tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

kasan: clarify that only first bug is reported in HW_TAGS

Hwardware tag-based KASAN only reports the first found bug. After that MTE
tag checking gets disabled. Clarify this in comments and documentation.

Link: https://lkml.kernel.org/r/00383ba88a47c3f8342d12263c24bdf95527b07d.1612546384.git.andreyknvl@google.com
Signed-off-by: Andrey Konovalov <andreyknvl@google.com>
Reviewed-by: Marco Elver <elver@google.com>
Cc: Alexander Potapenko <glider@google.com>
Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>
Cc: Branislav Rankov <Branislav.Rankov@arm.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: Evgenii Stepanov <eugenis@google.com>
Cc: Kevin Brodsky <kevin.brodsky@arm.com>
Cc: Peter Collingbourne <pcc@google.com>
Cc: Vincenzo Frascino <vincenzo.frascino@arm.com>
Cc: Will Deacon <will.deacon@arm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

authored by

Andrey Konovalov and committed by
Linus Torvalds 7169487b c80a0366

+7 -3
+6 -2
Documentation/dev-tools/kasan.rst
··· 155 155 ~~~~~~~~~~~~~~~ 156 156 157 157 Hardware tag-based KASAN mode (see the section about various modes below) is 158 - intended for use in production as a security mitigation. Therefore it supports 158 + intended for use in production as a security mitigation. Therefore, it supports 159 159 boot parameters that allow to disable KASAN competely or otherwise control 160 160 particular KASAN features. 161 161 ··· 165 165 traces collection (default: ``on``). 166 166 167 167 - ``kasan.fault=report`` or ``=panic`` controls whether to only print a KASAN 168 - report or also panic the kernel (default: ``report``). 168 + report or also panic the kernel (default: ``report``). Note, that tag 169 + checking gets disabled after the first reported bug. 169 170 170 171 For developers 171 172 ~~~~~~~~~~~~~~ ··· 295 294 Note, that enabling CONFIG_KASAN_HW_TAGS always results in in-kernel TBI being 296 295 enabled. Even when kasan.mode=off is provided, or when the hardware doesn't 297 296 support MTE (but supports TBI). 297 + 298 + Hardware tag-based KASAN only reports the first found bug. After that MTE tag 299 + checking gets disabled. 298 300 299 301 What memory accesses are sanitised by KASAN? 300 302 --------------------------------------------
+1 -1
mm/kasan/hw_tags.c
··· 48 48 /* Whether to collect alloc/free stack traces. */ 49 49 DEFINE_STATIC_KEY_FALSE(kasan_flag_stacktrace); 50 50 51 - /* Whether panic or disable tag checking on fault. */ 51 + /* Whether to panic or print a report and disable tag checking on fault. */ 52 52 bool kasan_flag_panic __ro_after_init; 53 53 54 54 /* kasan=off/on */