Received: by 2002:ac0:a581:0:0:0:0:0 with SMTP id m1-v6csp7286946imm; Thu, 28 Jun 2018 00:51:13 -0700 (PDT) X-Google-Smtp-Source: ADUXVKJknXQhlYX4NIXDYRqiLr2/ND2uuqxxMhk5/lkPEgL4ArZqRoszj0E0SZL6ZFmMd7bQpX+2 X-Received: by 2002:a65:40ca:: with SMTP id u10-v6mr7832731pgp.2.1530172273432; Thu, 28 Jun 2018 00:51:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1530172273; cv=none; d=google.com; s=arc-20160816; b=rA3BHuLMQiVEUczufszCrEy/6xen2vh0YXvamjungUxxWCvBlqeMAIbBjJKM1u2hKn Eho8peIT4ZDwK9LpaP+qnEWqY3SlhOtiNYYx+KsV3+f2KaJOGymCsibNHBODlq/kSFkv we2b0kQ4Fihs02tWTyCfxYpPDKYxIf1xB+scRelw0w6N2ukAxBkK+mEyCXU4CkhDuh0f 5bY10KY40KMjH4Sg4yYxkQDr7kYRWC/dcM4uGLM8VrYDbsb/EpNtkijYqXIxTJo17N8/ xTq/F8wzm/nnwAjAXzQsq9Z8SuHU143MlDgBYmPFYmv+fqVplZLBCBBvNR4zj6LZj1N2 js7A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:arc-authentication-results; bh=aAkg1L20ZteRX9kI12vsvdtXsfSm8eM3tTDFiVV+IZY=; b=MtBGXVPY27TyFy/dYyHXYiyvOOEDhpLsdc3+DbNMpiRVJsaxdIwJqleNyxLnt7cJCj Gq4c/9krfcLUkS+H1CfOrArDVO2zbcLE5zNUPm3AGy87ls88O0FRT8JvQWjTo5KgYFgM iXKcIOaw9/f3FaA+1Mvc8qfdbn8d8MyzfwMGIJGFDQatPqFbH/5l+DP3nnQFW+oIvGcq RaxY3pz7Bc1RYbPjhDBxmaDKcjf9xRAObD2v9x3jwZ9soBNN5QrSEsIIqcTg6mvL8dPN 5SOemXI0awiQlGg5No9B/4Jnh/LFcq0RKjtGqjF2y/OE747aC7c+Qwgk5osahm7Mo+Nx 3SvA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m6-v6si5233534pgu.644.2018.06.28.00.50.59; Thu, 28 Jun 2018 00:51:13 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S964817AbeF1HB5 (ORCPT + 99 others); Thu, 28 Jun 2018 03:01:57 -0400 Received: from mail-vk0-f68.google.com ([209.85.213.68]:40064 "EHLO mail-vk0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S933361AbeF1HBy (ORCPT ); Thu, 28 Jun 2018 03:01:54 -0400 Received: by mail-vk0-f68.google.com with SMTP id s23-v6so291350vks.7; Thu, 28 Jun 2018 00:01:54 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=aAkg1L20ZteRX9kI12vsvdtXsfSm8eM3tTDFiVV+IZY=; b=UqNHvgyTDLTLJlBtWUEX9Tl+/fxnMKAL7WDXvEapBV2MMezA2dBE21cZF5fLStyTYK /EHqbvEAogl+239Ki/x8Ba8iUmP+QXZ2xvOUx8syKI0R5dEN1szeIcujJOXDSiaGp4xs hsB+xTtUZTeMXZqbtxke1k8Ui1CESLErFBOYldb5Nf+ecW1Y6YLV1pcA+MXK0qVwffpQ 5Axdy47LXlcWkrElWVjfFkfPCT5RMinbQuFYjLQu4dGyE2qyf7vkFvZo8MnNVBmrQGc4 cj0KhU5V7/8oWF6J9r0WDeFBifbWQ5+sqPSkqsIm11ttj89TTrg+61oG1XfHoEkttRD8 JaVg== X-Gm-Message-State: APt69E0k0nWTBO1ceZw2iomQRlB6Vc7uyuBkWHpMY3jgYVIiDUCiXXWz 12CCA3Xy0zUl7gubMw0AkC4r5mX28oGTydg+JiJfNw== X-Received: by 2002:a1f:644:: with SMTP id 65-v6mr4445163vkg.159.1530169313568; Thu, 28 Jun 2018 00:01:53 -0700 (PDT) MIME-Version: 1.0 References: <20180627160800.3dc7f9ee41c0badbf7342520@linux-foundation.org> In-Reply-To: From: Geert Uytterhoeven Date: Thu, 28 Jun 2018 09:01:42 +0200 Message-ID: Subject: Re: [PATCH v4 00/17] khwasan: kernel hardware assisted address sanitizer To: Kostya Serebryany Cc: Andrew Morton , Andrey Konovalov , Andrey Ryabinin , Alexander Potapenko , Dmitry