| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20250813175335.3980268-1-yeoreum.yun@arm.com>
Date: Wed, 13 Aug 2025 18:53:33 +0100
From: Yeoreum Yun <yeoreum.yun@....com>
To: ryabinin.a.a@...il.com,
glider@...gle.com,
andreyknvl@...il.com,
dvyukov@...gle.com,
vincenzo.frascino@....com,
corbet@....net,
catalin.marinas@....com,
will@...nel.org,
akpm@...ux-foundation.org,
scott@...amperecomputing.com,
jhubbard@...dia.com,
pankaj.gupta@....com,
leitao@...ian.org,
kaleshsingh@...gle.com,
maz@...nel.org,
broonie@...nel.org,
oliver.upton@...ux.dev,
james.morse@....com,
ardb@...nel.org,
hardevsinh.palaniya@...iconsignals.io,
david@...hat.com,
yang@...amperecomputing.com
Cc: kasan-dev@...glegroups.com,
workflows@...r.kernel.org,
linux-doc@...r.kernel.org,
linux-kernel@...r.kernel.org,
linux-arm-kernel@...ts.infradead.org,
linux-mm@...ck.org,
Yeoreum Yun <yeoreum.yun@....com>
Subject: [PATCH v2 0/2] introduce kasan.store_only option in hw-tags
Hardware tag based KASAN is implemented using the Memory Tagging Extension
(MTE) feature.
MTE is built on top of the ARMv8.0 virtual address tagging TBI
(Top Byte Ignore) feature and allows software to access a 4-bit
allocation tag for each 16-byte granule in the physical address space.
A logical tag is derived from bits 59-56 of the virtual
address used for the memory access. A CPU with MTE enabled will compare
the logical tag against the allocation tag and potentially raise an
tag check fault on mismatch, subject to system registers configuration.
Since ARMv8.9, FEAT_MTE_STORE_ONLY can be used to restrict raise of tag
check fault on store operation only.
Using this feature (FEAT_MTE_STORE_ONLY), introduce KASAN store-only mode
which restricts KASAN check store operation only.
This mode omits KASAN check for fetch/load operation.
Therefore, it might be used not only debugging purpose but also in
normal environment.
Patch History
=============
from v1 to v2:
- change cryptic name -- stonly to store_only
- remove some TCF check with store which can make memory courruption.
- https://lore.kernel.org/all/20250811173626.1878783-1-yeoreum.yun@arm.com/
Yeoreum Yun (2):
kasan/hw-tags: introduce kasan.store_only option
kasan: apply store-only mode in kasan kunit testcases
Documentation/dev-tools/kasan.rst | 3 +
arch/arm64/include/asm/memory.h | 1 +
arch/arm64/include/asm/mte-kasan.h | 6 +
arch/arm64/kernel/cpufeature.c | 6 +
arch/arm64/kernel/mte.c | 14 ++
include/linux/kasan.h | 2 +
mm/kasan/hw_tags.c | 76 +++++-
mm/kasan/kasan.h | 10 +
mm/kasan/kasan_test_c.c | 366 ++++++++++++++++++++++-------
9 files changed, 402 insertions(+), 82 deletions(-)
base-commit: 8f5ae30d69d7543eee0d70083daf4de8fe15d585
--
LEVI:{C3F47F37-75D8-414A-A8BA-3980EC8A46D7}
Powered by blists - more mailing lists