| Message ID | 6f0a1e72783ddac000ac08e7315b1d7c0ca4ec51.1605305978.git.andreyknvl@google.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | kasan: boot parameters for hardware tag-based mode | expand |
On Fri, Nov 13, 2020 at 11:20PM +0100, Andrey Konovalov wrote: > The reason cache merging is disabled with KASAN is because KASAN puts its > metadata right after the allocated object. When the merged caches have > slightly different sizes, the metadata ends up in different places, which > KASAN doesn't support. > > It might be possible to adjust the metadata allocation algorithm and make > it friendly to the cache merging code. Instead this change takes a simpler > approach and allows merging caches when no metadata is present. Which is > the case for hardware tag-based KASAN with kasan.mode=prod. > > Co-developed-by: Vincenzo Frascino <Vincenzo.Frascino@arm.com> > Signed-off-by: Vincenzo Frascino <Vincenzo.Frascino@arm.com> > Signed-off-by: Andrey Konovalov <andreyknvl@google.com> > Link: https://linux-review.googlesource.com/id/Ia114847dfb2244f297d2cb82d592bf6a07455dba Reviewed-by: Marco Elver <elver@google.com> > --- > include/linux/kasan.h | 21 +++++++++++++++++++-- > mm/kasan/common.c | 11 +++++++++++ > mm/slab_common.c | 3 ++- > 3 files changed, 32 insertions(+), 3 deletions(-) > > diff --git a/include/linux/kasan.h b/include/linux/kasan.h > index 16cf53eac29b..173a8e81d001 100644 > --- a/include/linux/kasan.h > +++ b/include/linux/kasan.h > @@ -81,17 +81,30 @@ struct kasan_cache { > }; > > #ifdef CONFIG_KASAN_HW_TAGS > + > DECLARE_STATIC_KEY_FALSE(kasan_flag_enabled); > + > static __always_inline bool kasan_enabled(void) > { > return static_branch_likely(&kasan_flag_enabled); > } > -#else > + > +#else /* CONFIG_KASAN_HW_TAGS */ > + > static inline bool kasan_enabled(void) > { > return true; > } > -#endif > + > +#endif /* CONFIG_KASAN_HW_TAGS */ > + > +slab_flags_t __kasan_never_merge(void); > +static __always_inline slab_flags_t kasan_never_merge(void) > +{ > + if (kasan_enabled()) > + return __kasan_never_merge(); > + return 0; > +} > > void __kasan_unpoison_range(const void *addr, size_t size); > static __always_inline void kasan_unpoison_range(const void *addr, size_t size) > @@ -238,6 +251,10 @@ static inline bool kasan_enabled(void) > { > return false; > } > +static inline slab_flags_t kasan_never_merge(void) > +{ > + return 0; > +} > static inline void kasan_unpoison_range(const void *address, size_t size) {} > static inline void kasan_alloc_pages(struct page *page, unsigned int order) {} > static inline void kasan_free_pages(struct page *page, unsigned int order) {} > diff --git a/mm/kasan/common.c b/mm/kasan/common.c > index cf874243efab..a5a4dcb1254d 100644 > --- a/mm/kasan/common.c > +++ b/mm/kasan/common.c > @@ -87,6 +87,17 @@ asmlinkage void kasan_unpoison_task_stack_below(const void *watermark) > } > #endif /* CONFIG_KASAN_STACK */ > > +/* > + * Only allow cache merging when stack collection is disabled and no metadata > + * is present. > + */ > +slab_flags_t __kasan_never_merge(void) > +{ > + if (kasan_stack_collection_enabled()) > + return SLAB_KASAN; > + return 0; > +} > + > void __kasan_alloc_pages(struct page *page, unsigned int order) > { > u8 tag; > diff --git a/mm/slab_common.c b/mm/slab_common.c > index 0b5ae1819a8b..075b23ce94ec 100644 > --- a/mm/slab_common.c > +++ b/mm/slab_common.c > @@ -19,6 +19,7 @@ > #include <linux/seq_file.h> > #include <linux/proc_fs.h> > #include <linux/debugfs.h> > +#include <linux/kasan.h> > #include <asm/cacheflush.h> > #include <asm/tlbflush.h> > #include <asm/page.h> > @@ -54,7 +55,7 @@ static DECLARE_WORK(slab_caches_to_rcu_destroy_work, > */ > #define SLAB_NEVER_MERGE (SLAB_RED_ZONE | SLAB_POISON | SLAB_STORE_USER | \ > SLAB_TRACE | SLAB_TYPESAFE_BY_RCU | SLAB_NOLEAKTRACE | \ > - SLAB_FAILSLAB | SLAB_KASAN) > + SLAB_FAILSLAB | kasan_never_merge()) > > #define SLAB_MERGE_SAME (SLAB_RECLAIM_ACCOUNT | SLAB_CACHE_DMA | \ > SLAB_CACHE_DMA32 | SLAB_ACCOUNT) > -- > 2.29.2.299.gdc1121823c-goog >
