| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CA+fCnZd2824w610t86xQk+ykfv3EyAOvhb_OuXjru5e+jE4HTw@mail.gmail.com>
Date: Sat, 6 Sep 2025 19:19:33 +0200
From: Andrey Konovalov <andreyknvl@...il.com>
To: Maciej Wieczor-Retman <maciej.wieczor-retman@...el.com>
Cc: sohil.mehta@...el.com, baohua@...nel.org, david@...hat.com,
kbingham@...nel.org, weixugc@...gle.com, Liam.Howlett@...cle.com,
alexandre.chartre@...cle.com, kas@...nel.org, mark.rutland@....com,
trintaeoitogc@...il.com, axelrasmussen@...gle.com, yuanchu@...gle.com,
joey.gouly@....com, samitolvanen@...gle.com, joel.granados@...nel.org,
graf@...zon.com, vincenzo.frascino@....com, kees@...nel.org, ardb@...nel.org,
thiago.bauermann@...aro.org, glider@...gle.com, thuth@...hat.com,
kuan-ying.lee@...onical.com, pasha.tatashin@...een.com,
nick.desaulniers+lkml@...il.com, vbabka@...e.cz, kaleshsingh@...gle.com,
justinstitt@...gle.com, catalin.marinas@....com,
alexander.shishkin@...ux.intel.com, samuel.holland@...ive.com,
dave.hansen@...ux.intel.com, corbet@....net, xin@...or.com,
dvyukov@...gle.com, tglx@...utronix.de, scott@...amperecomputing.com,
jason.andryuk@....com, morbo@...gle.com, nathan@...nel.org,
lorenzo.stoakes@...cle.com, mingo@...hat.com, brgerst@...il.com,
kristina.martsenko@....com, bigeasy@...utronix.de, luto@...nel.org,
jgross@...e.com, jpoimboe@...nel.org, urezki@...il.com, mhocko@...e.com,
ada.coupriediaz@....com, hpa@...or.com, leitao@...ian.org,
peterz@...radead.org, wangkefeng.wang@...wei.com, surenb@...gle.com,
ziy@...dia.com, smostafa@...gle.com, ryabinin.a.a@...il.com,
ubizjak@...il.com, jbohac@...e.cz, broonie@...nel.org,
akpm@...ux-foundation.org, guoweikang.kernel@...il.com, rppt@...nel.org,
pcc@...gle.com, jan.kiszka@...mens.com, nicolas.schier@...ux.dev,
will@...nel.org, jhubbard@...dia.com, bp@...en8.de, x86@...nel.org,
linux-doc@...r.kernel.org, linux-mm@...ck.org, llvm@...ts.linux.dev,
linux-kbuild@...r.kernel.org, kasan-dev@...glegroups.com,
linux-kernel@...r.kernel.org, linux-arm-kernel@...ts.infradead.org
Subject: Re: [PATCH v5 19/19] x86: Make software tag-based kasan available
On Mon, Aug 25, 2025 at 10:32 PM Maciej Wieczor-Retman
<maciej.wieczor-retman@...el.com> wrote:
>
> Make CONFIG_KASAN_SW_TAGS available for x86 machines if they have
> ADDRESS_MASKING enabled (LAM) as that works similarly to Top-Byte Ignore
> (TBI) that allows the software tag-based mode on arm64 platform.
>
> Set scale macro based on KASAN mode: in software tag-based mode 16 bytes
> of memory map to one shadow byte and 8 in generic mode.
>
> Disable CONFIG_KASAN_INLINE and CONFIG_KASAN_STACK when
> CONFIG_KASAN_SW_TAGS is enabled on x86 until the appropriate compiler
> support is available.
>
> Signed-off-by: Maciej Wieczor-Retman <maciej.wieczor-retman@...el.com>
> ---
> Changelog v4:
> - Add x86 specific kasan_mem_to_shadow().
> - Revert x86 to the older unsigned KASAN_SHADOW_OFFSET. Do the same to
> KASAN_SHADOW_START/END.
> - Modify scripts/gdb/linux/kasan.py to keep x86 using unsigned offset.
> - Disable inline and stack support when software tags are enabled on
> x86.
>
> Changelog v3:
> - Remove runtime_const from previous patch and merge the rest here.
> - Move scale shift definition back to header file.
> - Add new kasan offset for software tag based mode.
> - Fix patch message typo 32 -> 16, and 16 -> 8.
> - Update lib/Kconfig.kasan with x86 now having software tag-based
> support.
>
> Changelog v2:
> - Remove KASAN dense code.
>
> Documentation/arch/x86/x86_64/mm.rst | 6 ++++--
> arch/x86/Kconfig | 4 +++-
> arch/x86/boot/compressed/misc.h | 1 +
> arch/x86/include/asm/kasan.h | 1 +
> arch/x86/kernel/setup.c | 2 ++
> lib/Kconfig.kasan | 3 ++-
> scripts/gdb/linux/kasan.py | 4 ++--
> 7 files changed, 15 insertions(+), 6 deletions(-)
>
> diff --git a/Documentation/arch/x86/x86_64/mm.rst b/Documentation/arch/x86/x86_64/mm.rst
> index a6cf05d51bd8..ccbdbb4cda36 100644
> --- a/Documentation/arch/x86/x86_64/mm.rst
> +++ b/Documentation/arch/x86/x86_64/mm.rst
> @@ -60,7 +60,8 @@ Complete virtual memory map with 4-level page tables
> ffffe90000000000 | -23 TB | ffffe9ffffffffff | 1 TB | ... unused hole
> ffffea0000000000 | -22 TB | ffffeaffffffffff | 1 TB | virtual memory map (vmemmap_base)
> ffffeb0000000000 | -21 TB | ffffebffffffffff | 1 TB | ... unused hole
> - ffffec0000000000 | -20 TB | fffffbffffffffff | 16 TB | KASAN shadow memory
> + ffffec0000000000 | -20 TB | fffffbffffffffff | 16 TB | KASAN shadow memory (generic mode)
> + fffff40000000000 | -8 TB | fffffbffffffffff | 8 TB | KASAN shadow memory (software tag-based mode)
> __________________|____________|__________________|_________|____________________________________________________________
> |
> | Identical layout to the 56-bit one from here on:
> @@ -130,7 +131,8 @@ Complete virtual memory map with 5-level page tables
> ffd2000000000000 | -11.5 PB | ffd3ffffffffffff | 0.5 PB | ... unused hole
> ffd4000000000000 | -11 PB | ffd5ffffffffffff | 0.5 PB | virtual memory map (vmemmap_base)
> ffd6000000000000 | -10.5 PB | ffdeffffffffffff | 2.25 PB | ... unused hole
> - ffdf000000000000 | -8.25 PB | fffffbffffffffff | ~8 PB | KASAN shadow memory
> + ffdf000000000000 | -8.25 PB | fffffbffffffffff | ~8 PB | KASAN shadow memory (generic mode)
> + ffeffc0000000000 | -6 PB | fffffbffffffffff | 4 PB | KASAN shadow memory (software tag-based mode)
> __________________|____________|__________________|_________|____________________________________________________________
> |
> | Identical layout to the 47-bit one from here on:
> diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
> index b8df57ac0f28..f44fec1190b6 100644
> --- a/arch/x86/Kconfig
> +++ b/arch/x86/Kconfig
> @@ -69,6 +69,7 @@ config X86
> select ARCH_CLOCKSOURCE_INIT
> select ARCH_CONFIGURES_CPU_MITIGATIONS
> select ARCH_CORRECT_STACKTRACE_ON_KRETPROBE
> + select ARCH_DISABLE_KASAN_INLINE if X86_64 && KASAN_SW_TAGS
Do you think it would make sense to drop the parts of the series that
add int3 handling, since the inline instrumentation does not work yet
anyway?
