From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=Ki9e=ES=kvack.org=owner-linux-mm@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-11.3 required=3.0 tests=BAYES_00,DKIMWL_WL_MED,
	DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,
	MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_IN_DEF_DKIM_WL
	autolearn=no autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 6D6C5C2D0A3
	for <linux-mm@archiver.kernel.org>; Thu, 12 Nov 2020 11:54:13 +0000 (UTC)
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.kernel.org (Postfix) with ESMTP id C79EB2220B
	for <linux-mm@archiver.kernel.org>; Thu, 12 Nov 2020 11:54:12 +0000 (UTC)
Authentication-Results: mail.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="qyNRVH7u"
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org C79EB2220B
Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix)
	id 9EBC56B005D; Thu, 12 Nov 2020 06:54:11 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 99C496B006C; Thu, 12 Nov 2020 06:54:11 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 864486B006E; Thu, 12 Nov 2020 06:54:11 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0063.hostedemail.com [216.40.44.63])
	by kanga.kvack.org (Postfix) with ESMTP id 5A0D86B005D
	for <linux-mm@kvack.org>; Thu, 12 Nov 2020 06:54:11 -0500 (EST)
Received: from smtpin26.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251])
	by forelay02.hostedemail.com (Postfix) with ESMTP id 061843625
	for <linux-mm@kvack.org>; Thu, 12 Nov 2020 11:54:11 +0000 (UTC)
X-FDA: 77475607902.26.rub00_3f0871027306
Received: from filter.hostedemail.com (10.5.16.251.rfc1918.com [10.5.16.251])
	by smtpin26.hostedemail.com (Postfix) with ESMTP id D7CFE1804B65A
	for <linux-mm@kvack.org>; Thu, 12 Nov 2020 11:54:10 +0000 (UTC)
X-HE-Tag: rub00_3f0871027306
X-Filterd-Recvd-Size: 4920
Received: from mail-oi1-f195.google.com (mail-oi1-f195.google.com [209.85.167.195])
	by imf24.hostedemail.com (Postfix) with ESMTP
	for <linux-mm@kvack.org>; Thu, 12 Nov 2020 11:54:10 +0000 (UTC)
Received: by mail-oi1-f195.google.com with SMTP id c80so6071340oib.2
        for <linux-mm@kvack.org>; Thu, 12 Nov 2020 03:54:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=1o9Kbu1VGM16HQ/aEUEXh5dMeJ0YbhrbAtdFyS8sHt8=;
        b=qyNRVH7uRoGzThfKw483bERogXvPswmjZdEz5MJBQOAA8C1JUzh65WV1lhObwodn73
         suo5Yk0UnhRryemiUBMfN6y6/HUGHEHda0SV/CsOo5SR5XONFZ1F5GNNqL5jm4BcKL1B
         8gYZAG9ef4GSkHW4Co/gIBaBefKRGAJpesJ2IH4rX7EQ76gaclcRcNFMOp/zEcZkv3Kq
         yppNW/4xzLclkPK7JYaeDxEtKHHslLCdoJMgyxbuPOAPQr/sDdYtgOQHFcKPBkV8W6LM
         ozxpOka/pOr7VY0UBS3tl5PGcqaJhljMlLL0Okb5srW7n9Xs7ygh024NH1UCzeNuiNnD
         PpMQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=1o9Kbu1VGM16HQ/aEUEXh5dMeJ0YbhrbAtdFyS8sHt8=;
        b=nBX29TVaG4N7/7WAVu0ZdCfWsIo6S4vq2ebeKI4IsaZz+AsWR7UyzGkYNSa+wsB8OT
         mzELho0L4ylS83ALPoBbESFxCmlmmxcTi8jOkXqDz6F44Lm4wYdk0IGIkg+U1q7ayaYg
         ZjpJNpZwPU8oDxXHtl5rhnePkb7Bn5Z6Yb1KvQ+7Nv0dVCUT8Z2Cef+W4ETC2UGiFfIX
         LxUbNfPYA66Ha/19QTlrr9bgkTE7IKn9ynn/iksUjJ1GZThcKiJEqMb+d84nRJjyYNkm
         g2j3iutVEBMxjvPn/F8bt1bkD9/bff4d7kKkjBh26FrxX99YGiAF2KnJ3Bjfjr3KQueM
         w6BA==
X-Gm-Message-State: AOAM533Sc8NVHIrJntr7Jqzx8Ir4mm2BxVGZpv5V9UxG85s/7MhZe0Am
	2LgTqjnn+SarXYxTK+NO0/HOqiPFgUIwS4ikokT9bw==
X-Google-Smtp-Source: ABdhPJzw0WWPF3x4VWyvJ/ZtTENi7KPBKfvDdxy5eksYbb8mHqBCAuDM5Y0bFcDPklnH9Xhdo7Aj5DJw9dg6jSrxzrc=
X-Received: by 2002:aca:a988:: with SMTP id s130mr5397138oie.172.1605182049579;
 Thu, 12 Nov 2020 03:54:09 -0800 (PST)
MIME-Version: 1.0
References: <cover.1605046662.git.andreyknvl@google.com> <fdf9e3aec8f57ebb2795710195f8aaf79e3b45bd.1605046662.git.andreyknvl@google.com>
 <20201112113541.GK29613@gaia>
In-Reply-To: <20201112113541.GK29613@gaia>
From: Marco Elver <elver@google.com>
Date: Thu, 12 Nov 2020 12:53:58 +0100
Message-ID: <CANpmjNMsxME==wFhk=aSaz19iX4Dj8HBXqjhDg5aG_iR-uk7Cg@mail.gmail.com>
Subject: Re: [PATCH v2 11/20] kasan: add and integrate kasan boot parameters
To: Catalin Marinas <catalin.marinas@arm.com>
Cc: Andrey Konovalov <andreyknvl@google.com>, Dmitry Vyukov <dvyukov@google.com>, 
	Alexander Potapenko <glider@google.com>, Will Deacon <will.deacon@arm.com>, 
	Vincenzo Frascino <vincenzo.frascino@arm.com>, Evgenii Stepanov <eugenis@google.com>, 
	Andrey Ryabinin <aryabinin@virtuozzo.com>, Branislav Rankov <Branislav.Rankov@arm.com>, 
	Kevin Brodsky <kevin.brodsky@arm.com>, Andrew Morton <akpm@linux-foundation.org>, 
	kasan-dev <kasan-dev@googlegroups.com>, 
	Linux ARM <linux-arm-kernel@lists.infradead.org>, 
	Linux Memory Management List <linux-mm@kvack.org>, LKML <linux-kernel@vger.kernel.org>
Content-Type: text/plain; charset="UTF-8"
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On Thu, 12 Nov 2020 at 12:35, Catalin Marinas <catalin.marinas@arm.com> wrote:
>
> On Tue, Nov 10, 2020 at 11:20:15PM +0100, Andrey Konovalov wrote:
> > Hardware tag-based KASAN mode is intended to eventually be used in
> > production as a security mitigation. Therefore there's a need for finer
> > control over KASAN features and for an existence of a kill switch.
> >
> > This change adds a few boot parameters for hardware tag-based KASAN that
> > allow to disable or otherwise control particular KASAN features.
> >
> > The features that can be controlled are:
> >
> > 1. Whether KASAN is enabled at all.
> > 2. Whether KASAN collects and saves alloc/free stacks.
> > 3. Whether KASAN panics on a detected bug or not.
> >
> > With this change a new boot parameter kasan.mode allows to choose one of
> > three main modes:
> >
> > - kasan.mode=off - KASAN is disabled, no tag checks are performed
> > - kasan.mode=prod - only essential production features are enabled
> > - kasan.mode=full - all KASAN features are enabled
>
> Alternative naming if we want to avoid "production" (in case someone
> considers MTE to be expensive in a production system):
>
> - kasan.mode=off
> - kasan.mode=on
> - kasan.mode=debug

I believe this was what it was in RFC, and we had a long discussion on
what might be the most intuitive options. Since KASAN is still a
debugging tool for the most part, an "on" mode might imply we get all
the debugging facilities of regular KASAN. However, this is not the
case and misleading. Hence, we decided to be more explicit and avoid
"on".

> Anyway, whatever you prefer is fine by me:
>
> Acked-by: Catalin Marinas <catalin.marinas@arm.com>