Fow low memory device, full enabled kasan just not work.
Set KASAN_SANITIZE to n when CONFIG_KASAN_WHITELIST_ONLY=y.
So we can enable kasan for single file or module.
Signed-off-by: Joey Jiao <[email protected]>
---
lib/Kconfig.kasan | 8 ++++++++
scripts/Makefile.lib | 3 +++
2 files changed, 11 insertions(+)
diff --git a/lib/Kconfig.kasan b/lib/Kconfig.kasan
index fdca89c05745..1cec4e204831 100644
--- a/lib/Kconfig.kasan
+++ b/lib/Kconfig.kasan
@@ -153,6 +153,14 @@ config KASAN_INLINE
endchoice
+config KASAN_WHITELIST_ONLY
+ bool "Whitelist only KASAN"
+ depends on KASAN && !KASAN_HW_TAGS
+ default n
+ help
+ Say Y here to only enable KASAN for module or files which has explicitly
+ set KASAN_SANITIZE:=y which is helpful especially for memory limited devices.
+
config KASAN_STACK
bool "Stack instrumentation (unsafe)" if CC_IS_CLANG && !COMPILE_TEST
depends on KASAN_GENERIC || KASAN_SW_TAGS
diff --git a/scripts/Makefile.lib b/scripts/Makefile.lib
index 68d0134bdbf9..e8d608ea369c 100644
--- a/scripts/Makefile.lib
+++ b/scripts/Makefile.lib
@@ -158,6 +158,9 @@ endif
#
ifeq ($(CONFIG_KASAN),y)
ifneq ($(CONFIG_KASAN_HW_TAGS),y)
+ifeq ($(CONFIG_KASAN_WHITELIST_ONLY),y)
+KASAN_SANITIZE ?= n
+endif
_c_flags += $(if $(patsubst n%,, \
$(KASAN_SANITIZE_$(basetarget).o)$(KASAN_SANITIZE)y), \
$(CFLAGS_KASAN), $(CFLAGS_KASAN_NOSANITIZE))
--
2.38.1
(CC Masahiro Yamada)
On Thu, Sep 28, 2023 at 6:16 AM Joey Jiao <[email protected]> wrote:
>
> Fow low memory device, full enabled kasan just not work.
> Set KASAN_SANITIZE to n when CONFIG_KASAN_WHITELIST_ONLY=y.
> So we can enable kasan for single file or module.
I don't have technical objections here, but it bothers me a bit that
we are adding support for KASAN_SANITIZE:=y, although nobody will be
adding KASAN_SANITIZE:=y to upstream Makefiles - only development
kernels when debugging on low-end devices.
Masahiro, is this something worth having in upstream Kconfig code?
> Signed-off-by: Joey Jiao <[email protected]>
Reviewed-by: Alexander Potapenko <[email protected]>
On Fri, Sep 29, 2023 at 11:06 PM Alexander Potapenko <[email protected]> wrote:
>
> (CC Masahiro Yamada)
>
> On Thu, Sep 28, 2023 at 6:16 AM Joey Jiao <[email protected]> wrote:
> >
> > Fow low memory device, full enabled kasan just not work.
> > Set KASAN_SANITIZE to n when CONFIG_KASAN_WHITELIST_ONLY=y.
> > So we can enable kasan for single file or module.
>
> I don't have technical objections here, but it bothers me a bit that
> we are adding support for KASAN_SANITIZE:=y, although nobody will be
> adding KASAN_SANITIZE:=y to upstream Makefiles - only development
> kernels when debugging on low-end devices.
>
> Masahiro, is this something worth having in upstream Kconfig code?
Even if we apply this patch to the upstream,
you will end up with adding 'KASAN_SANITIZE :=y'
to the single file/Makefile.
I am not convinced with this patch
since this nod is not so useful standalone.
> > Signed-off-by: Joey Jiao <[email protected]>
> Reviewed-by: Alexander Potapenko <[email protected]>
--
Best Regards
Masahiro Yamada
On Sat, Sep 30, 2023 at 12:13 PM Masahiro Yamada <[email protected]> wrote:
>
> On Fri, Sep 29, 2023 at 11:06 PM Alexander Potapenko <[email protected]> wrote:
> >
> > (CC Masahiro Yamada)
> >
> > On Thu, Sep 28, 2023 at 6:16 AM Joey Jiao <[email protected]> wrote:
> > >
> > > Fow low memory device, full enabled kasan just not work.
> > > Set KASAN_SANITIZE to n when CONFIG_KASAN_WHITELIST_ONLY=y.
> > > So we can enable kasan for single file or module.
> >
> > I don't have technical objections here, but it bothers me a bit that
> > we are adding support for KASAN_SANITIZE:=y, although nobody will be
> > adding KASAN_SANITIZE:=y to upstream Makefiles - only development
> > kernels when debugging on low-end devices.
> >
> > Masahiro, is this something worth having in upstream Kconfig code?
>
>
> Even if we apply this patch to the upstream,
> you will end up with adding 'KASAN_SANITIZE :=y'
> to the single file/Makefile.
>
> I am not convinced with this patch
> since this nod is not so useful standalone.
Yeah, I agree here, I don't think this change belongs as is in the
upstream KASAN code.
Right, it will be only useful for low memory kernel where 'KASAN_SANITIZE :=y' has to be added explicitly in local as hotfix.
-----Original Message-----
From: Masahiro Yamada <[email protected]>
Sent: Saturday, September 30, 2023 6:12 PM
To: Alexander Potapenko <[email protected]>
Cc: Joey Jiao (QUIC) <[email protected]>; [email protected]; Kevin Ding (QUIC) <[email protected]>; Andrey Ryabinin <[email protected]>; Andrey Konovalov <[email protected]>; Dmitry Vyukov <[email protected]>; Vincenzo Frascino <[email protected]>; Nathan Chancellor <[email protected]>; Nick Desaulniers <[email protected]>; Nicolas Schier <[email protected]>; [email protected]; [email protected]
Subject: Re: [PATCH] kasan: Add CONFIG_KASAN_WHITELIST_ONLY mode
On Fri, Sep 29, 2023 at 11:06 PM Alexander Potapenko <[email protected]> wrote:
>
> (CC Masahiro Yamada)
>
> On Thu, Sep 28, 2023 at 6:16 AM Joey Jiao <[email protected]> wrote:
> >
> > Fow low memory device, full enabled kasan just not work.
> > Set KASAN_SANITIZE to n when CONFIG_KASAN_WHITELIST_ONLY=y.
> > So we can enable kasan for single file or module.
>
> I don't have technical objections here, but it bothers me a bit that
> we are adding support for KASAN_SANITIZE:=y, although nobody will be
> adding KASAN_SANITIZE:=y to upstream Makefiles - only development
> kernels when debugging on low-end devices.
>
> Masahiro, is this something worth having in upstream Kconfig code?
Even if we apply this patch to the upstream, you will end up with adding 'KASAN_SANITIZE :=y'
to the single file/Makefile.
I am not convinced with this patch
since this nod is not so useful standalone.
> > Signed-off-by: Joey Jiao <[email protected]>
> Reviewed-by: Alexander Potapenko <[email protected]>
--
Best Regards
Masahiro Yamada