On Fri, Nov 13, 2020 at 11:20 PM Andrey Konovalov <andreyknvl@google.com> wrote: > > The reason cache merging is disabled with KASAN is because KASAN puts its > metadata right after the allocated object. When the merged caches have > slightly different sizes, the metadata ends up in different places, which > KASAN doesn't support. > > It might be possible to adjust the metadata allocation algorithm and make > it friendly to the cache merging code. Instead this change takes a simpler > approach and allows merging caches when no metadata is present. Which is > the case for hardware tag-based KASAN with kasan.mode=prod. > > Co-developed-by: Vincenzo Frascino <Vincenzo.Frascino@arm.com> > Signed-off-by: Vincenzo Frascino <Vincenzo.Frascino@arm.com> > Signed-off-by: Andrey Konovalov <andreyknvl@google.com> > Link: https://linux-review.googlesource.com/id/Ia114847dfb2244f297d2cb82d592bf6a07455dba Somehow gerrit contains an old version... so I was going to independently propose what Marco already proposed as simplification... until I looked at the patch in the email :) Reviewed-by: Dmitry Vyukov <dvyukov@google.com> > --- > include/linux/kasan.h | 21 +++++++++++++++++++-- > mm/kasan/common.c | 11 +++++++++++ > mm/slab_common.c | 3 ++- > 3 files changed, 32 insertions(+), 3 deletions(-) > > diff --git a/include/linux/kasan.h b/include/linux/kasan.h > index 16cf53eac29b..173a8e81d001 100644 > --- a/include/linux/kasan.h > +++ b/include/linux/kasan.h > @@ -81,17 +81,30 @@ struct kasan_cache { > }; > > #ifdef CONFIG_KASAN_HW_TAGS > + > DECLARE_STATIC_KEY_FALSE(kasan_flag_enabled); > + > static __always_inline bool kasan_enabled(void) > { > return static_branch_likely(&kasan_flag_enabled); > } > -#else > + > +#else /* CONFIG_KASAN_HW_TAGS */ > + > static inline bool kasan_enabled(void) > { > return true; > } > -#endif > + > +#endif /* CONFIG_KASAN_HW_TAGS */ > + > +slab_flags_t __kasan_never_merge(void); > +static __always_inline slab_flags_t kasan_never_merge(void) > +{ > + if (kasan_enabled()) > + return __kasan_never_merge(); > + return 0; > +} > > void __kasan_unpoison_range(const void *addr, size_t size); > static __always_inline void kasan_unpoison_range(const void *addr, size_t size) > @@ -238,6 +251,10 @@ static inline bool kasan_enabled(void) > { > return false; > } > +static inline slab_flags_t kasan_never_merge(void) > +{ > + return 0; > +} > static inline void kasan_unpoison_range(const void *address, size_t size) {} > static inline void kasan_alloc_pages(struct page *page, unsigned int order) {} > static inline void kasan_free_pages(struct page *page, unsigned int order) {} > diff --git a/mm/kasan/common.c b/mm/kasan/common.c > index cf874243efab..a5a4dcb1254d 100644 > --- a/mm/kasan/common.c > +++ b/mm/kasan/common.c > @@ -87,6 +87,17 @@ asmlinkage void kasan_unpoison_task_stack_below(const void *watermark) > } > #endif /* CONFIG_KASAN_STACK */ > > +/* > + * Only allow cache merging when stack collection is disabled and no metadata > + * is present. > + */ > +slab_flags_t __kasan_never_merge(void) > +{ > + if (kasan_stack_collection_enabled()) > + return SLAB_KASAN; > + return 0; > +} > + > void __kasan_alloc_pages(struct page *page, unsigned int order) > { > u8 tag; > diff --git a/mm/slab_common.c b/mm/slab_common.c > index 0b5ae1819a8b..075b23ce94ec 100644 > --- a/mm/slab_common.c > +++ b/mm/slab_common.c > @@ -19,6 +19,7 @@ > #include <linux/seq_file.h> > #include <linux/proc_fs.h> > #include <linux/debugfs.h> > +#include <linux/kasan.h> > #include <asm/cacheflush.h> > #include <asm/tlbflush.h> > #include <asm/page.h> > @@ -54,7 +55,7 @@ static DECLARE_WORK(slab_caches_to_rcu_destroy_work, > */ > #define SLAB_NEVER_MERGE (SLAB_RED_ZONE | SLAB_POISON | SLAB_STORE_USER | \ > SLAB_TRACE | SLAB_TYPESAFE_BY_RCU | SLAB_NOLEAKTRACE | \ > - SLAB_FAILSLAB | SLAB_KASAN) > + SLAB_FAILSLAB | kasan_never_merge()) > > #define SLAB_MERGE_SAME (SLAB_RECLAIM_ACCOUNT | SLAB_CACHE_DMA | \ > SLAB_CACHE_DMA32 | SLAB_ACCOUNT) > -- > 2.29.2.299.gdc1121823c-goog >
