| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4rkxgsa5zfrvjqtii7cxocdk6g2qel3hif4hcpeboos2exndoe@hp7bok5o2inx>
Date: Tue, 26 Aug 2025 10:08:17 +0200
From: Maciej Wieczor-Retman <maciej.wieczor-retman@...el.com>
To: Dave Hansen <dave.hansen@...el.com>
CC: <sohil.mehta@...el.com>, <baohua@...nel.org>, <david@...hat.com>,
<kbingham@...nel.org>, <weixugc@...gle.com>, <Liam.Howlett@...cle.com>,
<alexandre.chartre@...cle.com>, <kas@...nel.org>, <mark.rutland@....com>,
<trintaeoitogc@...il.com>, <axelrasmussen@...gle.com>, <yuanchu@...gle.com>,
<joey.gouly@....com>, <samitolvanen@...gle.com>, <joel.granados@...nel.org>,
<graf@...zon.com>, <vincenzo.frascino@....com>, <kees@...nel.org>,
<ardb@...nel.org>, <thiago.bauermann@...aro.org>, <glider@...gle.com>,
<thuth@...hat.com>, <kuan-ying.lee@...onical.com>,
<pasha.tatashin@...een.com>, <nick.desaulniers+lkml@...il.com>,
<vbabka@...e.cz>, <kaleshsingh@...gle.com>, <justinstitt@...gle.com>,
<catalin.marinas@....com>, <alexander.shishkin@...ux.intel.com>,
<samuel.holland@...ive.com>, <dave.hansen@...ux.intel.com>, <corbet@....net>,
<xin@...or.com>, <dvyukov@...gle.com>, <tglx@...utronix.de>,
<scott@...amperecomputing.com>, <jason.andryuk@....com>, <morbo@...gle.com>,
<nathan@...nel.org>, <lorenzo.stoakes@...cle.com>, <mingo@...hat.com>,
<brgerst@...il.com>, <kristina.martsenko@....com>, <bigeasy@...utronix.de>,
<luto@...nel.org>, <jgross@...e.com>, <jpoimboe@...nel.org>,
<urezki@...il.com>, <mhocko@...e.com>, <ada.coupriediaz@....com>,
<hpa@...or.com>, <leitao@...ian.org>, <peterz@...radead.org>,
<wangkefeng.wang@...wei.com>, <surenb@...gle.com>, <ziy@...dia.com>,
<smostafa@...gle.com>, <ryabinin.a.a@...il.com>, <ubizjak@...il.com>,
<jbohac@...e.cz>, <broonie@...nel.org>, <akpm@...ux-foundation.org>,
<guoweikang.kernel@...il.com>, <rppt@...nel.org>, <pcc@...gle.com>,
<jan.kiszka@...mens.com>, <nicolas.schier@...ux.dev>, <will@...nel.org>,
<andreyknvl@...il.com>, <jhubbard@...dia.com>, <bp@...en8.de>,
<x86@...nel.org>, <linux-doc@...r.kernel.org>, <linux-mm@...ck.org>,
<llvm@...ts.linux.dev>, <linux-kbuild@...r.kernel.org>,
<kasan-dev@...glegroups.com>, <linux-kernel@...r.kernel.org>,
<linux-arm-kernel@...ts.infradead.org>
Subject: Re: [PATCH v5 10/19] x86: LAM compatible non-canonical definition
On 2025-08-25 at 14:36:35 -0700, Dave Hansen wrote:
>On 8/25/25 13:24, Maciej Wieczor-Retman wrote:
>> +/*
>> + * CONFIG_KASAN_SW_TAGS requires LAM which changes the canonicality checks.
>> + */
>> +#ifdef CONFIG_KASAN_SW_TAGS
>> +static __always_inline u64 __canonical_address(u64 vaddr, u8 vaddr_bits)
>> +{
>> + return (vaddr | BIT_ULL(63) | BIT_ULL(vaddr_bits - 1));
>> +}
>> +#else
>> static __always_inline u64 __canonical_address(u64 vaddr, u8 vaddr_bits)
>> {
>> return ((s64)vaddr << (64 - vaddr_bits)) >> (64 - vaddr_bits);
>> }
>> +#endif
>
>This is the kind of thing that's bound to break. Could we distill it
>down to something simpler, perhaps?
>
>In the end, the canonical enforcement mask is the thing that's changing.
>So perhaps it should be all common code except for the mask definition:
>
>#ifdef CONFIG_KASAN_SW_TAGS
>#define CANONICAL_MASK(vaddr_bits) (BIT_ULL(63) | BIT_ULL(vaddr_bits-1))
>#else
>#define CANONICAL_MASK(vaddr_bits) GENMASK_UL(63, vaddr_bits)
>#endif
>
>(modulo off-by-one bugs ;)
>
>Then the canonical check itself becomes something like:
>
> unsigned long cmask = CANONICAL_MASK(vaddr_bits);
> return (vaddr & mask) == mask;
>
>That, to me, is the most straightforward way to do it.
Thanks, I'll try something like this. I will also have to investigate what
Samuel brought up that KVM possibly wants to pass user addresses to this
function as well.
>
>I don't see it addressed in the cover letter, but what happens when a
>CONFIG_KASAN_SW_TAGS=y kernel is booted on non-LAM hardware?
That's a good point, I need to add it to the cover letter. On non-LAM hardware
the kernel just doesn't boot. Disabling KASAN in runtime on unsupported hardware
isn't that difficult in outline mode, but I'm not sure it can work in inline
mode (where checks into shadow memory are just pasted into code by the
compiler).
Since for now there is no compiler support for the inline mode anyway, I'll try to
disable KASAN on non-LAM hardware in runtime.
--
Kind regards
Maciej Wieczór-Retman
Powered by blists - more mailing lists