From patchwork Fri Mar 12 14:24:25 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Konovalov X-Patchwork-Id: 12134787 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-26.3 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, USER_AGENT_GIT,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id D6A49C433DB for ; Fri, 12 Mar 2021 14:24:43 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 6334A64FB2 for ; Fri, 12 Mar 2021 14:24:43 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 6334A64FB2 Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 077EE8D035C; Fri, 12 Mar 2021 09:24:43 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 04E9E8D0346; Fri, 12 Mar 2021 09:24:43 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id E301C8D035C; Fri, 12 Mar 2021 09:24:42 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0237.hostedemail.com [216.40.44.237]) by kanga.kvack.org (Postfix) with ESMTP id CA6C18D0346 for ; Fri, 12 Mar 2021 09:24:42 -0500 (EST) Received: from smtpin14.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay05.hostedemail.com (Postfix) with ESMTP id 897A1181CBDCE for ; Fri, 12 Mar 2021 14:24:42 +0000 (UTC) X-FDA: 77911443204.14.151B345 Received: from mail-ej1-f73.google.com (mail-ej1-f73.google.com [209.85.218.73]) by imf08.hostedemail.com (Postfix) with ESMTP id CF2378019153 for ; Fri, 12 Mar 2021 14:24:33 +0000 (UTC) Received: by mail-ej1-f73.google.com with SMTP id t21so2211813ejf.14 for ; Fri, 12 Mar 2021 06:24:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=YmrfZsjCUnsbI/dxLimuvoNopBZleUT55sQpN4+LAO4=; b=j/FaqdN61zL6WvpcKOGOU2tM9vngAJHnvFQAG9snOCBc7cjO4jQA4laHGxNPE3iol7 bTvUQd9R4paQnOS0/atIt5fTkAnxkGcZasXLem38BWaBtqHdLhpa1rd+rSx+RaSpW7tN M72oqJz0uX8j54HywoEZ70+yXJavAEboopaFmB8Z2A92JySJCH5xEqOay87JMUkyK37q erxXZWqAntLuDrpnqt4kiGbh71iP4qJjfpkORzXPvCeODseooVn6Qe6rBeUicTzcZyID 2TvJc/8mEXO9WXK1Fcg15bqM8m3gGLQ4LW1ASek4Pcc8JAwE6/h92cXjTVzPLsq/lmst vFxQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=YmrfZsjCUnsbI/dxLimuvoNopBZleUT55sQpN4+LAO4=; b=NStJW1uXZWe+6FXhcs5zGjhMBmUq25TrOMwfS9huMoHAUHH66wtHPxNEO59FzASZfy OIB6tTwPAE7VhfDSFd1lVU68keZEMVjuCCTBbWdmJUQlfHDqvmoLWGoD/TbSh6YDGvhR BONCXvp9GFD7iDBmEJIr+dRegvhK9w+UsWhuOuiBkATtqabHaCUvuXupLPHAE4tBvDyM m7yiNk8jkGhDT8Y8hrqTpRjk/y5AQg9dewirfsH+jMwQvRpDeR0nWV4q8+cnZfcSRmR/ RBS72pHg68Yh91dhdgKrLbP1l6z7LuxuzFjP2i3xfXx+XwV4ByM4oP0KAagj+dHLPwqJ MICw== X-Gm-Message-State: AOAM531jgvk+V9KGNyj/rP8lRgbv/C+2MqvQZvsnMeyCpNmw6FY3aUak TSvcDv3vixWPDF1LT5LvDoS6huYnKdW9bBpF X-Google-Smtp-Source: ABdhPJxp7kOe5CQTLKqSu61Pmt1p/02N6FRencBxyisW0zbM9w4CjKAGwVOwb28H7CndKCl0Pj/9qXZbp1GrMyxc X-Received: from andreyknvl3.muc.corp.google.com ([2a00:79e0:15:13:95a:d8a8:4925:42be]) (user=andreyknvl job=sendgmr) by 2002:a17:906:a049:: with SMTP id bg9mr8819448ejb.186.1615559080372; Fri, 12 Mar 2021 06:24:40 -0800 (PST) Date: Fri, 12 Mar 2021 15:24:25 +0100 In-Reply-To: Message-Id: <1486fba8514de3d7db2f47df2192db59228b0a7b.1615559068.git.andreyknvl@google.com> Mime-Version: 1.0 References: X-Mailer: git-send-email 2.31.0.rc2.261.g7f71774620-goog Subject: [PATCH v2 02/11] kasan: docs: update overview section From: Andrey Konovalov To: Andrew Morton , Alexander Potapenko , Marco Elver Cc: Andrey Ryabinin , Dmitry Vyukov , kasan-dev@googlegroups.