From patchwork Tue Feb 4 17:33:56 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Maciej Wieczor-Retman X-Patchwork-Id: 13959510 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id B4F18C02193 for ; Tue, 4 Feb 2025 17:41:24 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 4A11B28000C; Tue, 4 Feb 2025 12:41:24 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 450BD280008; Tue, 4 Feb 2025 12:41:24 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 2CA3728000C; Tue, 4 Feb 2025 12:41:24 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 0BA70280008 for ; Tue, 4 Feb 2025 12:41:24 -0500 (EST) Received: from smtpin01.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id 9A6881A0C50 for ; Tue, 4 Feb 2025 17:41:07 +0000 (UTC) X-FDA: 83082978174.01.F2E9BE4 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.20]) by imf25.hostedemail.com (Postfix) with ESMTP id 7847BA000D for ; Tue, 4 Feb 2025 17:41:04 +0000 (UTC) Authentication-Results: imf25.hostedemail.com; dkim=pass header.d=intel.com header.s=Intel header.b=KF+aN2p3; spf=pass (imf25.hostedemail.com: domain of maciej.wieczor-retman@intel.com designates 198.175.65.20 as permitted sender) smtp.mailfrom=maciej.wieczor-retman@intel.com; dmarc=pass (policy=none) header.from=intel.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1738690865; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=qK1chVyWc3x+ocpxBgge4/JeZPmwM7T3xKM6CHzx0Ts=; b=Jr8OCtkNW/ltQIlOWMgMz5hK1TyRUIFhDgNx4Wy6EqDYTulXAfDbU6NLIpefmkm0IzQy8h kNRtD0GIpuEx5qfmbYiwMuvTpImg8BGgfJ7Yo85CcFsEECJdEkQLbq9cBdQEa8UiqRLY4/ SpmwMaJb1hR4meRtpts6j5zJjhNJcHA= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1738690865; a=rsa-sha256; cv=none; b=O3OkCaSPpUXQjZAV475bPR2SiCQlOszLONbQMgkPmbxh/ZhZpt7DGUTo9rEwya01YoTe0A 1cMwar60Wl9VPY7/dxleAIXtbAfrQeaiD2XyUOBhMAXtMs1ASspvTF8GV1Lnli861vHbQX qu2n1MpgUr0Q3HhO2P99UTS0f7PMat8= ARC-Authentication-Results: i=1; imf25.hostedemail.com; dkim=pass header.d=intel.com header.s=Intel header.b=KF+aN2p3; spf=pass (imf25.hostedemail.com: domain of maciej.wieczor-retman@intel.com designates 198.175.65.20 as permitted sender) smtp.mailfrom=maciej.wieczor-retman@intel.com; dmarc=pass (policy=none) header.from=intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1738690864; x=1770226864; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=Ht7/TOmkT+iwiNKb8KTAnbXFoYcUy6oM0kb2gCQ20Wc=; b=KF+aN2p3BafUwQF34qoMnP2kCxSBayftKBhQ8H5DA8tToodOUgjeZpEt Ru6nfgKtzfpE1x35LJpTO58+QCRqrlKs02TTc8PP4xrfUw05J8eYm5ynl zlyDoF5kvVzwCkC2f7b38xVDFaCwVC3CC2eie4Tzl7DWPp/Nqrtx9sRvr r72d3plevm4J1q2uEDyO93QeEloFoHVixRihwzJNWULOC63OnXXIxkR7Z 0sh694aVR1A9zoxmOf4vbaP0JhpqPkmZSh4+wFNnZFpKkMfI3Yaluifio nKzTv7VZV7381e1itNk9ZBCwh//ZrP3U2wqtuRyUTxVsPoCMLYfBRbOzR w==; X-CSE-ConnectionGUID: 6udrRXXjThW7ggvP2VFuqw== X-CSE-MsgGUID: 52PacGU2So+wOUkZTWBAOg== X-IronPort-AV: E=McAfee;i="6700,10204,11336"; a="38931228" X-IronPort-AV: E=Sophos;i="6.13,259,1732608000"; d="scan'208";a="38931228" Received: from orviesa001.jf.intel.com ([10.64.159.141]) by orvoesa112.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 04 Feb 2025 09:37:41 -0800 X-CSE-ConnectionGUID: UAr5/zW7Rha56MjtNiYK0Q== X-CSE-MsgGUID: 2nPTC7p0TeC/cQLyC4Ywqw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.12,224,1728975600"; d="scan'208";a="147867266" Received: from mjarzebo-mobl1.ger.corp.intel.com (HELO wieczorr-mobl1.intel.com) ([10.245.244.61]) by smtpauth.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 04 Feb 2025 09:37:29 -0800 From: Maciej Wieczor-Retman To: luto@kernel.org, xin@zytor.com, kirill.shutemov@linux.intel.com, palmer@dabbelt.com, tj@kernel.org, andreyknvl@gmail.com, brgerst@gmail.com, ardb@kernel.org, dave.hansen@linux.intel.com, jgross@suse.com, will@kernel.org, akpm@linux-foundation.org, arnd@arndb.de, corbet@lwn.net, maciej.wieczor-retman@intel.com, dvyukov@google.com, richard.weiyang@gmail.com, ytcoode@gmail.com, tglx@linutronix.de, hpa@zytor.com, seanjc@google.com, paul.walmsley@sifive.com, aou@eecs.berkeley.edu, justinstitt@google.com, jason.andryuk@amd.com, glider@google.com, ubizjak@gmail.com, jannh@google.com, bhe@redhat.com, vincenzo.frascino@arm.com, rafael.j.wysocki@intel.com, ndesaulniers@google.com, mingo@redhat.com, catalin.marinas@arm.com, junichi.nomura@nec.com, nathan@kernel.org, ryabinin.a.a@gmail.com, dennis@kernel.org, bp@alien8.de, kevinloughlin@google.com, morbo@google.com, dan.j.williams@intel.com, julian.stecklina@cyberus-technology.de, peterz@infradead.org, cl@linux.com, kees@kernel.org Cc: kasan-dev@googlegroups.com, x86@kernel.org, linux-arm-kernel@lists.infradead.org, linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, llvm@lists.linux.dev, linux-doc@vger.kernel.org Subject: [PATCH 15/15] kasan: Add mititgation and debug modes Date: Tue, 4 Feb 2025 18:33:56 +0100 Message-ID: <450a1fe078b0e07bf2e4f3098c9110c9959c6524.1738686764.git.maciej.wieczor-retman@intel.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: References: MIME-Version: 1.0 X-Rspamd-Queue-Id: 7847BA000D X-Stat-Signature: ox5wue9gomx393ww7y5ffmp33zo3kdw4 X-Rspam-User: X-Rspamd-Server: rspam12 X-HE-Tag: 1738690864-716018 X-HE-Meta: U2FsdGVkX19nHAvUyb6WSnI2z1IHsBb5YznpH43gyq1riNuj3lt+76nyoJAdc0bl+yjs6/Kfe7OCQUQnJ+uUjucT6eKtplWvUUlWEj8Ktbnhfl9Ht5xif1lRKuBuOGL57KiNHpCAQG9dDZnwLr9Ii6HmTUgsw3/M1yroUWEp3k84FseM8QPbiydQgN7BnIhFyLYr1xHFM6M6JExwTK7J+DJsyoTaluvc8j6jwWl/AezHkQH2icZj56g037cDzk9N2hDHvgb+VtMVOidmTnipzcDNtOjP+EJAjO4IIqRy6HMwMzQ9oRZ8bEfxeahhDZCwahmukPAt3pFETpcYRwOmnJMgMjuluM7If1Jp8IRCI0/BUqZTaQdgKYpSScdudgyLVH9sQURgrJr6VxvM/6+qBCDEM1TMks9VQhHWR3wLIWq6KQempk9V64NZHpTbR/BwS3KuumeS6qQxG3HXEfC1oukAvnFt7QAirkxJXAEIX9fCWvOH8B58thTiR5gsN0Z6QyrfPFUgk14otziZjc+09EVl964hlezdkO+IVksvQasMsVSGxiyEF8AlGmSFD0LIqZSChfsAVDP2Xyk5gbl2WE6idG4p/Dyrj/LIyeNlv95DMKBf3Kv8eeG+dKyYibs/b1cCLPypipGRd/h5ZWo5hfuuQhOht89Zh/ubFmk96KnU1aoqLdZGQAYeTjhG3I01IX1ZTSifXbdHO2y8i23702TcvZxxHFhOvZ84G9FDS1FszhNx1OdtajR0lKzW+YVsJXszI1WBQQ7C7OENXvMMbz5X9fPu8bqzBt/gomcK0iwyerkXWBpT0v0ecFfMJmiNHDAymGzwDfTg2uLqs7U17xFYRn/UGBmsRrG9DxxV7qupODQBarhgOdoq8K8fNF2dF7yNVoVpq/wNeIPP3SW5o7+L59IdLk+AayaN60Zl+4/AWQFUYPJgizLhAWvBhcz3MWYIoP+augVUYFYlxfJ mhsSixqK