Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp7902960rwd; Tue, 20 Jun 2023 07:42:33 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ4YUbTl4TMoLQUxTDlJ4MD6weGD6hhutF6mX2hS09hPF4pEI8iFmWgrF39QnplgNrYL/X7F X-Received: by 2002:a05:6a00:21c2:b0:65a:710a:7855 with SMTP id t2-20020a056a0021c200b0065a710a7855mr8362813pfj.26.1687272152970; Tue, 20 Jun 2023 07:42:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1687272152; cv=none; d=google.com; s=arc-20160816; b=bOAjb8CKkiiCQ9yxRbsPaEjyUHLIhzDx/lC0/qJyKBJAZmQWlbip/MgZGkqoDYAGVC 4XwueCD7PutRErl2adA5I1ehDrkmuQbafX/R0AzZy8JlkTnwInhFZCfZfsd0cujQbweD vT6iIZkqUebz5CemgrUljCA7/Ez5KPiRON8hNZvcQALIjXXUyirmiudhe8hfTq1BceeO t7ktOYNDcJWHThsEI5Nz70LQE+apl6W1g4084qaONfznn9PmRgbsjxcMRv5bJzTKGcz/ sfCs5SQq7B2gke6tJ6fyPNITYMjg6fhYr1uNIq+yArgLPPQiA2rj8BmK0Bv8LpZrK2I1 Jy2A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=Xu/aiaH31TZLMVI9Tp+a0lmhaF9umbZZEeQm47dZ8JI=; b=Rl+sEIwILDYPf/jjrbG2dKWgHVGfECbxlwo0d8YJUBdZz9ih2jiFhRJ/L2SuSU0d4k 4U32gsF6d9MX1Rj64E3ZLdrZCG/+7J9bggpsfeY6hd8DGoQeMAgFb6ZA+19laR+6+Y0/ MICQV52ucMMhlqd4nZtbYnruXe+NqiptwmSLiG2rzdBxWQtDEFbLiVj3LEOuC7zn+E9g 1B9yeHMuzb6V+SKyhadDG0la3qsVmRz43183nbygxY8F0ho4wDF8yww1HKQF19FejdUn 4Mtdw0GMOzQWjG6/5b4wjq/c1tRDMUmNFa0K77Z0mF8yXb3B0Fq4DZ9DorRaKQkx7jrO HIjg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20221208 header.b=CnJeqkL3; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id b77-20020a621b50000000b0066886c86747si1749861pfb.310.2023.06.20.07.42.04; Tue, 20 Jun 2023 07:42:32 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20221208 header.b=CnJeqkL3; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232021AbjFTN41 (ORCPT + 99 others); Tue, 20 Jun 2023 09:56:27 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53358 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231486AbjFTN4Z (ORCPT ); Tue, 20 Jun 2023 09:56:25 -0400 Received: from mail-oi1-x233.google.com (mail-oi1-x233.google.com [IPv6:2607:f8b0:4864:20::233]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A7BB510A; Tue, 20 Jun 2023 06:56:23 -0700 (PDT) Received: by mail-oi1-x233.google.com with SMTP id 5614622812f47-39ec45b22f6so2146699b6e.0; Tue, 20 Jun 2023 06:56:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1687269383; x=1689861383; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=Xu/aiaH31TZLMVI9Tp+a0lmhaF9umbZZEeQm47dZ8JI=; b=CnJeqkL3ZzkSmcdCSOkUt4xDGbdWTfBD9wl0ylaMOlqI2xPnNVZzwO2QZ3QfjpuKBT CbhB2sgp2Fie6iY/IYbZOyYOaY4LO9ZxAT4dCb2CiF0dRB9s6cmP/LId/jxJNi5VQDrd NjVUiWyNZHhQgUIH3ncvvgMHijgrvc1qBHwqf+I8IQip4dQnqUAuY6CP8qLAO8AbZCIx MZ6I5IkWFqLOLxpt1rsGPeqZBQGquBA8eyTl2gzTQoeNHA5iYHCRkyugMwCjSfkSybFB RssckhgYXhNcvjeqi4wQz6OGu1pabVgySO1l3Q4K3L1vAfVkbNSTHe89T/OdwlTkvaOu 5B5A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1687269383; x=1689861383; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Xu/aiaH31TZLMVI9Tp+a0lmhaF9umbZZEeQm47dZ8JI=; b=JB9dQCRXDFTOlg7lA5ZR/AUZ92MozrnygrrTLA7RWQJNhaqDK5t41r0PyYVt7rwedl