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov X-Stat-Signature: qhmidydnefsk6j4bzkby59rxfg7qjw7r X-Rspamd-Server: rspam05 X-Rspamd-Queue-Id: CF2378019153 Received-SPF: none (flex--andreyknvl.bounces.google.com>: No applicable sender policy available) receiver=imf08; identity=mailfrom; envelope-from="<3qHlLYAoKCNExA0E1L7AI83BB381.zB985AHK-997Ixz7.BE3@flex--andreyknvl.bounces.google.com>"; helo=mail-ej1-f73.google.com; client-ip=209.85.218.73 X-HE-DKIM-Result: pass/pass X-HE-Tag: 1615559073-957852 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Update the "Overview" section in KASAN documentation: - Outline main use cases for each mode. - Mention that HW_TAGS mode need compiler support too. - Move the part about SLUB/SLAB support from "Usage" to "Overview". - Punctuation, readability, and other minor clean-ups. Signed-off-by: Andrey Konovalov Reviewed-by: Marco Elver --- Changes v1->v2: - Mention GCC support for HW_TAGS. --- Documentation/dev-tools/kasan.rst | 27 +++++++++++++++++++-------- 1 file changed, 19 insertions(+), 8 deletions(-) diff --git a/Documentation/dev-tools/kasan.rst b/Documentation/dev-tools/kasan.rst index b3b2c517db55..2f2697b290d5 100644 --- a/Documentation/dev-tools/kasan.rst +++ b/Documentation/dev-tools/kasan.rst @@ -11,17 +11,31 @@ designed to find out-of-bound and use-after-free bugs. KASAN has three modes: 2. software tag-based KASAN (similar to userspace HWASan), 3. hardware tag-based KASAN (based on hardware memory tagging). -Software KASAN modes (1 and 2) use compile-time instrumentation to insert -validity checks before every memory access, and therefore require a compiler +Generic KASAN is mainly used for debugging due to a large memory overhead. +Software tag-based KASAN can be used for dogfood testing as it has a lower +memory overhead that allows using it with real workloads. Hardware tag-based +KASAN comes with low memory and performance overheads and, therefore, can be +used in production. Either as an in-field memory bug detector or as a security +mitigation. + +Software KASAN modes (#1 and #2) use compile-time instrumentation to insert +validity checks before every memory access and, therefore, require a compiler version that supports that. -Generic KASAN is supported in both GCC and Clang. With GCC it requires version +Generic KASAN is supported in GCC and Clang. With GCC, it requires version 8.3.0 or later. Any supported Clang version is compatible, but detection of out-of-bounds accesses for global variables is only supported since Clang 11. -Tag-based KASAN is only supported in Clang. +Software tag-based KASAN mode is only supported in Clang. -Currently generic KASAN is supported for the x86_64, arm, arm64, xtensa, s390 +The hardware KASAN mode (#3) relies on hardware to perform the checks but +still requires a compiler version that supports memory tagging instructions. +This mode is supported in GCC 10+ and Clang 11+. + +Both software KASAN modes work with SLUB and SLAB memory allocators, +while the hardware tag-based KASAN currently only supports SLUB. + +Currently, generic KASAN is supported for the x86_64, arm, arm64, xtensa, s390, and riscv architectures, and tag-based KASAN modes are supported only for arm64. Usage @@ -39,9 +53,6 @@ For software modes, you also need to choose between CONFIG_KASAN_OUTLINE and CONFIG_KASAN_INLINE. Outline and inline are compiler instrumentation types. The former produces smaller binary while the latter is 1.1 - 2 times faster. -Both software KASAN modes work with both SLUB and SLAB memory allocators, -while the hardware tag-based KASAN currently only support SLUB. - For better error reports that include stack traces, enable CONFIG_STACKTRACE. To augment reports with last allocation and freeing stack of the physical page,