From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 20FD3C02192 for ; Wed, 5 Feb 2025 23:44:01 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 639F26B0093; Wed, 5 Feb 2025 18:44:01 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 5EA1E6B0095; Wed, 5 Feb 2025 18:44:01 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 48B396B0096; Wed, 5 Feb 2025 18:44:01 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 2A5976B0093 for ; Wed, 5 Feb 2025 18:44:01 -0500 (EST) Received: from smtpin03.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id AB30BC0C52 for ; Wed, 5 Feb 2025 23:44:00 +0000 (UTC) X-FDA: 83087521440.03.B1101E2 Received: from mail-wr1-f50.google.com (mail-wr1-f50.google.com [209.85.221.50]) by imf02.hostedemail.com (Postfix) with ESMTP id A296A8000C for ; Wed, 5 Feb 2025 23:43:58 +0000 (UTC) Authentication-Results: imf02.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=bsg8EtaV; spf=pass (imf02.hostedemail.com: domain of andreyknvl@gmail.com designates 209.85.221.50 as permitted sender) smtp.mailfrom=andreyknvl@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1738799038; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=aGo4tCOA20uwm5WJCsot6mmTXWb0qFu219UCGH8y36Q=; b=ckGgxx82/UHM5c58513+HeOt2m6VxUbWyjJZ2freGyrMzeNf9cfP1EGwuYz9WSHt+pys/l SEX+D1c7ITE91JfHqEnoOQDmqP0qrwnwinD2lsfVpdvIB2n8y/OdFsLhqxi6mIvf9OCGLN TzGc4MweCZzvWqmUdsYXdHaoT+TjEb8= ARC-Authentication-Results: i=1; imf02.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=bsg8EtaV; spf=pass (imf02.hostedemail.com: domain of andreyknvl@gmail.com designates 209.85.221.50 as permitted sender) smtp.mailfrom=andreyknvl@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1738799038; a=rsa-sha256; cv=none; b=o+RDv1njAcZgxSvT5ODGYUN/Lu+ZZThiUAN1MlFg6kDEmLTme0YcrBBGP7RCSWb4ZYZAiu aLaITmz3DnFp+FCN+PiQD5/n99JRR0eRWORP45xlUHbbHEXbVxozK9ucGMQWBd0kSm5Zej YcYskdrFKuTAzKCegEvy3NQ3+Dp6+x8= Received: by mail-wr1-f50.google.com with SMTP id ffacd0b85a97d-38daf156e97so144671f8f.0 for ; Wed, 05 Feb 2025 15:43:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1738799037; x=1739403837; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=aGo4tCOA20uwm5WJCsot6mmTXWb0qFu219UCGH8y36Q=; b=bsg8EtaVObrz7XxAyOo2Mk4BgW4nn5SmbJ558AjhkH5nRIKuE4Pqfr/asoakjzSp0Y JdnQmU9gI5dBVE9iSjbTrDmhfb57zNnRv8+aBPFDnHmnBfyz3p8GTNusdvBDudT8/78Q rduGQvZCIpQaUagypDIIViEPmSg+dql2h3zpAXqa7LiRmxMPROAIHbz+i7+6conrjdp4 ZDs/hdhCBczagQfQ6jNhjFwUfa7VSSP7Llh+/o7ZQ8cYKCSG4IK2Rmi3BnFE3pUSPsrl w4OqTaY8k14npF/5M3Z9qokNO//lsPH839UDt5CxmKMqJd6Mj6idyZOdWHKdh70MMbvY 6i0w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1738799037; x=1739403837; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=aGo4tCOA20uwm5WJCsot6mmTXWb0qFu219UCGH8y36Q=; b=GW29RLFq4w0z0SFBFwR+QwHCixdBe+4h1c5ZvTmDewed/ez73shwHmi3t6NafLR06O VnCHyNxl6PR+TEoWpjJJZVoo1cEEK18zbHCOAqtqDvjqsm69IXSFCAwQklvF4Jis1nsE ojPCN/9MLgkx+GXDMsilq9xRJ9ZqQTxuA1QJaGg1JAXdmsh+ErUHIIRkP9DVC/lr9+j8 UegcG2pmeUHn8MKdv2Z2grFvBwDSyNNTCQ4mSF5jeMy5jkbxtgbyDBFQTujRQJ+DBVd1 m5v3TH+ntDoU2WqsRSYGHYrSgS4CB973WdYrglzHJtdHibejDwx4XHTyYRly569Yquh/ u8Yg== X-Forwarded-Encrypted: i=1; AJvYcCXFeOUsI7gvkH1OzeggwPVtmb+m4/AX5ejqMA6nezl20FshHHMSbn1prnoczCgX5sQxcc4c325X5A==@kvack.org X-Gm-Message-State: AOJu0YzuhRsF6jLDyIZFMgVkV8JDO7F13rxGd78qYrRUDmJ79TBuB0wo 6QqsQIN9zTs960pvdbLenxW5bC8JOcTUocQ6f6uNUlTMxoRHpSCj6v86beSetCnq3DrbPT4/tyU CZvDrm9M6HBc4Zsarje6S4jz+pZI= X-Gm-Gg: ASbGncu17XXI9NjEG5lE1Hw3nXX9vPblbzyLnX+xx1A9kuOHT/M+Y+rPuJYBobAMJZq 5FBtkolrIOPS6lpFy5TYvVJU+H159LG+b8d0WgBAY7+3/4ROOXSWsi9wAQ4CI7j3DFJ2v1wn6Tg == X-Google-Smtp-Source: AGHT+IFKv9CmFOCpshmLHOVTz/+nJCvoTktlcFWAvpeIbb7F3am3sTbbPPiOxOKYQ2fGikByHOPLiYyKm0JTH3qTGZg= X-Received: by 2002:a05:6000:11c3:b0:38c:617c:ee22 with SMTP id ffacd0b85a97d-38db48e8e74mr2835161f8f.54.1738799036822; Wed, 05 Feb 2025 15:43:56 -0800 (PST) MIME-Version: 1.0 References: <808cc6516f47d5f5e811d2c237983767952f3743.1738686764.git.maciej.wieczor-retman@intel.com> In-Reply-To: <808cc6516f47d5f5e811d2c237983767952f3743.1738686764.git.maciej.wieczor-retman@intel.com> From: Andrey Konovalov Date: Thu, 6 Feb 2025 00:43:46 +0100 X-Gm-Features: AWEUYZm1UyfErQs1w01vhNGFZmNjvN3ORJYc2s5iPoOpZVl-pALgPbNFMXszvaU Message-ID: Subject: Re: [PATCH 01/15] kasan: Allocation enhancement for dense tag-based mode To: Maciej Wieczor-Retman Cc: luto@kernel.org, xin@zytor.com, kirill.shutemov@linux.intel.com, palmer@dabbelt.com, tj@kernel.org, brgerst@gmail.com, ardb@kernel.org, dave.hansen@linux.intel.com, jgross@suse.com, will@kernel.org, akpm@linux-foundation.org, arnd@arndb.de, corbet@lwn.net, dvyukov@google.com, richard.weiyang@gmail.com, ytcoode@gmail.com, tglx@linutronix.de, hpa@zytor.com, seanjc@google.com, paul.walmsley@sifive.com, aou@eecs.berkeley.edu, justinstitt@google.com, jason.andryuk@amd.com, glider@google.com, ubizjak@gmail.com, jannh@google.com, bhe@redhat.com, vincenzo.frascino@arm.com, rafael.j.wysocki@intel.com, ndesaulniers@google.com, mingo@redhat.com, catalin.marinas@arm.com, junichi.nomura@nec.com, nathan@kernel.org, ryabinin.a.a@gmail.com, dennis@kernel.org, bp@alien8.de, kevinloughlin@google.com, morbo@google.com, dan.j.williams@intel.com, julian.stecklina@cyberus-technology.de, peterz@infradead.org, cl@linux.com, kees@kernel.org, kasan-dev@googlegroups.com, x86@kernel.org, linux-arm-kernel@lists.infradead.org, linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, llvm@lists.linux.dev, linux-doc@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspam-User: X-Rspamd-Server: rspam09 X-Rspamd-Queue-Id: A296A8000C X-Stat-Signature: 5jwnt96npbj66ke4saau78frsojzdsap X-HE-Tag: 1738799038-509836 X-HE-Meta: U2FsdGVkX18zvM8yWijDAALeGgGAK7VXrYOK8MPlZovZlk2N7daC6RKuVXIsEsiezgqSLLlzvdwfxrf/KstwRyzIvMklbmYj+LKNygfDiehPY740morW8aF5XptWVxopkwou+1tXPivW5lImZuSuPQZFVWGr9+JE3yv9c3XiwcHl/Yca02wmsGWQg3ljZSQpNoB2TxjD5j7X+Uy6RUWIzBxy/L+Z9JE4GQjFo11RvkPJfBuoSUoOcMWzcUKOdPiPnyVptvM1ZI5zSU+3LwGUvYGB+nMcUD3jv1593w6WMHiIIeDSgFS3QXA5CMLaUEu5qoOz0szfDZA+OB3c2RJ4wmEb+CN3WUtBD+V39592Cqpy3dBV50Xkx27gy62MpVm53mxDSYlDJM/KZx5UVwQPRJrv0ZPoSzQlmcBztHxJuYH8XeO0JS8vfBWRie2/9S1nBIx3SJ4/1GxTPayoWyjYVhYUFCWEASl3UdU