From: Maciej Wieczor-Retman <maciej.wieczor-retman@intel.com>
To: luto@kernel.org, xin@zytor.com, kirill.shutemov@linux.intel.com,
palmer@dabbelt.com, tj@kernel.org, andreyknvl@gmail.com,
brgerst@gmail.com, ardb@kernel.org, dave.hansen@linux.intel.com,
jgross@suse.com, will@kernel.org, akpm@linux-foundation.org,
arnd@arndb.de, corbet@lwn.net, maciej.wieczor-retman@intel.com,
dvyukov@google.com, richard.weiyang@gmail.com, ytcoode@gmail.com,
tglx@linutronix.de, hpa@zytor.com, seanjc@google.com,
paul.walmsley@sifive.com, aou@eecs.berkeley.edu,
justinstitt@google.com, jason.andryuk@amd.com, glider@google.com,
ubizjak@gmail.com, jannh@google.com, bhe@redhat.com,
vincenzo.frascino@arm.com, rafael.j.wysocki@intel.com,
ndesaulniers@google.com, mingo@redhat.com,
catalin.marinas@arm.com, junichi.nomura@nec.com,
nathan@kernel.org, ryabinin.a.a@gmail.com, dennis@kernel.org,
bp@alien8.de, kevinloughlin@google.com, morbo@google.com,
dan.j.williams@intel.com, julian.stecklina@cyberus-technology.de,
peterz@infradead.org, cl@linux.com, kees@kernel.org
Cc: kasan-dev@googlegroups.com, x86@kernel.org,
linux-arm-kernel@lists.infradead.org,
linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org,
linux-mm@kvack.org, llvm@lists.linux.dev,
linux-doc@vger.kernel.org
Subject: [PATCH 13/15] x86: runtime_const used for KASAN_SHADOW_END
Date: Tue, 4 Feb 2025 18:33:54 +0100 [thread overview]
Message-ID: <5d0f9dbd0f7c2326229f2a1f3dcedd46842a9615.1738686764.git.maciej.wieczor-retman@intel.com> (raw)
In-Reply-To: <cover.1738686764.git.maciej.wieczor-retman@intel.com>
On x86, generic KASAN is setup in a way that needs a single
KASAN_SHADOW_OFFSET value for both 4 and 5 level paging. It's required
to facilitate boot time switching and it's a compiler ABI so it can't be
changed during runtime.
Software tag-based mode doesn't tie shadow start and end to any linear
addresses as part of the compiler ABI so it can be changed during
runtime. This notion, for KASAN purposes, allows to optimize out macros
such us pgtable_l5_enabled() which would otherwise be used in every
single KASAN related function.
Use runtime_const infrastructure with pgtable_l5_enabled() to initialize
the end address of KASAN's shadow address space. It's a good choice
since in software tag based mode KASAN_SHADOW_OFFSET and
KASAN_SHADOW_END refer to the same value and the offset in
kasan_mem_to_shadow() is a signed negative value.
Setup KASAN_SHADOW_END values so that they're aligned to 4TB in 4-level
paging mode and to 2PB in 5-level paging mode. Also update x86 memory
map documentation.
Signed-off-by: Maciej Wieczor-Retman <maciej.wieczor-retman@intel.com>
---
Documentation/arch/x86/x86_64/mm.rst | 6 ++++--
arch/x86/Kconfig | 3 +--
arch/x86/include/asm/kasan.h | 14 +++++++++++++-
arch/x86/kernel/vmlinux.lds.S | 1 +
arch/x86/mm/kasan_init_64.c | 5 ++++-
5 files changed, 23 insertions(+), 6 deletions(-)
diff --git a/Documentation/arch/x86/x86_64/mm.rst b/Documentation/arch/x86/x86_64/mm.rst
index 35e5e18c83d0..4e8c04d71a13 100644
--- a/Documentation/arch/x86/x86_64/mm.rst
+++ b/Documentation/arch/x86/x86_64/mm.rst
@@ -48,7 +48,8 @@ Complete virtual memory map with 4-level page tables
ffffe90000000000 | -23 TB | ffffe9ffffffffff | 1 TB | ... unused hole
ffffea0000000000 | -22 TB | ffffeaffffffffff | 1 TB | virtual memory map (vmemmap_base)
ffffeb0000000000 | -21 TB | ffffebffffffffff | 1 TB | ... unused hole
- ffffec0000000000 | -20 TB | fffffbffffffffff | 16 TB | KASAN shadow memory
+ ffffec0000000000 | -20 TB | fffffbffffffffff | 16 TB | KASAN shadow memory (generic mode)
+ fffff80000000000 | -8 TB | fffffc0000000000 | 4 TB | KASAN shadow memory (software tag-based mode)
__________________|____________|__________________|_________|____________________________________________________________
|
| Identical layout to the 56-bit one from here on:
@@ -107,7 +108,8 @@ Complete virtual memory map with 5-level page tables
ffd2000000000000 | -11.5 PB | ffd3ffffffffffff | 0.5 PB | ... unused hole
ffd4000000000000 | -11 PB | ffd5ffffffffffff | 0.5 PB | virtual memory map (vmemmap_base)
ffd6000000000000 | -10.5 PB | ffdeffffffffffff | 2.25 PB | ... unused hole
- ffdf000000000000 | -8.25 PB | fffffbffffffffff | ~8 PB | KASAN shadow memory
+ ffdf000000000000 | -8.25 PB | fffffbffffffffff | ~8 PB | KASAN shadow memory (generic mode)
+ ffe8000000000000 | -6 PB | fff0000000000000 | 2 PB | KASAN shadow memory (software tag-based mode)
__________________|____________|__________________|_________|____________________________________________________________
|
| Identical layout to the 47-bit one from here on:
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 7b9a7e8f39ac..dfec7bc692d4 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -392,8 +392,7 @@ config AUDIT_ARCH
config KASAN_SHADOW_OFFSET
hex
- depends on KASAN
- default 0xdffffc0000000000
+ default 0xdffffc0000000000 if KASAN_GENERIC
config HAVE_INTEL_TXT
def_bool y
diff --git a/arch/x86/include/asm/kasan.h b/arch/x86/include/asm/kasan.h
index f7a8d3763615..79151356d5f2 100644
--- a/arch/x86/include/asm/kasan.h
+++ b/arch/x86/include/asm/kasan.h
@@ -5,7 +5,7 @@
#include <linux/const.h>
#include <linux/kasan-tags.h>
#include <linux/types.h>
-#define KASAN_SHADOW_OFFSET _AC(CONFIG_KASAN_SHADOW_OFFSET, UL)
+
#define KASAN_SHADOW_SCALE_SHIFT 3
/*
@@ -14,6 +14,8 @@
* for kernel really starts from compiler's shadow offset +
* 'kernel address space start' >> KASAN_SHADOW_SCALE_SHIFT
*/
+#ifdef CONFIG_KASAN_GENERIC
+#define KASAN_SHADOW_OFFSET _AC(CONFIG_KASAN_SHADOW_OFFSET, UL)
#define KASAN_SHADOW_START (KASAN_SHADOW_OFFSET + \
((-1UL << __VIRTUAL_MASK_SHIFT) >> \
KASAN_SHADOW_SCALE_SHIFT))
@@ -24,12 +26,22 @@
