From patchwork Wed Jul 5 09:27:03 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Xin Zhen X-Patchwork-Id: 1803502 X-Patchwork-Delegate: hauke@hauke-m.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.openwrt.org (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=OdTX3Yvh; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20221208 header.b=Euq8xFxn; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:3::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4QwvWD0Bj1z20bK for ; Wed, 5 Jul 2023 19:29:27 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-ID:Date:Subject:To :From:Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=7ERpw3fGm5kS9QU/6w7dNoo45VK6HIq7X1T8txT0XCg=; b=OdTX3YvhdsA7gZ 2COyNjgSIWyK/gu4JBHRhA13ThAqaz3uHpqbAOhrh1rV3jU1yrbTZULpfQocu0Y+m4SNRTNPhC7Rj EY0yxQZuFcdd4BK7TtAoVUKTfwwUYsXGhAQZ7cSYzW1HxJ945/9lNgyjEYHP398aboOrB84a5lHOc tOIWa0LZtodw6AQSzuVwW0/KwyZe7zib7i+T4F+kd8hSNgMXWG8BxmMOrKh8e7YUBvUQe9wyJM8pI MVXy8bXdMMa10ld1BCWi3R/t/hX6Uogn/QwUL5YPm0Vo32EXZOSSJLMMPxneXGVV8tDh//XfL3IyQ Li25nrFLUFIXsjjDm1yw==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.96 #2 (Red Hat Linux)) id 1qGyn1-00FLyl-0Z; Wed, 05 Jul 2023 09:27:11 +0000 Received: from mail-il1-x12b.google.com ([2607:f8b0:4864:20::12b]) by bombadil.infradead.org with esmtps (Exim 4.96 #2 (Red Hat Linux)) id 1qGymx-00FLy5-2V for openwrt-devel@lists.openwrt.org; Wed, 05 Jul 2023 09:27:09 +0000 Received: by mail-il1-x12b.google.com with SMTP id e9e14a558f8ab-345a76c3a2eso26116365ab.2 for ; Wed, 05 Jul 2023 02:27:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1688549224; x=1691141224; h=mime-version:content-transfer-encoding:msip_labels:content-language :accept-language:message-id:date:thread-index:thread-topic:subject :to:from:from:to:cc:subject:date:message-id:reply-to; bh=1KQRmuHafSxdhQyNjpHkK0biTgqDca2bN/XEGr8JnQc=; b=Euq8xFxnrKXbm19KKP1Vstu5E7+b6CelGnoEKQRgcWU4zzxwDfP9wxAWUtJs3Qz/IT hIohfSWm32df/L9JrZxnuGg3MrWXwBopfWbpekCFcGnJwqR43lZL5RaBzdC5T8FM8b06 GJutNtDUJRsYklDtj9LMJcdoseWtZNLfjStIfMprun0wIZu3063NNue/QywKDnyeCvV6 3EqoPhL16o8Ybl7NdhA8wiqET0c7ujss2LNcMuLhmcAiHfY+gAcAgRPYTqmXidTNowvb 9IR80uM1A5FU2GS1kwdILsV07dEmYVmZjvXA9YBAtVJ6SqLbkVH9vuFIbvMPHRSG9YzQ RtBw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688549224; x=1691141224; h=mime-version:content-transfer-encoding:msip_labels:content-language :accept-language:message-id:date:thread-index:thread-topic:subject :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=1KQRmuHafSxdhQyNjpHkK0biTgqDca2bN/XEGr8JnQc=; b=Z6ATDICVC3SYuSxnwXzuNnO4AK1fj7/PjJ7HeWnMrpxlQuDToay5gg3s0QE8xEcuN6 PNEPDOUyL8NKEfFSS87H2368eCgMfVLUWBuesUuXI84Tlu0etDbnoWD0p1GWimM1EKkU hnvrxDuJ+kKTHenupqTRr9OtneaxTbQp8adMzOAdkScIHROcxyK3lx7ZZXZfLexSru4D 90bVknrDEl32vwk51JyIvjKPMOxkfWxHlm3pY9uyxARvSoVGv7L7RyWj2MQ/RQ2JQPCC mkN9bSQPtZptOIEhRbwEhTMJ5WV4m6LHeYpGN9yWZYPjDL69R85GN36TLY4J0vYfNLOF m1tg== X-Gm-Message-State: AC+VfDxIVjKf9l0GkBOcqduf6EW50+bxwbcoB+fJbMhgMMewCbOTw710 9ZRoFPIyTaKECGB7Wxa13li+JQJhI2Xe+UM= X-Google-Smtp-Source: ACHHUZ5mzRB5y1Gx6x0YcMhRj77VwgVKEFyqOQUWhglq4dYkwxnpnEsQVf02xvemR7hEXBN+Ywo6bA== X-Received: by 2002:a5d:81cc:0:b0:786:2c7d:dd19 with SMTP id t12-20020a5d81cc000000b007862c7ddd19mr16238482iol.17.1688549224592; Wed, 05 Jul 2023 02:27:04 -0700 (PDT) Received: from DM4PR20MB4918.namprd20.prod.outlook.com ([2603:1036:301:4444::5]) by smtp.gmail.com with ESMTPSA id l17-20020a02a891000000b0042b03d40279sm2662953jam.80.2023.07.05.02.27.04 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 05 Jul 2023 02:27:04 -0700 (PDT) From: Xin Zhen To: "openwrt-devel@lists.openwrt.org" Subject: [PATCH] Adding sw and hw tag-based KASAN support Thread-Topic: [PATCH] Adding sw and hw tag-based KASAN support Thread-Index: AQHZryI/PY8Wd5SEzE22FUiNypFbHw== X-MS-Exchange-MessageSentRepresentingType: 1 Date: Wed, 5 Jul 2023 09:27:03 +0000 Message-ID: Accept-Language: en-US, zh-CN