[PATCH] kasan: Add CONFIG_KASAN_WHITELIST

public inbox for linux-kbuild@vger.kernel.org
 help / color / mirror / Atom feed

* [PATCH] kasan: Add CONFIG_KASAN_WHITELIST_ONLY mode
@ 2023-09-28  4:15 Joey Jiao
  2023-09-29 14:05 ` Alexander Potapenko
  0 siblings, 1 reply; 5+ messages in thread
From: Joey Jiao @ 2023-09-28  4:15 UTC (permalink / raw)
  To: kasan-dev
  Cc: quic_jiangenj, quic_likaid, Andrey Ryabinin, Alexander Potapenko,
	Andrey Konovalov, Dmitry Vyukov, Vincenzo Frascino,
	Masahiro Yamada, Nathan Chancellor, Nick Desaulniers,
	Nicolas Schier, linux-kernel, linux-kbuild

Fow low memory device, full enabled kasan just not work.
Set KASAN_SANITIZE to n when CONFIG_KASAN_WHITELIST_ONLY=y.
So we can enable kasan for single file or module.

Signed-off-by: Joey Jiao <quic_jiangenj@quicinc.com>
---
 lib/Kconfig.kasan    | 8 ++++++++
 scripts/Makefile.lib | 3 +++
 2 files changed, 11 insertions(+)

diff --git a/lib/Kconfig.kasan b/lib/Kconfig.kasan
index fdca89c05745..1cec4e204831 100644
--- a/lib/Kconfig.kasan
+++ b/lib/Kconfig.kasan
@@ -153,6 +153,14 @@ config KASAN_INLINE
 
 endchoice
 
+config KASAN_WHITELIST_ONLY
+	bool "Whitelist only KASAN"
+	depends on KASAN && !KASAN_HW_TAGS
+	default n
+	help
+	  Say Y here to only enable KASAN for module or files which has explicitly
+	  set KASAN_SANITIZE:=y which is helpful especially for memory limited devices.
+
 config KASAN_STACK
 	bool "Stack instrumentation (unsafe)" if CC_IS_CLANG && !COMPILE_TEST
 	depends on KASAN_GENERIC || KASAN_SW_TAGS
diff --git a/scripts/Makefile.lib b/scripts/Makefile.lib
index 68d0134bdbf9..e8d608ea369c 100644
--- a/scripts/Makefile.lib
+++ b/scripts/Makefile.lib
@@ -158,6 +158,9 @@ endif
 #
 ifeq ($(CONFIG_KASAN),y)
 ifneq ($(CONFIG_KASAN_HW_TAGS),y)
+ifeq ($(CONFIG_KASAN_WHITELIST_ONLY),y)
+KASAN_SANITIZE ?= n
+endif
 _c_flags += $(if $(patsubst n%,, \
 		$(KASAN_SANITIZE_$(basetarget).o)$(KASAN_SANITIZE)y), \
 		$(CFLAGS_KASAN), $(CFLAGS_KASAN_NOSANITIZE))
-- 
2.38.1


^ permalink raw reply related	[flat|nested] 5+ messages in thread

* Re: [PATCH] kasan: Add CONFIG_KASAN_WHITELIST_ONLY mode
  2023-09-28  4:15 [PATCH] kasan: Add CONFIG_KASAN_WHITELIST_ONLY mode Joey Jiao
@ 2023-09-29 14:05 ` Alexander Potapenko
  2023-09-30 10:12   ` Masahiro Yamada
  0 siblings, 1 reply; 5+ messages in thread
From: Alexander Potapenko @ 2023-09-29 14:05 UTC (permalink / raw)
  To: Joey Jiao, Masahiro Yamada
  Cc: kasan-dev, quic_likaid, Andrey Ryabinin, Andrey Konovalov,
	Dmitry Vyukov, Vincenzo Frascino, Nathan Chancellor,
	Nick Desaulniers, Nicolas Schier, linux-kernel, linux-kbuild

(CC Masahiro Yamada)

On Thu, Sep 28, 2023 at 6:16 AM Joey Jiao <quic_jiangenj@quicinc.com> wrote:
>
> Fow low memory device, full enabled kasan just not work.
> Set KASAN_SANITIZE to n when CONFIG_KASAN_WHITELIST_ONLY=y.
> So we can enable kasan for single file or module.

I don't have technical objections here, but it bothers me a bit that
we are adding support for KASAN_SANITIZE:=y, although nobody will be
adding KASAN_SANITIZE:=y to upstream Makefiles - only development
kernels when debugging on low-end devices.

Masahiro, is this something worth having in upstream Kconfig code?

