Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp736435pxf; Thu, 11 Mar 2021 13:39:58 -0800 (PST) X-Google-Smtp-Source: ABdhPJzkRBS3O1JTmpUPjkdsdbxqWVQC4vQLxEdmsZE71AAWTpNsi1gStEAP2RNTpdmdnzMqqgJL X-Received: by 2002:a17:906:19d9:: with SMTP id h25mr5274650ejd.453.1615498798551; Thu, 11 Mar 2021 13:39:58 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1615498798; cv=none; d=google.com; s=arc-20160816; b=ksJXOjs2pawZeBKM8lk6M97H3b1xnMgsRfjCM5xlXEaOVn3e3isdvjXaIogvHaU90W HIYhm3OZKdYWrQNagbcUPNlQzN5zXRbo+9iWCqx6av1SWmAnJslfep31Ppafgfv58qJ0 pCj1dF/df561tSnxB01pBwnLNI5CurTru8q19VLi1jhaW1rNUtxadnYaS2ytfWgPlZrA 6xnWfYLtzjAvqtmkXtsGytLqkthoIRPJNrAtHLzyOe1O3UKh0GKGj3zek5flhNkBFhfM Tu7tErc1z2PZ4MAcyFODfq3Z3m/fr0ptTVwdTxVMCxrY7ezQF2sLWr9TksdChcqt18Pp ROuA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:references:mime-version :message-id:in-reply-to:date:dkim-signature; bh=bDwYzUcq1HRoRYrIwl703QQ3e7+1Dgb9ijuIXOFbJHo=; b=UIcogoHLVNWLhF/Ppib6qujccPBcwofzFhe2pXHCAyZqRQnek13WwXYdzinzV+TBuT 9/YQ7vjJ6nOwDfAIrQ1L5212L1bF1doMfpN+qRbq4UoiLUHkEazDhzNPoUxF1tca+z0G EkRa5yTrfbMJlF6/Z+1avyOd+ibEyBdAQaLHTQHMVX5ln1/7r67TNMgRBsvv/pg4GOSY J9a4ZEfG+CK7mk6wag1tYjahj0V4Ce5P8ndBnxexwV3FLu7C750x4oFgIruNZimH2Tlk x/3zkOKJdMSNQj/tfpHm+NF6vo9MpkL9G2Paa/5g90C9kdWrHlAqBsUJsXJxwTKpSIra LU/A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=AN4kaYWM; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id t17si2551116ejx.576.2021.03.11.13.39.35; Thu, 11 Mar 2021 13:39:58 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=AN4kaYWM; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231131AbhCKVhi (ORCPT + 99 others); Thu, 11 Mar 2021 16:37:38 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38980 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229674AbhCKVhb (ORCPT ); Thu, 11 Mar 2021 16:37:31 -0500 Received: from mail-ej1-x64a.google.com (mail-ej1-x64a.google.com [IPv6:2a00:1450:4864:20::64a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5F090C061574 for ; Thu, 11 Mar 2021 13:37:31 -0800 (PST) Received: by mail-ej1-x64a.google.com with SMTP id k16so9235075ejg.9 for ; Thu, 11 Mar 2021 13:37:31 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=bDwYzUcq1HRoRYrIwl703QQ3e7+1Dgb9ijuIXOFbJHo=; b=AN4kaYWMwgLyNq9/I2+MxoRvyGdu5wrRA0oy9puCLntFIfitARVxBAREcjxAZTPB6G ILX8K3mtmmvfngnASSchXJ7vleDurUCocGbi4ou5uRB8sBewWhKoQmwU4l723uGTwv0i IOYQNbSuPtJupX70JfyQzfetrlZbE91wTbGJD3QCvuI8cqtl2BAtd9bpnEactwFhZEwm Y3BsGpb4rA5jPvbVKm1Q62RZF7uTg2jxPjqvDirsJGKliWAZ91n1rHUiNBi32ImW3IIP jYwQnl13fF1UnBnX5lD+DmCoHYVwhur1LzpCYfKjcHZGVn44dUBo8N4ElCCtQlI4ovce STng== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=bDwYzUcq1HRoRYrIwl703QQ3e7+1Dgb9ijuIXOFbJHo=; b=PAWXsGtYAj0OUWfgFGGc7sVto5Ri6ezL4AwDT+zh1RgTjZpB3RKNeisfIyZ/m6HSl5 LZfbho0qLDhuvZGqXGxUZP7rzWcKUuC1PLSg8s7AZf63ps4DlVCcjsDkGOAES3zMxods K/r9qZ7YpoLTVQ6/fX2ppxSNGhQpD+eieq03JUtmxa31pm3UlIjtLOOJ+OVSddNDbYFx NcQ+MRI/wr0vVNmArfbaFor9MEtPY/NLPdhyxuTlx9YVUkyD62YYiRgi6J3InBOWSssw bW6bmbWrOm1aKcPkwEdMeX0crszLCkBouwSQXY5oNJZq10DcjXZrX79mQpY83Qg5BBrU BsKg== X-Gm-Message-State: AOAM532bZmr9jdhJEfPkin9gVLXCahMUl+Hmq88PQtrBD6fie0SgJOT4 A+kl0qpBcgJ0e/RUohYdFr1W2PbSqlefNBuX X-Received: from andreyknvl3.muc.corp.google.com ([2a00:79e0:15:13:95a:d8a8:4925:42be]) (user=andreyknvl job=sendgmr) by 2002:a17:906:bccc:: with SMTP id lw12mr5043065ejb.268.1615498649994; Thu, 11 Mar 2021 13:37:29 -0800 (PST) Date: Thu, 11 Mar 2021 22:37:14 +0100 In-Reply-To: Message-Id: Mime-Version: 1.0 References: X-Mailer: git-send-email 2.31.0.rc2.261.g7f71774620-goog Subject: [PATCH 02/11] kasan: docs: update overview section From: Andrey Konovalov To: Andrew Morton , Alexander Potapenko , Marco Elver Cc: Andrey Ryabinin , Dmitry Vyukov , kasan-dev@googlegroups.