| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <afc4db6mt3uuimj4lokfeglhqc22u5ckgvunqtiwecjan5vjj2@lvphketnxhhr> Date: Fri, 21 Feb 2025 15:44:56 +0100 From: Maciej Wieczor-Retman <maciej.wieczor-retman@...el.com> To: Andrey Konovalov <andreyknvl@...il.com> CC: <kees@...nel.org>, <julian.stecklina@...erus-technology.de>, <kevinloughlin@...gle.com>, <peterz@...radead.org>, <tglx@...utronix.de>, <justinstitt@...gle.com>, <catalin.marinas@....com>, <wangkefeng.wang@...wei.com>, <bhe@...hat.com>, <ryabinin.a.a@...il.com>, <kirill.shutemov@...ux.intel.com>, <will@...nel.org>, <ardb@...nel.org>, <jason.andryuk@....com>, <dave.hansen@...ux.intel.com>, <pasha.tatashin@...een.com>, <ndesaulniers@...gle.com>, <guoweikang.kernel@...il.com>, <dwmw@...zon.co.uk>, <mark.rutland@....com>, <broonie@...nel.org>, <apopple@...dia.com>, <bp@...en8.de>, <rppt@...nel.org>, <kaleshsingh@...gle.com>, <richard.weiyang@...il.com>, <luto@...nel.org>, <glider@...gle.com>, <pankaj.gupta@....com>, <pawan.kumar.gupta@...ux.intel.com>, <kuan-ying.lee@...onical.com>, <tony.luck@...el.com>, <tj@...nel.org>, <jgross@...e.com>, <dvyukov@...gle.com>, <baohua@...nel.org>, <samuel.holland@...ive.com>, <dennis@...nel.org>, <akpm@...ux-foundation.org>, <thomas.weissschuh@...utronix.de>, <surenb@...gle.com>, <kbingham@...nel.org>, <ankita@...dia.com>, <nathan@...nel.org>, <ziy@...dia.com>, <xin@...or.com>, <rafael.j.wysocki@...el.com>, <andriy.shevchenko@...ux.intel.com>, <cl@...ux.com>, <jhubbard@...dia.com>, <hpa@...or.com>, <scott@...amperecomputing.com>, <david@...hat.com>, <jan.kiszka@...mens.com>, <vincenzo.frascino@....com>, <corbet@....net>, <maz@...nel.org>, <mingo@...hat.com>, <arnd@...db.de>, <ytcoode@...il.com>, <xur@...gle.com>, <morbo@...gle.com>, <thiago.bauermann@...aro.org>, <linux-doc@...r.kernel.org>, <kasan-dev@...glegroups.com>, <linux-kernel@...r.kernel.org>, <llvm@...ts.linux.dev>, <linux-mm@...ck.org>, <linux-arm-kernel@...ts.infradead.org>, <x86@...nel.org> Subject: Re: [PATCH v2 14/14] x86: Make software tag-based kasan available On 2025-02-20 at 00:31:26 +0100, Andrey Konovalov wrote: >On Tue, Feb 18, 2025 at 9:20 AM Maciej Wieczor-Retman ><maciej.wieczor-retman@...el.com> wrote: >> >> Make CONFIG_KASAN_SW_TAGS available for x86 machines if they have >> ADDRESS_MASKING enabled (LAM) as that works similarly to Top-Byte Ignore >> (TBI) that allows the software tag-based mode on arm64 platform. >> >> Set scale macro based on KASAN mode: in software tag-based mode 32 bytes >> of memory map to one shadow byte and 16 in generic mode. > >These should be 16 and 8. Thanks, I thought I got all the dense mode stuff from this series. > >> >> Signed-off-by: Maciej Wieczor-Retman <maciej.wieczor-retman@...el.com> >> --- >> Changelog v2: >> - Remove KASAN dense code. >> >> arch/x86/Kconfig | 6 ++++++ >> arch/x86/boot/compressed/misc.h | 1 + >> arch/x86/include/asm/kasan.h | 2 +- >> arch/x86/kernel/setup.c | 2 ++ >> 4 files changed, 10 insertions(+), 1 deletion(-) >> >> diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig >> index f4ef64bf824a..dc48eb5b664f 100644 >> --- a/arch/x86/Kconfig >> +++ b/arch/x86/Kconfig >> @@ -195,6 +195,7 @@ config X86 >> select HAVE_ARCH_JUMP_LABEL_RELATIVE >> select HAVE_ARCH_KASAN if X86_64 >> select HAVE_ARCH_KASAN_VMALLOC if X86_64 >> + select HAVE_ARCH_KASAN_SW_TAGS if ADDRESS_MASKING >> select HAVE_ARCH_KFENCE >> select HAVE_ARCH_KMSAN if X86_64 >> select HAVE_ARCH_KGDB >> @@ -402,6 +403,11 @@ config KASAN_SHADOW_OFFSET >> hex >> default 0xdffffc0000000000 if KASAN_GENERIC >> >> +config KASAN_SHADOW_SCALE_SHIFT >> + int >> + default 4 if KASAN_SW_TAGS >> + default 3 > >What's the purpose of this config option? I think we can just change >the value of the KASAN_SHADOW_SCALE_SHIFT define when KASAN_SW_TAGS is >enabled. Well, I was aiming at later adding the "default 5 if KASAN_SW_TAGS_DENSE", and this way it would look much cleaner than the: if KASAN_SW_TAGS if KASAN_SW_TAGS_DENSE KASAN_SHADOW_SCALE_SHIFT = 5 else KASAN_SHADOW_SCALE_SHIFT = 4 else KASAN_SHADOW_SCALE_SHIFT = 3 But now that I think of it, it should be possible to overwrite the KASAN_SHADOW_SCALE_SHIFT from non-arch code if dense mode is enabled. That's a topic for the next series but I'd imagine all architectures would normally use the 16 memory bytes / shadow byte and if they'd care for the dense mode they'd go for 32 memory bytes / shadow byte. Or do you think that's a faulty assumption? > >> + >> config HAVE_INTEL_TXT >> def_bool y >> depends on INTEL_IOMMU && ACPI >> diff --git a/arch/x86/boot/compressed/misc.h b/arch/x86/boot/compressed/misc.h >> index dd8d1a85f671..f6a87e9ad200 100644 >> --- a/arch/x86/boot/compressed/misc.h >> +++ b/arch/x86/boot/compressed/misc.h >> @@ -13,6 +13,7 @@ >> #undef CONFIG_PARAVIRT_SPINLOCKS >> #undef CONFIG_KASAN >> #undef CONFIG_KASAN_GENERIC >> +#undef CONFIG_KASAN_SW_TAGS >> >> #define __NO_FORTIFY >> >> diff --git a/arch/x86/include/asm/kasan.h b/arch/x86/include/asm/kasan.h >> index 4bfd3641af84..cfc31e4a2f70 100644 >> --- a/arch/x86/include/asm/kasan.h >> +++ b/arch/x86/include/asm/kasan.h >> @@ -6,7 +6,7 @@ >> #include <linux/kasan-tags.h> >> #include <linux/types.h> >> >> -#define KASAN_SHADOW_SCALE_SHIFT 3 >> +#define KASAN_SHADOW_SCALE_SHIFT CONFIG_KASAN_SHADOW_SCALE_SHIFT >> >> /* >> * Compiler uses shadow offset assuming that addresses start >> diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c >> index cebee310e200..768990c573ea 100644 >> --- a/arch/x86/kernel/setup.c >> +++ b/arch/x86/kernel/setup.c >> @@ -1124,6 +1124,8 @@ void __init setup_arch(char **cmdline_p) >> >> kasan_init(); >> >> + kasan_init_sw_tags(); >> + >> /* >> * Sync back kernel address range. >> * >> -- >> 2.47.1 >> -- Kind regards Maciej Wieczór-Retman
Powered by blists - more mailing lists