Received: by 2002:ac0:a581:0:0:0:0:0 with SMTP id m1-v6csp7798028imm; Thu, 28 Jun 2018 09:25:05 -0700 (PDT) X-Google-Smtp-Source: ADUXVKKbkRDFxnBRBFroIpBWDgdDe7qGtwpZG4K3+iTx+u4TbhUJrt4XtZE6AYy53sGOOjTxtpLf X-Received: by 2002:a17:902:6a89:: with SMTP id n9-v6mr11061650plk.302.1530203105042; Thu, 28 Jun 2018 09:25:05 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1530203105; cv=none; d=google.com; s=arc-20160816; b=ID9y4Uni7siasMIt352oSTHfxcR99dGMWmqGMFzuRzzbJm4bBFQZvTIC+oY1LXu2Ae P0YZPhNxkrSGVffkmTV0yH6Wy84MDHREm0b5e2N1fY+5s4Ck73aaUgCfcYBTd1qqFWcw 3nZ+GAI7utC9OW4Ym+tryodRlfErxbkrHth3XFvls6mg+NY8r67uSoTCL0EL+WM5cFUM 0UIzByqKbC7z4YFxO71Ujn0sdc21wLJhHf8WEKnyPCy2yCuVIhQctDd+0kz3rFXmRGm+ 5XjSV0BWnPhCFbetRDj0PpmpOGtdrzFLjxuJ0T7OpEhFXuKbMJzz5r0BUheJsGZr7ROe yRhw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:arc-authentication-results; bh=44DyDh76sGNUrnk5TyvLNOTcmSlyyksnipWNPYljRpI=; b=HC3rXHWQlaSqO9voGWx5f4/FStQrZ5q+EFqI5R381j9ZOUNHNU4kgGJqdVfjAf3SBo Z5G+SK4UYBYXV0S4AT6B4EF406okwHfBuN2p+3fZfHuZ1R9GMXbrB9nXNI1BuyL+i77B imX4CWoi2LF5vZOpw3N5NBB9bzA1qD4Vup5jVyTbYyALNI8UyL5xNmFOPrppxgMguisi BGzxS2OcxCWAcBGi9El+EipAHi0UYY6xQQZu4qHQE7ERCBrLhrH9Isp/4bwCMQUU5Aaf Z9ZIaHY1C4dzzwz+dOx2x+Opo8VN6iUy9GCBY73Ki4UA5W/dMTFhLq81Ub48pZfRIEro Bxlg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j12-v6si5998018pgq.312.2018.06.28.09.24.49; Thu, 28 Jun 2018 09:25:05 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S934116AbeF1KvX (ORCPT + 99 others); Thu, 28 Jun 2018 06:51:23 -0400 Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70]:45040 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932203AbeF1KvV (ORCPT ); Thu, 28 Jun 2018 06:51:21 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id DAA7880D; Thu, 28 Jun 2018 03:51:20 -0700 (PDT) Received: from e103592.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 2FB073F266; Thu, 28 Jun 2018 03:51:15 -0700 (PDT) Date: Thu, 28 Jun 2018 11:51:06 +0100 From: Dave Martin To: Andrey Konovalov Cc: Andrey Ryabinin , Alexander Potapenko , Dmitry Vyukov , Catalin Marinas , Will Deacon , Christoph Lameter , Andrew Morton , Mark Rutland , Nick Desaulniers , Marc Zyngier , Ard Biesheuvel , "Eric W . Biederman" , Ingo Molnar , Paul Lawrence , Geert Uytterhoeven , Arnd Bergmann , "Kirill A . Shutemov" , Greg Kroah-Hartman , Kate Stewart , Mike Rapoport , kasan-dev@googlegroups.com, linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-sparse@vger.kernel.org, linux-mm@kvack.org, linux-kbuild@vger.kernel.org, Chintan Pandya , Jacob Bramley , Jann Horn , Ruben Ayrapetyan , Lee Smith , Kostya Serebryany , Mark Brand , Ramana Radhakrishnan , Evgeniy Stepanov Subject: Re: [PATCH v4 00/17] khwasan: kernel hardware assisted address sanitizer Message-ID: <20180628105057.GA26019@e103592.cambridge.arm.com> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.23 (2014-03-12) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jun 26, 2018 at 03:15:10PM +0200, Andrey Konovalov wrote: > This patchset adds a new mode to KASAN [1], which is called KHWASAN > (Kernel HardWare assisted Address SANitizer). > > The plan is to implement HWASan [2] for the kernel with the incentive, > that it's going to have comparable to KASAN performance, but in the same > time consume much less memory, trading that off for somewhat imprecise > bug detection and being supported only for arm64. > > The overall idea of the approach used by KHWASAN is the following: > > 1. By using the Top Byte Ignore arm64 CPU feature, we can store pointer > tags in the top byte of each kernel pointer. [...] This is a change from the current situation, so the kernel may be making implicit assumptions about the top byte of kernel addresses. Randomising the top bits may cause things like address conversions and pointer arithmetic to break. For example, (q - p) will not produce the expected result if q and p have different tags. Conversions, such as between pointer and pfn, may also go wrong if not appropriately masked. There are also potential pointer comparison and aliasing issues if the tag bits are ever stripped or modified. What was your approach to tracking down all the points in the code where we have a potential issue? (I haven't dug through the series in detail yet, so this may be answered somewhere already...) Cheers ---Dave