ievfIO7CRQ3snmid8REjzkP91T+CTXp742UalYIx9jmvUfRgiZOAfA+WOxVnaOLasUDOg+ya9cIJYUHWtsi35MWu2hPP3EXsZ1pTmBsro+0WrRv63vErOaBrCUpkKNMx7jeR6lW3LRZeQ2jzIE+/F7IGIlPHOqFsyH8u9aqq7QSuyZ421NQWYQ10ShhiCOrXSga8v18fZSp0QQO/SCQTzRcAaw18Zp2yQFtUoWk8K4Q+hFcAYRGNBkDROGQ== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: With smaller memory footprint KASAN could be used in production systems. One problem is that saving stacktraces slowes memory allocation substantially - with KASAN enabled up to 90% of time spent on kmalloc() is spent on saving the stacktrace. Add mitigation mode to allow the option for running KASAN focused on performance and security. In mitigation mode disable saving stacktraces and set fault mode to always panic on KASAN error as a security mechanism. Signed-off-by: Maciej Wieczor-Retman --- lib/Kconfig.kasan | 28 ++++++++++++++++++++++++++++ mm/kasan/report.c | 4 ++++ mm/kasan/tags.c | 5 +++++ 3 files changed, 37 insertions(+) diff --git a/lib/Kconfig.kasan b/lib/Kconfig.kasan index d08b4e9bf477..6daa62b40dea 100644 --- a/lib/Kconfig.kasan +++ b/lib/Kconfig.kasan @@ -244,4 +244,32 @@ config KASAN_SW_TAGS_DENSE ARCH_HAS_KASAN_SW_TAGS_DENSE is needed for this option since the special tag macros need to be properly set for 4-bit wide tags. +choice + prompt "KASAN operation mode" + default KASAN_OPERATION_DEBUG + help + Choose between the mitigation or debug operation modes. + + The first one disables stacktrace saving and enables panic on error. + Faster memory allocation but less information. The second one is the + default where KASAN operates with full functionality. + +config KASAN_OPERATION_DEBUG + bool "Debug operation mode" + depends on KASAN + help + The default mode. Full functionality and all boot parameters + available. + +config KASAN_OPERATION_MITIGATION + bool "Mitigation operation mode" + depends on KASAN + help + Operation mode dedicated at faster operation at the cost of less + information collection. Disables stacktrace saving for faster + allocations and forces panic on KASAN error to mitigate malicious + attacks. + +endchoice + endif # KASAN diff --git a/mm/kasan/report.c b/mm/kasan/report.c index ee9e406b0cdb..ae989d3bd919 100644 --- a/mm/kasan/report.c +++ b/mm/kasan/report.c @@ -47,7 +47,11 @@ enum kasan_arg_fault { KASAN_ARG_FAULT_PANIC_ON_WRITE, }; +#ifdef CONFIG_KASAN_OPERATION_MITIGATION +static enum kasan_arg_fault kasan_arg_fault __ro_after_init = KASAN_ARG_FAULT_PANIC; +#else static enum kasan_arg_fault kasan_arg_fault __ro_after_init = KASAN_ARG_FAULT_DEFAULT; +#endif /* kasan.fault=report/panic */ static int __init early_kasan_fault(char *arg) diff --git a/mm/kasan/tags.c b/mm/kasan/tags.c index c111d98961ed..2414cddeaaf3 100644 --- a/mm/kasan/tags.c +++ b/mm/kasan/tags.c @@ -78,6 +78,11 @@ early_param("kasan.stack_ring_size", early_kasan_flag_stack_ring_size); void __init kasan_init_tags(void) { + if (IS_ENABLED(CONFIG_KASAN_OPERATION_MITIGATION)) { + static_branch_disable(&kasan_flag_stacktrace); + return; + } + switch (kasan_arg_stacktrace) { case KASAN_ARG_STACKTRACE_DEFAULT: /* Default is specified by kasan_flag_stacktrace definition. */