From: Maciej Wieczor-Retman <maciej.wieczor-retman@intel.com>
To: luto@kernel.org, xin@zytor.com, kirill.shutemov@linux.intel.com,
palmer@dabbelt.com, tj@kernel.org, andreyknvl@gmail.com,
brgerst@gmail.com, ardb@kernel.org, dave.hansen@linux.intel.com,
jgross@suse.com, will@kernel.org, akpm@linux-foundation.org,
arnd@arndb.de, corbet@lwn.net, maciej.wieczor-retman@intel.com,
dvyukov@google.com, richard.weiyang@gmail.com, ytcoode@gmail.com,
tglx@linutronix.de, hpa@zytor.com, seanjc@google.com,
paul.walmsley@sifive.com, aou@eecs.berkeley.edu,
justinstitt@google.com, jason.andryuk@amd.com, glider@google.com,
ubizjak@gmail.com, jannh@google.com, bhe@redhat.com,
vincenzo.frascino@arm.com, rafael.j.wysocki@intel.com,
ndesaulniers@google.com, mingo@redhat.com,
catalin.marinas@arm.com, junichi.nomura@nec.com,
nathan@kernel.org, ryabinin.a.a@gmail.com, dennis@kernel.org,
bp@alien8.de, kevinloughlin@google.com, morbo@google.com,
dan.j.williams@intel.com, julian.stecklina@cyberus-technology.de,
peterz@infradead.org, cl@linux.com, kees@kernel.org
Cc: kasan-dev@googlegroups.com, x86@kernel.org,
linux-arm-kernel@lists.infradead.org,
linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org,
linux-mm@kvack.org, llvm@lists.linux.dev,
linux-doc@vger.kernel.org
Subject: [PATCH 15/15] kasan: Add mititgation and debug modes
Date: Tue, 4 Feb 2025 18:33:56 +0100 [thread overview]
Message-ID: <450a1fe078b0e07bf2e4f3098c9110c9959c6524.1738686764.git.maciej.wieczor-retman@intel.com> (raw)
In-Reply-To: <cover.1738686764.git.maciej.wieczor-retman@intel.com>
With smaller memory footprint KASAN could be used in production systems.
One problem is that saving stacktraces slowes memory allocation
substantially - with KASAN enabled up to 90% of time spent on kmalloc()
is spent on saving the stacktrace.
Add mitigation mode to allow the option for running KASAN focused on
performance and security. In mitigation mode disable saving stacktraces
and set fault mode to always panic on KASAN error as a security
mechanism.
Signed-off-by: Maciej Wieczor-Retman <maciej.wieczor-retman@intel.com>
---
lib/Kconfig.kasan | 28 ++++++++++++++++++++++++++++
mm/kasan/report.c | 4 ++++
mm/kasan/tags.c | 5 +++++
3 files changed, 37 insertions(+)
diff --git a/lib/Kconfig.kasan b/lib/Kconfig.kasan
index d08b4e9bf477..6daa62b40dea 100644
--- a/lib/Kconfig.kasan
+++ b/lib/Kconfig.kasan
@@ -244,4 +244,32 @@ config KASAN_SW_TAGS_DENSE
ARCH_HAS_KASAN_SW_TAGS_DENSE is needed for this option since the
special tag macros need to be properly set for 4-bit wide tags.
+choice
+ prompt "KASAN operation mode"
+ default KASAN_OPERATION_DEBUG
+ help
+ Choose between the mitigation or debug operation modes.
+
+ The first one disables stacktrace saving and enables panic on error.
+ Faster memory allocation but less information. The second one is the
+ default where KASAN operates with full functionality.
+
+config KASAN_OPERATION_DEBUG
+ bool "Debug operation mode"
+ depends on KASAN
+ help
+ The default mode. Full functionality and all boot parameters
+ available.
+
+config KASAN_OPERATION_MITIGATION
+ bool "Mitigation operation mode"
+ depends on KASAN
+ help
+ Operation mode dedicated at faster operation at the cost of less
+ information collection. Disables stacktrace saving for faster
+ allocations and forces panic on KASAN error to mitigate malicious
+ attacks.
