Received: by 2002:a05:6a10:2785:0:0:0:0 with SMTP id ia5csp3041333pxb; Tue, 12 Jan 2021 05:04:19 -0800 (PST) X-Google-Smtp-Source: ABdhPJzklwpWb7NkVSTZHEeUIs+hDbXMJxbMHpThj0HBC7TssJnVImw2noj13q14djSmqD2FCsSv X-Received: by 2002:a05:6402:1352:: with SMTP id y18mr3334328edw.178.1610456659677; Tue, 12 Jan 2021 05:04:19 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1610456659; cv=none; d=google.com; s=arc-20160816; b=Se6ddOZrQeOjVy1cHYyUGY1i6hrSBdEp4vADfKSY7gSUe14e3wZyqQA0xPay49aUHv yc45zuUtbmlovxk+7P23JfQe4WSbkMoy12xrccYkZDROFSpneHSCyJILWnEU0GYPVBGl X25XzbLEKKc6TgNF2wEueAMYgDdXDexT4z6/g6NSv9WUUV4PTmnQBOEeV273dIppV+z5 fa1rP63xXVtJcW7XBQ5loqKViX9EEV9DK+DLeW7HyhpGhSdwnFcPEXpK+DboSP3qcvM4 CqRTL7MAafv4ky6FtieU5LCX+UCV7baEOzk7fFlVie3TgjZVAsAXU7EBK8AXUrSi0TUm 81jA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :dkim-signature; bh=GDpfESbYxGF6Trv+/Pck55IrVLlVuQoy2fDX+R3JzHs=; b=ODQu45GlCoDbvlwGNzm2/SqPLMTiI1XL9Qf3ayuDaaeu7gPZJx6kVPxgapG+59X3HT 8wab6MSPsgN+3mA+R8CrPJpKLRl8AkZ7q54dTS4Z5Mhef9qsrAQr6fVAI/nslTaXW3Wb qp9Tx4QO4PlmS5hoPtsj006U6fpv3wecp4PiWN01enyz92R0PnLzQSAvG5pwzd8xhIi/ rwSQ3yyjD0byauGgmL/FerKusg/Gb1kajJZhT7yCYpiEdeYJBm8TOqT0FYXFIUBv71Ds EGSUxiRccNfMRR8+iCTyqmvswmGzLIJWFg5FXlKCUSCpS8dK1kF/bEetTSdhR78mC/bb 6yDg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=lTj2eZ0D; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id os24si1114653ejb.680.2021.01.12.05.03.56; Tue, 12 Jan 2021 05:04:19 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=lTj2eZ0D; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730567AbhALLjD (ORCPT + 99 others); Tue, 12 Jan 2021 06:39:03 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56586 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727304AbhALLjC (ORCPT ); Tue, 12 Jan 2021 06:39:02 -0500 Received: from mail-wr1-x432.google.com (mail-wr1-x432.google.com [IPv6:2a00:1450:4864:20::432]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 772F9C061794 for ; Tue, 12 Jan 2021 03:38:21 -0800 (PST) Received: by mail-wr1-x432.google.com with SMTP id t16so2163952wra.3 for ; Tue, 12 Jan 2021 03:38:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=GDpfESbYxGF6Trv+/Pck55IrVLlVuQoy2fDX+R3JzHs=; b=lTj2eZ0DptoNXlhXwRR5h7+wYAQ7o37MGF02nPramm3x/YM9nVgJhGn8jJv2jmZyv4 kmaIEelTV23V817at6dh8ahtVwTVxSYyUfFnerkbisZotkwb3jxfPUoGxPvXDPAybgkW BahdhTkMI14s0CtrZUEiy7RZoAA5ay58wksKBkU7qhhCJtS1lyx/lGZsHHVSLDpsTkiN ESIOecg2QJwQIfun7fGdKf+iglO0SvElsh9JCuFEgVaZ4IEQfzyPhSrznKyw5/dNpbYE UulwAPcgAUaT3MHBAceViOsC6wh0vVIogFTIZJMwKGl3XahEjQe3t2dAUAvs2OzireaB SQbg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=GDpfESbYxGF6Trv+/Pck55IrVLlVuQoy2fDX+R3JzHs=; b=Fl9GZCXKPQiG4yxyupw5qBabjF2qS9Us6PyNA6Xn/Rw0haus2ysSjpvLXhyUL/IuPB Mfl/QSYXF7EI/kGk6anNnjQ6SUSp9VJt/PtbADuWrvrCTY7f/og8ISBk+XD8YIqbhol4 7epZcj/nyMFjbXjsMKWzgyqgksy3mvqKcwOijYjTN93E3wQSCHa++o44k/AmJdzQUVL/ 7tsvXxsZzHGJP/xhBE6csx86vzpPe7ZmYbXjnt8ZYFjaSDDcKrQHcfC4lYg3uKzLBnQA oZQqqDkeKsOoVRrIixdFM9x5PBdNGDKmS8Hb5mdTqDHUj9saE3M/vkeCCfq1Pk+EpcYh GfhQ== X-Gm-Message-State: AOAM5304RZu/CYJKel4QMXoRDS+1cu6m5zl8F7h/p46wPUeLh/t83uZU iblRxWbVTdvfKFGft9Vd3n7osA== X-Received: by 2002:adf:db51:: with SMTP id f17mr3957788wrj.83.1610451500054; Tue, 12 Jan 2021 03:38:20 -0800 (PST) Received: from elver.google.com ([2a00:79e0:15:13:f693:9fff:fef4:2449]) by smtp.gmail.com with ESMTPSA id o74sm3825348wme.36.2021.01.12.03.38.