| Message ID | 20230928041600.15982-1-quic_jiangenj@quicinc.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | kasan: Add CONFIG_KASAN_WHITELIST_ONLY mode | expand |
(CC Masahiro Yamada) On Thu, Sep 28, 2023 at 6:16 AM Joey Jiao <quic_jiangenj@quicinc.com> wrote: > > Fow low memory device, full enabled kasan just not work. > Set KASAN_SANITIZE to n when CONFIG_KASAN_WHITELIST_ONLY=y. > So we can enable kasan for single file or module. I don't have technical objections here, but it bothers me a bit that we are adding support for KASAN_SANITIZE:=y, although nobody will be adding KASAN_SANITIZE:=y to upstream Makefiles - only development kernels when debugging on low-end devices. Masahiro, is this something worth having in upstream Kconfig code? > Signed-off-by: Joey Jiao <quic_jiangenj@quicinc.com> Reviewed-by: Alexander Potapenko <glider@google.com>
On Fri, Sep 29, 2023 at 11:06 PM Alexander Potapenko <glider@google.com> wrote: > > (CC Masahiro Yamada) > > On Thu, Sep 28, 2023 at 6:16 AM Joey Jiao <quic_jiangenj@quicinc.com> wrote: > > > > Fow low memory device, full enabled kasan just not work. > > Set KASAN_SANITIZE to n when CONFIG_KASAN_WHITELIST_ONLY=y. > > So we can enable kasan for single file or module. > > I don't have technical objections here, but it bothers me a bit that > we are adding support for KASAN_SANITIZE:=y, although nobody will be > adding KASAN_SANITIZE:=y to upstream Makefiles - only development > kernels when debugging on low-end devices. > > Masahiro, is this something worth having in upstream Kconfig code? Even if we apply this patch to the upstream, you will end up with adding 'KASAN_SANITIZE :=y' to the single file/Makefile. I am not convinced with this patch since this nod is not so useful standalone. > > Signed-off-by: Joey Jiao <quic_jiangenj@quicinc.com> > Reviewed-by: Alexander Potapenko <glider@google.com> -- Best Regards Masahiro Yamada
On Sat, Sep 30, 2023 at 12:13 PM Masahiro Yamada <masahiroy@kernel.org> wrote: > > On Fri, Sep 29, 2023 at 11:06 PM Alexander Potapenko <glider@google.com> wrote: > > > > (CC Masahiro Yamada) > > > > On Thu, Sep 28, 2023 at 6:16 AM Joey Jiao <quic_jiangenj@quicinc.com> wrote: > > > > > > Fow low memory device, full enabled kasan just not work. > > > Set KASAN_SANITIZE to n when CONFIG_KASAN_WHITELIST_ONLY=y. > > > So we can enable kasan for single file or module. > > > > I don't have technical objections here, but it bothers me a bit that > > we are adding support for KASAN_SANITIZE:=y, although nobody will be > > adding KASAN_SANITIZE:=y to upstream Makefiles - only development > > kernels when debugging on low-end devices. > > > > Masahiro, is this something worth having in upstream Kconfig code? > > > Even if we apply this patch to the upstream, > you will end up with adding 'KASAN_SANITIZE :=y' > to the single file/Makefile. > > I am not convinced with this patch > since this nod is not so useful standalone. Yeah, I agree here, I don't think this change belongs as is in the upstream KASAN code.
Right, it will be only useful for low memory kernel where 'KASAN_SANITIZE :=y' has to be added explicitly in local as hotfix. -----Original Message----- From: Masahiro Yamada <masahiroy@kernel.org> Sent: Saturday, September 30, 2023 6:12 PM To: Alexander Potapenko <glider@google.com> Cc: Joey Jiao (QUIC) <quic_jiangenj@quicinc.com>; kasan-dev@googlegroups.com; Kevin Ding (QUIC) <quic_likaid@quicinc.com>; Andrey Ryabinin <ryabinin.a.a@gmail.com>; Andrey Konovalov <andreyknvl@gmail.com>; Dmitry Vyukov <dvyukov@google.com>; Vincenzo Frascino <vincenzo.frascino@arm.com>; Nathan Chancellor <nathan@kernel.org>; Nick Desaulniers <ndesaulniers@google.com>; Nicolas Schier <nicolas@fjasle.eu>; linux-kernel@vger.kernel.org; linux-kbuild@vger.kernel.org Subject: Re: [PATCH] kasan: Add CONFIG_KASAN_WHITELIST_ONLY mode On Fri, Sep 29, 2023 at 11:06 PM Alexander Potapenko <glider@google.com> wrote: > > (CC Masahiro Yamada) > > On Thu, Sep 28, 2023 at 6:16 AM Joey Jiao <quic_jiangenj@quicinc.com> wrote: > > > > Fow low memory device, full enabled kasan just not work. > > Set KASAN_SANITIZE to n when CONFIG_KASAN_WHITELIST_ONLY=y. > > So we can enable kasan for single file or module. > > I don't have technical objections here, but it bothers me a bit that > we are adding support for KASAN_SANITIZE:=y, although nobody will be > adding KASAN_SANITIZE:=y to upstream Makefiles - only development > kernels when debugging on low-end devices. > > Masahiro, is this something worth having in upstream Kconfig code? Even if we apply this patch to the upstream, you will end up with adding 'KASAN_SANITIZE :=y' to the single file/Makefile. I am not convinced with this patch since this nod is not so useful standalone. > > Signed-off-by: Joey Jiao <quic_jiangenj@quicinc.com> > Reviewed-by: Alexander Potapenko <glider@google.com> -- Best Regards Masahiro Yamada
diff --git a/lib/Kconfig.kasan b/lib/Kconfig.kasan index fdca89c05745..1cec4e204831 100644 --- a/lib/Kconfig.kasan +++ b/lib/Kconfig.kasan @@ -153,6 +153,14 @@ config KASAN_INLINE endchoice +config KASAN_WHITELIST_ONLY + bool "Whitelist only KASAN" + depends on KASAN && !KASAN_HW_TAGS + default n + help + Say Y here to only enable KASAN for module or files which has explicitly + set KASAN_SANITIZE:=y which is helpful especially for memory limited devices. + config KASAN_STACK bool "Stack instrumentation (unsafe)" if CC_IS_CLANG && !COMPILE_TEST depends on KASAN_GENERIC || KASAN_SW_TAGS diff --git a/scripts/Makefile.lib b/scripts/Makefile.lib index 68d0134bdbf9..e8d608ea369c 100644 --- a/scripts/Makefile.lib +++ b/scripts/Makefile.lib @@ -158,6 +158,9 @@ endif # ifeq ($(CONFIG_KASAN),y) ifneq ($(CONFIG_KASAN_HW_TAGS),y) +ifeq ($(CONFIG_KASAN_WHITELIST_ONLY),y) +KASAN_SANITIZE ?= n +endif _c_flags += $(if $(patsubst n%,, \ $(KASAN_SANITIZE_$(basetarget).o)$(KASAN_SANITIZE)y), \ $(CFLAGS_KASAN), $(CFLAGS_KASAN_NOSANITIZE))
Fow low memory device, full enabled kasan just not work. Set KASAN_SANITIZE to n when CONFIG_KASAN_WHITELIST_ONLY=y. So we can enable kasan for single file or module. Signed-off-by: Joey Jiao <quic_jiangenj@quicinc.com> --- lib/Kconfig.kasan | 8 ++++++++ scripts/Makefile.lib | 3 +++ 2 files changed, 11 insertions(+)