On Tue, Nov 17, 2020 at 2:25 PM Dmitry Vyukov <dvyukov@google.com> wrote: > > On Fri, Nov 13, 2020 at 11:20 PM Andrey Konovalov <andreyknvl@google.com> wrote: > > > > The reason cache merging is disabled with KASAN is because KASAN puts its > > metadata right after the allocated object. When the merged caches have > > slightly different sizes, the metadata ends up in different places, which > > KASAN doesn't support. > > > > It might be possible to adjust the metadata allocation algorithm and make > > it friendly to the cache merging code. Instead this change takes a simpler > > approach and allows merging caches when no metadata is present. Which is > > the case for hardware tag-based KASAN with kasan.mode=prod. > > > > Co-developed-by: Vincenzo Frascino <Vincenzo.Frascino@arm.com> > > Signed-off-by: Vincenzo Frascino <Vincenzo.Frascino@arm.com> > > Signed-off-by: Andrey Konovalov <andreyknvl@google.com> > > Link: https://linux-review.googlesource.com/id/Ia114847dfb2244f297d2cb82d592bf6a07455dba > > Somehow gerrit contains an old version... so I was going to > independently propose what Marco already proposed as simplification... > until I looked at the patch in the email :) Ah, this is because I couldn't push next/mm-based changes into Gerrit without manually adding tags to all of the yet-out-of-tree patches. So the Gerrit doesn't have the last version of the patchset. > Reviewed-by: Dmitry Vyukov <dvyukov@google.com> Thanks!
diff --git a/include/linux/kasan.h b/include/linux/kasan.h index 16cf53eac29b..173a8e81d001 100644 --- a/include/linux/kasan.h +++ b/include/linux/kasan.h @@ -81,17 +81,30 @@ struct kasan_cache { }; #ifdef CONFIG_KASAN_HW_TAGS + DECLARE_STATIC_KEY_FALSE(kasan_flag_enabled); + static __always_inline bool kasan_enabled(void) { return static_branch_likely(&kasan_flag_enabled); } -#else + +#else /* CONFIG_KASAN_HW_TAGS */ + static inline bool kasan_enabled(void) { return true; } -#endif + +#endif /* CONFIG_KASAN_HW_TAGS */ + +slab_flags_t __kasan_never_merge(void); +static __always_inline slab_flags_t kasan_never_merge(void) +{ + if (kasan_enabled()) + return __kasan_never_merge(); + return 0; +} void __kasan_unpoison_range(const void *addr, size_t size); static __always_inline void kasan_unpoison_range(const void *addr, size_t size) @@ -238,6 +251,10 @@ static inline bool kasan_enabled(void) { return false; } +static inline slab_flags_t kasan_never_merge(void) +{ + return 0; +} static inline void kasan_unpoison_range(const void *address, size_t size) {} static inline void kasan_alloc_pages(struct page *page, unsigned int order) {} static inline void kasan_free_pages(struct page *page, unsigned int order) {} diff --git a/mm/kasan/common.c b/mm/kasan/common.c index cf874243efab..a5a4dcb1254d 100644 --- a/mm/kasan/common.c +++ b/mm/kasan/common.c @@ -87,6 +87,17 @@ asmlinkage void kasan_unpoison_task_stack_below(const void *watermark) } #endif /* CONFIG_KASAN_STACK */ +/* + * Only allow cache merging when stack collection is disabled and no metadata + * is present. + */ +slab_flags_t __kasan_never_merge(void) +{ + if (kasan_stack_collection_enabled()) + return SLAB_KASAN; + return 0; +} + void __kasan_alloc_pages(struct page *page, unsigned int order) { u8 tag; diff --git a/mm/slab_common.c b/mm/slab_common.c index 0b5ae1819a8b..075b23ce94ec 100644 --- a/mm/slab_common.c +++ b/mm/slab_common.c @@ -19,6 +19,7 @@ #include <linux/seq_file.h> #include <linux/proc_fs.h> #include <linux/debugfs.h> +#include <linux/kasan.h> #include <asm/cacheflush.h> #include <asm/tlbflush.h> #include <asm/page.h> @@ -54,7 +55,7 @@ static DECLARE_WORK(slab_caches_to_rcu_destroy_work, */ #define SLAB_NEVER_MERGE (SLAB_RED_ZONE | SLAB_POISON | SLAB_STORE_USER | \ SLAB_TRACE | SLAB_TYPESAFE_BY_RCU | SLAB_NOLEAKTRACE | \ - SLAB_FAILSLAB | SLAB_KASAN) + SLAB_FAILSLAB | kasan_never_merge()) #define SLAB_MERGE_SAME (SLAB_RECLAIM_ACCOUNT | SLAB_CACHE_DMA | \ SLAB_CACHE_DMA32 | SLAB_ACCOUNT)