From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 97A56C02192 for ; Wed, 5 Feb 2025 23:46:36 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 307F16B008C; Wed, 5 Feb 2025 18:46:36 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 2B7446B0095; Wed, 5 Feb 2025 18:46:36 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 17E9D6B0096; Wed, 5 Feb 2025 18:46:36 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id F07F46B008C for ; Wed, 5 Feb 2025 18:46:35 -0500 (EST) Received: from smtpin20.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id B9834160D71 for ; Wed, 5 Feb 2025 23:46:35 +0000 (UTC) X-FDA: 83087527950.20.79F7E50 Received: from mail-wr1-f41.google.com (mail-wr1-f41.google.com [209.85.221.41]) by imf22.hostedemail.com (Postfix) with ESMTP id CF926C0003 for ; Wed, 5 Feb 2025 23:46:33 +0000 (UTC) Authentication-Results: imf22.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=FkSsyHii; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf22.hostedemail.com: domain of andreyknvl@gmail.com designates 209.85.221.41 as permitted sender) smtp.mailfrom=andreyknvl@gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1738799193; a=rsa-sha256; cv=none; b=fJWOmZfnntUWux0+usdUBrGCBWUCVfBKhXZ5ccI3nweSXoczxyhrIgcYlYaaDuqN+TafTy AMJD7zvF22fAxAR5j5am4G2FA6P2cByqR+xDvURyRSlLq0Ii+5BDJ5A9y2ksjy8/3TKQ2b tBuSdeNYKVjqh6rWGqeighXEoLiIGN8= ARC-Authentication-Results: i=1; imf22.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=FkSsyHii; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf22.hostedemail.com: domain of andreyknvl@gmail.com designates 209.85.221.41 as permitted sender) smtp.mailfrom=andreyknvl@gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1738799193; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=splJksFz56TDIrwwM0xZxaI8hN1W91tSLAlTGFboN5c=; b=sf7xV1vEV8KvBwoRF8Ub7eG2ZWhIADkDhl6FeFxejYkH01RcVPoKr148w4RgaAC5Vhg8KV R765nceP9GspFAhLeR/p5QXyVKhkXjKviYxYCMvkX3qdxeE/pgDP3J2T72FLznrByxMRa2 48kTOI8XqKGwZQkNgoxus+XHHoNl+0M= Received: by mail-wr1-f41.google.com with SMTP id ffacd0b85a97d-38da66ce63bso136004f8f.3 for ; Wed, 05 Feb 2025 15:46:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1738799192; x=1739403992; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=splJksFz56TDIrwwM0xZxaI8hN1W91tSLAlTGFboN5c=; b=FkSsyHiiQezOfaM5UhXfDB0Liau7RlvDP7iLUmGhjQfcbbU3LXZmHaOVrm0my+yZny x+Krd1pxOytDOnYCpA9qH54qbaQXzZBL4OZOVD1o9B4BYKnri7Z0j4+3lJizVFaI7OgN hEwhlLG5sS/iiTHaC5kH5PPZTbN9PkKOr1bdsswG/HZPhWaFYr8+r09vpc7nsUFT0kDx jr1OV2Pjcp0RBkVU6eUmUPndNouzkhXghUDrov0S96i8kJ7GQ2tIFvid3dLLun3tQlbj ZliElE5mC9TZlIx91+8zzh6E7ypZUu/77a9Ria8tFGBol8NOD4ESX658vE6RLDGz1C1A iznQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1738799192; x=1739403992; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=splJksFz56TDIrwwM0xZxaI8hN1W91tSLAlTGFboN5c=; b=tA9VqTYEATIBFEG1L+KTEf4gJqvH1InvxwJOeSvuPmXamre+kksiU1zLAqiMPL9NZT D9wDH/OcFGYSn+dG26wlEBpOO5LPYA5grTzCNB4UIwjNZUQLZUhDkTqKM3wq02KUUudh oQs3vQBufcBW1/HZsTeobpidpUKu/StOv6DWxtsYmFRbYHSdduDio8AuJRY86rGL9HBy R0LsPD6xHeUUwGxszUHWma+4UrSjJkBLPJOmG7z7YgQMv1jqGMTNlMKZ4RZ1/WhthRlK jGL7+ojqhTs87ueIt08rSyeZ1OhZlY78IKQ8bVivuAYAqoWv4A31A+zJu5ihBtYeXndZ K+bw== X-Forwarded-Encrypted: i=1; AJvYcCWNiB7+Fn8F+pFslnGakEE4Ibb+0YNV4aFv+HTtPRqDt9O9YLfRi3fUgGFEErWqdf2OdrIgCZCKDQ==@kvack.org X-Gm-Message-State: AOJu0Yw8Y9WrhjZX37dDcPJ+chMGmQ671MgnkpkaFJak93XuQ9e9UGer oKN3cHQbRicW0296/aJ4sDzVY45XIbS9p53qT6azK2vj9c3AH9WboeyP4sAJBCxD65tcBrJPm8h hggHMAIoJep0KTG5HlNoKRUDl0Io= X-Gm-Gg: ASbGncvQ468tYBUP9sjblg7Qys21mKjwklHD8lXoSDyec0fUJLnYtLovoWVKN7HDc57 9dS8SE+cjx3nOQo0IAMthsGKcyLiAIO5ajs+VWJYn5WCuXfVYnu2oVD++gWcoiPZei9b06Hi+6w == X-Google-Smtp-Source: AGHT+IFSFHWVEoOQLLmJ+PaOxc/EbVSarQ3d2dwZcdG6PEJNBpkGd7CO8NPniQu76duw1X2UJRbhBv8DnKzYKrkcERY= X-Received: by 2002:a5d:64af:0:b0:38a:518d:97b with SMTP id ffacd0b85a97d-38db4858781mr3265952f8f.11.1738799192252; Wed, 05 Feb 2025 15:46:32 -0800 (PST) MIME-Version: 1.0 References: <450a1fe078b0e07bf2e4f3098c9110c9959c6524.1738686764.git.maciej.wieczor-retman@intel.com> In-Reply-To: <450a1fe078b0e07bf2e4f3098c9110c9959c6524.1738686764.git.maciej.wieczor-retman@intel.com> From: Andrey Konovalov Date: Thu, 6 Feb 2025 00:46:21 +0100 X-Gm-Features: AWEUYZmWa4puMe4djsB8DuAJDHlgw8tfTIgkGA6kMcFx6SJvTthEfUEqJBWFe6Q Message-ID: Subject: Re: [PATCH 15/15] kasan: Add mititgation and debug modes To: Maciej Wieczor-Retman Cc: luto@kernel.org, xin@zytor.com, kirill.shutemov@linux.intel.com, palmer@dabbelt.com, tj@kernel.org, brgerst@gmail.com, ardb@kernel.org, dave.hansen@linux.intel.com, jgross@suse.com, will@kernel.org, akpm@linux-foundation.org, arnd@arndb.de, corbet@lwn.net, dvyukov@google.com, richard.weiyang@gmail.com, ytcoode@gmail.com, tglx@linutronix.de, hpa@zytor.com, seanjc@google.com, paul.walmsley@sifive.com, aou@eecs.berkeley.edu, justinstitt@google.com, jason.andryuk@amd.com, glider@google.com, ubizjak@gmail.com, jannh@google.com, bhe@redhat.com, vincenzo.frascino@arm.com, rafael.j.wysocki@intel.com, ndesaulniers@google.com, mingo@redhat.com, catalin.marinas@arm.com, junichi.nomura@nec.com, nathan@kernel.org, ryabinin.a.a@gmail.com, dennis@kernel.org, bp@alien8.de, kevinloughlin@google.com, morbo@google.com, dan.j.williams@intel.com, julian.stecklina@cyberus-technology.de, peterz@infradead.org, cl@linux.com, kees@kernel.org, kasan-dev@googlegroups.com, x86@kernel.org, linux-arm-kernel@lists.infradead.org, linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, llvm@lists.linux.dev, linux-doc@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspam-User: X-Rspamd-Server: rspam01 X-Rspamd-Queue-Id: CF926C0003 X-Stat-Signature: ddemgdhctgncw64jz31tc5djwa8dr8aa X-HE-Tag: 1738799193-591556 X-HE-Meta: U2FsdGVkX1+eHXS0IAx/FDuQKRhhN3mzmEiDitYM9haqnOLOrJ4tsClQOJaIJfbBrWrIbzhQNpQYSlhNsFsBjJfnVz9cw5/FlPRcMJMguZXlhcIIKba6t1z6aOlB7qXt7M/4ayADCBTkLXPwgr7LexDzTGaTYNxCHaAHJluq3guj1hbdm309f8heB6tETG8butr6edgyUwH/oVpmkTpDY6jjkS7lIIk2rPaSeek4KZZ+dyEkP6+SgjKYSv83M07RsTGyPrrTVm2d2L0GYnHAeVX6qx0eYMb+sV5Ujp8PBgDt2u60qp+GysewxkLHGx8cQMK5fUs5AZ01sbOgEdv4zth5Q1SaXuAhnQBmhq1WuyAuI7hNKrk33EwlfZsyw+08fod1X0Fnx4K33Ut9z+d4kY0bWEimQpr5fpT13hHdkNBRKLlgEID3xWVlJ9ycva2GsJ2ktGaTGuqXfClqFY/2Wqg+H/QPPT+4QLuSEMLyczYhOKsC/hGJ/OPCJ20Zv5xrdq/PJ/nz4HPesrwuULxe+Hroen8qx3cUhvYCxO9NHg3Sk1ldyAiQ7S3WVLp1s6PBzF7dLwU/VKL2+cmwmP+1BAcBEPHRnETY2Z/qlF5CJNavoHaIfGNsSpxEPChHTBHvR468C00Ql5wyzYpFyY1p2+GOyQmbRQGkUa9C2y4weOJwNE3LnGzwkiYXym4itfuQL19ptnBSS7JD6m7nmUXcThwm5OEVHQRLK06ltvS5fpnGXVvOdMGXFb30R/VarKn779tl98sp8Vnq3C3b+EBpEBKtD5bHpE9CvNCyCon6PfoWRUhXm+Bt3aQIKoNRrODFxWV1EKkj7sgmBU/wk0CeIwTFankReRXbqFexeEeSLt+xLrsaXK+FDOAkVLfLqq/ygRZUI/GxoNf6ifVlRCLzMV+UQc4bcM3PvPZJsKbUiRrHwgrCGGo2ZlUcF+37uzGw7swCqjTjnaNiovKUkfo 4FiggSjy JacnnNyMwvhumOV2EJzovNBU2YKEUKdODI973bWbGgAQ+nb1cYFhreJjN/Y0nTocKKfjeiIKO1a0TgEjJbLdVCH31gpnILdC8rxx1WrtVo8D8l4a0sEa9RIz7UKxvB4+JIGrIna44S2BeOOtsNWPPwKH1Kotj0kMHtgQX5w4BuGoGJLdm4ePDccbtgiyUyMLx1oRhZWrATpgAtaI/LcYSUKpMwBKremsKKNb52OK/fWGCU4qJZnZzxSliuxS0cw2op+lu+zKqKAgPjLZjYuEK7SwgTpRiwalq5VFpqnqT7AJaSStXz8ip7rq+WlN6iHtmvGQ5oO4eEjN2FFqGqVRVXsPwkId507wFaYFwMCVY5d031YiUFBLR9aegBeYVc/9IdEGjGmyfMDGUl0+njIwgNAnzGGYWXn4N3LIidKkztKjIkUNFXKlBjCBzFw== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Tue, Feb 4, 2025 at 6:37=E2=80=AFPM Maciej Wieczor-Retman wrote: > > With smaller memory footprint KASAN could be used in production systems. > One problem is that saving stacktraces slowes memory allocation > substantially - with KASAN enabled up to 90% of time spent on kmalloc() > is spent on saving the stacktrace. > > Add mitigation mode to allow the option for running KASAN focused on > performance and security. In mitigation mode disable saving stacktraces > and set fault mode to always panic on KASAN error as a security > mechanism. > > Signed-off-by: Maciej Wieczor-Retman > --- > lib/Kconfig.kasan | 28 ++++++++++++++++++++++++++++ > mm/kasan/report.c | 4 ++++ > mm/kasan/tags.c | 5 +++++ > 3 files changed, 37 insertions(+) > > diff --git a/lib/Kconfig.kasan b/lib/Kconfig.kasan > index d08b4e9bf477..6daa62b40dea 100644 > --- a/lib/Kconfig.kasan > +++ b/lib/Kconfig.kasan > @@ -244,4 +244,32 @@ config KASAN_SW_TAGS_DENSE > ARCH_HAS_KASAN_SW_TAGS_DENSE is needed for this option since th= e > special tag macros need to be properly set for 4-bit wide tags. > > +choice > + prompt "KASAN operation mode" > + default KASAN_OPERATION_DEBUG > + help > + Choose between the mitigation or debug operation modes. > + > + The first one disables stacktrace