Vyukov , Catalin Marinas , Will Deacon , Christoph Lameter , Mark Rutland , Nick Desaulniers , Marc Zyngier , Dave Martin , Ard Biesheuvel , "Eric W. Biederman" , Ingo Molnar , Paul Lawrence , Arnd Bergmann , "Kirill A. Shutemov" , Greg KH , Kate Stewart , Mike Rapoport , kasan-dev@googlegroups.com, "open list:DOCUMENTATION" , Linux Kernel Mailing List , Linux ARM , linux-sparse@vger.kernel.org, Linux MM , linux-kbuild , Evgeniy Stepanov , Lee Smith , Ramana Radhakrishnan , Jacob Bramley , Ruben Ayrapetyan , Jann Horn , Mark Brand , cpandya@codeaurora.org, vishwath@google.com Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Kostya, On Thu, Jun 28, 2018 at 2:04 AM Kostya Serebryany wrote: > On Wed, Jun 27, 2018 at 4:08 PM Andrew Morton wrote: > > On Tue, 26 Jun 2018 15:15:10 +0200 Andrey Konovalov wrote: > > > This patchset adds a new mode to KASAN [1], which is called KHWASAN > > > (Kernel HardWare assisted Address SANitizer). > > > > > > The plan is to implement HWASan [2] for the kernel with the incentive, > > > that it's going to have comparable to KASAN performance, but in the same > > > time consume much less memory, trading that off for somewhat imprecise > > > bug detection and being supported only for arm64. > > > > Why do we consider this to be a worthwhile change? > > > > Is KASAN's memory consumption actually a significant problem? Some > > data regarding that would be very useful. > > On mobile, ASAN's and KASAN's memory usage is a significant problem. > Not sure if I can find scientific evidence of that. > CC-ing Vishwath Mohan who deals with KASAN on Android to provide > anecdotal evidence. > > There are several other benefits too: > * HWASAN more reliably detects non-linear-buffer-overflows compared to > ASAN (same for kernel-HWASAN vs kernel-ASAN) > * Same for detecting use-after-free (since HWASAN doesn't rely on quarantine). > * Much easier to implement stack-use-after-return detection (which > IIRC KASAN doesn't have yet, because in KASAN it's too hard) > > > If it is a large problem then we still have that problem on x86, so the > > problem remains largely unsolved? > > The problem is more significant on mobile devices than on desktop/server. > I'd love to have [K]HWASAN on x86_64 as well, but it's less trivial since x86_64 > doesn't have an analog of aarch64's top-byte-ignore hardware feature. This depends on your mobile devices and desktops and servers. There exist mobile devices with more memory than some desktops or servers. So actual numbers (O(KiB)? O(MiB)? O(GiB)?) would be nice to have. Thanks! Gr{oetje,eeting}s, Geert -- Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org In personal conversations with technical people, I call myself a hacker. But when I'm talking to journalists I just say "programmer" or something like that. -- Linus Torvalds