Re: [PATCH v4 00/18] kasan: x86: arm64: KASAN tag-based mode for x86

[Ada Couprie Diaz <ada.coupriediaz@arm.com>]

Hi,

On 12/08/2025 14:23, Maciej Wieczor-Retman wrote:
> [...]
> ======= Testing
> Checked all the kunits for both software tags and generic KASAN after
> making changes.
>
> In generic mode the results were:
>
> kasan: pass:59 fail:0 skip:13 total:72
> Totals: pass:59 fail:0 skip:13 total:72
> ok 1 kasan
>
> and for software tags:
>
> kasan: pass:63 fail:0 skip:9 total:72
> Totals: pass:63 fail:0 skip:9 total:72
> ok 1 kasan
I tested the series on arm64 and after fixing the build issues mentioned
I was able to boot without issues and did not observe any regressions
in the KASAN KUnit tests with either generic or software tags.

So this is Tested-by: Ada Couprie Diaz <ada.coupriediaz@arm.com> (For arm64)

I will note that the tests `kmalloc_memmove_negative_size` and
`kmalloc_memmove_invalid_size` seem to be able to corrupt memory
and lead to kernel crashes if `memmove()` is not properly instrumented,
which I discovered while investigating [0].
> [...]
> ======= Compilation
> Clang was used to compile the series (make LLVM=1) since gcc doesn't
> seem to have support for KASAN tag-based compiler instrumentation on
> x86.

Interestingly, while investigating [0], this comment slipped by me and
I managed to compile your series for x86 with software tags using GCC,
though it is a bit hacky.
You need to update the CC_HAS_KASAN_SW_TAGS to pass `-mlam=u48`
or `-mlam=u57`, as it is disabled by default, and pass `-march=arrowlake`
for compilation (the support for software tags depends on the arch).
You could then test with GCC (though the issue in [0] also applies to x86).

