| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aTKHzmxR3JA2R7qD@fedora>
Date: Fri, 5 Dec 2025 15:20:46 +0800
From: Baoquan He <bhe@...hat.com>
To: Andrey Konovalov <andreyknvl@...il.com>
Cc: linux-mm@...ck.org, ryabinin.a.a@...il.com, glider@...gle.com,
dvyukov@...gle.com, vincenzo.frascino@....com,
akpm@...ux-foundation.org, kasan-dev@...glegroups.com,
linux-kernel@...r.kernel.org, kexec@...ts.infradead.org,
elver@...gle.com, sj@...nel.org, lorenzo.stoakes@...cle.com,
snovitoll@...il.com, christophe.leroy@...roup.eu
Subject: Re: [PATCH v4 01/12] mm/kasan: add conditional checks in functions
to return directly if kasan is disabled
On 12/04/25 at 05:38pm, Andrey Konovalov wrote:
> On Fri, Nov 28, 2025 at 4:33 AM Baoquan He <bhe@...hat.com> wrote:
> >
> > The current codes only check if kasan is disabled for hw_tags
> > mode. Here add the conditional checks for functional functions of
> > generic mode and sw_tags mode.
> >
> > This is prepared for later adding kernel parameter kasan=on|off for
> > all three kasan modes.
> >
> > Signed-off-by: Baoquan He <bhe@...hat.com>
> > ---
> > mm/kasan/generic.c | 17 +++++++++++++++--
> > mm/kasan/init.c | 6 ++++++
> > mm/kasan/quarantine.c | 3 +++
> > mm/kasan/report.c | 4 +++-
> > mm/kasan/shadow.c | 11 ++++++++++-
> > mm/kasan/sw_tags.c | 3 +++
> > 6 files changed, 40 insertions(+), 4 deletions(-)
> >
> > diff --git a/mm/kasan/generic.c b/mm/kasan/generic.c
> > index 2b8e73f5f6a7..aff822aa2bd6 100644
> > --- a/mm/kasan/generic.c
> > +++ b/mm/kasan/generic.c
> > @@ -214,12 +214,13 @@ bool kasan_byte_accessible(const void *addr)
> >
> > void kasan_cache_shrink(struct kmem_cache *cache)
> > {
> > - kasan_quarantine_remove_cache(cache);
> > + if (kasan_enabled())
>
> Please move these checks to include/linux/kasan.h and add __helpers to
> consistent with how it's done for other KASAN annotation calls.
> Otherwise eventually these checks start creeping into lower level
> functions and the logic of checking when and whether KASAN is enabled
> becomes a mess.
Not sure if I got it correctly. Are you suggesting it should be done
like kasan_populate_vmalloc()/__kasan_populate_vmalloc(),
kasan_release_vmalloc()/__kasan_release_vmalloc()?
>
>
>
> > + kasan_quarantine_remove_cache(cache);
> > }
> >
> > void kasan_cache_shutdown(struct kmem_cache *cache)
> > {
> > - if (!__kmem_cache_empty(cache))
> > + if (kasan_enabled() && !__kmem_cache_empty(cache))
> > kasan_quarantine_remove_cache(cache);
> > }
> >
> > @@ -239,6 +240,9 @@ void __asan_register_globals(void *ptr, ssize_t size)
> > int i;
> > struct kasan_global *globals = ptr;
> >
> > + if (!kasan_enabled())
> > + return;
> > +
> > for (i = 0; i < size; i++)
> > register_global(&globals[i]);
> > }
> > @@ -369,6 +373,9 @@ void kasan_cache_create(struct kmem_cache *cache, unsigned int *size,
> > unsigned int rem_free_meta_size;
> > unsigned int orig_alloc_meta_offset;
> >
> > + if (!kasan_enabled())
> > + return;
> > +
> > if (!kasan_requires_meta())
> > return;
> >
> > @@ -518,6 +525,9 @@ size_t kasan_metadata_size(struct kmem_cache *cache, bool in_object)
> > {
> > struct kasan_cache *info = &cache->kasan_info;
> >
> > + if (!kasan_enabled())
> > + return 0;
> > +
> > if (!kasan_requires_meta())
> > return 0;
> >
> > @@ -543,6 +553,9 @@ void kasan_record_aux_stack(void *addr)
> > struct kasan_alloc_meta *alloc_meta;
> > void *object;
> >
> > + if (!kasan_enabled())
> > + return;
> > +
> > if (is_kfence_address(addr) || !slab)
> > return;
> >
> > diff --git a/mm/kasan/init.c b/mm/kasan/init.c
> > index f084e7a5df1e..c78d77ed47bc 100644
