Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp2136974pxb; Fri, 5 Feb 2021 09:46:27 -0800 (PST) X-Google-Smtp-Source: ABdhPJwbCFbjbWgfA6+gKEbgH3p9t69O0VSd/ldOhTgZyiqzn/VgIyHF8/daJzBYZO1RnuywoKKI X-Received: by 2002:a17:906:380c:: with SMTP id v12mr5043952ejc.65.1612547187102; Fri, 05 Feb 2021 09:46:27 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1612547187; cv=none; d=google.com; s=arc-20160816; b=aiI9Q3XOh1l3Av17Rx5CeKWwAZqLngmwtx5oVWHxdchSwtAnc+3Iw+BwDcYYQzTNny NTq0m7imV5PqY489j+qwnbdBidfWo4Xn8HzVsUBKuvleZA1Zs0fumBaYOCUvCsylR46W KdGTp+DoXJ3E7bu5Cb7QPTh5wgowG8Cy4C6TM9d+hp1UqDlzDifm/nG7Ufx0UDtrvPGc 6Wie7uFzLxoW2auqZRMJqddQtyMhVhmcsvOAj2xo/TX5CQPNZT4QTXwBTx3JM1EASojH b5iHdqeUfzizxG/U6k0GFT8kyBebxtRilbzNT9NNl+lynmzs0wpTsnZ/ZoE33rqbBT55 HcRA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:references:mime-version :message-id:in-reply-to:date:sender:dkim-signature; bh=qTEJ0ZFBO6HUy56kVKTkSwNvhkuevt789FDycYnAlaw=; b=xVwhfW3Y3bbTZw24dm5OlrXD7mMGpdNZHUqj8qYkaz2p3H4ExBOWBg49bxS1eaQHPf zGGOz69QQkwEmUzdfYwzL578tt7T4RaPyWKKBzjov11A1La0fF0HmQpPEGVw8o/rRJF7 bZVxUQ9AB0L4jjVnYwb+Cg+U2TERvu17S+1g5Ip7Err1voGeTAp7fm9CERnY5rIxOsZ9 WqhFxaA736QoBmXUznFARUkrSdi+Deh9C9qwTIel5Uv4RAHIAUtGEmLyykTVY0DwPbFZ PxDHn0Ju1RThjFq0T61GLDOAM9GGFKq2HqwsUdSIOrzu26LjjtkKIRFJxFgSkEzyneN8 kmug== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=G68KUqp3; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id t24si4168343edi.132.2021.02.05.09.45.57; Fri, 05 Feb 2021 09:46:27 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=G68KUqp3; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232450AbhBEQCv (ORCPT + 99 others); Fri, 5 Feb 2021 11:02:51 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34330 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233416AbhBEPzk (ORCPT ); Fri, 5 Feb 2021 10:55:40 -0500 Received: from mail-qt1-x84a.google.com (mail-qt1-x84a.google.com [IPv6:2607:f8b0:4864:20::84a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C8B89C0617AA for ; Fri, 5 Feb 2021 09:35:22 -0800 (PST) Received: by mail-qt1-x84a.google.com with SMTP id 22so5766119qty.14 for ; Fri, 05 Feb 2021 09:35:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=sender:date:in-reply-to:message-id:mime-version:references:subject :from:to:cc; bh=qTEJ0ZFBO6HUy56kVKTkSwNvhkuevt789FDycYnAlaw=; b=G68KUqp3HFLcXYHG+bANujiKTjP1H7aOPDJCFa1RkVjgdbj5cMzKLUYhQ88IOigD2m g5wDAziPJ9/f2dbpwetUHkPJSL+aI/MWcTpGdaiivZgXRAc1C7nVA8lhLw49A9oP0xKP YkRx4Li9ZnC0Fp2IsX/EdfVi5nLsxTLigRBe9oKmV5ex/G9k44wbWqIs5s5fsPBc6OK1 UhA4HiSIlJg20l5gKCGg1nOsKB7YDjIwiGT0etN2p6CDP2nZon8XJQMGeGLgUOz+VcNi bc8djrtRbaTCpDbTXiogPshowtlILUAlRK7BVS1XEzHo35Yv9MrTtxK4e+3RPZe4PG7Z jBtA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=qTEJ0ZFBO6HUy56kVKTkSwNvhkuevt789FDycYnAlaw=; b=qdtoWBjVy/q/SljEb9sHrDO6PwIPHAhfRzrTRNucb5cG8o3R3vdTsS/uq7EDYhV2f9 Hm1rNIkG1qq7Nk/nqAqRxSgqjyCxZ3T6eYrjbWcp18WlSYgY2XFobG7HC2XVmTsClRoT /+oxaiFtIXpTgxuO12vPsX4CvTXGcz5z9I+QacQ5MZaP4GYuAHBmMXi+xIZsv8YfRFKP M4P8D69xWIyNsW7Wo/lQ1jm7r13fqSei0MqQ1dWo6/yuww2hAOyvj7TaSqpz4gE2bB6c N6VIsLuJy0wvBTqa+Xg3RD36LGirhXDODW7+yHYMY9nbreLObCPRoe9thNZ64+eGO2Sk 337A== X-Gm-Message-State: AOAM532YspHhCbIonBDDAhYuGA2z6i6Vm7/uvKthkkYF8wZksJ0UUW/e ExLyC4TLMxaFG0LQaXdd8NFQ59CsjDVJyZvc Sender: "andreyknvl via sendgmr" X-Received: from andreyknvl3.muc.corp.google.com ([2a00:79e0:15:13:edb8:b79c:2e20:e531]) (user=andreyknvl job=sendgmr) by 2002:ad4:4f41:: with SMTP id eu1mr5346273qvb.34.1612546521952; Fri, 05 Feb 2021 09:35:21 -0800 (PST) Date: Fri, 5 Feb 2021 18:34:47 +0100 In-Reply-To: Message-Id: <00383ba88a47c3f8342d12263c24bdf95527b07d.1612546384.git.andreyknvl@google.com> Mime-Version: 1.0 References: X-Mailer: git-send-email 2.30.0.365.g02bc693789-goog Subject: [PATCH v3 mm 13/13] kasan: clarify that only first bug is reported in HW_TAGS From: Andrey Konovalov To: Andrew Morton , Catalin Marinas , Vincenzo Frascino , Dmitry Vyukov , Alexander Potapenko , Marco Elver Cc: Will Deacon , Andrey Ryabinin , Peter Collingbourne , Evgenii Stepanov , Branislav Rankov , Kevin Brodsky , kasan-dev@googlegroups.com, linux-arm-kernel@lists.infradead.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hwardware tag-based KASAN only reports the first found bug. After that MTE tag checking gets disabled. Clarify this in comments and documentation. Signed-off-by: Andrey Konovalov --- Documentation/dev-tools/kasan.rst | 8 ++++++-- mm/kasan/hw_tags.c | 2 +- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/Documentation/dev-tools/kasan.rst b/Documentation/dev-tools/kasan.rst index e022b7506e37..1faabbe23e09 100644 --- a/Documentation/dev-tools/kasan.rst +++ b/Documentation/dev-tools/kasan.rst @@ -155,7 +155,7 @@ Boot parameters ~~~~~~~~~~~~~~~ Hardware tag-based KASAN mode (see the section about various modes below) is -intended for use in production as a security mitigation. Therefore it supports +intended for use in production as a security mitigation. Therefore, it supports boot parameters that allow to disable KASAN competely or otherwise control particular KASAN features. @@ -166,7 +166,8 @@ particular KASAN features. ``off``). - ``kasan.fault=report`` or ``=panic`` controls whether to only print a KASAN - report or also panic the kernel (default: ``report``). + report or also panic the kernel (default: ``report``). Note, that tag + checking gets disabled after the first reported bug. For developers ~~~~~~~~~~~~~~ @@ -296,6 +297,9 @@ Note, that enabling CONFIG_KASAN_HW_TAGS always results in in-kernel TBI being enabled. Even when kasan.mode=off is provided, or when the hardware doesn't support MTE (but supports TBI). +Hardware tag-based KASAN only reports the first found bug. After that MTE tag +checking gets disabled. + What memory accesses are sanitised by KASAN? -------------------------------------------- diff --git a/mm/kasan/hw_tags.c b/mm/kasan/hw_tags.c index e529428e7a11..6c9285c906b8 100644 --- a/mm/kasan/hw_tags.c +++ b/mm/kasan/hw_tags.c @@ -48,7 +48,7 @@ EXPORT_SYMBOL(kasan_flag_enabled); /* Whether to collect alloc/free stack traces. */ DEFINE_STATIC_KEY_FALSE(kasan_flag_stacktrace); -/* Whether panic or disable tag checking on fault. */ +/* Whether to panic or print a report and disable tag checking on fault. */ bool kasan_flag_panic __ro_after_init; /* kasan=off/on */ -- 2.30.0.365.g02bc693789-goog