Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp7527317pxb; Thu, 18 Feb 2021 12:28:57 -0800 (PST) X-Google-Smtp-Source: ABdhPJyPe4vYPEB1h0poispQAFkBPC2yzX/+sZ4SN2vmYPVf9wKRe0E0L9VeJK9x1dlbLneMyin7 X-Received: by 2002:a17:907:a059:: with SMTP id gz25mr5758693ejc.400.1613680136757; Thu, 18 Feb 2021 12:28:56 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1613680136; cv=none; d=google.com; s=arc-20160816; b=wYE+BqJ9qLY9pAmOht9I00uYaJHn3NnwIOxOOpsOSVs3xatmD4x/HJExShadoAizaM NpUsoa+Jbyv790V9VeLyDZ2yMmLD32S40tMKKGuneiEZIr9q63HeGznP6y0UXULKPGGv QStjhsaRywqTmMETrIwbTXQOuUYhYulyKk1kBDIN7jO/juRfsHPzz5+VukxaHRTb+tZe gp1rtaPBVYgsBHmXZ/QimKOykjUdeiD14DCXp6FBYRWfSt2gBk3msoxeozdMJtqpKIN6 4HN8TgSTGW3axix48wGcgjwnOo5rRCHti/Bcq9+xtsr6mFXoP8hydEtAul6lq2FpBAMQ PJ1Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=GC4n6p0kCS6da68jsD6jAKKzKuFPDfyocm7j6MYSTS8=; b=Dqqv967h1+ukiwgCr6514RyCBP4c3f2QBji7TEsD73akggE19J2jDpT0aCFli/T/re QpxG9pXHukTaulGpTHs3r5rSJCGbr4lOVmxgp5PYWCSnjkMjoiXib0CEnaj6yWKcxZI/ Z/XtHBzj06lr2f5prGILMkJBbOtRVLRYPXMAh4+2Yxg7QF1i7otVx8W+iFe99jCryu13 Bgiey3eec+MQL7AfhFPoTHXBLpun0q38MrZ146ciOPxFa+0NvMynkAavpFk/d3gojbBd FXklj3b8IubO157coKKbXTR6N/Hm26GDl0QJx3bueoyLe65aQWqBtWNCXyrvqDDfoL9V ZMEg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b="uInv/Zqo"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id r23si4909475edy.410.2021.02.18.12.28.33; Thu, 18 Feb 2021 12:28:56 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b="uInv/Zqo"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230209AbhBRU1c (ORCPT + 99 others); Thu, 18 Feb 2021 15:27:32 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38252 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229652AbhBRU13 (ORCPT ); Thu, 18 Feb 2021 15:27:29 -0500 Received: from mail-pj1-x1036.google.com (mail-pj1-x1036.google.com [IPv6:2607:f8b0:4864:20::1036]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BFED5C061756 for ; Thu, 18 Feb 2021 12:26:48 -0800 (PST) Received: by mail-pj1-x1036.google.com with SMTP id fy5so2027868pjb.5 for ; Thu, 18 Feb 2021 12:26:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=GC4n6p0kCS6da68jsD6jAKKzKuFPDfyocm7j6MYSTS8=; b=uInv/ZqoBJmasKXFM/O8yXdM4LTRC1zztGi57d3m+qWoPYlp4vepNpjPUOLwPS3+GY 2l0ltb4aK3RgZ53X5mpdYs7V5ViAR49cUI65Za/4iILIlfhMvA2gQbpDSwhDplVFR+bD j93/IqG09Yw8LsIVnG5WotNR+D4e3gmA7GMbYdauLrjfy1KG8rrLV8j4FaKqK76uW+b2 hAV4oQKw5d7iiK2A1s8qlr3tgO8yehsx3m8QdqY5brt3gCttkX/eTvEV3pGaVye/z5P8 5pvw96XJr6z63Wdrb3VUBILPWqQWZ2ZAUqZj4jVqVo2202J/Mvse/lpKK5MYb2UKFPOe XK8w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=GC4n6p0kCS6da68jsD6jAKKzKuFPDfyocm7j6MYSTS8=; b=Bj12k78KIPf0OLaZPRdkwgiSyLKyFgz4mUhhxtX67NH/rLT7nnjMoU9DhAkyk/rWL1 cYA5lBiODvTJayVkKeZLWfKi8MsG5PEAD334u/h0NvFUYyDmOhYhnH51imQ0eIFIsmiG 0huNeR020Z9zoCfGKqg6U+p3XeWJB0XyIYt/biP6/t4ZAvc6/s16oEAKkuDbP1P17x9e MjHylGTbuHAYbcaRBMxPqM4KWmYC0yarMJaSVVu9diJF0hCyCBlhsHiHxJPF7xvtm4rj 2F3pcGL2akM9HX/1TpBAQIt9CqQa7tHORrDi3t4zdcSLVSzujVs89QNZmxxk6aqxjL4p sRCA== X-Gm-Message-State: AOAM531YZboVTK2of5EMR05cY7CDcxwyjr572zJ/svPWyqf6uDkCh6PH WnwCYXy97rWI6+uPTB3OEVNmbXo8LGFrCkvUuKIkQQ== X-Received: by 2002:a17:90b:350b:: with SMTP id ls11mr5575629pjb.166.1613680008214; Thu, 18 Feb 2021 12:26:48 -0800 (PST) MIME-Version: 1.0 References: <487751e1ccec8fcd32e25a06ce000617e96d7ae1.1613595269.git.andreyknvl@google.com> <509c1c80-bb2c-0c5c-ffa3-939ca40d2646@redhat.com> In-Reply-To: <509c1c80-bb2c-0c5c-ffa3-939ca40d2646@redhat.com> From: Andrey Konovalov Date: Thu, 18 Feb 2021 21:26:36 +0100 Message-ID: Subject: Re: [PATCH] mm, kasan: don't poison boot memory To: David Hildenbrand Cc: Andrew Morton , Catalin Marinas , Vincenzo Frascino , Dmitry Vyukov , George Kennedy , Konrad Rzeszutek Wilk , Will Deacon , Andrey Ryabinin , Alexander Potapenko , Marco Elver , Peter Collingbourne , Evgenii Stepanov , Branislav Rankov , Kevin Brodsky , Christoph Hellwig , kasan-dev , Linux ARM , Linux Memory Management List , LKML Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Feb 18, 2021 at 8:46 PM David Hildenbrand wrote: > > > 1. For KASAN_GENERIC: leave everything as is to be able to detect > > these boot-time bugs. > > > > 2. For KASAN_SW_TAGS: remove boot-time poisoning via > > kasan_free_pages(), but use the "invalid" tag as the default shadow > > value. The end result should be the same: bad accesses will be > > detected. For unallocated memory as it has the default "invalid" tag, > > and for allocated memory as it's poisoned properly when > > allocated/freed. > > > > 3. For KASAN_HW_TAGS: just remove boot-time poisoning via > > kasan_free_pages(). As the memory tags have a random unspecified > > value, we'll still have a 15/16 chance to detect a memory corruption. > > > > This also makes sense from the performance perspective: KASAN_GENERIC > > isn't meant to be running in production, so having a larger perf > > impact is acceptable. The other two modes will be faster. > > Sounds in principle sane to me. I'll post a v2 soon, thanks! > Side note: I am not sure if anybody runs KASAN in production. Memory is > expensive. Feel free to prove me wrong, I'd be very interest in actual > users. We run KASAN_SW_TAGS on some dogfood testing devices, and KASAN_HW_TAGS is being developed with the goal to be running in production.