+
+endchoice
+
endif # KASAN
diff --git a/mm/kasan/report.c b/mm/kasan/report.c
index ee9e406b0cdb..ae989d3bd919 100644
--- a/mm/kasan/report.c
+++ b/mm/kasan/report.c
@@ -47,7 +47,11 @@ enum kasan_arg_fault {
KASAN_ARG_FAULT_PANIC_ON_WRITE,
};
+#ifdef CONFIG_KASAN_OPERATION_MITIGATION
+static enum kasan_arg_fault kasan_arg_fault __ro_after_init = KASAN_ARG_FAULT_PANIC;
+#else
static enum kasan_arg_fault kasan_arg_fault __ro_after_init = KASAN_ARG_FAULT_DEFAULT;
+#endif
/* kasan.fault=report/panic */
static int __init early_kasan_fault(char *arg)
diff --git a/mm/kasan/tags.c b/mm/kasan/tags.c
index c111d98961ed..2414cddeaaf3 100644
--- a/mm/kasan/tags.c
+++ b/mm/kasan/tags.c
@@ -78,6 +78,11 @@ early_param("kasan.stack_ring_size", early_kasan_flag_stack_ring_size);
void __init kasan_init_tags(void)
{
+ if (IS_ENABLED(CONFIG_KASAN_OPERATION_MITIGATION)) {
+ static_branch_disable(&kasan_flag_stacktrace);
+ return;
+ }
+
switch (kasan_arg_stacktrace) {
case KASAN_ARG_STACKTRACE_DEFAULT:
/* Default is specified by kasan_flag_stacktrace definition. */
--
2.47.1
next prev parent reply other threads:[~2025-02-04 17:41 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-02-04 17:33 [PATCH 00/15] kasan: x86: arm64: risc-v: KASAN tag-based mode for x86 Maciej Wieczor-Retman
2025-02-04 17:33 ` [PATCH 01/15] kasan: Allocation enhancement for dense tag-based mode Maciej Wieczor-Retman
2025-02-05 23:43 ` Andrey Konovalov
2025-02-06 12:57 ` Maciej Wieczor-Retman
2025-02-06 18:14 ` Andrey Konovalov
2025-02-04 17:33 ` [PATCH 02/15] kasan: Tag checking with " Maciej Wieczor-Retman
2025-02-05 23:45 ` Andrey Konovalov
2025-02-06 14:55 ` Maciej Wieczor-Retman
2025-02-04 17:33 ` [PATCH 03/15] kasan: Vmalloc dense tag-based mode support Maciej Wieczor-Retman
2025-02-04 17:33 ` [PATCH 04/15] kasan: arm64: x86: risc-v: Make special tags arch specific Maciej Wieczor-Retman
2025-02-05 20:20 ` Palmer Dabbelt
2025-02-06 11:22 ` Maciej Wieczor-Retman
2025-02-04 17:33 ` [PATCH 05/15] x86: Add arch specific kasan functions Maciej Wieczor-Retman
2025-02-04 17:33 ` [PATCH 06/15] x86: Reset tag for virtual to physical address conversions Maciej Wieczor-Retman
2025-02-04 17:33 ` [PATCH 07/15] mm: Pcpu chunk address tag reset Maciej Wieczor-Retman
2025-02-04 17:33 ` [PATCH 08/15] x86: Physical address comparisons in fill_p*d/pte Maciej Wieczor-Retman
2025-02-06 0:57 ` Dave Hansen
2025-02-07 16:37 ` Maciej Wieczor-Retman
2025-02-11 19:59 ` Dave Hansen
2025-02-04 17:33 ` [PATCH 09/15] x86: Physical address comparison in current_mm pgd check Maciej Wieczor-Retman
2025-02-04 17:33 ` [PATCH 10/15] x86: KASAN raw shadow memory PTE init Maciej Wieczor-Retman
2025-02-05 23:45 ` Andrey Konovalov
2025-02-06 15:39 ` Maciej Wieczor-Retman
