| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CA+fCnZfzPLiBcCLQTwkgBqP1D6Cw-gFrpKEpTHs5PYp07hYXug@mail.gmail.com> Date: Thu, 6 Feb 2025 23:56:31 +0100 From: Andrey Konovalov <andreyknvl@...il.com> To: "Christoph Lameter (Ampere)" <cl@...two.org> Cc: Jessica Clarke <jrtc27@...c27.com>, Maciej Wieczor-Retman <maciej.wieczor-retman@...el.com>, luto@...nel.org, xin@...or.com, kirill.shutemov@...ux.intel.com, palmer@...belt.com, tj@...nel.org, brgerst@...il.com, ardb@...nel.org, dave.hansen@...ux.intel.com, jgross@...e.com, will@...nel.org, akpm@...ux-foundation.org, arnd@...db.de, corbet@....net, dvyukov@...gle.com, richard.weiyang@...il.com, ytcoode@...il.com, tglx@...utronix.de, hpa@...or.com, seanjc@...gle.com, paul.walmsley@...ive.com, aou@...s.berkeley.edu, justinstitt@...gle.com, jason.andryuk@....com, glider@...gle.com, ubizjak@...il.com, jannh@...gle.com, bhe@...hat.com, vincenzo.frascino@....com, rafael.j.wysocki@...el.com, ndesaulniers@...gle.com, mingo@...hat.com, catalin.marinas@....com, junichi.nomura@....com, nathan@...nel.org, ryabinin.a.a@...il.com, dennis@...nel.org, bp@...en8.de, kevinloughlin@...gle.com, morbo@...gle.com, dan.j.williams@...el.com, julian.stecklina@...erus-technology.de, peterz@...radead.org, kees@...nel.org, kasan-dev@...glegroups.com, x86@...nel.org, linux-arm-kernel@...ts.infradead.org, linux-riscv@...ts.infradead.org, linux-kernel@...r.kernel.org, linux-mm@...ck.org, llvm@...ts.linux.dev, linux-doc@...r.kernel.org Subject: Re: [PATCH 00/15] kasan: x86: arm64: risc-v: KASAN tag-based mode for x86 On Thu, Feb 6, 2025 at 8:21 PM 'Christoph Lameter (Ampere)' via kasan-dev <kasan-dev@...glegroups.com> wrote: > > I cannot share details since this information has not been released to be > public yet. I hear that a whitepaper will be coming soon to explain this > feature. The AmpereOne processors have been released a couple of months > ago. > > I also see that KASAN_HW_TAGS exist but this means that the tags can only > be used with CONFIG_KASAN which is a kernel configuration for debug > purposes. > > What we are interested in is a *production* implementation with minimal > software overhead that will be the default on ARM64 if the appropriate > hardware is detected. That in turn will hopefully allow other software > instrumentation that is currently used to keep small objects secure and in > turn creates overhead. Is there anything specific CONFIG_KASAN + CONFIG_KASAN_HW_TAGS do that is not good enough for a production environment? The last time I did some perf tests (a year+ ago on Pixel 8, I believe), the two expensive parts of CONFIG_KASAN_HW_TAGS were: 1. Collecting stack traces. Thus, this can now be disabled via kernel.stacktrace=off. And there's a tracking bug to add a production-grade implementation [1]; 2. Assigning memory tags to large allocations, specifically page_alloc allocations with large orders (AFAIR is was specifically assigning the tags, not checking them). Thus, this can now be controlled via kasan.page_alloc.sample(.order). There's definitely room for optimization and additional config options that cut down KASAN checks (for example, disabling tag checking of mempool allocations; although arguably, people might want to have this in a production environment.) Otherwise, it's unclear to me what a new production-grade MTE implementation would do different compared to KASAN_HW_TAGS. But if there's something, we can just adjust KASAN_HW_TAGS instead. [1] https://bugzilla.kernel.org/show_bug.cgi?id=211785
Powered by blists - more mailing lists