Content-Language: en-US X-MS-Has-Attach: X-MS-Exchange-Organization-SCL: -1 X-MS-TNEF-Correlator: X-MS-Exchange-Organization-RecordReviewCfmType: 0 msip_labels: MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20230705_022707_817554_50B86377 X-CRM114-Status: UNSURE ( 8.67 ) X-CRM114-Notice: Please train this message. X-Spam-Score: 0.1 (/) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Hi all, Currently KASAN is supported but only the generic one. SW-tag and HW-tag based KASAN have less impact on memory footprint or performance, and are worth supporting. The following patch adds a choice menu in the menuconfig, allowing SW-tag or HW-tag to be selected. Content analysis details: (0.1 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:12b listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider [xinz.06[at]gmail.com] 0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in digit [xinz.06[at]gmail.com] -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: OpenWrt Development List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org Hi all, Currently KASAN is supported but only the generic one. SW-tag and HW-tag based KASAN have less impact on memory footprint or performance, and are worth supporting. The following patch adds a choice menu in the menuconfig, allowing SW-tag or HW-tag to be selected. commit a1db3ed8ad00a136f815a48e07962c96d777b38d Author: Zhen XIN Date: Tue Jul 4 09:44:01 2023 +0000 build: Add option KERNEL_KASAN_SW_TAGS and HW_TAGS Add choice menu for software and hardware Tag-Based KASAN, in addition to the generic one. Signed-off-by: Zhen XIN diff --git a/config/Config-kernel.in b/config/Config-kernel.in index 7de0d17b5e..00276bffb4 100644 --- a/config/Config-kernel.in +++ b/config/Config-kernel.in @@ -184,16 +184,73 @@ config KERNEL_KASAN_VMALLOC will have no effect. if KERNEL_KASAN - config KERNEL_KASAN_GENERIC - def_bool y +choice + prompt "KASAN mode" + depends on KERNEL_KASAN + default KERNEL_KASAN_GENERIC + help + KASAN has three modes: + + 1. Generic KASAN (supported by many architectures, enabled with + CONFIG_KASAN_GENERIC, similar to userspace ASan), + 2. Software Tag-Based KASAN (arm64 only, based on software memory + tagging, enabled with CONFIG_KASAN_SW_TAGS, similar to userspace + HWASan), and + 3. Hardware Tag-Based KASAN (arm64 only, based on hardware memory + tagging, enabled with CONFIG_KASAN_HW_TAGS). + +config KERNEL_KASAN_GENERIC + bool "Generic KASAN" + select KERNEL_SLUB_DEBUG + help + Enables Generic KASAN. + + Consumes about 1/8th of available memory at kernel start and adds an + overhead of ~50% for dynamic allocations. + The performance slowdown is ~x3. + +config KERNEL_KASAN_SW_TAGS + bool "Software Tag-Based KASAN" + depends on aarch64 + select KERNEL_SLUB_DEBUG + help + Enables Software Tag-Based KASAN. + + Supported only on arm64 CPUs and relies on Top Byte Ignore. + + Consumes about 1/16th of available memory at kernel start and + add an overhead of ~20% for dynamic allocations. + + May potentially introduce problems related to pointer casting and + comparison, as it embeds a tag into the top byte of each pointer. + +config KERNEL_KASAN_HW_TAGS + bool "Hardware Tag-Based KASAN" + depends on aarch64 + select KERNEL_SLUB_DEBUG + select KERNEL_ARM64_MTE + help + Enables Hardware Tag-Based KASAN. + + Supported only on arm64 CPUs starting from ARMv8.5 and relies on + Memory Tagging Extension and Top Byte Ignore. + + Consumes about 1/32nd of available memory. + + May potentially introduce problems related to pointer casting and + comparison, as it embeds a tag into the top byte of each pointer. + +endchoice + + config KERNEL_ARM64_MTE + def_bool n - config KERNEL_KASAN_SW_TAGS - def_bool n endif choice prompt "Instrumentation type" depends on KERNEL_KASAN + depends on !KERNEL_KASAN_HW_TAGS default KERNEL_KASAN_OUTLINE config KERNEL_KASAN_OUTLINE