#define KASAN_SHADOW_END (KASAN_SHADOW_START + \
(1ULL << (__VIRTUAL_MASK_SHIFT - \
KASAN_SHADOW_SCALE_SHIFT)))
+#endif
+
#ifndef __ASSEMBLY__
+#include <asm/runtime-const.h>
#include <linux/bitops.h>
#include <linux/bitfield.h>
#include <linux/bits.h>
+#ifdef CONFIG_KASAN_SW_TAGS
+extern unsigned long KASAN_SHADOW_END_RC;
+#define KASAN_SHADOW_END runtime_const_ptr(KASAN_SHADOW_END_RC)
+#define KASAN_SHADOW_OFFSET KASAN_SHADOW_END
+#define KASAN_SHADOW_START (KASAN_SHADOW_END - ((UL(1)) << (__VIRTUAL_MASK_SHIFT - KASAN_SHADOW_SCALE_SHIFT)))
+#endif
+
#define arch_kasan_set_tag(addr, tag) __tag_set(addr, tag)
#define arch_kasan_reset_tag(addr) __tag_reset(addr)
#define arch_kasan_get_tag(addr) __tag_get(addr)
diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S
index feb8102a9ca7..46183f7439c9 100644
--- a/arch/x86/kernel/vmlinux.lds.S
+++ b/arch/x86/kernel/vmlinux.lds.S
@@ -359,6 +359,7 @@ SECTIONS
RUNTIME_CONST_VARIABLES
RUNTIME_CONST(ptr, USER_PTR_MAX)
+ RUNTIME_CONST(ptr, KASAN_SHADOW_END_RC)
. = ALIGN(PAGE_SIZE);
diff --git a/arch/x86/mm/kasan_init_64.c b/arch/x86/mm/kasan_init_64.c
index 55d468d83682..0f8190e0e5f6 100644
--- a/arch/x86/mm/kasan_init_64.c
+++ b/arch/x86/mm/kasan_init_64.c
@@ -358,6 +358,9 @@ void __init kasan_init(void)
int i;
memcpy(early_top_pgt, init_top_pgt, sizeof(early_top_pgt));
+ unsigned long KASAN_SHADOW_END_RC = pgtable_l5_enabled() ? 0xfff0000000000000 : 0xfffffc0000000000;
+
+ runtime_const_init(ptr, KASAN_SHADOW_END_RC);
/*
* We use the same shadow offset for 4- and 5-level paging to
@@ -372,7 +375,7 @@ void __init kasan_init(void)
* bunch of things like kernel code, modules, EFI mapping, etc.
* We need to take extra steps to not overwrite them.
*/
- if (pgtable_l5_enabled()) {
+ if (pgtable_l5_enabled() && !IS_ENABLED(CONFIG_KASAN_SW_TAGS)) {
void *ptr;
ptr = (void *)pgd_page_vaddr(*pgd_offset_k(KASAN_SHADOW_END));
--
2.47.1
next prev parent reply other threads:[~2025-02-04 17:37 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-02-04 17:33 [PATCH 00/15] kasan: x86: arm64: risc-v: KASAN tag-based mode for x86 Maciej Wieczor-Retman
2025-02-04 17:33 ` [PATCH 01/15] kasan: Allocation enhancement for dense tag-based mode Maciej Wieczor-Retman
2025-02-05 23:43 ` Andrey Konovalov
2025-02-06 12:57 ` Maciej Wieczor-Retman
2025-02-06 18:14 ` Andrey Konovalov
2025-02-04 17:33 ` [PATCH 02/15] kasan: Tag checking with " Maciej Wieczor-Retman
2025-02-05 23:45 ` Andrey Konovalov
2025-02-06 14:55 ` Maciej Wieczor-Retman
2025-02-04 17:33 ` [PATCH 03/15] kasan: Vmalloc dense tag-based mode support Maciej Wieczor-Retman
2025-02-04 17:33 ` [PATCH 04/15] kasan: arm64: x86: risc-v: Make special tags arch specific Maciej Wieczor-Retman
2025-02-05 20:20 ` Palmer Dabbelt
2025-02-06 11:22 ` Maciej Wieczor-Retman
2025-02-04 17:33 ` [PATCH 05/15] x86: Add arch specific kasan functions Maciej Wieczor-Retman
2025-02-04 17:33 ` [PATCH 06/15] x86: Reset tag for virtual to physical address conversions Maciej Wieczor-Retman
2025-02-04 17:33 ` [PATCH 07/15] mm: Pcpu chunk address tag reset Maciej Wieczor-Retman
2025-02-04 17:33 ` [PATCH 08/15] x86: Physical address comparisons in fill_p*d/pte Maciej Wieczor-Retman