> select ARCH_ENABLE_HUGEPAGE_MIGRATION if X86_64 && HUGETLB_PAGE && MIGRATION
> select ARCH_ENABLE_MEMORY_HOTPLUG if X86_64
> select ARCH_ENABLE_MEMORY_HOTREMOVE if MEMORY_HOTPLUG
> @@ -199,6 +200,7 @@ config X86
> select HAVE_ARCH_JUMP_LABEL_RELATIVE
> select HAVE_ARCH_KASAN if X86_64
> select HAVE_ARCH_KASAN_VMALLOC if X86_64
> + select HAVE_ARCH_KASAN_SW_TAGS if ADDRESS_MASKING
> select HAVE_ARCH_KFENCE
> select HAVE_ARCH_KMSAN if X86_64
> select HAVE_ARCH_KGDB
> @@ -403,7 +405,7 @@ config AUDIT_ARCH
>
> config KASAN_SHADOW_OFFSET
> hex
> - depends on KASAN
Line accidentally removed?
> + default 0xeffffc0000000000 if KASAN_SW_TAGS
> default 0xdffffc0000000000
>
> config HAVE_INTEL_TXT
> diff --git a/arch/x86/boot/compressed/misc.h b/arch/x86/boot/compressed/misc.h
> index db1048621ea2..ded92b439ada 100644
> --- a/arch/x86/boot/compressed/misc.h
> +++ b/arch/x86/boot/compressed/misc.h
> @@ -13,6 +13,7 @@
> #undef CONFIG_PARAVIRT_SPINLOCKS
> #undef CONFIG_KASAN
> #undef CONFIG_KASAN_GENERIC
> +#undef CONFIG_KASAN_SW_TAGS
>
> #define __NO_FORTIFY
>
> diff --git a/arch/x86/include/asm/kasan.h b/arch/x86/include/asm/kasan.h
> index f3e34a9754d2..385f4e9daab3 100644
> --- a/arch/x86/include/asm/kasan.h
> +++ b/arch/x86/include/asm/kasan.h
> @@ -7,6 +7,7 @@
> #include <linux/types.h>
> #define KASAN_SHADOW_OFFSET _AC(CONFIG_KASAN_SHADOW_OFFSET, UL)
> #ifdef CONFIG_KASAN_SW_TAGS
> +#define KASAN_SHADOW_SCALE_SHIFT 4
>
> /*
> * LLVM ABI for reporting tag mismatches in inline KASAN mode.
> diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
> index 1b2edd07a3e1..5b819f84f6db 100644
> --- a/arch/x86/kernel/setup.c
> +++ b/arch/x86/kernel/setup.c
> @@ -1207,6 +1207,8 @@ void __init setup_arch(char **cmdline_p)
>
> kasan_init();
>
> + kasan_init_sw_tags();
> +
> /*
> * Sync back kernel address range.
> *
> diff --git a/lib/Kconfig.kasan b/lib/Kconfig.kasan
> index f82889a830fa..9ddbc6aeb5d5 100644
> --- a/lib/Kconfig.kasan
> +++ b/lib/Kconfig.kasan
> @@ -100,7 +100,8 @@ config KASAN_SW_TAGS
>
> Requires GCC 11+ or Clang.
>
> - Supported only on arm64 CPUs and relies on Top Byte Ignore.
> + Supported on arm64 CPUs that support Top Byte Ignore and on x86 CPUs
> + that support Linear Address Masking.
>
> Consumes about 1/16th of available memory at kernel start and
> add an overhead of ~20% for dynamic allocations.
> diff --git a/scripts/gdb/linux/kasan.py b/scripts/gdb/linux/kasan.py
> index fca39968d308..4b86202b155f 100644
> --- a/scripts/gdb/linux/kasan.py
> +++ b/scripts/gdb/linux/kasan.py
> @@ -7,7 +7,7 @@
> #
>
> import gdb
> -from linux import constants, mm
> +from linux import constants, utils, mm
> from ctypes import c_int64 as s64
>
> def help():
> @@ -40,7 +40,7 @@ class KasanMemToShadow(gdb.Command):
> else:
> help()
> def kasan_mem_to_shadow(self, addr):
> - if constants.CONFIG_KASAN_SW_TAGS:
> + if constants.CONFIG_KASAN_SW_TAGS and not utils.is_target_arch('x86'):
This change seems to belong to the patch that changes how the shadow
memory address is calculated.
> addr = s64(addr)
> return (addr >> self.p_ops.KASAN_SHADOW_SCALE_SHIFT) + self.p_ops.KASAN_SHADOW_OFFSET
>
> --
> 2.50.1
>
Powered by blists - more mailing lists