+64eOiM7G0Mlo/wO0UYSzNCrofd6yHzRWm0qlRwuFp083LR1EcZ7v1Gt893ZHTDJStJkWNvVNKy5D95B0ZIya3J8fnr8msuFxrZuRca5kTre/hM1sdwr1kYgdtX3YI8HleoW9cvOCcbW62OjcLgfFoLGOUw8zdWL8S4KuJ1RGoHjc3MqjlDkfyu5QKRLkyr14r2vR5jQRGU7cw0WaJiSOsye9C8Woepfyxvhlwr0EyI5bv17iRtBhJBflPYdOlXt3ZJtqEi/j3ey4Uth8oAB5uZajEfWqArzj4UiTE8JNrcrfqzTLqZnUN1Zjeg2YM7Y3xfhDp5ODaBkdmjuBasm/nA+SW0iSg/Qfso/5cxqWVWE7+cIAfykgZGeKA9rezdMdYtcbn0CFbWBKpU/73PoNDOX8USDIWzzRhW/h2uiq4t9QmfHv/dUGuvXQE5dRwAUVwMWVzduhdTgxU8aSuoeU0rPubrpUnHCceu2XxCvxnwYGNY5 8va77Haw UDWE8PgDCadijfLW3QpEpI/VhsaEQbzA/DJKdNLY8tzU82rm9dhHu1eJSYBWI6kRXabU0TLjiuMk3Je+SJcw9o52BzC/MJ3y3VNWnoE2ge0e3Ak4v2OJE2etnQb4X6N1u3IlqLRbbTkDExrDpo8NCltFc6rFFcviVNoB9AwXBxMf54PodMQA6h9KQ5/LuuUYM1kQGDgDHEg/bmUN3emwZ5VH25Jg/lkODWix37up+WJC10eVOQitU+H186Y11sUczeufJFF+5Nw14I2qHqMpOGcJl7/AcmEBUyqv2NvydBIA4MJ3EXdrS4dZspWECe4/gLlA6Mg36wgMk7fH9ess5cTSLo/QnyP88I99vjr4qW1Gwn+FJO351OP1XqLyJPSpGhHBlc8UvNb+kxFpwV64/ApA5VAwvTFVurn2E X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Tue, Feb 4, 2025 at 6:34=E2=80=AFPM Maciej Wieczor-Retman wrote: > > Tag-based KASAN (on arm64) works by generating a random 8-bit tag and > putting it in both the top byte of the pointer (that points to the > allocated memory) and into all bytes of shadow memory that correspond to > the chunk of allocated regular memory. Each byte of shadow memory covers > a 16 byte chunk of allocated memory - a value called KASAN granularity. > This means that out-of-bounds memory accesses that happen inside the 16 > bytes can't be caught. > > The dense mode offers reducing the tag width from 8 to 4 bits and > storing two tags in one byte of shadow memory - one in the upper 4 bits > of the byte and one in the lower 4. This way one byte of shadow memory > can cover 32 bytes of allocated memory while still keeping the "16 bytes > per one tag" granularity. The lower 4 bits of each shadow byte map bytes > of memory with offsets 0-15 and the upper 4 bits map offsets 16-31. > > Example: > The example below shows how the shadow memory looks like after > allocating 48 bytes of memory in both normal tag-based mode and the > dense mode. The contents of shadow memory are overlaid onto address > offsets that they relate to in the allocated kernel memory. Each cell > | | symbolizes one byte of shadow memory. > > =3D The regular tag based mode: > - Randomly generated 8-bit tag equals 0xAB. > - 0xFE is the tag that symbolizes unallocated memory. > > Shadow memory contents: | 0xAB | 0xAB | 0xAB | 0xFE | > Shadow memory address offsets: 0 1 2 3 4 > Allocated memory address offsets: 0 16 32 48 64 > > =3D The dense tag based mode: > - Randomly generated 4-bit tag equals 0xC. > - 0xE is the tag that symbolizes unallocated memory. > > Shadow memory contents: |0xC 0xC |0xC 0xE |0xE 0xE |0xE 0xE | > Shadow memory address offsets: 0 1 2 3 4 > Allocated memory address offsets: 0 32 64 96 128 > > Add a new config option and defines that can override the standard > system of one tag per one shadow byte. > > Add alternative version of the kasan_poison() that deals with tags