24 18:02 ` andrey.konovalov 2022-01-24 18:02 ` [PATCH v6 09/39] kasan, page_alloc: refactor init checks in post_alloc_hook andrey.konovalov 2022-01-24 18:02 ` andrey.konovalov 2022-01-24 18:02 ` [PATCH v6 10/39] kasan, page_alloc: merge kasan_alloc_pages into post_alloc_hook andrey.konovalov 2022-01-24 18:02 ` andrey.konovalov 2022-01-24 18:02 ` [PATCH v6 11/39] kasan, page_alloc: combine tag_clear_highpage calls in post_alloc_hook andrey.konovalov 2022-01-24 18:02 ` andrey.konovalov 2022-01-24 18:02 ` [PATCH v6 12/39] kasan, page_alloc: move SetPageSkipKASanPoison " andrey.konovalov 2022-01-24 18:02 ` andrey.konovalov 2022-01-24 18:02 ` [PATCH v6 13/39] kasan, page_alloc: move kernel_init_free_pages " andrey.konovalov 2022-01-24 18:02 ` andrey.konovalov 2022-01-24 18:02 ` [PATCH v6 14/39] kasan, page_alloc: rework kasan_unpoison_pages call site andrey.konovalov 2022-01-24 18:02 ` andrey.konovalov 2022-01-24 18:02 ` [PATCH v6 15/39] kasan: clean up metadata byte definitions andrey.konovalov 2022-01-24 18:02 ` andrey.konovalov 2022-01-24 18:02 ` [PATCH v6 16/39] kasan: define KASAN_VMALLOC_INVALID for SW_TAGS andrey.konovalov 2022-01-24 18:02 ` andrey.konovalov 2022-01-24 18:04 ` [PATCH v6 17/39] kasan, x86, arm64, s390: rename functions for modules shadow andrey.konovalov 2022-01-24 18:04 ` andrey.konovalov 2022-01-24 18:04 ` [PATCH v6 18/39] kasan, vmalloc: drop outdated VM_KASAN comment andrey.konovalov 2022-01-24 18:04 ` andrey.konovalov 2022-01-24 18:04 ` [PATCH v6 19/39] kasan: reorder vmalloc hooks andrey.konovalov 2022-01-24 18:04 ` andrey.konovalov 2022-01-24 18:04 ` [PATCH v6 20/39] kasan: add wrappers for " andrey.konovalov 2022-01-24 18:04 ` andrey.konovalov 2022-01-24 18:04 ` [PATCH v6 21/39] kasan, vmalloc: reset tags in vmalloc functions andrey.konovalov 2022-01-24 18:04 ` andrey.konovalov 2022-01-24 18:04 ` [PATCH v6 22/39] kasan, fork: reset pointer tags of vmapped stacks andrey.konovalov 2022-01-24 18:04 ` andrey.konovalov 2022-01-24 18:04 ` [PATCH v6 23/39] kasan, arm64: " andrey.konovalov 2022-01-24 18:04 ` andrey.konovalov 2022-01-24 18:04 ` [PATCH v6 24/39] kasan, vmalloc: add vmalloc tagging for SW_TAGS andrey.konovalov 2022-01-24 18:04 ` andrey.konovalov 2022-01-24 18:04 ` [PATCH v6 25/39] kasan, vmalloc, arm64: mark vmalloc mappings as pgprot_tagged andrey.konovalov 2022-01-24 18:04 ` andrey.konovalov 2022-01-24 18:05 ` [PATCH v6 26/39] kasan, vmalloc: unpoison VM_ALLOC pages after mapping andrey.konovalov 2022-01-24 18:05 ` andrey.konovalov 2022-01-24 18:05 ` [PATCH v6 27/39] kasan, mm: only define ___GFP_SKIP_KASAN_POISON with HW_TAGS andrey.konovalov 2022-01-24 18:05 ` andrey.konovalov 2022-03-23 11:48 ` Vlastimil Babka 2022-03-23 11:48 ` Vlastimil Babka 2022-03-23 13:02 ` Sebastian Andrzej Siewior 2022-03-23 13:02 ` Sebastian Andrzej Siewior 2022-03-23 13:19 ` Vlastimil Babka 2022-03-23 13:19 ` Vlastimil Babka 2022-03-23 13:36 ` Andrey Konovalov 2022-03-23 13:36 ` Andrey Konovalov 2022-03-23 13:57 ` Vlastimil Babka 2022-03-23 13:57 ` Vlastimil Babka 2022-03-23 15:11 ` Matthew Wilcox 2022-03-23 15:11 ` Matthew Wilcox 