Received: by 2002:ac0:a581:0:0:0:0:0 with SMTP id m1-v6csp614067imm; Fri, 29 Jun 2018 03:35:12 -0700 (PDT) X-Google-Smtp-Source: ADUXVKJM2qLqtmUUu1bTzDuRzWCcux9YGnN7ZKZm1s21B2Na2zZxojEIF59KGIDTZfQzTvkOJQ5I X-Received: by 2002:a65:508d:: with SMTP id r13-v6mr12233804pgp.143.1530268512416; Fri, 29 Jun 2018 03:35:12 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1530268512; cv=none; d=google.com; s=arc-20160816; b=PBZQScCvaqhDjaLs70YQpVjErAV/r7m+ScUH9lcAf5pY6MnLe+68KLk8+drZIwXhbl eJfl6y4GPZnHheslm8F/r0DrzoqJrM885oKBAaaWUwyzFvU0o8uCiM5gNdWPuJ21TqDr G3pBcyZNLCz/KTlziya1wwzdeBj/zmzIySi58Xjc2xLQTIqQC1k921svT4q5YzdwO+Uo huKcOeYhCnHnUviLrlcz0sxkghJlyot9bI9kY0PQk4aqFqHPSNh7zuYZ7goFE288nElF ySXy/sxJpPOYB7NNbu5CFkN7eDiwpwrN6olsnyz7O6tEmrXFhWqdJIo1C2VRjJfv7r4W szww== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:arc-authentication-results; bh=X776tD7xnhAHcQiNzoqrnk5SoB5reyw6Y4GgK6Y0TyA=; b=vqWyWCzESuI41T4WzseGRFIEOhnuyq6x7yMcE8vxNHbaURjQstVGMXkptNfiAD0eOb NsiQE8YdYZH9IPA9dWQWfeym+IoOYyTihWyTWcw0zC4PJ0xcK7yRUBb7FPpoSP3YwQiJ ikLLiu2ue3/ZVjzAD8h7I3CsPblj/5ZcTOtw6B6pTRawUhTheYGmaPI12vRf9l4plVuK 7Fa8g+OVkZVwiFWaIu+qoz5GnPySR0Bt/2AJ6EI3IpPSLqgpxJJzzbhnpn/ZqUXa9jzc KtGp3nvHvPbRExM46fpESH/8RFzdbfrjLjZ+1TPvr/MP6Rj6A/ayec5+drNCp9R+Khk8 cjkQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u4-v6si8318622plj.43.2018.06.29.03.34.57; Fri, 29 Jun 2018 03:35:12 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753367AbeF2KOr (ORCPT + 99 others); Fri, 29 Jun 2018 06:14:47 -0400 Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70]:59200 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751901AbeF2KOo (ORCPT ); Fri, 29 Jun 2018 06:14:44 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id BD2121529; Fri, 29 Jun 2018 03:14:43 -0700 (PDT) Received: from lakrids.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 145AD3F266; Fri, 29 Jun 2018 03:14:37 -0700 (PDT) Date: Fri, 29 Jun 2018 11:14:35 +0100 From: Mark Rutland To: Andrey Konovalov Cc: Dave Martin , Andrey Ryabinin , Alexander Potapenko , Dmitry Vyukov , Catalin Marinas , Will Deacon , Christoph Lameter , Andrew Morton , Nick Desaulniers , Marc Zyngier , Ard Biesheuvel , "Eric W . Biederman" , Ingo Molnar , Paul Lawrence , Geert Uytterhoeven , Arnd Bergmann , "Kirill A . Shutemov" , Greg Kroah-Hartman , Kate Stewart , Mike Rapoport , kasan-dev , linux-doc@vger.kernel.org, LKML , Linux ARM , linux-sparse@vger.kernel.org, Linux Memory Management List , Linux Kbuild mailing list , Chintan Pandya , Jacob Bramley , Jann Horn , Ruben Ayrapetyan , Lee Smith , Kostya Serebryany , Mark Brand , Ramana Radhakrishnan , Evgeniy Stepanov Subject: Re: [PATCH v4 00/17] khwasan: kernel hardware assisted address sanitizer Message-ID: <20180629101435.263hujat2amnm3hi@lakrids.cambridge.arm.com> References: <20180628105057.GA26019@e103592.cambridge.arm.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: NeoMutt/20170113 (1.7.2) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Jun 28, 2018 at 08:56:41PM +0200, Andrey Konovalov wrote: > On Thu, Jun 28, 2018 at 12:51 PM, Dave Martin wrote: > > On Tue, Jun 26, 2018 at 03:15:10PM +0200, Andrey Konovalov wrote: > >> 1. By using the Top Byte Ignore arm64 CPU feature, we can store pointer > >> tags in the top byte of each kernel pointer. > > > > [...] > > > > This is a change from the current situation, so the kernel may be > > making implicit assumptions about the top byte of kernel addresses. [...] > > What was your approach to tracking down all the points in the code > > where we have a potential issue? > > I've been fuzzing the kernel built with KWHASAN with syzkaller. This > gives a decent coverage and I was able to find some places where > fixups were required this way. Right now the fuzzer is running without > issues. It doesn't prove that all such places are fixed, but I don't > know a better way to test this. While fuzzing shows that the kernel doesn't crash (and this is very important), it does not show that it exhibits the expected behaviour, and there could be a number of soft failures present. e.g. certain functions might just return an error code if a pointer has a tag other than 0xff (such that it looks like a kernel pointer) or 0x00 (such that it looks like a user pointer), and this might not result in a fatal error even though the behaviour is not what we require. Perhaps it's possible to compare the behaviour of a kernel making use of tags with one which does not, though I'm not sure at which level the comparison needs to be performed. Thanks, Mark.