From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id A5BDCC02194 for ; Thu, 6 Feb 2025 22:56:47 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 0BDB5280003; Thu, 6 Feb 2025 17:56:47 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 09533280002; Thu, 6 Feb 2025 17:56:47 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id EC467280003; Thu, 6 Feb 2025 17:56:46 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id CE681280002 for ; Thu, 6 Feb 2025 17:56:46 -0500 (EST) Received: from smtpin16.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id 7F340A153B for ; Thu, 6 Feb 2025 22:56:46 +0000 (UTC) X-FDA: 83091031212.16.7F45026 Received: from mail-wr1-f42.google.com (mail-wr1-f42.google.com [209.85.221.42]) by imf07.hostedemail.com (Postfix) with ESMTP id 96D5A4000C for ; Thu, 6 Feb 2025 22:56:44 +0000 (UTC) Authentication-Results: imf07.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=TyF0oRZ9; spf=pass (imf07.hostedemail.com: domain of andreyknvl@gmail.com designates 209.85.221.42 as permitted sender) smtp.mailfrom=andreyknvl@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1738882604; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=oPdz+11/bNSSDH103V+kKB8X98fGo5sDYDlVXDLnzsQ=; b=uJYcakhMy/oeLOQDSeXXnwL+lTRadqFn4qouAX2MFXiBruLxr99cennyqnBbI09LMSBozB QVBu95Z1P+56hfjJsdsLhRz6uCuewHgnv2dOfyxPIZPBevOs1hVDYF5ULEw/8xA4gybyzo S9VTbP/zyHtYzArQy52eA5gQh+/UAUE= ARC-Authentication-Results: i=1; imf07.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=TyF0oRZ9; spf=pass (imf07.hostedemail.com: domain of andreyknvl@gmail.com designates 209.85.221.42 as permitted sender) smtp.mailfrom=andreyknvl@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1738882604; a=rsa-sha256; cv=none; b=uW4SCffHqchgAqs9y9ILPZZ42JwE/hiHk8b1Nf9QTFIU8bJkRNmPSQkeR8we3uo54oSmMz J3gjAnVVE0wAQd4Cn8M5qMsbj803qiXXYOVHERm6zzWsYV+y2gZHBj0pFMJ2le2Xbb9CU/ DX7Vh8aqkIcajmQjzPHVnp04jfXuGog= Received: by mail-wr1-f42.google.com with SMTP id ffacd0b85a97d-38daa53a296so701838f8f.3 for ; Thu, 06 Feb 2025 14:56:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1738882603; x=1739487403; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=oPdz+11/bNSSDH103V+kKB8X98fGo5sDYDlVXDLnzsQ=; b=TyF0oRZ9c1UplNIykWhotBsp7JA8AWw9pUSc5x3H6mj7tPH36AegxrXGSgSQGRltxD 0+hZRTT1T8idjIioE/bt14uQFrRd82SXGBMFuNOfDovtEDTYV51w8X5qNbplz/+Kvkkj 77h429TW+9Vnuamc4t73tvqasLWhPME+Os1FBuol/QKL4ouYwDzre//gkSDkSFKUE97o PQfj1wZkLlHt3s1tMDlrv5D3Rm3owlpAuzpfxgpv5ygLABJD7qSNXpAlX/+MZ+s5Xogi AzU0EScJ7tlznAXoiSFQILUaeBw3gDe4ES57BQX36730fs40YjzmbBlo4sZr9wXvLZKl EnKA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1738882603; x=1739487403; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=oPdz+11/bNSSDH103V+kKB8X98fGo5sDYDlVXDLnzsQ=; b=ggQtkHKXf88rjkRUDh6V/OVhDCOoHQ6CtkQwM9iwW0RZ3+eI/eWaYtpOQw6SxexbLt 28u+0oZQW/q/dA9NxUaNCErTAb2YYxzHHbPNzRcyM5znEQ0iIIsdRsCy8rUqvNPJBYNg InuaexI5+n+xrJM6ytJlahr5yuOwxzpYTpi3ylm297KVakITfgN9TTWhr3UsqeDSUgc3 exbfHhfzXkLAgWOKu5gEpQ1SQlFOo7r7NJF3mR4L+A9nX2q7gv0KNsq2iIXxnWj8aUuy OZyDmPKq9n0F+KU6jQ8j3UfiMW2qOZrO23UNl9JzeJwwoXRdbXWJQOISlWHrOHDnnOYt