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Update the "Overview" section in KASAN documentation: - Outline main use cases for each mode. - Mention that HW_TAGS mode need compiler support too. - Move the part about SLUB/SLAB support from "Usage" to "Overview". - Punctuation, readability, and other minor clean-ups. Signed-off-by: Andrey Konovalov --- Documentation/dev-tools/kasan.rst | 27 +++++++++++++++++++-------- 1 file changed, 19 insertions(+), 8 deletions(-) diff --git a/Documentation/dev-tools/kasan.rst b/Documentation/dev-tools/kasan.rst index c9484f34da2a..343a683d0520 100644 --- a/Documentation/dev-tools/kasan.rst +++ b/Documentation/dev-tools/kasan.rst @@ -11,17 +11,31 @@ designed to find out-of-bound and use-after-free bugs. KASAN has three modes: 2. software tag-based KASAN (similar to userspace HWASan), 3. hardware tag-based KASAN (based on hardware memory tagging). -Software KASAN modes (1 and 2) use compile-time instrumentation to insert -validity checks before every memory access, and therefore require a compiler +Generic KASAN is mainly used for debugging due to a large memory overhead. +Software tag-based KASAN can be used for dogfood testing as it has a lower +memory overhead that allows using it with real workloads. Hardware tag-based +KASAN comes with low memory and performance overheads and, therefore, can be +used in production. Either as an in-field memory bug detector or as a security +mitigation. + +Software KASAN modes (#1 and #2) use compile-time instrumentation to insert +validity checks before every memory access and, therefore, require a compiler version that supports that. -Generic KASAN is supported in both GCC and Clang. With GCC it requires version +Generic KASAN is supported in GCC and Clang. With GCC, it requires version 8.3.0 or later. Any supported Clang version is compatible, but detection of out-of-bounds accesses for global variables is only supported since Clang 11. -Tag-based KASAN is only supported in Clang. +Software tag-based KASAN mode is only supported in Clang. -Currently generic KASAN is supported for the x86_64, arm, arm64, xtensa, s390 +The hardware KASAN mode (#3) relies on hardware to perform the checks but +still requires a compiler version that supports memory tagging instructions. +This mode is supported in Clang 11+. + +Both software KASAN modes work with SLUB and SLAB memory allocators, +while the hardware tag-based KASAN currently only supports SLUB. + +Currently, generic KASAN is supported for the x86_64, arm, arm64, xtensa, s390, and riscv architectures, and tag-based KASAN modes are supported only for arm64. Usage @@ -39,9 +53,6 @@ For software modes, you also need to choose between CONFIG_KASAN_OUTLINE and CONFIG_KASAN_INLINE. Outline and inline are compiler instrumentation types. The former produces smaller binary while the latter is 1.1 - 2 times faster. -Both software KASAN modes work with both SLUB and SLAB memory allocators, -while the hardware tag-based KASAN currently only support SLUB. - For better error reports that include stack traces, enable CONFIG_STACKTRACE. To augment reports with last allocation and freeing stack of the physical page, -- 2.31.0.rc2.261.g7f71774620-goog