Utj4Dm4izwJ35KL+SjGf7JaOgTe9CDvEEZ6itA6hfqVLsEhXeIDylsvcsA/dboPDNVk0 FSPbirJFsoHuPpQzcn6g2g5BXDd6FQuVH/kKykr0jUTjEUfD5NWnFbIdD+P1Q1xje/tu QEyyrJDU7yLDyYc5a7pTfeCv3BlTMHVNONKuCeirGbx/T9A1FmS0Q/eaiifYk8o1UZMq Z8t8kFhS1Bog/dzbExgovQ5AYBwy09u+c0gRcx2XiaIdq5OI3v3lYdvyhe+2+o/NxeC6 rTXw== X-Gm-Message-State: AC+VfDyIduL82FbY/RLkDfWdxDVBAIDTIW3beIyUSdBUxD+TH+upUYHa VmqCXGkphc3G/U6tLqgd7fhKa2wLFQifcL+ZQ6Q= X-Received: by 2002:a05:6808:6397:b0:39c:767e:bfc6 with SMTP id ec23-20020a056808639700b0039c767ebfc6mr11697031oib.10.1687269382925; Tue, 20 Jun 2023 06:56:22 -0700 (PDT) MIME-Version: 1.0 References: <20230614095158.1133673-1-elver@google.com> In-Reply-To: From: Andrey Konovalov Date: Tue, 20 Jun 2023 15:56:10 +0200 Message-ID: Subject: Re: [PATCH] kasan: add support for kasan.fault=panic_on_write To: Marco Elver Cc: Andrew Morton , Alexander Potapenko , Dmitry Vyukov , Taras Madan , Aleksandr Nogikh , Andrey Ryabinin , Vincenzo Frascino , Jonathan Corbet , kasan-dev@googlegroups.com, linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, Catalin Marinas Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jun 20, 2023 at 1:51=E2=80=AFPM Marco Elver wrot= e: > > > Ah, right. I did a quick google to check when I was writing the > > response and found this: https://lwn.net/Articles/882963/. But looks > > like that cover letter is wrong and the documentation is right. I > > wonder what the point of the asymmetric mode is then. > > Maybe not as strong, but asymm mode makes sense from a microarch point > of view, where writes are always committed into a store buffer, but > reads can only commit when the data (incl. tag) is available. Yeah, I get that it can be a bit better than async with a similar slowdown, but there's little value in catching only reads from the security standpoint. > > So the current code that you have should work perfectly. The only > > change I'd like to see is in the documentation. > > Something like this (or more?) > > diff --git a/Documentation/dev-tools/kasan.rst b/Documentation/dev-tools/= kasan.rst > index 7f37a46af574..3c58392d931e 100644 > --- a/Documentation/dev-tools/kasan.rst > +++ b/Documentation/dev-tools/kasan.rst > @@ -135,6 +135,8 @@ disabling KASAN altogether or controlling its feature= s: > fault occurs, the information is stored in hardware (in the TFSR_EL1 > register for arm64). The kernel periodically checks the hardware and > only reports tag faults during these checks. > + Note that ``kasan.fault=3Dpanic_on_write`` results in panic for all > + asynchronously checked accesses. > Asymmetric mode: a bad access is detected synchronously on reads and > asynchronously on writes. Could you move this to the section that describes the kasan.fault flag? This seems more consistent. Thanks!