cbFg== X-Forwarded-Encrypted: i=1; AJvYcCWbG5Gzlr99WakI50rTQh+KzrardLKLDULbxSdSRDEdcRFBy2kRwM6MhAVIlyTeyyDsAlaje8BiYg==@kvack.org X-Gm-Message-State: AOJu0Yytlmk+snYq2A4yBrR++ahVktOyIbTiQy6hO8bO/LsRwehyiqWO 2eheWbjuePUdsm3ScRk/pMV86d+QRgQfm0EbBiB5kMISK0KeYglvvrGprnIoplHkHqo1YzvzApa 6y9Q9Foe5LYUII9K0aqDwhYmisc8= X-Gm-Gg: ASbGncv/fE73Y8Q5o9sl6WbEwT8EQa2gg3zVUuJulNr32jciD8E7FeqMTRTMhCafw4U JAH/WEnrG+b6Sqbu41jI67eo/TEhrbeo24vxAU9W2lgcZonsQf4aTlI6E7EqJ9a9F3BPgnJ5dvv o= X-Google-Smtp-Source: AGHT+IHgNzZylaM+zZeGmJCVW0wzeCzutFnm9tOjVqNinitAROSpEV6CxJxouNvJvwmUY/VWDRJbY8vF9dcNb2OIQgw= X-Received: by 2002:a05:6000:154b:b0:38a:8ed1:c5c7 with SMTP id ffacd0b85a97d-38dc9491e7amr426795f8f.46.1738882602687; Thu, 06 Feb 2025 14:56:42 -0800 (PST) MIME-Version: 1.0 References: <8bd9c793-aac6-a330-ea8f-3bde0230a20b@gentwo.org> <72837fcd-97a8-c213-0098-c8f308c3415d@gentwo.org> <29A74A26-E922-4A4F-9B4A-8DB0336B99DF@jrtc27.com> <94f81328-a135-b99b-7f73-43fb77bd7292@gentwo.org> In-Reply-To: <94f81328-a135-b99b-7f73-43fb77bd7292@gentwo.org> From: Andrey Konovalov Date: Thu, 6 Feb 2025 23:56:31 +0100 X-Gm-Features: AWEUYZmoPWHhToAFkBuF21oc_INOOZFv4ej_J9A_VfxRgRnaQMcmFMInFI5cvqQ Message-ID: Subject: Re: [PATCH 00/15] kasan: x86: arm64: risc-v: KASAN tag-based mode for x86 To: "Christoph Lameter (Ampere)" Cc: Jessica Clarke , Maciej Wieczor-Retman , luto@kernel.org, xin@zytor.com, kirill.shutemov@linux.intel.com, palmer@dabbelt.com, tj@kernel.org, brgerst@gmail.com, ardb@kernel.org, dave.hansen@linux.intel.com, jgross@suse.com, will@kernel.org, akpm@linux-foundation.org, arnd@arndb.de, corbet@lwn.net, dvyukov@google.com, richard.weiyang@gmail.com, ytcoode@gmail.com, tglx@linutronix.de, hpa@zytor.com, seanjc@google.com, paul.walmsley@sifive.com, aou@eecs.berkeley.edu, justinstitt@google.com, jason.andryuk@amd.com, glider@google.com, ubizjak@gmail.com, jannh@google.com, bhe@redhat.com, vincenzo.frascino@arm.com, rafael.j.wysocki@intel.com, ndesaulniers@google.com, mingo@redhat.com, catalin.marinas@arm.com, junichi.nomura@nec.com, nathan@kernel.org, ryabinin.a.a@gmail.com, dennis@kernel.org, bp@alien8.de, kevinloughlin@google.com, morbo@google.com, dan.j.williams@intel.com, julian.stecklina@cyberus-technology.de, peterz@infradead.org, kees@kernel.org, kasan-dev@googlegroups.com, x86@kernel.org, linux-arm-kernel@lists.infradead.org, linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, llvm@lists.linux.dev, linux-doc@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Server: rspam04 X-Rspamd-Queue-Id: 96D5A4000C X-Stat-Signature: c4xqziwm9y3koogrzz1dbypw3ru1nb18 X-Rspam-User: X-HE-Tag: 1738882604-719808 X-HE-Meta: U2FsdGVkX1+7VAjGnooqAoPhdm1Ch7ka0A6FUlZJKFbTGvET944k9L4R3QUN9xeF+ngdw1+ZWkpq6DzK5kG7cpTWeR28fSPCHgpMj/LCSTzx6gmc2mpMyoVBPuSJ+Nm5boVStxCLf5Nqr+eGUFlxb2bqUuKfxiCr6Fl7LI3ugv+1b0hiuK79TvBHbq31Bo3ZZkww7bt2HELj+TL9EgPBQbfNkQAHGgy8jvjKniqzRteXknMrm44F5fLhoLLaq5q0iGw42xunAYOLsTCUjF/rIgjh+QLuG/Erity/fQqEF34ny2Xr8v6YENoGdknYmkUIRg/rqmdsXH6NEZ7Bkcr8I+McvHTjq5tgUc0c03fCnLwQBUu44nh0db+nwG8WzB89tc2GKhOZccfvs+GasnwGIDO+IOoDBd99IUXroWL93GygVecbNJs9JoKFoR1UG2RwDF+0ULvKlnK1SZAbRFrCNhA5KYFxzGc37T3cmCdM+d8u7dsqP6u5HgKRANjzB6dguyRzzzNM8guf7PcyfveBHTOn1dEkKVQFLWdu9B1fKUOOz9x6EKT6BMe4MJVn5+7jcNHsV1lQxLigdth6zaP796iIawUSPiAPtztKDiRxNdmGbmXdtotU1enkJW96RLSae3SprNGdrnzAA4EKQRcGatOheFJZp3qm3teXtpKPcF3oIdD5SANFMcUvxKgw26B8QcZsEz+YrVMUQuYATyuZhma6pQmywWk3kLp3PIBhOpAlnMSrZV6IpzOLMyWK0qHSzalLiBSGRet5N5xnYONFVoKlSCs7lrHS76KZCxJs2ud87dfReNgkzCyT2JyjKH1VcSeep1ZZsy/zKUkT76QCocTcwN4irBZhOjWVHfH9C/Wb9yDP6b/4y3OAHC60xpx3yCvjIX35qHje1xJxHcK/TJw5nhcG03tDvIY4nxXliq4uJiLUESeZl+gcZz2r9DxDZyYTGDjuZfMcdQfqXG3 efGp5VgF /aS+BRP+1HCr6jjrnCiaKB/8AgIo/Ol3CUN+08MjxFHDXoUkTmxnrsBlQXlfRrSA8tgFpNRVa2lOkXUj1XzKvBwVWLbzLsLfEUXh46eM8WK/XNSaxNZq4CU3OYNAV2gFiuglB3DwBhnAZ3eNWzVN1b8w9plCNEd0ekexcy+/cIHhYA0sl013fEe7LOHL21yGb/6iH0tVYGOTwchlLeDtF3NPjojuwa1pcjFQFYjNzTAODDC52QJ6WeuxqSzpVHsPDr9CltBbftVFoqbhZ2jUzulBglVeaLAmG6/7xiLApHegl590VaFsQqD4pGDFNTw9CJkt53ene2tZcnxa16NwhhAWHp3gpxHmUOAIpfSd8qnmw6RimMPXp/uurjImVPaTsh0K74RUrkMzU/PnghZb8oj/PEquyDMdLr96YjDuFqiGhAQ2J4NRYkPUcYK/dxyUK0GpeSBcPe8A1okgFcXynwsUiuQ== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000063, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Thu, Feb 6, 2025 at 8:21=E2=80=AFPM 'Christoph Lameter (Ampere)' via kasan-dev wrote: > > I cannot share details since this information has not been released to be > public yet. I hear that a whitepaper will be coming soon to explain this > feature. The AmpereOne processors have been released a couple of months > ago. > > I also see that KASAN_HW_TAGS exist but this means that the tags can only > be used with CONFIG_KASAN which is a kernel configuration for debug > purposes. > > What we are interested in is a *production* implementation with minimal > software overhead that will be the default on ARM64 if the appropriate > hardware is detected. That in turn will hopefully allow other software > instrumentation that is currently used to keep small objects secure and i= n > turn creates overhead. Is there anything specific CONFIG_KASAN + CONFIG_KASAN_HW_TAGS do that is not good enough for a production environment? The last time I did some perf tests (a year+ ago on Pixel 8, I believe), the two expensive parts of CONFIG_KASAN_HW_TAGS were: 1. Collecting stack traces. Thus, this can now be disabled via kernel.stacktrace=3Doff. And there's a tracking bug to add a production-grade implementation [1]; 2. Assigning memory tags to large allocations, specifically page_alloc allocations with large orders (AFAIR is was specifically assigning the tags, not checking them). Thus, this can now be controlled via kasan.page_alloc.sample(.order). There's definitely room for optimization and additional config options that cut down KASAN checks (for example, disabling tag checking of mempool allocations; although arguably, people might want to have this in a production environment.) Otherwise, it's unclear to me what a new production-grade MTE implementation would do different compared to KASAN_HW_TAGS. But if there's something, we can just adjust KASAN_HW_TAGS instead. [1] https://bugzilla.kernel.org/show_bug.cgi?id=3D211785