Re: [PATCH v2 09/11] kasan: docs: update shadow memory section

[Marco Elver <elver@google.com>]

On Fri, Mar 12, 2021 at 03:24PM +0100, Andrey Konovalov wrote:
> Update the "Shadow memory" section in KASAN documentation:
> 
> - Rearrange the introduction paragraph do it doesn't give a
>   "KASAN has an issue" impression.
> - Update the list of architectures with vmalloc support.
> - Punctuation, readability, and other minor clean-ups.
> 
> Signed-off-by: Andrey Konovalov <andreyknvl@google.com>

Reviewed-by: Marco Elver <elver@google.com>

> ---
>  Documentation/dev-tools/kasan.rst | 31 ++++++++++++++-----------------
>  1 file changed, 14 insertions(+), 17 deletions(-)
> 
> diff --git a/Documentation/dev-tools/kasan.rst b/Documentation/dev-tools/kasan.rst
> index 2744ae6347c6..d0c1796122df 100644
> --- a/Documentation/dev-tools/kasan.rst
> +++ b/Documentation/dev-tools/kasan.rst
> @@ -304,14 +304,11 @@ checking gets disabled.
>  Shadow memory
>  -------------
>  
> -The kernel maps memory in a number of different parts of the address
> -space. This poses something of a problem for KASAN, which requires
> -that all addresses accessed by instrumented code have a valid shadow
> -region.
> -
> -The range of kernel virtual addresses is large: there is not enough
> -real memory to support a real shadow region for every address that
> -could be accessed by the kernel.
> +The kernel maps memory in several different parts of the address space.
> +The range of kernel virtual addresses is large: there is not enough real
> +memory to support a real shadow region for every address that could be
> +accessed by the kernel. Therefore, KASAN only maps real shadow for certain
> +parts of the address space.
>  
>  Default behaviour
>  ~~~~~~~~~~~~~~~~~
> @@ -323,10 +320,9 @@ page is mapped over the shadow area. This read-only shadow page
>  declares all memory accesses as permitted.
>  
>  This presents a problem for modules: they do not live in the linear
> -mapping, but in a dedicated module space. By hooking in to the module
> -allocator, KASAN can temporarily map real shadow memory to cover
> -them. This allows detection of invalid accesses to module globals, for
> -example.
> +mapping but in a dedicated module space. By hooking into the module
> +allocator, KASAN temporarily maps real shadow memory to cover them.
> +This allows detection of invalid accesses to module globals, for example.
>  
>  This also creates an incompatibility with ``VMAP_STACK``: if the stack
>  lives in vmalloc space, it will be shadowed by the read-only page, and
> @@ -337,9 +333,10 @@ CONFIG_KASAN_VMALLOC
>  ~~~~~~~~~~~~~~~~~~~~
>  
>  With ``CONFIG_KASAN_VMALLOC``, KASAN can cover vmalloc space at the
> -cost of greater memory usage. Currently this is only supported on x86.
> +cost of greater memory usage. Currently, this is supported on x86,
> +riscv, s390, and powerpc.
>  
> -This works by hooking into vmalloc and vmap, and dynamically
> +This works by hooking into vmalloc and vmap and dynamically
>  allocating real shadow memory to back the mappings.
>  
>  Most mappings in vmalloc space are small, requiring less than a full
> @@ -358,10 +355,10 @@ memory.
>  
>  To avoid the difficulties around swapping mappings around, KASAN expects
>  that the part of the shadow region that covers the vmalloc space will
> -not be covered by the early shadow page, but will be left
> -unmapped. This will require changes in arch-specific code.
> +not be covered by the early shadow page but will be left unmapped.
> +This will require changes in arch-specific code.
>  
> -This allows ``VMAP_STACK`` support on x86, and can simplify support of
> +This allows ``VMAP_STACK`` support on x86 and can simplify support of
>  architectures that do not have a fixed module region.
>  
>  For developers
> -- 
> 2.31.0.rc2.261.g7f71774620-goog
>