| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <450a1fe078b0e07bf2e4f3098c9110c9959c6524.1738686764.git.maciej.wieczor-retman@intel.com>
Date: Tue, 4 Feb 2025 18:33:56 +0100
From: Maciej Wieczor-Retman <maciej.wieczor-retman@...el.com>
To: luto@...nel.org,
xin@...or.com,
kirill.shutemov@...ux.intel.com,
palmer@...belt.com,
tj@...nel.org,
andreyknvl@...il.com,
brgerst@...il.com,
ardb@...nel.org,
dave.hansen@...ux.intel.com,
jgross@...e.com,
will@...nel.org,
akpm@...ux-foundation.org,
arnd@...db.de,
corbet@....net,
maciej.wieczor-retman@...el.com,
dvyukov@...gle.com,
richard.weiyang@...il.com,
ytcoode@...il.com,
tglx@...utronix.de,
hpa@...or.com,
seanjc@...gle.com,
paul.walmsley@...ive.com,
aou@...s.berkeley.edu,
justinstitt@...gle.com,
jason.andryuk@....com,
glider@...gle.com,
ubizjak@...il.com,
jannh@...gle.com,
bhe@...hat.com,
vincenzo.frascino@....com,
rafael.j.wysocki@...el.com,
ndesaulniers@...gle.com,
mingo@...hat.com,
catalin.marinas@....com,
junichi.nomura@....com,
nathan@...nel.org,
ryabinin.a.a@...il.com,
dennis@...nel.org,
bp@...en8.de,
kevinloughlin@...gle.com,
morbo@...gle.com,
dan.j.williams@...el.com,
julian.stecklina@...erus-technology.de,
peterz@...radead.org,
cl@...ux.com,
kees@...nel.org
Cc: kasan-dev@...glegroups.com,
x86@...nel.org,
linux-arm-kernel@...ts.infradead.org,
linux-riscv@...ts.infradead.org,
linux-kernel@...r.kernel.org,
linux-mm@...ck.org,
llvm@...ts.linux.dev,
linux-doc@...r.kernel.org
Subject: [PATCH 15/15] kasan: Add mititgation and debug modes
With smaller memory footprint KASAN could be used in production systems.
One problem is that saving stacktraces slowes memory allocation
substantially - with KASAN enabled up to 90% of time spent on kmalloc()
is spent on saving the stacktrace.
Add mitigation mode to allow the option for running KASAN focused on
performance and security. In mitigation mode disable saving stacktraces
and set fault mode to always panic on KASAN error as a security
mechanism.
Signed-off-by: Maciej Wieczor-Retman <maciej.wieczor-retman@...el.com>
---
lib/Kconfig.kasan | 28 ++++++++++++++++++++++++++++
mm/kasan/report.c | 4 ++++
mm/kasan/tags.c | 5 +++++
3 files changed, 37 insertions(+)
diff --git a/lib/Kconfig.kasan b/lib/Kconfig.kasan
index d08b4e9bf477..6daa62b40dea 100644
--- a/lib/Kconfig.kasan
+++ b/lib/Kconfig.kasan
@@ -244,4 +244,32 @@ config KASAN_SW_TAGS_DENSE
ARCH_HAS_KASAN_SW_TAGS_DENSE is needed for this option since the
special tag macros need to be properly set for 4-bit wide tags.
+choice
+ prompt "KASAN operation mode"
+ default KASAN_OPERATION_DEBUG
+ help
+ Choose between the mitigation or debug operation modes.
+
+ The first one disables stacktrace saving and enables panic on error.
+ Faster memory allocation but less information. The second one is the
+ default where KASAN operates with full functionality.
+
+config KASAN_OPERATION_DEBUG
+ bool "Debug operation mode"
+ depends on KASAN
+ help
+ The default mode. Full functionality and all boot parameters
+ available.
+
+config KASAN_OPERATION_MITIGATION
+ bool "Mitigation operation mode"
+ depends on KASAN
+ help
+ Operation mode dedicated at faster operation at the cost of less
+ information collection. Disables stacktrace saving for faster
+ allocations and forces panic on KASAN error to mitigate malicious
+ attacks.
+
+endchoice
+
endif # KASAN
diff --git a/mm/kasan/report.c b/mm/kasan/report.c
index ee9e406b0cdb..ae989d3bd919 100644
--- a/mm/kasan/report.c
+++ b/mm/kasan/report.c
@@ -47,7 +47,11 @@ enum kasan_arg_fault {
KASAN_ARG_FAULT_PANIC_ON_WRITE,
};
+#ifdef CONFIG_KASAN_OPERATION_MITIGATION
+static enum kasan_arg_fault kasan_arg_fault __ro_after_init = KASAN_ARG_FAULT_PANIC;
+#else
static enum kasan_arg_fault kasan_arg_fault __ro_after_init = KASAN_ARG_FAULT_DEFAULT;
+#endif
/* kasan.fault=report/panic */
static int __init early_kasan_fault(char *arg)
diff --git a/mm/kasan/tags.c b/mm/kasan/tags.c
index c111d98961ed..2414cddeaaf3 100644
--- a/mm/kasan/tags.c
+++ b/mm/kasan/tags.c
@@ -78,6 +78,11 @@ early_param("kasan.stack_ring_size", early_kasan_flag_stack_ring_size);
void __init kasan_init_tags(void)
{
+ if (IS_ENABLED(CONFIG_KASAN_OPERATION_MITIGATION)) {
+ static_branch_disable(&kasan_flag_stacktrace);
+ return;
+ }
+
switch (kasan_arg_stacktrace) {
case KASAN_ARG_STACKTRACE_DEFAULT:
/* Default is specified by kasan_flag_stacktrace definition. */
--
2.47.1
Powered by blists - more mailing lists