saving and enables panic on e= rror. > + Faster memory allocation but less information. The second one i= s the > + default where KASAN operates with full functionality. This is something that I thought about before and I think we should _not_ add configuration options like these. The distinction between debug and mitigation modes is something that's specific to a particular user of the feature. Some might prefer to take the impact of having stack traces enabled in a production environment to allow debugging in-the-wild exploitation attempts. Also at some point in the future, we will hopefully have production-grade stack traces [1], and this would thus change the desired behavior of KASAN_OPERATION_MITIGATION. We already have the kasan.stacktrace command-line parameter for disabling stack trace collection. On top of that, if you prefer, we could add a configuration option that changes the default value of kasan_flag_stacktrace (but can still be overridden via the kasan.stacktrace command-line parameter). Note though that by default, stack traces should be turned on. [1] https://bugzilla.kernel.org/show_bug.cgi?id=3D211785 > + > +config KASAN_OPERATION_DEBUG > + bool "Debug operation mode" > + depends on KASAN > + help > + The default mode. Full functionality and all boot parameters > + available. > + > +config KASAN_OPERATION_MITIGATION > + bool "Mitigation operation mode" > + depends on KASAN > + help > + Operation mode dedicated at faster operation at the cost of les= s > + information collection. Disables stacktrace saving for faster > + allocations and forces panic on KASAN error to mitigate malicio= us > + attacks. > + > +endchoice > + > endif # KASAN > diff --git a/mm/kasan/report.c b/mm/kasan/report.c > index ee9e406b0cdb..ae989d3bd919 100644 > --- a/mm/kasan/report.c > +++ b/mm/kasan/report.c > @@ -47,7 +47,11 @@ enum kasan_arg_fault { > KASAN_ARG_FAULT_PANIC_ON_WRITE, > }; > > +#ifdef CONFIG_KASAN_OPERATION_MITIGATION > +static enum kasan_arg_fault kasan_arg_fault __ro_after_init =3D KASAN_AR= G_FAULT_PANIC; > +#else > static enum kasan_arg_fault kasan_arg_fault __ro_after_init =3D KASAN_AR= G_FAULT_DEFAULT; > +#endif > > /* kasan.fault=3Dreport/panic */ > static int __init early_kasan_fault(char *arg) > diff --git a/mm/kasan/tags.c b/mm/kasan/tags.c > index c111d98961ed..2414cddeaaf3 100644 > --- a/mm/kasan/tags.c > +++ b/mm/kasan/tags.c > @@ -78,6 +78,11 @@ early_param("kasan.stack_ring_size", early_kasan_flag_= stack_ring_size); > > void __init kasan_init_tags(void) > { > + if (IS_ENABLED(CONFIG_KASAN_OPERATION_MITIGATION)) { > + static_branch_disable(&kasan_flag_stacktrace); > + return; > + } > + > switch (kasan_arg_stacktrace) { > case KASAN_ARG_STACKTRACE_DEFAULT: > /* Default is specified by kasan_flag_stacktrace definiti= on. */ > -- > 2.47.1 >