| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2bhtxd4vrkyx26wczp25adpg6wqr6pq4j63ez42zjoxbl7inn6@4mnmpat7uve5>
Date: Wed, 26 Feb 2025 18:03:07 +0100
From: Maciej Wieczor-Retman <maciej.wieczor-retman@...el.com>
To: Andrey Konovalov <andreyknvl@...il.com>
CC: Florian Mayer <fmayer@...gle.com>, Vitaly Buka <vitalybuka@...gle.com>,
<kees@...nel.org>, <julian.stecklina@...erus-technology.de>,
<kevinloughlin@...gle.com>, <peterz@...radead.org>, <tglx@...utronix.de>,
<justinstitt@...gle.com>, <catalin.marinas@....com>,
<wangkefeng.wang@...wei.com>, <bhe@...hat.com>, <ryabinin.a.a@...il.com>,
<kirill.shutemov@...ux.intel.com>, <will@...nel.org>, <ardb@...nel.org>,
<jason.andryuk@....com>, <dave.hansen@...ux.intel.com>,
<pasha.tatashin@...een.com>, <ndesaulniers@...gle.com>,
<guoweikang.kernel@...il.com>, <dwmw@...zon.co.uk>, <mark.rutland@....com>,
<broonie@...nel.org>, <apopple@...dia.com>, <bp@...en8.de>,
<rppt@...nel.org>, <kaleshsingh@...gle.com>, <richard.weiyang@...il.com>,
<luto@...nel.org>, <glider@...gle.com>, <pankaj.gupta@....com>,
<pawan.kumar.gupta@...ux.intel.com>, <kuan-ying.lee@...onical.com>,
<tony.luck@...el.com>, <tj@...nel.org>, <jgross@...e.com>,
<dvyukov@...gle.com>, <baohua@...nel.org>, <samuel.holland@...ive.com>,
<dennis@...nel.org>, <akpm@...ux-foundation.org>,
<thomas.weissschuh@...utronix.de>, <surenb@...gle.com>,
<kbingham@...nel.org>, <ankita@...dia.com>, <nathan@...nel.org>,
<ziy@...dia.com>, <xin@...or.com>, <rafael.j.wysocki@...el.com>,
<andriy.shevchenko@...ux.intel.com>, <cl@...ux.com>, <jhubbard@...dia.com>,
<hpa@...or.com>, <scott@...amperecomputing.com>, <david@...hat.com>,
<jan.kiszka@...mens.com>, <vincenzo.frascino@....com>, <corbet@....net>,
<maz@...nel.org>, <mingo@...hat.com>, <arnd@...db.de>, <ytcoode@...il.com>,
<xur@...gle.com>, <morbo@...gle.com>, <thiago.bauermann@...aro.org>,
<linux-doc@...r.kernel.org>, <kasan-dev@...glegroups.com>,
<linux-kernel@...r.kernel.org>, <llvm@...ts.linux.dev>, <linux-mm@...ck.org>,
<linux-arm-kernel@...ts.infradead.org>, <x86@...nel.org>
Subject: Re: [PATCH v2 13/14] x86: runtime_const used for KASAN_SHADOW_END
On 2025-02-26 at 16:24:28 +0100, Andrey Konovalov wrote:
>On Wed, Feb 26, 2025 at 12:53 PM Maciej Wieczor-Retman
><maciej.wieczor-retman@...el.com> wrote:
>>
>> After adding
>> kasan_params += hwasan-instrument-with-calls=0
>> to Makefile.kasan just under
>> kasan_params += hwasan-mapping-offset=$(KASAN_SHADOW_OFFSET)
>> inline works properly in x86. I looked into assembly and before there were just
>> calls to __hwasan_load/store. After adding the the
>> hwasan-instrument-with-calls=0 I can see no calls and the KASAN offset is now
>> inlined, plus all functions that were previously instrumented now have the
>> kasan_check_range inlined in them.
>>
>> My LLVM investigation lead me to
>> bool shouldInstrumentWithCalls(const Triple &TargetTriple) {
>> return optOr(ClInstrumentWithCalls, TargetTriple.getArch() == Triple::x86_64);
>> }
>> which I assume defaults to "1" on x86? So even with inline mode it doesn't care
>> and still does an outline version.
>
>Ah, indeed. Weird discrepancy between x86 and arm.
>
>Florian, Vitaly, do you recall why this was implemented like this?
>
>To account for this, let's then set hwasan-instrument-with-calls=0
>when CONFIG_KASAN_INLINE is enabled. And also please add a comment
>explaining why this is done.
Sure, will do :)
>
>[...]
>
>> >What do you mean by "The alignment doesn't fit the shadow memory size"?
>>
>> Maybe that's the wrong way to put it. I meant that KASAN_SHADOW_END and
>> KASAN_SHADOW_END aren't aligned to the size of shadow memory.
>
>I see. And the negative side-effect of this would be that we'll need
>extra page table entries to describe the shadow region?
I think so, yes. But I guess it's not a big issue, and anyway right now I'm not
sure how to change it so other necessary parts don't break :b
>
>[...]
>
>> I think this was a false alarm, sorry. I asked Kirill about turning
>> pgtable_l5_enabled() into a runtime_const value but it turns out it's already
>> patched by alternative code during boot. I just saw a bunch more stuff there
>> because I was looking at the assembly output and the code isn't patched there
>> yet.
>
>Great!
--
Kind regards
Maciej Wieczór-Retman
Powered by blists - more mailing lists