> > --- a/mm/kasan/init.c
> > +++ b/mm/kasan/init.c
> > @@ -447,6 +447,9 @@ void kasan_remove_zero_shadow(void *start, unsigned long size)
> > unsigned long addr, end, next;
> > pgd_t *pgd;
> >
> > + if (!kasan_enabled())
> > + return;
> > +
> > addr = (unsigned long)kasan_mem_to_shadow(start);
> > end = addr + (size >> KASAN_SHADOW_SCALE_SHIFT);
> >
> > @@ -482,6 +485,9 @@ int kasan_add_zero_shadow(void *start, unsigned long size)
> > int ret;
> > void *shadow_start, *shadow_end;
> >
> > + if (!kasan_enabled())
> > + return 0;
> > +
> > shadow_start = kasan_mem_to_shadow(start);
> > shadow_end = shadow_start + (size >> KASAN_SHADOW_SCALE_SHIFT);
> >
> > diff --git a/mm/kasan/quarantine.c b/mm/kasan/quarantine.c
> > index 6958aa713c67..a6dc2c3d8a15 100644
> > --- a/mm/kasan/quarantine.c
> > +++ b/mm/kasan/quarantine.c
> > @@ -405,6 +405,9 @@ static int __init kasan_cpu_quarantine_init(void)
> > {
> > int ret = 0;
> >
> > + if (!kasan_enabled())
> > + return 0;
> > +
> > ret = cpuhp_setup_state(CPUHP_AP_ONLINE_DYN, "mm/kasan:online",
> > kasan_cpu_online, kasan_cpu_offline);
> > if (ret < 0)
> > diff --git a/mm/kasan/report.c b/mm/kasan/report.c
> > index 62c01b4527eb..884357fa74ed 100644
> > --- a/mm/kasan/report.c
> > +++ b/mm/kasan/report.c
> > @@ -576,7 +576,9 @@ bool kasan_report(const void *addr, size_t size, bool is_write,
> > unsigned long irq_flags;
> > struct kasan_report_info info;
> >
> > - if (unlikely(report_suppressed_sw()) || unlikely(!report_enabled())) {
> > + if (unlikely(report_suppressed_sw()) ||
> > + unlikely(!report_enabled()) ||
> > + !kasan_enabled()) {
> > ret = false;
> > goto out;
> > }
> > diff --git a/mm/kasan/shadow.c b/mm/kasan/shadow.c
> > index 29a751a8a08d..f73a691421de 100644
> > --- a/mm/kasan/shadow.c
> > +++ b/mm/kasan/shadow.c
> > @@ -164,6 +164,8 @@ void kasan_unpoison(const void *addr, size_t size, bool init)
> > {
> > u8 tag = get_tag(addr);
> >
> > + if (!kasan_enabled())
> > + return;
> > /*
> > * Perform shadow offset calculation based on untagged address, as
> > * some of the callers (e.g. kasan_unpoison_new_object) pass tagged
> > @@ -277,7 +279,8 @@ static int __meminit kasan_mem_notifier(struct notifier_block *nb,
> >
> > static int __init kasan_memhotplug_init(void)
> > {
> > - hotplug_memory_notifier(kasan_mem_notifier, DEFAULT_CALLBACK_PRI);
> > + if (kasan_enabled())
> > + hotplug_memory_notifier(kasan_mem_notifier, DEFAULT_CALLBACK_PRI);
> >
> > return 0;
> > }
> > @@ -658,6 +661,9 @@ int kasan_alloc_module_shadow(void *addr, size_t size, gfp_t gfp_mask)
> > size_t shadow_size;
> > unsigned long shadow_start;
> >
> > + if (!kasan_enabled())
> > + return 0;
> > +
> > shadow_start = (unsigned long)kasan_mem_to_shadow(addr);
> > scaled_size = (size + KASAN_GRANULE_SIZE - 1) >>
> > KASAN_SHADOW_SCALE_SHIFT;
> > @@ -694,6 +700,9 @@ int kasan_alloc_module_shadow(void *addr, size_t size, gfp_t gfp_mask)
> >
> > void kasan_free_module_shadow(const struct vm_struct *vm)
> > {
> > + if (!kasan_enabled())
> > + return;
> > +
> > if (IS_ENABLED(CONFIG_UML))
> > return;
> >
> > diff --git a/mm/kasan/sw_tags.c b/mm/kasan/sw_tags.c
> > index c75741a74602..6c1caec4261a 100644
> > --- a/mm/kasan/sw_tags.c
> > +++ b/mm/kasan/sw_tags.c
> > @@ -79,6 +79,9 @@ bool kasan_check_range(const void *addr, size_t size, bool write,
> > u8 *shadow_first, *shadow_last, *shadow;
> > void *untagged_addr;
> >
> > + if (!kasan_enabled())
> > + return true;
> > +
> > if (unlikely(size == 0))
> > return true;
> >
> > --
> > 2.41.0
> >
>
Powered by blists - more mailing lists