Best,
Ada

[0]: https://groups.google.com/g/kasan-dev/c/v1PYeoitg88

> ======= Dependencies
> The base branch for the series is the mainline kernel, tag 6.17-rc1.
>
> ======= Enabling LAM for testing
> Since LASS is needed for LAM and it can't be compiled without it I
> applied the LASS series [1] first, then applied my patches.
>
> [1] https://lore.kernel.org/all/20250707080317.3791624-1-kirill.shutemov@linux.intel.com/
>
> Changes v4:
> - Revert x86 kasan_mem_to_shadow() scheme to the same on used in generic
>    KASAN. Keep the arithmetic shift idea for the KASAN in general since
>    it makes more sense for arm64 and in risc-v.
> - Fix inline mode but leave it unavailable until a complementary
>    compiler patch can be merged.
> - Apply Dave Hansen's comments on series formatting, patch style and
>    code simplifications.
>
> Changes v3:
> - Remove the runtime_const patch and setup a unified offset for both 5
>    and 4 paging levels.
> - Add a fix for inline mode on x86 tag-based KASAN. Add a handler for
>    int3 that is generated on inline tag mismatches.
> - Fix scripts/gdb/linux/kasan.py so the new signed mem_to_shadow() is
>    reflected there.
> - Fix Documentation/arch/arm64/kasan-offsets.sh to take new offsets into
>    account.
> - Made changes to the kasan_non_canonical_hook() according to upstream
>    discussion.
> - Remove patches 2 and 3 since they related to risc-v and this series
>    adds only x86 related things.
> - Reorder __tag_*() functions so they're before arch_kasan_*(). Remove
>    CONFIG_KASAN condition from __tag_set().
>
> Changes v2:
> - Split the series into one adding KASAN tag-based mode (this one) and
>    another one that adds the dense mode to KASAN (will post later).
> - Removed exporting kasan_poison() and used a wrapper instead in
>    kasan_init_64.c
> - Prepended series with 4 patches from the risc-v series and applied
>    review comments to the first patch as the rest already are reviewed.
>
> Maciej Wieczor-Retman (16):
>    kasan: Fix inline mode for x86 tag-based mode
>    x86: Add arch specific kasan functions
>    kasan: arm64: x86: Make special tags arch specific
>    x86: Reset tag for virtual to physical address conversions
>    mm: x86: Untag addresses in EXECMEM_ROX related pointer arithmetic
>    x86: Physical address comparisons in fill_p*d/pte
>    x86: KASAN raw shadow memory PTE init
>    x86: LAM compatible non-canonical definition
>    x86: LAM initialization
>    x86: Minimal SLAB alignment
>    kasan: arm64: x86: Handle int3 for inline KASAN reports
>    kasan: x86: Apply multishot to the inline report handler
>    kasan: x86: Logical bit shift for kasan_mem_to_shadow
>    mm: Unpoison pcpu chunks with base address tag
>    mm: Unpoison vms[area] addresses with a common tag
>    x86: Make software tag-based kasan available
>
> Samuel Holland (2):
>    kasan: sw_tags: Use arithmetic shift for shadow computation
>    kasan: sw_tags: Support tag widths less than 8 bits
>
>   Documentation/arch/arm64/kasan-offsets.sh |  8 ++-
>   Documentation/arch/x86/x86_64/mm.rst      |  6 +-
>   MAINTAINERS                               |  4 +-
>   arch/arm64/Kconfig                        | 10 ++--
>   arch/arm64/include/asm/kasan-tags.h       |  9 +++
>   arch/arm64/include/asm/kasan.h            |  6 +-
>   arch/arm64/include/asm/memory.h           | 14 ++++-
>   arch/arm64/include/asm/uaccess.h          |  1 +
>   arch/arm64/kernel/traps.c                 | 17 +-----
>   arch/arm64/mm/kasan_init.c                |  7 ++-
>   arch/x86/Kconfig                          |  4 +-
>   arch/x86/boot/compressed/misc.h           |  1 +
>   arch/x86/include/asm/cache.h              |  4 ++
>   arch/x86/include/asm/kasan-tags.h         |  9 +++
>   arch/x86/include/asm/kasan.h              | 71 ++++++++++++++++++++++-
>   arch/x86/include/asm/page.h               | 24 +++++++-
>   arch/x86/include/asm/page_64.h            |  2 +-
>   arch/x86/kernel/alternative.c             |  4 +-
>   arch/x86/kernel/head_64.S                 |  3 +
>   arch/x86/kernel/setup.c                   |  2 +
>   arch/x86/kernel/traps.c                   |  4 ++
>   arch/x86/mm/Makefile                      |  2 +
>   arch/x86/mm/init.c                        |  3 +
>   arch/x86/mm/init_64.c                     | 11 ++--
>   arch/x86/mm/kasan_init_64.c               | 19 +++++-
>   arch/x86/mm/kasan_inline.c                | 26 +++++++++
>   arch/x86/mm/pat/set_memory.c              |  1 +
>   arch/x86/mm/physaddr.c                    |  1 +
>   include/linux/kasan-tags.h                | 21 +++++--
>   include/linux/kasan.h                     | 51 +++++++++++++++-
>   include/linux/mm.h                        |  6 +-
>   include/linux/mmzone.h                    |  1 -
>   include/linux/page-flags-layout.h         |  9 +--
>   lib/Kconfig.kasan                         |  3 +-
>   mm/execmem.c                              |  4 +-
>   mm/kasan/hw_tags.c                        | 11 ++++
>   mm/kasan/report.c                         | 45 ++++++++++++--
>   mm/kasan/shadow.c                         | 18 ++++++
>   mm/vmalloc.c                              |  8 +--
>   scripts/Makefile.kasan                    |  3 +
>   scripts/gdb/linux/kasan.py                |  5 +-
>   scripts/gdb/linux/mm.py                   |  5 +-
>   42 files changed, 381 insertions(+), 82 deletions(-)
>   mode change 100644 => 100755 Documentation/arch/arm64/kasan-offsets.sh
>   create mode 100644 arch/arm64/include/asm/kasan-tags.h
>   create mode 100644 arch/x86/include/asm/kasan-tags.h
>   create mode 100644 arch/x86/mm/kasan_inline.c
>