| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aJwwDs9bGGFSYWTk@e129823.arm.com>
Date: Wed, 13 Aug 2025 07:26:22 +0100
From: Yeoreum Yun <yeoreum.yun@....com>
To: Andrey Konovalov <andreyknvl@...il.com>
Cc: ryabinin.a.a@...il.com, glider@...gle.com, dvyukov@...gle.com,
vincenzo.frascino@....com, corbet@....net, catalin.marinas@....com,
will@...nel.org, akpm@...ux-foundation.org,
scott@...amperecomputing.com, jhubbard@...dia.com,
pankaj.gupta@....com, leitao@...ian.org, kaleshsingh@...gle.com,
maz@...nel.org, broonie@...nel.org, oliver.upton@...ux.dev,
james.morse@....com, ardb@...nel.org,
hardevsinh.palaniya@...iconsignals.io, david@...hat.com,
yang@...amperecomputing.com, kasan-dev@...glegroups.com,
workflows@...r.kernel.org, linux-doc@...r.kernel.org,
linux-kernel@...r.kernel.org, linux-arm-kernel@...ts.infradead.org,
linux-mm@...ck.org
Subject: Re: [PATCH 1/2] kasan/hw-tags: introduce store only mode
Hi Andrey,
> On Mon, Aug 11, 2025 at 7:36 PM Yeoreum Yun <yeoreum.yun@....com> wrote:
> >
> > Since Armv8.9, FEATURE_MTE_STORE_ONLY feature is introduced to restrict
> > raise of tag check fault on store operation only.
>
> To clarify: this feature is independent on the sync/async/asymm modes?
> So any mode can be used together with FEATURE_MTE_STORE_ONLY?
Yes it is. the ARM64_MTE_STORE_ONLY is separate SYSTEM_FEATURE then
ARM64_MTE and ARM64_MTE_ASYMM.
0 So any mode can be used together with ARM64_MTE_STORE_ONLY.
>
> > Introcude KASAN store only mode based on this feature.
> >
> > KASAN store only mode restricts KASAN checks operation for store only and
> > omits the checks for fetch/read operation when accessing memory.
> > So it might be used not only debugging enviroment but also normal
> > enviroment to check memory safty.
> >
> > This features can be controlled with "kasan.stonly" arguments.
> > When "kasan.stonly=on", KASAN checks store only mode otherwise
> > KASAN checks all operations.
>
> "stonly" looks cryptic, how about "kasan.store_only"?
Okay.
>
> Also, are there any existing/planned modes/extensions of the feature?
> E.g. read only? Knowing this will allow to better plan the
> command-line parameter format.
AFAIK, there will be no plan for new feature like "read only"
and any other modes to be added.
Also "store only" feature can be used with all mode
currently, I seems good to leave it as it is.
>
> >
> > Signed-off-by: Yeoreum Yun <yeoreum.yun@....com>
> > ---
> > Documentation/dev-tools/kasan.rst | 3 ++
> > arch/arm64/include/asm/memory.h | 1 +
> > arch/arm64/include/asm/mte-kasan.h | 6 +++
> > arch/arm64/kernel/cpufeature.c | 6 +++
> > arch/arm64/kernel/mte.c | 14 ++++++
> > include/linux/kasan.h | 2 +
> > mm/kasan/hw_tags.c | 76 +++++++++++++++++++++++++++++-
> > mm/kasan/kasan.h | 10 ++++
> > 8 files changed, 116 insertions(+), 2 deletions(-)
> >
> > diff --git a/Documentation/dev-tools/kasan.rst b/Documentation/dev-tools/kasan.rst
> > index 0a1418ab72fd..7567a2ca0e39 100644
> > --- a/Documentation/dev-tools/kasan.rst
> > +++ b/Documentation/dev-tools/kasan.rst
> > @@ -163,6 +163,9 @@ disabling KASAN altogether or controlling its features:
> > This parameter is intended to allow sampling only large page_alloc
> > allocations, which is the biggest source of the performance overhead.
> >
> > +- ``kasan.stonly=off`` or ``kasan.stonly=on`` controls whether KASAN checks
> > + store operation only or all operation.
>
> How about:
>
> ``kasan.store_only=off`` or ``=on`` controls whether KASAN checks only
> the store (write) accesses only or all accesses (default: ``off``).
>
> And let's put this next to kasan.mode, as the new parameter is related.
Thanks for your suggetion. I'll change it.
>
> > +
> > Error reports
> > ~~~~~~~~~~~~~
> >
> > diff --git a/arch/arm64/include/asm/memory.h b/arch/arm64/include/asm/memory.h
> > index 5213248e081b..9d8c72c9c91f 100644
> > --- a/arch/arm64/include/asm/memory.h
> > +++ b/arch/arm64/include/asm/memory.h
> > @@ -308,6 +308,7 @@ static inline const void *__tag_set(const void *addr, u8 tag)
> > #define arch_enable_tag_checks_sync() mte_enable_kernel_sync()
> > #define arch_enable_tag_checks_async() mte_enable_kernel_async()
> > #define arch_enable_tag_checks_asymm() mte_enable_kernel_asymm()
> > +#define arch_enable_tag_checks_stonly() mte_enable_kernel_stonly()
> > #define arch_suppress_tag_checks_start() mte_enable_tco()
> > #define arch_suppress_tag_checks_stop() mte_disable_tco()
> > #define arch_force_async_tag_fault() mte_check_tfsr_exit()
> > diff --git a/arch/arm64/include/asm/mte-kasan.h b/arch/arm64/include/asm/mte-kasan.h
> > index 2e98028c1965..d75908ed9d0f 100644
> > --- a/arch/arm64/include/asm/mte-kasan.h
> > +++ b/arch/arm64/include/asm/mte-kasan.h
> > @@ -200,6 +200,7 @@ static inline void mte_set_mem_tag_range(void *addr, size_t size, u8 tag,
> > void mte_enable_kernel_sync(void);
> > void mte_enable_kernel_async(void);
> > void mte_enable_kernel_asymm(void);
> > +int mte_enable_kernel_stonly(void);
> >
> > #else /* CONFIG_ARM64_MTE */
> >
> > @@ -251,6 +252,11 @@ static inline void mte_enable_kernel_asymm(void)
> > {
> > }
> >
> > +static inline int mte_enable_kenrel_stonly(void)
> > +{
> > + return -EINVAL;
> > +}
> > +
> > #endif /* CONFIG_ARM64_MTE */
> >
> > #endif /* __ASSEMBLY__ */
> > diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
> > index 9ad065f15f1d..fdc510fe0187 100644
> > --- a/arch/arm64/kernel/cpufeature.c
> > +++ b/arch/arm64/kernel/cpufeature.c
> > @@ -2404,6 +2404,11 @@ static void cpu_enable_mte(struct arm64_cpu_capabilities const *cap)
> >
> > kasan_init_hw_tags_cpu();
> > }
> > +
> > +static void cpu_enable_mte_stonly(struct arm64_cpu_capabilities const *cap)
> > +{
> > + kasan_late_init_hw_tags_cpu();
> > +}
> > #endif /* CONFIG_ARM64_MTE */
> >
> > static void user_feature_fixup(void)
> > @@ -2922,6 +2927,7 @@ static const struct arm64_cpu_capabilities arm64_features[] = {
> > .capability = ARM64_MTE_STORE_ONLY,
> > .type = ARM64_CPUCAP_SYSTEM_FEATURE,
> > .matches = has_cpuid_feature,
> > + .cpu_enable = cpu_enable_mte_stonly,
> > ARM64_CPUID_FIELDS(ID_AA64PFR2_EL1, MTESTOREONLY, IMP)
> > },
> > #endif /* CONFIG_ARM64_MTE */
> > diff --git a/arch/arm64/kernel/mte.c b/arch/arm64/kernel/mte.c
> > index e5e773844889..a1cb2a8a79a1 100644
> > --- a/arch/arm64/kernel/mte.c
> > +++ b/arch/arm64/kernel/mte.c
> > @@ -157,6 +157,20 @@ void mte_enable_kernel_asymm(void)
> > mte_enable_kernel_sync();
> > }
> > }
> > +
> > +int mte_enable_kernel_stonly(void)
> > +{
> > + if (!cpus_have_cap(ARM64_MTE_STORE_ONLY))
> > + return -EINVAL;
> > +
> > + sysreg_clear_set(sctlr_el1, SCTLR_EL1_TCSO_MASK,
> > + SYS_FIELD_PREP(SCTLR_EL1, TCSO, 1));
> > + isb();
> > +
> > + pr_info_once("MTE: enabled stonly mode at EL1\n");
> > +
> > + return 0;
> > +}
> > #endif
> >
> > #ifdef CONFIG_KASAN_HW_TAGS
> > diff --git a/include/linux/kasan.h b/include/linux/kasan.h
> > index 890011071f2b..28951b29c593 100644
> > --- a/include/linux/kasan.h
> > +++ b/include/linux/kasan.h
> > @@ -552,9 +552,11 @@ static inline void kasan_init_sw_tags(void) { }
> > #ifdef CONFIG_KASAN_HW_TAGS
> > void kasan_init_hw_tags_cpu(void);
> > void __init kasan_init_hw_tags(void);
> > +void kasan_late_init_hw_tags_cpu(void);
>
> Why do we need a separate late init function? Can we not enable
> store-only at the same place where we enable async/asymm?
It couldn't since the ARM64_MTE_ASYMM and ARM64_MTE are boot feature
So the kasan_init_hw_tags() is called by boot cpu before other cpus're on.
But, ARM64_MTE_STORE_ONLY is SYSTEM_FEATURE so this feature is enabled
only when all cpus're on and they can use this system feature.
[...]
Thanks!
--
Sincerely,
Yeoreum Yun
Powered by blists - more mailing lists