From: sashiko-bot@kernel.org
Cc: bpf@vger.kernel.org
Subject: Re: [PATCH bpf-next v3 03/10] bpf: add BPF_JIT_KASAN for KASAN instrumentation of JITed programs
Date: Wed, 01 Jul 2026 10:12:11 +0000 [thread overview]
Message-ID: <20260701101211.AAD851F00A3D@smtp.kernel.org> (raw)
In-Reply-To: <20260701-kasan-v3-3-bd09bb942d86@bootlin.com>
Thank you for your contribution! Sashiko AI review found 1 potential issue(s) to consider:
- [Medium] BPF_JIT_KASAN needlessly restricts its availability by unconditionally requiring VMAP_STACK.
--
commit 23714982e1ca6e827ba19b9f4c74b703b4ad2090
Author: Alexis Lothoré (eBPF Foundation) <alexis.lothore@bootlin.com>
bpf: add BPF_JIT_KASAN for KASAN instrumentation of JITed programs
This commit introduces CONFIG_BPF_JIT_KASAN to enable generic KASAN memory
access checks for JIT-compiled BPF programs. The JIT compiler emits shadow
memory checks before memory accesses to detect bugs like use-after-free or
out-of-bounds at runtime. The feature is gated behind HAVE_EBPF_JIT_KASAN.
> As KASAN instrumentation for eBPF program will depend on the info that
> can be accessed during each instruction verification, there may be
> instructions that will be instrumented even if they don't really need to
> (eg: global subprograms that access caller stack memory passed as
> argument). To make sure that those additional checks do not trigger any
> crash, make sure that VMAP_STACK is enabled so that programs stack has
> shadow memory allocated.
[Severity: Medium]
Does generic KASAN already map shadow memory for the entire linear mapping?
If VMAP_STACK is disabled, the kernel stack resides in the linear mapping,
which should already have shadow memory allocated. Could this justification
be slightly misunderstanding the default generic KASAN shadow memory coverage?
> diff --git a/kernel/bpf/Kconfig b/kernel/bpf/Kconfig
> --- a/kernel/bpf/Kconfig
> +++ b/kernel/bpf/Kconfig
[ ... ]
> @@ -101,4 +105,9 @@ config BPF_LSM
>
> If you are unsure how to answer this question, answer N.
>
> +config BPF_JIT_KASAN
> + bool
> + depends on HAVE_EBPF_JIT_KASAN
> + default y if BPF_JIT && KASAN_GENERIC && KASAN_VMALLOC && VMAP_STACK
[Severity: Medium]
Is it necessary to unconditionally require VMAP_STACK for BPF_JIT_KASAN?
Following up on the commit message note, since generic KASAN covers the
linear mapping where non-VMAP stacks reside, this condition might needlessly
disable a useful security and debugging feature on kernel configurations
where VMAP_STACK happens to be turned off.
--
Sashiko AI review · https://sashiko.dev/#/patchset/20260701-kasan-v3-0-bd09bb942d86@bootlin.com?part=3
next prev parent reply other threads:[~2026-07-01 10:12 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-07-01 10:02 [PATCH bpf-next v3 00/10] bpf: add support for KASAN checks in JITed programs Alexis Lothoré (eBPF Foundation)
2026-07-01 10:02 ` [PATCH bpf-next v3 01/10] bpf: propagate original instruction offset when patching program Alexis Lothoré (eBPF Foundation)
2026-07-01 10:20 ` sashiko-bot
2026-07-01 10:02 ` [PATCH bpf-next v3 02/10] bpf: mark instructions accessing program stack Alexis Lothoré (eBPF Foundation)
2026-07-01 10:19 ` sashiko-bot
2026-07-01 10:02 ` [PATCH bpf-next v3 03/10] bpf: add BPF_JIT_KASAN for KASAN instrumentation of JITed programs Alexis Lothoré (eBPF Foundation)
2026-07-01 10:12 ` sashiko-bot [this message]
2026-07-01 10:44 ` bot+bpf-ci
2026-07-01 13:43 ` Andrey Konovalov
2026-07-01 10:02 ` [PATCH bpf-next v3 04/10] bpf, x86: add helper to emit kasan checks in x86 " Alexis Lothoré (eBPF Foundation)
2026-07-01 10:16 ` sashiko-bot
2026-07-01 10:44 ` bot+bpf-ci
2026-07-01 10:02 ` [PATCH bpf-next v3 05/10] bpf, x86: refactor BPF_ST management in do_jit Alexis Lothoré (eBPF Foundation)
2026-07-01 10:02 ` [PATCH bpf-next v3 06/10] bpf, x86: emit KASAN checks into x86 JITed programs Alexis Lothoré (eBPF Foundation)
2026-07-01 10:18 ` sashiko-bot
2026-07-01 10:44 ` bot+bpf-ci
2026-07-01 10:02 ` [PATCH bpf-next v3 07/10] bpf, x86: enable KASAN for JITed programs on x86 Alexis Lothoré (eBPF Foundation)
2026-07-01 10:15 ` sashiko-bot
2026-07-01 10:02 ` [PATCH bpf-next v3 08/10] selftests/bpf: add helper to check whether eBPF KASAN is active Alexis Lothoré (eBPF Foundation)
2026-07-01 10:02 ` [PATCH bpf-next v3 09/10] selftests/bpf: move bpf_jit_harden helper into testing_helpers Alexis Lothoré (eBPF Foundation)
2026-07-01 10:02 ` [PATCH bpf-next v3 10/10] selftests/bpf: add tests to validate KASAN on JIT programs Alexis Lothoré (eBPF Foundation)
2026-07-01 10:34 ` sashiko-bot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260701101211.AAD851F00A3D@smtp.kernel.org \
--to=sashiko-bot@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=sashiko-reviews@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox