lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CA+fCnZf5NMa=_Aic_gVQ05rvAvYx0xUpbZ=hOg2=7A9=ZbPdFw@mail.gmail.com>
Date: Tue, 13 Jan 2026 02:44:35 +0100
From: Andrey Konovalov <andreyknvl@...il.com>
To: Maciej Wieczor-Retman <m.wieczorretman@...me>
Cc: corbet@....net, morbo@...gle.com, rppt@...nel.org, 
	lorenzo.stoakes@...cle.com, ubizjak@...il.com, mingo@...hat.com, 
	vincenzo.frascino@....com, maciej.wieczor-retman@...el.com, maz@...nel.org, 
	catalin.marinas@....com, yeoreum.yun@....com, will@...nel.org, 
	jackmanb@...gle.com, samuel.holland@...ive.com, glider@...gle.com, 
	osandov@...com, nsc@...nel.org, luto@...nel.org, jpoimboe@...nel.org, 
	akpm@...ux-foundation.org, Liam.Howlett@...cle.com, kees@...nel.org, 
	jan.kiszka@...mens.com, thomas.lendacky@....com, jeremy.linton@....com, 
	dvyukov@...gle.com, axelrasmussen@...gle.com, leitao@...ian.org, 
	ryabinin.a.a@...il.com, bigeasy@...utronix.de, peterz@...radead.org, 
	mark.rutland@....com, urezki@...il.com, brgerst@...il.com, hpa@...or.com, 
	mhocko@...e.com, weixugc@...gle.com, kbingham@...nel.org, vbabka@...e.cz, 
	nathan@...nel.org, trintaeoitogc@...il.com, samitolvanen@...gle.com, 
	tglx@...nel.org, thuth@...hat.com, surenb@...gle.com, 
	anshuman.khandual@....com, smostafa@...gle.com, yuanchu@...gle.com, 
	ada.coupriediaz@....com, dave.hansen@...ux.intel.com, kas@...nel.org, 
	nick.desaulniers+lkml@...il.com, david@...nel.org, bp@...en8.de, 
	ardb@...nel.org, justinstitt@...gle.com, linux-kernel@...r.kernel.org, 
	linux-mm@...ck.org, kasan-dev@...glegroups.com, llvm@...ts.linux.dev, 
	linux-arm-kernel@...ts.infradead.org, linux-doc@...r.kernel.org, 
	linux-kbuild@...r.kernel.org, x86@...nel.org
Subject: Re: [PATCH v8 00/14] kasan: x86: arm64: KASAN tag-based mode for x86

On Mon, Jan 12, 2026 at 6:26 PM Maciej Wieczor-Retman
<m.wieczorretman@...me> wrote:
>
> ======= Introduction
> The patchset aims to add a KASAN tag-based mode for the x86 architecture
> with the help of the new CPU feature called Linear Address Masking
> (LAM). Main improvement introduced by the series is 2x lower memory
> usage compared to KASAN's generic mode, the only currently available
> mode on x86. The tag based mode may also find errors that the generic
> mode couldn't because of differences in how these modes operate.
>
> ======= How does KASAN' tag-based mode work?
> When enabled, memory accesses and allocations are augmented by the
> compiler during kernel compilation. Instrumentation functions are added
> to each memory allocation and each pointer dereference.
>
> The allocation related functions generate a random tag and save it in
> two places: in shadow memory that maps to the allocated memory, and in
> the top bits of the pointer that points to the allocated memory. Storing
> the tag in the top of the pointer is possible because of Top-Byte Ignore
> (TBI) on arm64 architecture and LAM on x86.
>
> The access related functions are performing a comparison between the tag
> stored in the pointer and the one stored in shadow memory. If the tags
> don't match an out of bounds error must have occurred and so an error
> report is generated.
>
> The general idea for the tag-based mode is very well explained in the
> series with the original implementation [1].
>
> [1] https://lore.kernel.org/all/cover.1544099024.git.andreyknvl@google.com/
>
> ======= Differences summary compared to the arm64 tag-based mode
> - Tag width:
>         - Tag width influences the chance of a tag mismatch due to two
>           tags from different allocations having the same value. The
>           bigger the possible range of tag values the lower the chance
>           of that happening.
>         - Shortening the tag width from 8 bits to 4, while it can help
>           with memory usage, it also increases the chance of not
>           reporting an error. 4 bit tags have a ~7% chance of a tag
>           mismatch.
>
> - Address masking mechanism
>         - TBI in arm64 allows for storing metadata in the top 8 bits of
>           the virtual address.
>         - LAM in x86 allows storing tags in bits [62:57] of the pointer.
>           To maximize memory savings the tag width is reduced to bits
>           [60:57].
>
> - Inline mode mismatch reporting
>         - Arm64 inserts a BRK instruction to pass metadata about a tag
>           mismatch to the KASAN report.
>         - Right now on x86 the INT3 instruction is used for the same
>           purpose. The attempt to move it over to use UD1 is already
>           implemented and tested but relies on another series that needs
>           merging first. Therefore this patch will be posted separately
>           once the dependency is satisfied by being merged upstream.
>

Please also update the Software Tag-Based KASAN section in
Documentation/dev-tools/kasan.rst accordingly.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