Received: by 2002:a05:6a10:6744:0:0:0:0 with SMTP id w4csp3961932pxu; Tue, 20 Oct 2020 05:15:35 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyN9REQlRqbzQMbs9VG5S3EbeFfsk2ZkQE2qjOytV3/anPBJRanD0h8lrL7DlprpoEvIXWR X-Received: by 2002:a17:906:1618:: with SMTP id m24mr2992388ejd.438.1603196135466; Tue, 20 Oct 2020 05:15:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1603196135; cv=none; d=google.com; s=arc-20160816; b=WcuyPv3i2F+9uD9p2MtEyavzmud+W3AeM5OJDe5z1nL0p0HuqYhwtlVsGBwRCtBcRz aPh8bTLqou5z//Lmp1r7OJsFg77Q3EXPbGQ16+XB9P+yPtk2zjDfZIIQtXLvyiTTAWw1 ap0zCFPEo6KBq58jF+CtyGVq2j2BlJNa3bw4dKmONc9xofWfjEhq5UUT3Fm6spuJtx75 YqeFg+dEDo0RtRW4XEDSYvPsjniEnLtRontQnIA5EZxNvmj0BrhkXCc+xtY+/tIrasSK U/xvVuP8SetICoxypzYjYiiOf7jt671s4ri9omWhosxiwEg9AuDUroICgE6+f1+lVrlz Ps9g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=ozLNOPkf0S7L5SxL6HFc1I8U+KuG7maLq27YKTCUYHs=; b=mO5wiuth8NL2F7tNI/QJXOWzayxQEchbxVf7D2ATPO2D/iEDS/txAZzbn7YTZU3F0Y Rq4kK/nQcPUgGYlGzo+bZOcokD42D3Y4a8p4Z1e34aFy56RkbeM0+isnWHCFPObxdC7B e1jANJ/V3XTq2cMde0qVgrX+cG1Rq4FrRfW4dpKSNfHoZuw5jrks+VhGeiu7fjqNXCQh KuCGrR50XS28s5QfX8X/Ofd2kQiah8dvm+gGhtEHexy1fMasBJqKZiSeptH/Na0UxNVB 4+wQPPb2+MX+ibwvY0oYhDf9Tpd9FcrIg3LsFUzQXzZrlV2c9Sc5UR9cj7QrthbyC9JN 3ToA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=O+WQf8Zs; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id j8si1158043ejt.416.2020.10.20.05.15.11; Tue, 20 Oct 2020 05:15:35 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=O+WQf8Zs; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2394272AbgJTMNQ (ORCPT + 99 others); Tue, 20 Oct 2020 08:13:16 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47098 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2394242AbgJTMNQ (ORCPT ); Tue, 20 Oct 2020 08:13:16 -0400 Received: from mail-pj1-x1043.google.com (mail-pj1-x1043.google.com [IPv6:2607:f8b0:4864:20::1043]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 34705C061755 for ; Tue, 20 Oct 2020 05:13:16 -0700 (PDT) Received: by mail-pj1-x1043.google.com with SMTP id h4so881563pjk.0 for ; Tue, 20 Oct 2020 05:13:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=ozLNOPkf0S7L5SxL6HFc1I8U+KuG7maLq27YKTCUYHs=; b=O+WQf8ZsYiZjkr3gEOBjWyzKrfvHEq3aKJ8d9HcKcEKgwvtDihveeQvKbbMu3hjman cTw7hCBlJcu7C8gt2qRH5N8XHLT2MUbL5topuaCSg5nblYfgu4CbnZJi0PLHSWSPgJfT UlxT6i5qsQRfQZKJ4H/Ez4EU1/Uf+RpAcZB3XGKc2oD5vkwR8eM0fQrTVNHVLawTNxme 7CuS8TwisSRK08UErg7+VJYhS4zCt8pLRmlNKvqVyDkqFKmAHRd5ioiKgFVuSYd0XRmu 6TlZz4PKzcnb41ZnSHSmVGq4AWc+xFapaM5UPiYRxWSWSp2ueBdJ8hCV1tFNCmUDrVXK 3FDw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=ozLNOPkf0S7L5SxL6HFc1I8U+KuG7maLq27YKTCUYHs=; b=bO1ohdKZ/bQB5maFwaSaUGeapIpcVAkqb/tLeDj/U5zyvvOtNDe7pnE+OLLXRgMKlh N+uepoBJBozH/6iYceP+va2kt99hRSDBSTK78g2m/Wjgf5XtuXWSEs43vYZgcT73klfi bEt4X1lc/UIt0+regO4sZlOnAlk3IbYs779hFOIUYHdNGgXmCBOBf6yGkwFUraYJ+G35 Wtxz+FvmZw+2GWaVWaXsC32YZRUslL2Tq+BZPNdtzKFvNMy4OunUHD7JMZmO/6ipvtPg mXrNxrB+EycG3wZu+JTdq8vw/UCnJMPRTHIYICOhzxk9nHaSfHH6qkixn9mtqSO2i3Jp nLTw== X-Gm-Message-State: AOAM531gE3DvdxVNvFpUtMbGohNwPcBprEPhLzUkY0yBUckGLuLxYIRD JsFzLo7vwO4ae7ZVUs4icTQpqg6KjtZqYxpUgjnnng== X-Received: by 2002:a17:90b:228f:: with SMTP id kx15mr2530393pjb.41.1603195995550; Tue, 20 Oct 2020 05:13:15 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Andrey Konovalov Date: Tue, 20 Oct 2020 14:13:04 +0200 Message-ID: Subject: Re: [PATCH RFC 0/8] kasan: hardware tag-based mode for production use on arm64 To: Dmitry Vyukov , Kostya Serebryany Cc: Serban Constantinescu , Catalin Marinas , Will Deacon , Vincenzo Frascino , Alexander Potapenko , Evgenii Stepanov , Andrey Ryabinin , Elena Petrova , Branislav Rankov , Kevin Brodsky , Andrew Morton , kasan-dev , Linux ARM , Linux Memory Management List , LKML , Marco Elver Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Oct 20, 2020 at 7:34 AM Dmitry Vyukov wrote: > > On Tue, Oct 20, 2020 at 12:51 AM Kostya Serebryany wrote: > > > > Hi, > > I would like to hear opinions from others in CC on these choices: > > * Production use of In-kernel MTE should be based on stripped-down > > KASAN, or implemented independently? > > Andrey, what are the fundamental consequences of basing MTE on KASAN? > I would assume that there are none as we can change KASAN code and > special case some code paths as necessary. The main consequence is psychological and manifests in inheriting the name :) But generally you're right. As we can change KASAN code, we can do whatever we want, like adding fast paths for MTE, etc. If we Ctrl+C Ctrl+V KASAN common code, we could potentially do some micro optimizations (like avoiding a couple of checks), but I doubt that will make any difference. > > * Should we aim at a single boot-time flag (with several values) or > > for several independent flags (OFF/SYNC/ASYNC, Stack traces on/off) > > We won't be able to answer this question for several years until we > have actual hardware/users... > It's definitely safer to aim at multiple options. I would reuse the fs > opt parsing code as we seem to have lots of potential things to > configure so that we can do: > kasan_options=quarantine=off,fault=panic,trap=async > > I am also always confused by the term "debug" when configuring the > kernel. In some cases it's for debugging of the subsystem (for > developers of KASAN), in some cases it adds additional checks to catch > misuses of the subsystem. in some - it just adds more debugging output > on console. And in this case it's actually neither of these. But I am > not sure what's a better name ("full"?). Even if we split options into > multiple, we still can have some kind of presents that just flip all > other options into reasonable values. OK, let me try to incorporate the feedback I've heard so far into the next version. > > > Andrey, please give us some idea of the CPU and RAM overheads other > > than those coming from MTE > > * stack trace collection and storage > > * adding redzones to every allocation - not strictly needed for MTE, > > but convenient to store the stack trace IDs. > > > > Andrey: with production MTE we should not be using quarantine, which > > means storing the stack trace IDs > > in the deallocated memory doesn't provide good report quality. > > We may need to consider another approach, e.g. the one used in HWASAN > > (separate ring buffer, per thread or per core) My current priority is cleaning up the mode where stack traces are disabled and estimating the slowdown from KASAN callbacks. Once done with that, I'll switch to these ones.