From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 57BA345945 for ; Tue, 12 Aug 2025 00:16:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754957815; cv=none; b=XxdNK8TNj6D0HbqZTtHF1ugzM7VjcsX/hf0YIzCK9yDAvWOI/KDil/jvYGsSsA0NJPkP/mdYp+Ut+AMLr/pmOXWUvexQmJWV/oKRwDSy9O/PKr8Zf4fHLaR6eVuyff0MPEJo4nX89csDppdqNUlwx9M0tU5ypHAlszHusymOEz8= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754957815; c=relaxed/simple; bh=qJZer/7OcUHFn9JAuvRwwnVrMXxFLxy2cbRQ0zEP2rQ=; h=Date:To:From:Subject:Message-Id; b=FcPRTxIqdGdJBfxI8TmjHYsjonNviONpCnh0CLny9s+XBxT35KOFJ1RMfSNWfNq5HzpMIs9VKmki/YMfYHFiS406Wy8OJRvJWiwR3xIJbFoH+vsxONZSr1VN+3a1SFVTOTv0WrkUOByF7KNi57tTZ/wxxOPmUV4UzFgp4U7D3rg= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux-foundation.org header.i=@linux-foundation.org header.b=dtLrmP1T; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux-foundation.org header.i=@linux-foundation.org header.b="dtLrmP1T" Received: by smtp.kernel.org (Postfix) with ESMTPSA id C69B4C4CEED; Tue, 12 Aug 2025 00:16:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linux-foundation.org; s=korg; t=1754957814; bh=qJZer/7OcUHFn9JAuvRwwnVrMXxFLxy2cbRQ0zEP2rQ=; h=Date:To:From:Subject:From; b=dtLrmP1TTJ0ftlqAtILdNeA/lSUIYHOVLGKMuVeO5TFpc0IJ9LbVBwKOjVAlfO5uL EtMwCfQ2FlSiQlJra65FyIkCBFc7A8bYFXR3cRyBD3ZS4jTGaApN8K46zz/zBd+iZB Hjv/Ds7XWfkYmN5OoauIDzAU8hLOlB1u+QXNfOik= Date: Mon, 11 Aug 2025 17:16:53 -0700 To: mm-commits@vger.kernel.org,yang@os.amperecomputing.com,will@kernel.org,vincenzo.frascino@arm.com,scott@os.amperecomputing.com,ryabinin.a.a@gmail.com,pankaj.gupta@amd.com,oliver.upton@linux.dev,maz@kernel.org,leitao@debian.org,kaleshsingh@google.com,jhubbard@nvidia.com,james.morse@arm.com,hardevsinh.palaniya@siliconsignals.io,glider@google.com,dvyukov@google.com,david@redhat.com,corbet@lwn.net,catalin.marinas@arm.com,broonie@kernel.org,ardb@kernel.org,andreyknvl@gmail.com,yeoreum.yun@arm.com,akpm@linux-foundation.org From: Andrew Morton Subject: + kasan-hw-tags-introduce-store-only-mode.patch added to mm-new branch Message-Id: <20250812001654.C69B4C4CEED@smtp.kernel.org> Precedence: bulk X-Mailing-List: mm-commits@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: The patch titled Subject: kasan/hw-tags: introduce store only mode has been added to the -mm mm-new branch. Its filename is kasan-hw-tags-introduce-store-only-mode.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patches/kasan-hw-tags-introduce-store-only-mode.patch This patch will later appear in the mm-new branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Note, mm-new is a provisional staging ground for work-in-progress patches, and acceptance into mm-new is a notification for others take notice and to finish up reviews. Please do not hesitate to respond to review feedback and post updated versions to replace or incrementally fixup patches in mm-new. Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Yeoreum Yun Subject: kasan/hw-tags: introduce store only mode Date: Mon, 11 Aug 2025 18:36:25 +0100 Patch series "introduce kasan stonly-mode in hw-tags". Hardware tag based KASAN is implemented using the Memory Tagging Extension (MTE) feature. MTE is built on top of the ARMv8.0 virtual address tagging TBI (Top Byte Ignore) feature and allows software to access a 4-bit allocation tag for each 16-byte granule in the physical address space. A logical tag is derived from bits 59-56 of the virtual address used for the memory access. A CPU with MTE enabled will compare the logical tag