2025-02-06 0:57 ` Dave Hansen
2025-02-07 16:37 ` Maciej Wieczor-Retman
2025-02-11 19:59 ` Dave Hansen
2025-02-04 17:33 ` [PATCH 09/15] x86: Physical address comparison in current_mm pgd check Maciej Wieczor-Retman
2025-02-04 17:33 ` [PATCH 10/15] x86: KASAN raw shadow memory PTE init Maciej Wieczor-Retman
2025-02-05 23:45 ` Andrey Konovalov
2025-02-06 15:39 ` Maciej Wieczor-Retman
2025-02-04 17:33 ` [PATCH 11/15] x86: LAM initialization Maciej Wieczor-Retman
2025-02-04 17:33 ` [PATCH 12/15] x86: Minimal SLAB alignment Maciej Wieczor-Retman
2025-02-04 17:33 ` Maciej Wieczor-Retman [this message]
2025-02-04 17:33 ` [PATCH 14/15] x86: Make software tag-based kasan available Maciej Wieczor-Retman
2025-02-04 17:33 ` [PATCH 15/15] kasan: Add mititgation and debug modes Maciej Wieczor-Retman
2025-02-05 23:46 ` Andrey Konovalov
2025-02-07 9:08 ` Maciej Wieczor-Retman
2025-02-04 18:58 ` [PATCH 00/15] kasan: x86: arm64: risc-v: KASAN tag-based mode for x86 Christoph Lameter (Ampere)
2025-02-04 21:05 ` Dave Hansen
2025-02-05 18:59 ` Christoph Lameter (Ampere)
2025-02-05 23:04 ` Ard Biesheuvel
2025-02-04 23:36 ` Jessica Clarke
2025-02-04 23:36 ` Jessica Clarke
2025-02-05 18:51 ` Christoph Lameter (Ampere)
2025-02-06 1:05 ` Jessica Clarke
2025-02-06 19:11 ` Christoph Lameter (Ampere)
2025-02-06 21:41 ` Dave Hansen
2025-02-07 7:41 ` Maciej Wieczor-Retman
2025-02-06 22:56 ` Andrey Konovalov
2025-02-05 23:40 ` Andrey Konovalov
2025-02-06 10:40 ` Maciej Wieczor-Retman
2025-02-06 18:10 ` Andrey Konovalov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5d0f9dbd0f7c2326229f2a1f3dcedd46842a9615.1738686764.git.maciej.wieczor-retman@intel.com \
--to=maciej.wieczor-retman@intel.com \
--cc=akpm@linux-foundation.org \
--cc=andreyknvl@gmail.com \
--cc=aou@eecs.berkeley.edu \
--cc=ardb@kernel.org \
--cc=arnd@arndb.de \
--cc=bhe@redhat.com \
--cc=bp@alien8.de \
--cc=brgerst@gmail.com \
--cc=catalin.marinas@arm.com \
--cc=cl@linux.com \
--cc=corbet@lwn.net \
--cc=dan.j.williams@intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=dennis@kernel.org \
--cc=dvyukov@google.com \
--cc=glider@google.com \
--cc=hpa@zytor.com \
--cc=jannh@google.com \
--cc=jason.andryuk@amd.com \
--cc=jgross@suse.com \
--cc=julian.stecklina@cyberus-technology.de \
--cc=junichi.nomura@nec.com \
--cc=justinstitt@google.com \
--cc=kasan-dev@googlegroups.com \
--cc=kees@kernel.org \
--cc=kevinloughlin@google.com \
--cc=kirill.shutemov@linux.intel.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-riscv@lists.infradead.org \
--cc=llvm@lists.linux.dev \
--cc=luto@kernel.org \
--cc=mingo@redhat.com \
--cc=morbo@google.com \
--cc=nathan@kernel.org \
--cc=ndesaulniers@google.com \
--cc=palmer@dabbelt.com \
--cc=paul.walmsley@sifive.com \
--cc=peterz@infradead.org \
--cc=rafael.j.wysocki@intel.com \
--cc=richard.weiyang@gmail.com \
--cc=ryabinin.a.a@gmail.com \
--cc=seanjc@google.com \
--cc=tglx@linutronix.de \
--cc=tj@kernel.org \
--cc=ubizjak@gmail.com \
--cc=vincenzo.frascino@arm.com \
--cc=will@kernel.org \
--cc=x86@kernel.org \
--cc=xin@zytor.com \
--cc=ytcoode@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox