Received: by 2002:a6b:500f:0:0:0:0:0 with SMTP id e15csp5263346iob; Mon, 9 May 2022 12:15:13 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzSOeVDff2jan5KWIkNXNThg8tEOlz0ixQA0UoP+VyuGALVcHSqSPkIW8Q5pxlrVtRISWx5 X-Received: by 2002:ac8:7d4b:0:b0:2f3:e185:efd4 with SMTP id h11-20020ac87d4b000000b002f3e185efd4mr1892678qtb.392.1652123713478; Mon, 09 May 2022 12:15:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1652123713; cv=none; d=google.com; s=arc-20160816; b=GB8RaMGYXV/FEP/JGWsQt2NKvULGWgSM+7Ins0Q3qyL2o8GOHidtAbhBuVfUEpFdhN INzw6NH4s3gowLQ92nS9RTptkhxLnCsVxHfym1KzI6aiKWIrZsAodjVpVaZ37yTE8wZH FSk28YoMGZnFkXX7PiweLQTtF/aSU5w7ve+zeGPORieaZDJYctNCcEtMqD7xWqQRNmKf usGxj4QUHs/pt6zuQZW29GqaYKdF6wXhAv8i9E2eS/yfoc1eWE26ettv2+99cHcfibCr MRT09mtN2b+lgdQzKyLD2kIXV8X2jaRlFmx6ARZI9GMl3o0OefOZ4f0OIh0+uNrpglJ6 Er6g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=EkFD1fi2DMJyDMqe6JC23GNJMEwl8KxQZeJUIWsDFSE=; b=mEYUJrukVeFej16uatD03q77zHE6FxgFg8VAcD33QiFbym4XdVxGgmXR2AzHJJHJDD uzgRNZB+RbZ5ZzCl8PCxcspPnGcPWO03fSLRG3+CK5Fxe0HNnY0vk+xIVHF3fGTvrRFD FjknRwxcpymnkalT/+AkNQSTF8spMaiIVSmJqUTsLw1G4cfuLVuMZhal30hSaru7rHRr 9hOG3IO39xdkqtZwnDpPupcN98hIzf/UprrJlvrGPjvU7bOeKSJ2oey6eX/W1kip4js3 RBw5pMnb2YxEDzygFlE7NzpSoIIdK2EuMaELti80DzNQ0h2ZMCfspjYle3PeTva93Y45 OyMA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux.dev header.s=key1 header.b=bSVeJpsx; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.dev Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id v18-20020a05622a015200b002f39be96cd3si1524008qtw.354.2022.05.09.12.15.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 09 May 2022 12:15:13 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; dkim=pass header.i=@linux.dev header.s=key1 header.b=bSVeJpsx; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.dev Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 57BFC29B013; Mon, 9 May 2022 12:07:47 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240439AbiEITL1 (ORCPT + 99 others); Mon, 9 May 2022 15:11:27 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37534 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S240413AbiEITLV (ORCPT ); Mon, 9 May 2022 15:11:21 -0400 Received: from out1.migadu.com (out1.migadu.com [91.121.223.63]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E75C629954F for ; Mon, 9 May 2022 12:07:25 -0700 (PDT) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1652123243; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=EkFD1fi2DMJyDMqe6JC23GNJMEwl8KxQZeJUIWsDFSE=; b=bSVeJpsxpfF/gZ6ybl32z8xoaFp8SLatMfc9aVTiKSNdm31EwIRdrOue2bVI4SXXou+HQ7 UmtBrF8mKhroE/Ys64WNVEaw4PAtIFFNfYgl8IAty9fepkiH4yhZU0vExAKBpodLEUxidA jY+oLuGyRpiKmjD86P5z/6XHWt/7KC4= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH 2/3] kasan: move boot parameters section in documentation Date: Mon, 9 May 2022 21:07:18 +0200 Message-Id: In-Reply-To: <5bd58ebebf066593ce0e1d265d60278b5f5a1874.1652123204.git.andreyknvl@google.com> References: <5bd58ebebf066593ce0e1d265d60278b5f5a1874.1652123204.git.andreyknvl@google.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Migadu-Flow: FLOW_OUT X-Migadu-Auth-User: linux.dev X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Andrey Konovalov Move the "Boot parameters" section in KASAN documentation next to the section that describes KASAN build options. No content changes. Signed-off-by: Andrey Konovalov --- Documentation/dev-tools/kasan.rst | 82 +++++++++++++++---------------- 1 file changed, 41 insertions(+), 41 deletions(-) diff --git a/Documentation/dev-tools/kasan.rst b/Documentation/dev-tools/kasan.rst index aca219ed1198..7f103e975ac2 100644 --- a/Documentation/dev-tools/kasan.rst +++ b/Documentation/dev-tools/kasan.rst @@ -94,6 +94,47 @@ To include alloc and free stack traces of affected slab objects into reports, enable ``CONFIG_STACKTRACE``. To include alloc and free stack traces of affected physical pages, enable ``CONFIG_PAGE_OWNER`` and boot with ``page_owner=on``. +Boot parameters +~~~~~~~~~~~~~~~ + +KASAN is affected by the generic ``panic_on_warn`` command line parameter. +When it is enabled, KASAN panics the kernel after printing a bug report. + +By default, KASAN prints a bug report only for the first invalid memory access. +With ``kasan_multi_shot``, KASAN prints a report on every invalid access. This +effectively disables ``panic_on_warn`` for KASAN reports. + +Alternatively, independent of ``panic_on_warn``, the ``kasan.fault=`` boot +parameter can be used to control panic and reporting behaviour: + +- ``kasan.fault=report`` or ``=panic`` controls whether to only print a KASAN + report or also panic the kernel (default: ``report``). The panic happens even + if ``kasan_multi_shot`` is enabled. + +Hardware Tag-Based KASAN mode (see the section about various modes below) is +intended for use in production as a security mitigation. Therefore, it supports +additional boot parameters that allow disabling KASAN or controlling features: + +- ``kasan=off`` or ``=on`` controls whether KASAN is enabled (default: ``on``). + +- ``kasan.mode=sync``, ``=async`` or ``=asymm`` controls whether KASAN + is configured in synchronous, asynchronous or asymmetric mode of + execution (default: ``sync``). + Synchronous mode: a bad access is detected immediately when a tag + check fault occurs. + Asynchronous mode: a bad access detection is delayed. When a tag check + fault occurs, the information is stored in hardware (in the TFSR_EL1 + register for arm64). The kernel periodically checks the hardware and + only reports tag faults during these checks. + Asymmetric mode: a bad access is detected synchronously on reads and + asynchronously on writes. + +- ``kasan.vmalloc=off`` or ``=on`` disables or enables tagging of vmalloc + allocations (default: ``on``). + +- ``kasan.stacktrace=off`` or ``=on`` disables or enables alloc and free stack + traces collection (default: ``on``). + Error reports ~~~~~~~~~~~~~ @@ -208,47 +249,6 @@ traces point to places in code that interacted with the object but that are not directly present in the bad access stack trace. Currently, this includes call_rcu() and workqueue queuing. -Boot parameters -~~~~~~~~~~~~~~~ - -KASAN is affected by the generic ``panic_on_warn`` command line parameter. -When it is enabled, KASAN panics the kernel after printing a bug report. - -By default, KASAN prints a bug report only for the first invalid memory access. -With ``kasan_multi_shot``, KASAN prints a report on every invalid access. This -effectively disables ``panic_on_warn`` for KASAN reports. - -Alternatively, independent of ``panic_on_warn``, the ``kasan.fault=`` boot -parameter can be used to control panic and reporting behaviour: - -- ``kasan.fault=report`` or ``=panic`` controls whether to only print a KASAN - report or also panic the kernel (default: ``report``). The panic happens even - if ``kasan_multi_shot`` is enabled. - -Hardware Tag-Based KASAN mode (see the section about various modes below) is -intended for use in production as a security mitigation. Therefore, it supports -additional boot parameters that allow disabling KASAN or controlling features: - -- ``kasan=off`` or ``=on`` controls whether KASAN is enabled (default: ``on``). - -- ``kasan.mode=sync``, ``=async`` or ``=asymm`` controls whether KASAN - is configured in synchronous, asynchronous or asymmetric mode of - execution (default: ``sync``). - Synchronous mode: a bad access is detected immediately when a tag - check fault occurs. - Asynchronous mode: a bad access detection is delayed. When a tag check - fault occurs, the information is stored in hardware (in the TFSR_EL1 - register for arm64). The kernel periodically checks the hardware and - only reports tag faults during these checks. - Asymmetric mode: a bad access is detected synchronously on reads and - asynchronously on writes. - -- ``kasan.vmalloc=off`` or ``=on`` disables or enables tagging of vmalloc - allocations (default: ``on``). - -- ``kasan.stacktrace=off`` or ``=on`` disables or enables alloc and free stack - traces collection (default: ``on``). - Implementation details ---------------------- -- 2.25.1