2022-03-25 21:13 ` Andrew Morton 2022-03-25 21:13 ` Andrew Morton 2022-01-24 18:05 ` [PATCH v6 28/39] kasan, page_alloc: allow skipping unpoisoning for HW_TAGS andrey.konovalov 2022-01-24 18:05 ` andrey.konovalov 2022-01-24 18:05 ` [PATCH v6 29/39] kasan, page_alloc: allow skipping memory init " andrey.konovalov 2022-01-24 18:05 ` andrey.konovalov 2022-01-24 18:05 ` [PATCH v6 30/39] kasan, vmalloc: add vmalloc tagging " andrey.konovalov 2022-01-24 18:05 ` andrey.konovalov 2022-01-25 3:17 ` kernel test robot 2022-01-24 18:05 ` [PATCH v6 31/39] kasan, vmalloc: only tag normal vmalloc allocations andrey.konovalov 2022-01-24 18:05 ` andrey.konovalov 2022-01-25 4:19 ` kernel test robot 2022-01-25 7:56 ` kernel test robot 2022-03-08 15:17 ` Vasily Gorbik 2022-03-08 15:17 ` Vasily Gorbik 2022-03-08 15:30 ` Andrey Konovalov 2022-03-08 15:30 ` Andrey Konovalov 2022-03-08 15:48 ` Vasily Gorbik 2022-03-08 15:48 ` Vasily Gorbik 2022-01-24 18:05 ` [PATCH v6 32/39] kasan, arm64: don't tag executable " andrey.konovalov 2022-01-24 18:05 ` andrey.konovalov 2022-01-24 18:05 ` [PATCH v6 33/39] kasan: mark kasan_arg_stacktrace as __initdata andrey.konovalov 2022-01-24 18:05 ` andrey.konovalov 2022-01-24 18:05 ` [PATCH v6 34/39] kasan: clean up feature flags for HW_TAGS mode andrey.konovalov 2022-01-24 18:05 ` andrey.konovalov 2022-01-24 18:05 ` [PATCH v6 35/39] kasan: add kasan.vmalloc command line flag andrey.konovalov 2022-01-24 18:05 ` andrey.konovalov 2022-01-24 18:05 ` [PATCH v6 36/39] kasan: allow enabling KASAN_VMALLOC and SW/HW_TAGS andrey.konovalov 2022-01-24 18:05 ` andrey.konovalov 2022-01-24 18:05 ` [PATCH v6 37/39] arm64: select KASAN_VMALLOC for SW/HW_TAGS modes andrey.konovalov 2022-01-24 18:05 ` andrey.konovalov 2022-01-24 18:05 ` andrey.konovalov [this message] 2022-01-24 18:05 ` [PATCH v6 38/39] kasan: documentation updates andrey.konovalov 2022-01-24 18:05 ` [PATCH v6 39/39] kasan: improve vmalloc tests andrey.konovalov 2022-01-24 18:05 ` andrey.konovalov 2022-01-24 18:09 ` [PATCH v6 00/39] kasan, vmalloc, arm64: add vmalloc tagging support for SW/HW_TAGS Marco Elver 2022-01-24 18:09 ` Marco Elver 2022-01-24 18:32 ` Andrey Konovalov 2022-01-24 18:32 ` Andrey Konovalov 2022-04-28 14:13 ` Qian Cai 2022-04-28 14:13 ` Qian Cai 2022-04-28 15:28 ` Andrey Konovalov 2022-04-28 15:28 ` Andrey Konovalov 2022-04-28 16:12 ` Qian Cai 2022-04-28 16:12 ` Qian Cai
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=a61189128fa3f9fbcfd9884ff653d401864b8e74.1643047180.git.andreyknvl@google.com \ --to=andrey.konovalov@linux.dev \ --cc=akpm@linux-foundation.org \ --cc=andreyknvl@gmail.com \ --cc=andreyknvl@google.com \ --cc=catalin.marinas@arm.com \ --cc=dvyukov@google.com \ --cc=elver@google.com \ --cc=eugenis@google.com \ --cc=glider@google.com \ --cc=kasan-dev@googlegroups.com \ --cc=linux-arm-kernel@lists.infradead.org \ --cc=linux-kernel@vger.kernel.org \ --cc=linux-mm@kvack.org \ --cc=mark.rutland@arm.com \ --cc=pcc@google.com \ --cc=ryabinin.a.a@gmail.com \ --cc=vincenzo.frascino@arm.com \ --cc=will@kernel.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.