against the allocation tag and potentially raise an tag check fault on mismatch, subject to system registers configuration. Since ARMv8.9, FEAT_MTE_STORE_ONLY can be used to restrict raise of tag check fault on store operation only. Using this feature (FEAT_MTE_STORE_ONLY), introduce KASAN store-only mode which restricts KASAN check store operation only. This mode omits KASAN check for fetch/load operation. Therefore, it might be used not only debugging purpose but also in normal environment. This patch (of 2): Since Armv8.9, FEATURE_MTE_STORE_ONLY feature is introduced to restrict raise of tag check fault on store operation only. Introcude KASAN store only mode based on this feature. KASAN store only mode restricts KASAN checks operation for store only and omits the checks for fetch/read operation when accessing memory. So it might be used not only debugging enviroment but also normal enviroment to check memory safty. This features can be controlled with "kasan.stonly" arguments. When "kasan.stonly=on", KASAN checks store only mode otherwise KASAN checks all operations. Link: https://lkml.kernel.org/r/20250811173626.1878783-1-yeoreum.yun@arm.com Link: https://lkml.kernel.org/r/20250811173626.1878783-2-yeoreum.yun@arm.com Signed-off-by: Yeoreum Yun Cc: Alexander Potapenko Cc: Andrey Konovalov Cc: Andrey Ryabinin Cc: Ard Biesheuvel Cc: Breno Leitao Cc: Catalin Marinas Cc: David Hildenbrand Cc: Dmitriy Vyukov Cc: D Scott Phillips Cc: Hardevsinh Palaniya Cc: James Morse Cc: John Hubbard Cc: Jonathan Corbet Cc: Kalesh Singh Cc: levi.yun Cc: Marc Zyngier Cc: Mark Brown Cc: Oliver Upton Cc: Pankaj Gupta Cc: Vincenzo Frascino Cc: Will Deacon Cc: Yang Shi Signed-off-by: Andrew Morton --- Documentation/dev-tools/kasan.rst | 3 + arch/arm64/include/asm/memory.h | 1 arch/arm64/include/asm/mte-kasan.h | 6 ++ arch/arm64/kernel/cpufeature.c | 6 ++ arch/arm64/kernel/mte.c | 14 ++++ include/linux/kasan.h | 2 mm/kasan/hw_tags.c | 76 ++++++++++++++++++++++++++- mm/kasan/kasan.h | 10 +++ 8 files changed, 116 insertions(+), 2 deletions(-) --- a/arch/arm64/include/asm/memory.h~kasan-hw-tags-introduce-store-only-mode +++ a/arch/arm64/include/asm/memory.h @@ -308,6 +308,7 @@ static inline const void *__tag_set(cons #define arch_enable_tag_checks_sync() mte_enable_kernel_sync() #define arch_enable_tag_checks_async() mte_enable_kernel_async() #define arch_enable_tag_checks_asymm() mte_enable_kernel_asymm() +#define arch_enable_tag_checks_stonly() mte_enable_kernel_stonly() #define arch_suppress_tag_checks_start() mte_enable_tco() #define arch_suppress_tag_checks_stop() mte_disable_tco() #define arch_force_async_tag_fault() mte_check_tfsr_exit() --- a/arch/arm64/include/asm/mte-kasan.h~kasan-hw-tags-introduce-store-only-mode +++ a/arch/arm64/include/asm/mte-kasan.h @@ -200,6 +200,7 @@ static inline void mte_set_mem_tag_range void mte_enable_kernel_sync(void); void mte_enable_kernel_async(void); void mte_enable_kernel_asymm(void); +int mte_enable_kernel_stonly(void); #else /* CONFIG_ARM64_MTE */ @@ -251,6 +252,11 @@ static inline void mte_enable_kernel_asy { } +static inline int mte_enable_kenrel_stonly(void) +{ + return -EINVAL; +} + #endif /* CONFIG_ARM64_MTE */ #endif /* __ASSEMBLY__ */ --- a/arch/arm64/kernel/cpufeature.c~kasan-hw-tags-introduce-store-only-mode +++ a/arch/arm64/kernel/cpufeature.c @@ -2404,6 +2404,11 @@ static void cpu_enable_mte(struct arm64_ kasan_init_hw_tags_cpu(); } + +static void cpu_enable_mte_stonly(struct arm64_cpu_capabilities const *cap) +{ + kasan_late_init_hw_tags_cpu(); +} #endif /* CONFIG_ARM64_MTE */ static void user_feature_fixup(void) @@ -2922,6 +2927,7 @@ static const struct arm64_cpu_capabiliti .capability = ARM64_MTE_STORE_ONLY, .type = ARM64_CPUCAP_SYSTEM_FEATURE, .matches = has_cpuid_feature, + .cpu_enable = cpu_enable_mte_stonly, ARM64_CPUID_FIELDS(ID_AA64PFR2_EL1, MTESTOREONLY, IMP) }, #endif /* CONFIG_ARM64_MTE */ --- a/arch/arm64/kernel/mte.c~kasan-hw-tags-introduce-store-only-mode +++ a/arch/arm64/kernel/mte.c @@ -157,6 +157,20 @@ void mte_enable_kernel_asymm(void) mte_enable_kernel_sync(); } } + +int mte_enable_kernel_stonly(void) +{ + if (!cpus_have_cap(ARM64_MTE_STORE_ONLY)) + return -EINVAL; + + sysreg_clear_set(sctlr_el1, SCTLR_EL1_TCSO_MASK, + SYS_FIELD_PREP(SCTLR_EL1, TCSO, 1)); + isb(); + + pr_info_once("MTE: enabled stonly mode at EL1\n"); + + return 0; +} #endif #ifdef CONFIG_KASAN_HW_TAGS --- a/Documentation/dev-tools/kasan.rst~kasan-hw-tags-introduce-store-only-mode +++ a/Documentation/dev-tools/kasan.rst @@ -163,6 +163,9 @@ disabling KASAN altogether or controllin This parameter is intended to allow sampling only large page_alloc allocations, which is the biggest source of the performance overhead. +- ``kasan.stonly=off`` or ``kasan.stonly=on`` controls whether KASAN checks + store operation only or all operation. + Error reports ~~~~~~~~~~~~~ --- a/include/linux/kasan.h~kasan-hw-tags-introduce-store-only-mode +++ a/include/linux/kasan.h @@ -558,9 +558,11 @@ static inline void kasan_init_sw_tags(vo #ifdef CONFIG_KASAN_HW_TAGS void kasan_init_hw_tags_cpu(void); void __init kasan_init_hw_tags(void); +void kasan_late_init_hw_tags_cpu(void); #else static inline void kasan_init_hw_tags_cpu(void) { } static inline void kasan_init_hw_tags(void) { } +static inline void kasan_late_init_hw_tags_cpu(void) { } #endif #ifdef CONFIG_KASAN_VMALLOC --- a/mm/kasan/hw_tags.c~kasan-hw-tags-introduce-store-only-mode +++ a/mm/kasan/hw_tags.c @@ -41,9 +41,16 @@ enum kasan_arg_vmalloc { KASAN_ARG_VMALLOC_ON, }; +enum kasan_arg_stonly { + KASAN_ARG_STONLY_DEFAULT, + KASAN_ARG_STONLY_OFF, + KASAN_ARG_STONLY_ON, +}; + static enum kasan_arg kasan_arg __ro_after_init; static enum kasan_arg_mode kasan_arg_mode __ro_after_init; static enum kasan_arg_vmalloc kasan_arg_vmalloc __initdata; +static enum kasan_arg_stonly kasan_arg_stonly __ro_after_init; /* * Whether the selected mode is synchronous, asynchronous, or asymmetric. @@ -60,6 +67,9 @@ DEFINE_STATIC_KEY_FALSE(kasan_flag_vmall #endif EXPORT_SYMBOL_GPL(kasan_flag_vmalloc); +DEFINE_STATIC_KEY_FALSE(kasan_flag_stonly); +EXPORT_SYMBOL_GPL(kasan_flag_stonly); + #define PAGE_ALLOC_SAMPLE_DEFAULT 1 #define PAGE_ALLOC_SAMPLE_ORDER_DEFAULT 3 @@ -134,6 +144,23 @@ static int __init early_kasan_flag_vmall } early_param("kasan.vmalloc", early_kasan_flag_vmalloc); +/* kasan.stonly=off/on */ +static int __init early_kasan_flag_stonly(char *arg) +{ + if (!arg) + return -EINVAL; + + if (!strcmp(arg, "off")) + kasan_arg_stonly = KASAN_ARG_STONLY_OFF; + else if (!strcmp(arg, "on")) + kasan_arg_stonly = KASAN_ARG_STONLY_ON; + else + return -EINVAL; + + return 0; +} +early_param("kasan.stonly", early_kasan_flag_stonly); + static inline const char *kasan_mode_info(void) { if (kasan_mode == KASAN_MODE_ASYNC) @@ -212,6 +239,20 @@ void kasan_init_hw_tags_cpu(void) kasan_enable_hw_tags(); } +/* + * kasan_late_init_hw_tags_cpu_post() is called for each CPU after + * all cpus are bring-up at boot. + * Not marked as __init as a CPU can