From patchwork Fri Feb 5 17:34:47 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Konovalov X-Patchwork-Id: 12070601 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-17.1 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_ADSP_CUSTOM_MED,DKIM_SIGNED,DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2D0CBC433E6 for ; Fri, 5 Feb 2021 17:38:05 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id CE9F464DBA for ; Fri, 5 Feb 2021 17:38:04 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org CE9F464DBA Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:To:From:Subject:References:Mime-Version:Message-Id: In-Reply-To:Date:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=VLsW3cAzEnJ6T3O2IFqblufKT1/tR9JbTHlNbF+O9Mc=; b=rWE0qPiNS3Zif1LIKVmINH8Ou zY+adRGxOvnD/e5oBCun7L1pfU9hFsJNqaocEsfhk4oc4y9kSwD6eAEe/J9Ue1Deg/pqgftKeEyZT I9VIbrzr5nA/dXTBf2yEElxWMTowlV8wh919BBxYOR6pz21Msg89vYUMkC0L1ESieS8W7GlSCuz9e VDL8A3zQlQBm9KFkzFs7jYpsNDXL5aRkvFQQwPK/jPiRpk683hlqMSFHajIRyEgJ+XLSJ5iKOiStQ IGVAoHBlxiLWLLl1w2K3uHsgNMHyOF+yBx1s/bQm7dFO/La/+4KoLxnJqMy7UwVA/KQd5h5ZWPVor XJkUuMwYg==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1l852C-0005cw-PG; Fri, 05 Feb 2021 17:36:44 +0000 Received: from mail-qv1-xf49.google.com ([2607:f8b0:4864:20::f49]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1l850v-000510-IW for linux-arm-kernel@lists.infradead.org; Fri, 05 Feb 2021 17:35:36 +0000 Received: by mail-qv1-xf49.google.com with SMTP id q37so5525159qvf.14 for ; Fri, 05 Feb 2021 09:35:23 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=sender:date:in-reply-to:message-id:mime-version:references:subject :from:to:cc; bh=qTEJ0ZFBO6HUy56kVKTkSwNvhkuevt789FDycYnAlaw=; b=G68KUqp3HFLcXYHG+bANujiKTjP1H7aOPDJCFa1RkVjgdbj5cMzKLUYhQ88IOigD2m g5wDAziPJ9/f2dbpwetUHkPJSL+aI/MWcTpGdaiivZgXRAc1C7nVA8lhLw49A9oP0xKP YkRx4Li9ZnC0Fp2IsX/EdfVi5nLsxTLigRBe9oKmV5ex/G9k44wbWqIs5s5fsPBc6OK1 UhA4HiSIlJg20l5gKCGg1nOsKB7YDjIwiGT0etN2p6CDP2nZon8XJQMGeGLgUOz+VcNi bc8djrtRbaTCpDbTXiogPshowtlILUAlRK7BVS1XEzHo35Yv9MrTtxK4e+3RPZe4PG7Z jBtA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=qTEJ0ZFBO6HUy56kVKTkSwNvhkuevt789FDycYnAlaw=; b=meHRAhoOCRLPipGlGE5Xc0zW6A0b3tqyIriR+blNpClSozX2JxGcYOxlwabf4nWIfx B3wnIsU6Pgp2qMlaFOOOJ3hO/8TT1fgp69PMfSX0SUjhP3+/OWte3C43mqkZeGJl1kT/ +Fw3kMelHZQm9BRWvUyBYfDIQnFWqn7jTpyPfYwD/rnqWkPU9LLOt+0lHLLYAOYXIzot jZpNffOVBf2A40KFgEQ2TI4VT20Jo1VIZn0ugSew9/mrm3l/xxU3aXcpz7QTUrCyCIOY HpKdGXgHJ6GL3728xFSgKocxlcGpxG5aea1QTvcN8t9ha29sL+WrW34WTxsC/cvLjxHh 0ZZw== X-Gm-Message-State: AOAM532Y9tU88VY81HPowcznd0Q6mD30gITbGekPSm8yQIiiAXdCpWzu 7jlE8uqX/nbMZicNmmFXJDCmeC9rGgWr1Y66 X-Google-Smtp-Source: ABdhPJyrCz7kXUmcNbcxCdKw5jsfPhQUKg97pR36HY1rcIJSHaA7CzMpo0ImY3xsQ8HCnIvFo9TLiGVZ7iEPqvw/ X-Received: from andreyknvl3.muc.corp.google.com ([2a00:79e0:15:13:edb8:b79c:2e20:e531]) (user=andreyknvl job=sendgmr) by 2002:ad4:4f41:: with SMTP id eu1mr5346273qvb.34.1612546521952; Fri, 05 Feb 2021 09:35:21 -0800 (PST) Date: Fri, 5 Feb 2021 18:34:47 +0100 In-Reply-To: Message-Id: <00383ba88a47c3f8342d12263c24bdf95527b07d.1612546384.git.andreyknvl@google.com> Mime-Version: 1.0 References: X-Mailer: git-send-email 2.30.0.365.g02bc693789-goog Subject: [PATCH v3 mm 13/13] kasan: clarify that only first bug is reported in HW_TAGS From: Andrey Konovalov To: Andrew Morton , Catalin Marinas , Vincenzo Frascino , Dmitry Vyukov , Alexander Potapenko , Marco Elver X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20210205_123525_730148_05ABC8CB X-CRM114-Status: GOOD ( 13.14 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Branislav Rankov , Andrey Konovalov , Kevin Brodsky , Will Deacon , linux-kernel@vger.kernel.org, kasan-dev@googlegroups.com, linux-mm@kvack.org, linux-arm-kernel@lists.infradead.org, Andrey Ryabinin , Peter Collingbourne , Evgenii Stepanov Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org Hwardware tag-based KASAN only reports the first found bug. After that MTE tag checking gets disabled. Clarify this in comments and documentation. Signed-off-by: Andrey Konovalov Reviewed-by: Marco Elver --- Documentation/dev-tools/kasan.rst | 8 ++++++-- mm/kasan/hw_tags.c | 2 +- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/Documentation/dev-tools/kasan.rst b/Documentation/dev-tools/kasan.rst index e022b7506e37..1faabbe23e09 100644 --- a/Documentation/dev-tools/kasan.rst +++ b/Documentation/dev-tools/kasan.rst @@ -155,7 +155,7 @@ Boot parameters ~~~~~~~~~~~~~~~ Hardware tag-based KASAN mode (see the section about various modes below) is -intended for use in production as a security mitigation. Therefore it supports +intended for use in production as a security mitigation. Therefore, it supports boot parameters that allow to disable KASAN competely or otherwise control particular KASAN features. @@ -166,7 +166,8 @@ particular KASAN features. ``off``). - ``kasan.fault=report`` or ``=panic`` controls whether to only print a KASAN - report or also panic the kernel (default: ``report``). + report or also panic the kernel (default: ``report``). Note, that tag + checking gets disabled after the first reported bug. For developers ~~~~~~~~~~~~~~ @@ -296,6 +297,9 @@ Note, that enabling CONFIG_KASAN_HW_TAGS always results in in-kernel TBI being enabled. Even when kasan.mode=off is provided, or when the hardware doesn't support MTE (but supports TBI). +Hardware tag-based KASAN only reports the first found bug. After that MTE tag +checking gets disabled. + What memory accesses are sanitised by KASAN? -------------------------------------------- diff --git a/mm/kasan/hw_tags.c b/mm/kasan/hw_tags.c index e529428e7a11..6c9285c906b8 100644 --- a/mm/kasan/hw_tags.c +++ b/mm/kasan/hw_tags.c @@ -48,7 +48,7 @@ EXPORT_SYMBOL(kasan_flag_enabled); /* Whether to collect alloc/free stack traces. */ DEFINE_STATIC_KEY_FALSE(kasan_flag_stacktrace); -/* Whether panic or disable tag checking on fault. */ +/* Whether to panic or print a report and disable tag checking on fault. */ bool kasan_flag_panic __ro_after_init; /* kasan=off/on */