From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-11.3 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_IN_DEF_DKIM_WL autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4AEB4C2D0A3 for ; Wed, 4 Nov 2020 12:36:36 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 9FB422236F for ; Wed, 4 Nov 2020 12:36:35 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="LFGjSoCf" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 9FB422236F Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 5C9E06B0036; Wed, 4 Nov 2020 07:36:34 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 579F16B005D; Wed, 4 Nov 2020 07:36:34 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 4420D6B0068; Wed, 4 Nov 2020 07:36:34 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0082.hostedemail.com [216.40.44.82]) by kanga.kvack.org (Postfix) with ESMTP id 14E8B6B0036 for ; Wed, 4 Nov 2020 07:36:34 -0500 (EST) Received: from smtpin12.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay02.hostedemail.com (Postfix) with ESMTP id A39D7362C for ; Wed, 4 Nov 2020 12:36:33 +0000 (UTC) X-FDA: 77446684266.12.pets90_1510d9d272c1 Received: from filter.hostedemail.com (10.5.16.251.rfc1918.com [10.5.16.251]) by smtpin12.hostedemail.com (Postfix) with ESMTP id 7D5FC1805517B for ; Wed, 4 Nov 2020 12:36:33 +0000 (UTC) X-HE-Tag: pets90_1510d9d272c1 X-Filterd-Recvd-Size: 6201 Received: from mail-ot1-f65.google.com (mail-ot1-f65.google.com [209.85.210.65]) by imf48.hostedemail.com (Postfix) with ESMTP for ; Wed, 4 Nov 2020 12:36:32 +0000 (UTC) Received: by mail-ot1-f65.google.com with SMTP id i18so14432402ots.0 for ; Wed, 04 Nov 2020 04:36:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=wVb8/RbNDJYhkorSN6bimCxe79UOkbAUrQdoTOawrjk=; b=LFGjSoCfJkkqDGZvbx8OXBBNkxgfAedNqXIo07FnoMCHg2jlNSYzGAfU6c+xbdBL4l qDpDG1VSEc4Zi3iAO2WvytnftCJ/jmlPQVpb0zIAUDAuWFZ6HOxe1I9XgJfh4gIYomGY AcSClw4IrgDZDBGuBQbBfwdHekhheK/geQXcTnKgpwyonV3rwx2YEknxiMbtf3fZRcdV YH0ASf9BzP1CKZDamaq+wusNG13okoekcnqs3fusVijhsMMVdxHcW5jDzry9asdpdBY7 TI2lmEPXsZndrsgJDSfKG+zmdDlgyCpPm/V2fMx5mim6cBrNcQ75GR9kdPsuS9A9n/gp GNrg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=wVb8/RbNDJYhkorSN6bimCxe79UOkbAUrQdoTOawrjk=; b=fLwh4ur/BVMXbztTOdNIOivuM4iH0OmE4hVRbRMywGrg6JIfgPwKYSYzbFW+a/vXwO ZfdO/pRgoCWI4gnuFBu0aF5eMXGn0gY3GpdN+EbqGBIcxGr5gbK1puCzpNbxuXQc00l5 Kcc1O2NVvAGI3mZdRD3J+zHMS83W74XQd1mnTucaIA8HBk6PlGg07dGSBaAZ15yj+5/a UtmaxF/nliNtqhfYiC+TNqJ5bd7dsU4SStedgqgnCzgi36eCUaY6e8hIn1B0WrKyj6xv mywvWZxeT7yLjePI9QscBiEPk2ea17qK1gSnvbVIBjHAcmBsRIei2q8YF3p09HwrtY5g +BcQ== X-Gm-Message-State: AOAM531MA8aEfJXIbFivMeOhjQS80rTfIOE4r21olaQeuS6jzuD2G9Ak J9gGU01EIpTNxZmWJrfF1ahCyrauPsDlfj16oybOrQ== X-Google-Smtp-Source: ABdhPJyK2zY+C07iD8w6EBRYLDu02PjG20qra3SjpRaESNCnGnN2KfqIUAfzeWA5l49kGRBzEiiu5UOzLl+vbNhsR+8= X-Received: by 2002:a9d:649:: with SMTP id 67mr19396919otn.233.1604493392047; Wed, 04 Nov 2020 04:36:32 -0800 (PST) MIME-Version: 1.0 References: <20201103175841.3495947-1-elver@google.com> <20201103163103.109deb9d49a140032d67434f@linux-foundation.org> In-Reply-To: <20201103163103.109deb9d49a140032d67434f@linux-foundation.org> From: Marco Elver Date: Wed, 4 Nov 2020 13:36:20 +0100 Message-ID: Subject: Re: [PATCH v7 0/9] KFENCE: A low-overhead sampling-based memory safety error detector To: Andrew Morton Cc: Alexander Potapenko , "H. Peter Anvin" , "Paul E. McKenney" , Andrey Konovalov , Andrey Ryabinin , Andy Lutomirski , Borislav Petkov , Catalin Marinas , Christoph Lameter , Dave Hansen , David Rientjes , Dmitry Vyukov , Eric Dumazet , Greg Kroah-Hartman , Hillf Danton , Ingo Molnar , Jann Horn , Jonathan Cameron , Jonathan Corbet , Joonsoo Kim , =?UTF-8?Q?J=C3=B6rn_Engel?= , Kees Cook , Mark Rutland , Pekka Enberg , Peter Zijlstra , SeongJae Park , Thomas Gleixner , Vlastimil Babka , Will Deacon , "the arch/x86 maintainers" , "open list:DOCUMENTATION" , LKML , kasan-dev , Linux ARM , Linux Memory Management List Content-Type: text/plain; charset="UTF-8" X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Wed, 4 Nov 2020 at 01:31, Andrew Morton wrote: > On Tue, 3 Nov 2020 18:58:32 +0100 Marco Elver wrote: > > > This adds the Kernel Electric-Fence (KFENCE) infrastructure. KFENCE is a > > low-overhead sampling-based memory safety error detector of heap > > use-after-free, invalid-free, and out-of-bounds access errors. This > > series enables KFENCE for the x86 and arm64 architectures, and adds > > KFENCE hooks to the SLAB and SLUB allocators. > > > > KFENCE is designed to be enabled in production kernels, and has near > > zero performance overhead. Compared to KASAN, KFENCE trades performance > > for precision. The main motivation behind KFENCE's design, is that with > > enough total uptime KFENCE will detect bugs in code paths not typically > > exercised by non-production test workloads. One way to quickly achieve a > > large enough total uptime is when the tool is deployed across a large > > fleet of machines. > > Has kfence detected any kernel bugs yet? What is its track record? Not yet, but once we deploy in various production kernels, we expect to find new bugs (we'll report back with results once deployed). Especially in drivers or subsystems that syzkaller+KASAN can't touch, e.g. where real devices are required to get coverage. We expect to have first results on this within 3 months, and can start backports now that KFENCE for mainline is being finalized. This will likely also make it into Android, but deployment there will take much longer. The story is similar with the user space version of the tool (GWP-ASan), where results started to materialize once it was deployed across the fleet. > Will a kfence merge permit us to remove some other memory debugging > subsystem? We seem to have rather a lot of them. Nothing obvious I think. KFENCE is unique in that it is meant for production fleets of machines (with ~zero overhead and no new HW features), with the caveat that due to it being sampling based, it's not so suitable for single machine testing. The other debugging tools are suitable for the latter, but not former. Thanks, -- Marco