tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

mm/kfence: disable KFENCE upon KASAN HW tags enablement

KFENCE does not currently support KASAN hardware tags. As a result, the
two features are incompatible when enabled simultaneously.

Given that MTE provides deterministic protection and KFENCE is a
sampling-based debugging tool, prioritize the stronger hardware
protections. Disable KFENCE initialization and free the pre-allocated
pool if KASAN hardware tags are detected to ensure the system maintains
the security guarantees provided by MTE.

Link: https://lkml.kernel.org/r/20260213095410.1862978-1-glider@google.com
Fixes: 0ce20dd84089 ("mm: add Kernel Electric-Fence infrastructure")
Signed-off-by: Alexander Potapenko <glider@google.com>
Suggested-by: Marco Elver <elver@google.com>
Reviewed-by: Marco Elver <elver@google.com>
Cc: Andrey Konovalov <andreyknvl@gmail.com>
Cc: Andrey Ryabinin <ryabinin.a.a@gmail.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: Ernesto Martinez Garcia <ernesto.martinezgarcia@tugraz.at>
Cc: Greg KH <gregkh@linuxfoundation.org>
Cc: Kees Cook <kees@kernel.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>

authored by

Alexander Potapenko and committed by
Andrew Morton 09833d99 6de23f81

+15
+15
mm/kfence/core.c
··· 13 13 #include <linux/hash.h> 14 14 #include <linux/irq_work.h> 15 15 #include <linux/jhash.h> 16 + #include <linux/kasan-enabled.h> 16 17 #include <linux/kcsan-checks.h> 17 18 #include <linux/kfence.h> 18 19 #include <linux/kmemleak.h> ··· 916 915 { 917 916 if (!kfence_sample_interval) 918 917 return; 918 + 919 + /* 920 + * If KASAN hardware tags are enabled, disable KFENCE, because it 921 + * does not support MTE yet. 922 + */ 923 + if (kasan_hw_tags_enabled()) { 924 + pr_info("disabled as KASAN HW tags are enabled\n"); 925 + if (__kfence_pool) { 926 + memblock_free(__kfence_pool, KFENCE_POOL_SIZE); 927 + __kfence_pool = NULL; 928 + } 929 + kfence_sample_interval = 0; 930 + return; 931 + } 919 932 920 933 /* 921 934 * If the pool has already been initialized by arch, there is no need to