be hot-plugged after boot. + */ +void kasan_late_init_hw_tags_cpu(void) +{ + /* + * Enable stonly mode only when explicitly requested through the command line. + * If system doesn't support, kasan checks all operation. + */ + kasan_enable_stonly(); +} + /* kasan_init_hw_tags() is called once on boot CPU. */ void __init kasan_init_hw_tags(void) { @@ -250,15 +291,28 @@ void __init kasan_init_hw_tags(void) break; } + switch (kasan_arg_stonly) { + case KASAN_ARG_STONLY_DEFAULT: + /* Default is specified by kasan_flag_stonly definition. */ + break; + case KASAN_ARG_STONLY_OFF: + static_branch_disable(&kasan_flag_stonly); + break; + case KASAN_ARG_STONLY_ON: + static_branch_enable(&kasan_flag_stonly); + break; + } + kasan_init_tags(); /* KASAN is now initialized, enable it. */ kasan_enable(); - pr_info("KernelAddressSanitizer initialized (hw-tags, mode=%s, vmalloc=%s, stacktrace=%s)\n", + pr_info("KernelAddressSanitizer initialized (hw-tags, mode=%s, vmalloc=%s, stacktrace=%s stonly=%s\n", kasan_mode_info(), str_on_off(kasan_vmalloc_enabled()), - str_on_off(kasan_stack_collection_enabled())); + str_on_off(kasan_stack_collection_enabled()), + str_on_off(kasan_stonly_enabled())); } #ifdef CONFIG_KASAN_VMALLOC @@ -387,6 +441,22 @@ void kasan_enable_hw_tags(void) hw_enable_tag_checks_sync(); } +void kasan_enable_stonly(void) +{ + if (kasan_arg_stonly == KASAN_ARG_STONLY_ON) { + if (hw_enable_tag_checks_stonly()) { + static_branch_disable(&kasan_flag_stonly); + kasan_arg_stonly = KASAN_ARG_STONLY_OFF; + pr_warn_once("KernelAddressSanitizer: store only mode isn't supported (hw-tags)\n"); + } + } +} + +bool kasan_stonly_enabled(void) +{ + return static_branch_unlikely(&kasan_flag_stonly); +} + #if IS_ENABLED(CONFIG_KASAN_KUNIT_TEST) EXPORT_SYMBOL_IF_KUNIT(kasan_enable_hw_tags); @@ -397,4 +467,6 @@ VISIBLE_IF_KUNIT void kasan_force_async_ } EXPORT_SYMBOL_IF_KUNIT(kasan_force_async_fault); +EXPORT_SYMBOL_IF_KUNIT(kasan_stonly_enabled); + #endif --- a/mm/kasan/kasan.h~kasan-hw-tags-introduce-store-only-mode +++ a/mm/kasan/kasan.h @@ -33,6 +33,7 @@ static inline bool kasan_stack_collectio #include "../slab.h" DECLARE_STATIC_KEY_TRUE(kasan_flag_vmalloc); +DECLARE_STATIC_KEY_FALSE(kasan_flag_stonly); enum kasan_mode { KASAN_MODE_SYNC, @@ -434,6 +435,7 @@ static inline const void *arch_kasan_set #define hw_enable_tag_checks_sync() arch_enable_tag_checks_sync() #define hw_enable_tag_checks_async() arch_enable_tag_checks_async() #define hw_enable_tag_checks_asymm() arch_enable_tag_checks_asymm() +#define hw_enable_tag_checks_stonly() arch_enable_tag_checks_stonly() #define hw_suppress_tag_checks_start() arch_suppress_tag_checks_start() #define hw_suppress_tag_checks_stop() arch_suppress_tag_checks_stop() #define hw_force_async_tag_fault() arch_force_async_tag_fault() @@ -443,10 +445,18 @@ static inline const void *arch_kasan_set arch_set_mem_tag_range((addr), (size), (tag), (init)) void kasan_enable_hw_tags(void); +void kasan_enable_stonly(void); +bool kasan_stonly_enabled(void); #else /* CONFIG_KASAN_HW_TAGS */ static inline void kasan_enable_hw_tags(void) { } +static inline void kasan_enable_stonly(void) { } + +static inline bool kasan_stonly_enabled(void) +{ + return false; +} #endif /* CONFIG_KASAN_HW_TAGS */ _ Patches currently in -mm which might be from yeoreum.yun@arm.com are kunit-kasan_test-disable-fortify-string-checker-on-kasan_strings-test.patch kasan-hw-tags-introduce-store-only-mode.patch kasan-apply-store-only-mode-in-kasan-kunit-testcases.patch