not > being aligned to byte size in shadow memory. > > Signed-off-by: Maciej Wieczor-Retman > --- > include/linux/kasan.h | 18 ++++++++++++++++++ > lib/Kconfig.kasan | 21 +++++++++++++++++++++ > mm/kasan/kasan.h | 4 +--- > mm/kasan/shadow.c | 33 ++++++++++++++++++++++++++++++--- > 4 files changed, 70 insertions(+), 6 deletions(-) > > diff --git a/include/linux/kasan.h b/include/linux/kasan.h > index 03b440658817..ea0f5acd875b 100644 > --- a/include/linux/kasan.h > +++ b/include/linux/kasan.h > @@ -35,6 +35,24 @@ typedef unsigned int __bitwise kasan_vmalloc_flags_t; > > /* Software KASAN implementations use shadow memory. */ > > +#ifdef CONFIG_KASAN_SW_TAGS_DENSE > +#define KASAN_GRANULE_SHIFT (KASAN_SHADOW_SCALE_SHIFT - 1) > +#define KASAN_SHADOW_SCALE_SIZE (1UL << KASAN_SHADOW_SCALE_SHIFT) > +static inline u8 kasan_dense_tag(u8 tag) > +{ > + return (tag << KASAN_TAG_WIDTH | tag); > +} > +#else > +#define KASAN_GRANULE_SHIFT KASAN_SHADOW_SCALE_SHIFT > +#define KASAN_SHADOW_SCALE_SIZE (1UL << KASAN_GRANULE_SHIFT) > +static inline u8 kasan_dense_tag(u8 tag) > +{ > + return tag; > +} > +#endif > + > +#define KASAN_GRANULE_SIZE (1UL << KASAN_GRANULE_SHIFT) > + Is there a reason these definitions are added to include/linux/kasan.h? At least within this patch, they are only used within mm/kasan, so let's keep them in mm/kasan/kasan.h. > #ifdef CONFIG_KASAN_SW_TAGS > /* This matches KASAN_TAG_INVALID. */ > #define KASAN_SHADOW_INIT 0xFE > diff --git a/lib/Kconfig.kasan b/lib/Kconfig.kasan > index 98016e137b7f..d08b4e9bf477 100644 > --- a/lib/Kconfig.kasan > +++ b/lib/Kconfig.kasan > @@ -19,6 +19,13 @@ config ARCH_DISABLE_KASAN_INLINE > Disables both inline and stack instrumentation. Selected by > architectures that do not support these instrumentation types. > > +config ARCH_HAS_KASAN_SW_TAGS_DENSE > + bool > + help > + Enables option to compile tag-based KASAN with densely packed t= ags - > + two 4-bit tags per one byte of shadow memory. Set on architectu= res > + that have 4-bit tag macros. > + > config CC_HAS_KASAN_GENERIC > def_bool $(cc-option, -fsanitize=3Dkernel-address) > > @@ -223,4 +230,18 @@ config KASAN_EXTRA_INFO > boot parameter, it will add 8 * stack_ring_size bytes of additi= onal > memory consumption. > > +config KASAN_SW_TAGS_DENSE > + bool "Two 4-bit tags in one shadow memory byte" > + depends on KASAN_SW_TAGS > + depends on ARCH_HAS_KASAN_SW_TAGS_DENSE I think this should also depend on KASAN_OUTLINE: Clang/GCC aren't aware of the dense mode. > + help > + Enables packing two tags into one shadow byte to half the memor= y usage > + compared to normal tag-based mode. But adds some performance impact? > + > + After setting this option, tag width macro is set to 4 and size= macros > + are adjusted based on used KASAN_SHADOW_SCALE_SHIFT. I think this paragraph is an implementation detail and we can drop it. > + > + ARCH_HAS_KASAN_SW_TAGS_DENSE is needed for this option since th= e > + special tag macros need to be properly set for 4-bit wide tags. > + > endif # KASAN > diff --git a/mm/kasan/kasan.h b/mm/kasan/kasan.h > index 72da5ddcceaa..0e04c5e2c405 100644 > --- a/mm/kasan/kasan.h > +++ b/mm/kasan/kasan.h > @@ -128,9 +128,7 @@ static inline bool kasan_requires_meta(void) > > #endif /* CONFIG_KASAN_GENERIC */ > > -#if defined(CONFIG_KASAN_GENERIC) || defined(CONFIG_KASAN_SW_TAGS) > -#define KASAN_GRANULE_SIZE (1UL << KASAN_SHADOW_SCALE_SHIFT) > -#else > +#ifdef CONFIG_KASAN_HW_TAGS > #include > #define KASAN_GRANULE_SIZE MTE_GRANULE_SIZE > #endif > diff --git a/mm/kasan/shadow.c b/mm/kasan/shadow.c > index d6210ca48dda..368503f54b87 100644 > --- a/mm/kasan/shadow.c > +++ b/mm/kasan/shadow.c > @@ -123,7 +123,8 @@ EXPORT_SYMBOL(__hwasan_memcpy); > > void kasan_poison(const void *addr, size_t size, u8 value, bool init) > { > - void *shadow_start, *shadow_end; > + u8 *shadow_start, *shadow_end, *shadow_start_aligned, *shadow_end= _aligned, tag; > + u64 addr64, addr_start_aligned, addr_end_aligned; > > if (!kasan_arch_is_ready()) > return; > @@ -134,16 +135,42 @@ void kasan_poison(const void *addr, size_t size, u8= value, bool init) > * addresses to this function. > */ > addr =3D kasan_reset_tag(addr); > + addr64 =3D (u64)addr; > > - if (WARN_ON((unsigned long)addr & KASAN_GRANULE_MASK)) > + if (WARN_ON(addr64 & KASAN_GRANULE_MASK)) > return; > if (WARN_ON(size & KASAN_GRANULE_MASK)) > return; > > shadow_start =3D kasan_mem_to_shadow(addr); > shadow_end =3D kasan_mem_to_shadow(addr + size); > + addr_start_aligned =3D round_up(addr64, KASAN_SHADOW_SCALE_SIZE); > + addr_end_aligned =3D round_down(addr64 + size, KASAN_SHADOW_SCALE= _SIZE); > + shadow_start_aligned =3D kasan_mem_to_shadow((void *)addr_start_a= ligned); > + shadow_end_aligned =3D kasan_mem_to_shadow((void *)addr_end_align= ed); > + > + /* If size is empty just return. */ > + if (!size) > + return; > > - __memset(shadow_start, value, shadow_end - shadow_start); > + /* Memset the first unaligned tag in shadow memory. */ > + if (addr64 % KASAN_SHADOW_SCALE_SIZE) { So this is required, because KASAN_SHADOW_SCALE_SIZE is 32 but minimal slab alignment is still KASAN_GRANULE_SIZE =3D=3D 16... We should at least hide this check is under IS_ENABLED(KASAN_SW_TAGS_DENSE). > + tag =3D *shadow_start & KASAN_TAG_MASK; > + tag |=3D value << KASAN_TAG_WIDTH; > + *shadow_start =3D tag; > + } > + > + /* Memset the middle aligned part in shadow memory. */ > + tag =3D kasan_dense_tag(value); > + __memset(shadow_start_aligned, tag, shadow_end_aligned - shadow_s= tart_aligned); > + > + /* Memset the last unaligned tag in shadow memory. */ > + if ((addr64 + size) % KASAN_SHADOW_SCALE_SIZE) { Would it be possible to move this part to kasan_poison_last_granule()? That functions seems to be serving a similar purpose but for the Generic mode. It might also be cleaner to add a kasan_poison_first_granule() that contains the if (addr64 % KASAN_SHADOW_SCALE_SIZE) check. > + tag =3D KASAN_TAG_MASK << KASAN_TAG_WIDTH; > + tag &=3D *shadow_end; > + tag |=3D value; > + *shadow_end =3D tag; > + } > } > EXPORT_SYMBOL_GPL(kasan_poison); > > -- > 2.47.1 >