2025-02-04 17:33 ` [PATCH 11/15] x86: LAM initialization Maciej Wieczor-Retman
2025-02-04 17:33 ` [PATCH 12/15] x86: Minimal SLAB alignment Maciej Wieczor-Retman
2025-02-04 17:33 ` [PATCH 13/15] x86: runtime_const used for KASAN_SHADOW_END Maciej Wieczor-Retman
2025-02-04 17:33 ` [PATCH 14/15] x86: Make software tag-based kasan available Maciej Wieczor-Retman
2025-02-04 17:33 ` Maciej Wieczor-Retman [this message]
2025-02-05 23:46 ` [PATCH 15/15] kasan: Add mititgation and debug modes Andrey Konovalov
2025-02-07 9:08 ` Maciej Wieczor-Retman
2025-02-04 18:58 ` [PATCH 00/15] kasan: x86: arm64: risc-v: KASAN tag-based mode for x86 Christoph Lameter (Ampere)
2025-02-04 21:05 ` Dave Hansen
2025-02-05 18:59 ` Christoph Lameter (Ampere)
2025-02-05 23:04 ` Ard Biesheuvel
2025-02-04 23:36 ` Jessica Clarke
2025-02-05 18:51 ` Christoph Lameter (Ampere)
2025-02-06 1:05 ` Jessica Clarke
2025-02-06 19:11 ` Christoph Lameter (Ampere)
2025-02-06 21:41 ` Dave Hansen
2025-02-07 7:41 ` Maciej Wieczor-Retman
2025-02-06 22:56 ` Andrey Konovalov
2025-02-04 23:36 ` Jessica Clarke
2025-02-05 23:40 ` Andrey Konovalov
2025-02-06 10:40 ` Maciej Wieczor-Retman
2025-02-06 18:10 ` Andrey Konovalov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=450a1fe078b0e07bf2e4f3098c9110c9959c6524.1738686764.git.maciej.wieczor-retman@intel.com \
--to=maciej.wieczor-retman@intel.com \
--cc=akpm@linux-foundation.org \
--cc=andreyknvl@gmail.com \
--cc=aou@eecs.berkeley.edu \
--cc=ardb@kernel.org \
--cc=arnd@arndb.de \
--cc=bhe@redhat.com \
--cc=bp@alien8.de \
--cc=brgerst@gmail.com \
--cc=catalin.marinas@arm.com \
--cc=cl@linux.com \
--cc=corbet@lwn.net \
--cc=dan.j.williams@intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=dennis@kernel.org \
--cc=dvyukov@google.com \
--cc=glider@google.com \
--cc=hpa@zytor.com \
--cc=jannh@google.com \
--cc=jason.andryuk@amd.com \
--cc=jgross@suse.com \
--cc=julian.stecklina@cyberus-technology.de \
--cc=junichi.nomura@nec.com \
--cc=justinstitt@google.com \
--cc=kasan-dev@googlegroups.com \
--cc=kees@kernel.org \
--cc=kevinloughlin@google.com \
--cc=kirill.shutemov@linux.intel.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-riscv@lists.infradead.org \
--cc=llvm@lists.linux.dev \
--cc=luto@kernel.org \
--cc=mingo@redhat.com \
--cc=morbo@google.com \
--cc=nathan@kernel.org \
--cc=ndesaulniers@google.com \
--cc=palmer@dabbelt.com \
--cc=paul.walmsley@sifive.com \
--cc=peterz@infradead.org \
--cc=rafael.j.wysocki@intel.com \
--cc=richard.weiyang@gmail.com \
--cc=ryabinin.a.a@gmail.com \
--cc=seanjc@google.com \
--cc=tglx@linutronix.de \
--cc=tj@kernel.org \
--cc=ubizjak@gmail.com \
--cc=vincenzo.frascino@arm.com \
--cc=will@kernel.org \
--cc=x86@kernel.org \
--cc=xin@zytor.com \
--cc=ytcoode@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox