Commit 6a63a63f authored by Andrey Konovalov's avatar Andrey Konovalov Committed by Linus Torvalds
Browse files

kasan: introduce CONFIG_KASAN_HW_TAGS 

This patch adds a configuration option for a new KASAN mode called
hardware tag-based KASAN.  This mode uses the memory tagging approach like
the software tag-based mode, but relies on arm64 Memory Tagging Extension
feature for tag management and access checking.

Link: https://lkml.kernel.org/r/44906a209d3a44f9c6f5a21841e90988e365601e.1606161801.git.andreyknvl@google.com


Signed-off-by: default avatarAndrey Konovalov <andreyknvl@google.com>
Co-developed-by: default avatarVincenzo Frascino <vincenzo.frascino@arm.com>
Signed-off-by: default avatarVincenzo Frascino <vincenzo.frascino@arm.com>
Reviewed-by: default avatarMarco Elver <elver@google.com>
Reviewed-by: default avatarAlexander Potapenko <glider@google.com>
Tested-by: default avatarVincenzo Frascino <vincenzo.frascino@arm.com>
Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>
Cc: Branislav Rankov <Branislav.Rankov@arm.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: Evgenii Stepanov <eugenis@google.com>
Cc: Kevin Brodsky <kevin.brodsky@arm.com>
Cc: Vasily Gorbik <gor@linux.ibm.com>
Cc: Will Deacon <will.deacon@arm.com>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent 96e0279d

lib/Kconfig.kasan

+44 −17
Original line number Diff line number Diff line
@@ -6,6 +6,9 @@ config HAVE_ARCH_KASAN 
config HAVE_ARCH_KASAN_SW_TAGS

	bool



config HAVE_ARCH_KASAN_HW_TAGS

	bool



config HAVE_ARCH_KASAN_VMALLOC

	bool
@@ -15,16 +18,19 @@ config CC_HAS_KASAN_GENERIC 
config CC_HAS_KASAN_SW_TAGS

	def_bool $(cc-option, -fsanitize=kernel-hwaddress)



# This option is only required for software KASAN modes.

# Old GCC versions don't have proper support for no_sanitize_address.

# See https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89124 for details.

config CC_HAS_WORKING_NOSANITIZE_ADDRESS

	def_bool !CC_IS_GCC || GCC_VERSION >= 80300



menuconfig KASAN

	bool "KASAN: runtime memory debugger"

	depends on (HAVE_ARCH_KASAN && CC_HAS_KASAN_GENERIC) || \

		   (HAVE_ARCH_KASAN_SW_TAGS && CC_HAS_KASAN_SW_TAGS)

	depends on (((HAVE_ARCH_KASAN && CC_HAS_KASAN_GENERIC) || \

		     (HAVE_ARCH_KASAN_SW_TAGS && CC_HAS_KASAN_SW_TAGS)) && \

		    CC_HAS_WORKING_NOSANITIZE_ADDRESS) || \

		   HAVE_ARCH_KASAN_HW_TAGS

	depends on (SLUB && SYSFS) || (SLAB && !DEBUG_SLAB)

	depends on CC_HAS_WORKING_NOSANITIZE_ADDRESS

	select CONSTRUCTORS

	select STACKDEPOT

	help

	  Enables KASAN (KernelAddressSANitizer) - runtime memory debugger,
@@ -37,18 +43,24 @@ choice 
	prompt "KASAN mode"

	default KASAN_GENERIC

	help

	  KASAN has two modes: generic KASAN (similar to userspace ASan,

	  x86_64/arm64/xtensa, enabled with CONFIG_KASAN_GENERIC) and

	  software tag-based KASAN (a version based on software memory

	  tagging, arm64 only, similar to userspace HWASan, enabled with

	  CONFIG_KASAN_SW_TAGS).

	  KASAN has three modes:

	  1. generic KASAN (similar to userspace ASan,

	     x86_64/arm64/xtensa, enabled with CONFIG_KASAN_GENERIC),

	  2. software tag-based KASAN (arm64 only, based on software

	     memory tagging (similar to userspace HWASan), enabled with

	     CONFIG_KASAN_SW_TAGS), and

	  3. hardware tag-based KASAN (arm64 only, based on hardware

	     memory tagging, enabled with CONFIG_KASAN_HW_TAGS).



	  All KASAN modes are strictly debugging features.



	  Both generic and tag-based KASAN are strictly debugging features.

	  For better error reports enable CONFIG_STACKTRACE.



config KASAN_GENERIC

	bool "Generic mode"

	depends on HAVE_ARCH_KASAN && CC_HAS_KASAN_GENERIC

	select SLUB_DEBUG if SLUB

	select CONSTRUCTORS

	help

	  Enables generic KASAN mode.
@@ -61,8 +73,6 @@ config KASAN_GENERIC 
	  and introduces an overhead of ~x1.5 for the rest of the allocations.

	  The performance slowdown is ~x3.



	  For better error detection enable CONFIG_STACKTRACE.



	  Currently CONFIG_KASAN_GENERIC doesn't work with CONFIG_DEBUG_SLAB

	  (the resulting kernel does not boot).
@@ -70,11 +80,15 @@ config KASAN_SW_TAGS 
	bool "Software tag-based mode"

	depends on HAVE_ARCH_KASAN_SW_TAGS && CC_HAS_KASAN_SW_TAGS

	select SLUB_DEBUG if SLUB

	select CONSTRUCTORS

	help

	  Enables software tag-based KASAN mode.



	  This mode requires Top Byte Ignore support by the CPU and therefore

	  is only supported for arm64. This mode requires Clang.

	  This mode require software memory tagging support in the form of

	  HWASan-like compiler instrumentation.



	  Currently this mode is only implemented for arm64 CPUs and relies on

	  Top Byte Ignore. This mode requires Clang.



	  This mode consumes about 1/16th of available memory at kernel start

	  and introduces an overhead of ~20% for the rest of the allocations.
@@ -82,15 +96,27 @@ config KASAN_SW_TAGS 
	  casting and comparison, as it embeds tags into the top byte of each

	  pointer.



	  For better error detection enable CONFIG_STACKTRACE.



	  Currently CONFIG_KASAN_SW_TAGS doesn't work with CONFIG_DEBUG_SLAB

	  (the resulting kernel does not boot).



config KASAN_HW_TAGS

	bool "Hardware tag-based mode"

	depends on HAVE_ARCH_KASAN_HW_TAGS

	depends on SLUB

	help

	  Enables hardware tag-based KASAN mode.



	  This mode requires hardware memory tagging support, and can be used

	  by any architecture that provides it.



	  Currently this mode is only implemented for arm64 CPUs starting from

	  ARMv8.5 and relies on Memory Tagging Extension and Top Byte Ignore.



endchoice



choice

	prompt "Instrumentation type"

	depends on KASAN_GENERIC || KASAN_SW_TAGS

	default KASAN_OUTLINE



config KASAN_OUTLINE
@@ -114,6 +140,7 @@ endchoice 


config KASAN_STACK_ENABLE

	bool "Enable stack instrumentation (unsafe)" if CC_IS_CLANG && !COMPILE_TEST

	depends on KASAN_GENERIC || KASAN_SW_TAGS

	help

	  The LLVM stack address sanitizer has a know problem that

	  causes excessive stack usage in a lot of functions, see