Received: by 2002:a05:6358:489b:b0:bb:da1:e618 with SMTP id x27csp4106193rwn; Sun, 11 Sep 2022 05:24:08 -0700 (PDT) X-Google-Smtp-Source: AA6agR7id1AQCG7rYVTQzQSko+fcCJInFMAyPQggtRoJD+W67JDFFP5Aj3wRGXqRbhK6DAjNEBsY X-Received: by 2002:a17:907:75e7:b0:77a:2378:91bb with SMTP id jz7-20020a17090775e700b0077a237891bbmr7328214ejc.329.1662899047744; Sun, 11 Sep 2022 05:24:07 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1662899047; cv=none; d=google.com; s=arc-20160816; b=xq2TVN1S2UIjLvcQME7qSxRZd5AvKV4jNVX9UwSvmTdQpV14HczWWnpB7XBB7ul0xm cdWDAIzQbhYy0BbgvfKpB03tWOuXm8KcalV4+6HsX2HllWaaOdZWkS02qBFMVPRvGTHJ yQgh4UQCRWkahsQ6ivGCO/E5X/ZkIdtCmCJR7GwtomEJmJ1M8B6Rdxs+AQvoIEHU824a JtGCqGiS21xxDTazerv5z2NT2PrNU1V4jiS/3ALpn7lgZZ6/OWPFfDPXVCqSS00lhUhl sO1uZSeoR2VQ8o8qiFy13DVRicgTz7I1/Y/88BD8SoBUhuZzX/XWraiMLH5T9ergrS0E jW+g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=o0NomSJrd+We+cA0E2POE4mJvtyH0veoDgu14xHBABY=; b=CG5zlyuBOiRrffurXmwxoDisN7zJELUzml1fxqM+A3Fht3EoYDyi4OseIchBTo8Rwe HU3ATnvPfNcrR0byLHhKPvvaoUpxHgIe+8dc7UrPCens/qkRYc52LoZqqZikvHlh5ehF S0tyf2qDzNv6GGbPf2jgQQe7GHPjaI8udKzv5nsfwUUBVgajMnuRvmfUj+fBeV8REE6Z abPs+y56pAtocrqabLmaVhxb09FKkMpXTuFGo1cuft0dbYpJJFz4QjF5UFgTh1hB/H4J qcFQ5bZF35iDd5NzeCAF8EbWx20euM2Mwsp6JSGW0buOiN3NMolVYOucDhQ2bQNNXmsQ aHSA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=Pp9lyLfW; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id ay25-20020a056402203900b004505bf284d6si4495586edb.366.2022.09.11.05.23.39; Sun, 11 Sep 2022 05:24:07 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=Pp9lyLfW; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230156AbiIKLuS (ORCPT + 99 others); Sun, 11 Sep 2022 07:50:18 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44358 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230003AbiIKLuP (ORCPT ); Sun, 11 Sep 2022 07:50:15 -0400 Received: from mail-qv1-xf2c.google.com (mail-qv1-xf2c.google.com [IPv6:2607:f8b0:4864:20::f2c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 931C81409D for ; Sun, 11 Sep 2022 04:50:14 -0700 (PDT) Received: by mail-qv1-xf2c.google.com with SMTP id j1so4818630qvv.8 for ; Sun, 11 Sep 2022 04:50:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date; bh=o0NomSJrd+We+cA0E2POE4mJvtyH0veoDgu14xHBABY=; b=Pp9lyLfWT0KtFM0AeWo+3VXMLLCDOJ45kj5tKR8HN3LHR9KS/v1qQDYrN+CLFAEULv VVonzvH8r3D/posWDedCCZ1NJ+/yWwtlmZcmy2J8eMW0eO90VzaFlyZhxZjZ+yf6T/NV uopfI59iOR5oeDXyuJ8rQbjE1pq8h8zRnPcl8+AFO/GMJk3/JJCHl7AeaQsbZG94BK3p RAvl1WbB1e+ySRPsytspHPKfBv9dJfEpVAlh0Uwj6+DWyPNStXoG9L6buUdLLjQS3luR +YuXiBMwLKK+dqJlEkXQuIOP+GasUjOP6jIBb9Rryli6vEaI+KrzPceI40IU2TPIP+Ap 93Kg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date; bh=o0NomSJrd+We+cA0E2POE4mJvtyH0veoDgu14xHBABY=; b=BAVsisiwUTv9yaWeHsj/oQVXKDd0lLVvDtxXg/JgdQyEEF/RaVyGcKVpULhdJ+XgNM V6yoUrhH2fKOn/yW/FBTVtOVCG6uCXrXb6rO2oVviljIkH+Kl9pAeMJQFg9jl2zlbRD1 Nfi5u0sVx/VcX0y3cUQbPnASU2FAS1K1p511tL6aBzKLZNCED6FKs8OEEobG0l8U48bZ K6hE6QTICkJrK+y4dYKhd+DPuePJHapK/iYgDg++VumAsW7vduC/7NpvDSyA6o8xMDoH n2nfgNU6TE07MbKOyteaygMHuThwlYayOtMjo/PdWgcEMtkH3PFHp+zj6VtLxV2pQ5BB kPJQ== X-Gm-Message-State: ACgBeo0ljPKZMGcUYdL8QHw83R1PuE4Y8udEg2LuU7Hh+ltj5w3yK1BL ffI/VMT56+QSNGC70X9wzJeE3skIgNhFTfxAlvI= X-Received: by 2002:a05:6214:c48:b0:4ac:b18d:c101 with SMTP id r8-20020a0562140c4800b004acb18dc101mr849569qvj.107.1662897013746; Sun, 11 Sep 2022 04:50:13 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Andrey Konovalov Date: Sun, 11 Sep 2022 13:50:03 +0200 Message-ID: Subject: Re: [PATCH mm v3 00/34] kasan: switch tag-based modes to stack ring from per-object metadata To: Andrew Morton Cc: Marco Elver , Alexander Potapenko , Dmitry Vyukov , Andrey Ryabinin , kasan-dev , Peter Collingbourne , Evgenii Stepanov , Florian Mayer , Linux Memory Management List , LKML , Andrey Konovalov , andrey.konovalov@linux.dev Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Sep 5, 2022 at 11:05 PM wrote: > > From: Andrey Konovalov > > This series makes the tag-based KASAN modes use a ring buffer for storing > stack depot handles for alloc/free stack traces for slab objects instead > of per-object metadata. This ring buffer is referred to as the stack ring. > > On each alloc/free of a slab object, the tagged address of the object and > the current stack trace are recorded in the stack ring. > > On each bug report, if the accessed address belongs to a slab object, the > stack ring is scanned for matching entries. The newest entries are used to > print the alloc/free stack traces in the report: one entry for alloc and > one for free. > > The advantages of this approach over storing stack trace handles in > per-object metadata with the tag-based KASAN modes: > > - Allows to find relevant stack traces for use-after-free bugs without > using quarantine for freed memory. (Currently, if the object was > reallocated multiple times, the report contains the latest alloc/free > stack traces, not necessarily the ones relevant to the buggy allocation.) > - Allows to better identify and mark use-after-free bugs, effectively > making the CONFIG_KASAN_TAGS_IDENTIFY functionality always-on. > - Has fixed memory overhead. > > The disadvantage: > > - If the affected object was allocated/freed long before the bug happened > and the stack trace events were purged from the stack ring, the report > will have no stack traces. > > Discussion > ========== > > The proposed implementation of the stack ring uses a single ring buffer for > the whole kernel. This might lead to contention due to atomic accesses to > the ring buffer index on multicore systems. > > At this point, it is unknown whether the performance impact from this > contention would be significant compared to the slowdown introduced by > collecting stack traces due to the planned changes to the latter part, > see the section below. > > For now, the proposed implementation is deemed to be good enough, but this > might need to be revisited once the stack collection becomes faster. > > A considered alternative is to keep a separate ring buffer for each CPU > and then iterate over all of them when printing a bug report. This approach > requires somehow figuring out which of the stack rings has the freshest > stack traces for an object if multiple stack rings have them. > > Further plans > ============= > > This series is a part of an effort to make KASAN stack trace collection > suitable for production. This requires stack trace collection to be fast > and memory-bounded. > > The planned steps are: > > 1. Speed up stack trace collection (potentially, by using SCS; > patches on-hold until steps #2 and #3 are completed). > 2. Keep stack trace handles in the stack ring (this series). > 3. Add a memory-bounded mode to stack depot or provide an alternative > memory-bounded stack storage. > 4. Potentially, implement stack trace collection sampling to minimize > the performance impact. > > Thanks! Hi Andrew, Could you consider picking up this series into mm? Most of the patches have a Reviewed-by tag from Marco, and I've addressed the last few comments he had in v3. Thanks!