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 12 Jan 2021 03:38:19 -0800 (PST) Date: Tue, 12 Jan 2021 12:38:13 +0100 From: Marco Elver To: Andrey Konovalov Cc: Catalin Marinas , Vincenzo Frascino , Dmitry Vyukov , Alexander Potapenko , Andrew Morton , Will Deacon , Andrey Ryabinin , Evgenii Stepanov , Branislav Rankov , Kevin Brodsky , kasan-dev@googlegroups.com, linux-arm-kernel@lists.infradead.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH 02/11] kasan: clarify HW_TAGS impact on TBI Message-ID: References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/2.0.2 (2020-11-20) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jan 05, 2021 at 07:27PM +0100, Andrey Konovalov wrote: > Mention in the documentation that enabling CONFIG_KASAN_HW_TAGS > always results in in-kernel TBI (Top Byte Ignore) being enabled. > > Also do a few minor documentation cleanups. > > Signed-off-by: Andrey Konovalov > Link: https://linux-review.googlesource.com/id/Iba2a6697e3c6304cb53f89ec61dedc77fa29e3ae Reviewed-by: Marco Elver > --- > Documentation/dev-tools/kasan.rst | 16 +++++++++++----- > 1 file changed, 11 insertions(+), 5 deletions(-) > > diff --git a/Documentation/dev-tools/kasan.rst b/Documentation/dev-tools/kasan.rst > index 0fc3fb1860c4..26c99852a852 100644 > --- a/Documentation/dev-tools/kasan.rst > +++ b/Documentation/dev-tools/kasan.rst > @@ -147,15 +147,14 @@ negative values to distinguish between different kinds of inaccessible memory > like redzones or freed memory (see mm/kasan/kasan.h). > > In the report above the arrows point to the shadow byte 03, which means that > -the accessed address is partially accessible. > - > -For tag-based KASAN this last report section shows the memory tags around the > -accessed address (see `Implementation details`_ section). > +the accessed address is partially accessible. For tag-based KASAN modes this > +last report section shows the memory tags around the accessed address > +(see the `Implementation details`_ section). > > Boot parameters > ~~~~~~~~~~~~~~~ > > -Hardware tag-based KASAN mode (see the section about different mode below) is > +Hardware tag-based KASAN mode (see the section about various modes below) is > intended for use in production as a security mitigation. Therefore it supports > boot parameters that allow to disable KASAN competely or otherwise control > particular KASAN features. > @@ -305,6 +304,13 @@ reserved to tag freed memory regions. > Hardware tag-based KASAN currently only supports tagging of > kmem_cache_alloc/kmalloc and page_alloc memory. > > +If the hardware doesn't support MTE (pre ARMv8.5), hardware tag-based KASAN > +won't be enabled. In this case all boot parameters are ignored. > + > +Note, that enabling CONFIG_KASAN_HW_TAGS always results in in-kernel TBI being > +enabled. Even when kasan.mode=off is provided, or when the hardware doesn't > +support MTE (but supports TBI). > + > What memory accesses are sanitised by KASAN? > -------------------------------------------- > > -- > 2.29.2.729.g45daf8777d-goog >