> Signed-off-by: Joey Jiao <quic_jiangenj@quicinc.com>
Reviewed-by: Alexander Potapenko <glider@google.com>

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] kasan: Add CONFIG_KASAN_WHITELIST_ONLY mode
  2023-09-29 14:05 ` Alexander Potapenko
@ 2023-09-30 10:12   ` Masahiro Yamada
  2023-10-01  6:58     ` Andrey Konovalov
  2023-10-09  1:14     ` Joey Jiao (QUIC)
  0 siblings, 2 replies; 5+ messages in thread
From: Masahiro Yamada @ 2023-09-30 10:12 UTC (permalink / raw)
  To: Alexander Potapenko
  Cc: Joey Jiao, kasan-dev, quic_likaid, Andrey Ryabinin,
	Andrey Konovalov, Dmitry Vyukov, Vincenzo Frascino,
	Nathan Chancellor, Nick Desaulniers, Nicolas Schier, linux-kernel,
	linux-kbuild

On Fri, Sep 29, 2023 at 11:06 PM Alexander Potapenko <glider@google.com> wrote:
>
> (CC Masahiro Yamada)
>
> On Thu, Sep 28, 2023 at 6:16 AM Joey Jiao <quic_jiangenj@quicinc.com> wrote:
> >
> > Fow low memory device, full enabled kasan just not work.
> > Set KASAN_SANITIZE to n when CONFIG_KASAN_WHITELIST_ONLY=y.
> > So we can enable kasan for single file or module.
>
> I don't have technical objections here, but it bothers me a bit that
> we are adding support for KASAN_SANITIZE:=y, although nobody will be
> adding KASAN_SANITIZE:=y to upstream Makefiles - only development
> kernels when debugging on low-end devices.
>
> Masahiro, is this something worth having in upstream Kconfig code?


Even if we apply this patch to the upstream,
you will end up with adding 'KASAN_SANITIZE :=y'
to the single file/Makefile.

I am not convinced with this patch
since this nod is not so useful standalone.



> > Signed-off-by: Joey Jiao <quic_jiangenj@quicinc.com>
> Reviewed-by: Alexander Potapenko <glider@google.com>



--
Best Regards
Masahiro Yamada

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] kasan: Add CONFIG_KASAN_WHITELIST_ONLY mode
  2023-09-30 10:12   ` Masahiro Yamada
@ 2023-10-01  6:58     ` Andrey Konovalov
  2023-10-09  1:14     ` Joey Jiao (QUIC)
  1 sibling, 0 replies; 5+ messages in thread
From: Andrey Konovalov @ 2023-10-01  6:58 UTC (permalink / raw)
  To: Joey Jiao
  Cc: Alexander Potapenko, Masahiro Yamada, kasan-dev, quic_likaid,
	Andrey Ryabinin, Dmitry Vyukov, Vincenzo Frascino,
	Nathan Chancellor, Nick Desaulniers, Nicolas Schier, linux-kernel,
	linux-kbuild

On Sat, Sep 30, 2023 at 12:13 PM Masahiro Yamada <masahiroy@kernel.org> wrote:
>
> On Fri, Sep 29, 2023 at 11:06 PM Alexander Potapenko <glider@google.com> wrote:
> >
> > (CC Masahiro Yamada)
> >
> > On Thu, Sep 28, 2023 at 6:16 AM Joey Jiao <quic_jiangenj@quicinc.com> wrote:
> > >
> > > Fow low memory device, full enabled kasan just not work.
> > > Set KASAN_SANITIZE to n when CONFIG_KASAN_WHITELIST_ONLY=y.
> > > So we can enable kasan for single file or module.
> >
> > I don't have technical objections here, but it bothers me a bit that
> > we are adding support for KASAN_SANITIZE:=y, although nobody will be
> > adding KASAN_SANITIZE:=y to upstream Makefiles - only development
> > kernels when debugging on low-end devices.
> >
> > Masahiro, is this something worth having in upstream Kconfig code?
>
>
> Even if we apply this patch to the upstream,
> you will end up with adding 'KASAN_SANITIZE :=y'
> to the single file/Makefile.
>
> I am not convinced with this patch
> since this nod is not so useful standalone.

Yeah, I agree here, I don't think this change belongs as is in the
upstream KASAN code.

^ permalink raw reply	[flat|nested] 5+ messages in thread

* RE: [PATCH] kasan: Add CONFIG_KASAN_WHITELIST_ONLY mode
  2023-09-30 10:12   ` Masahiro Yamada
  2023-10-01  6:58     ` Andrey Konovalov
@ 2023-10-09  1:14     ` Joey Jiao (QUIC)
  1 sibling, 0 replies; 5+ messages in thread
From: Joey Jiao (QUIC) @ 2023-10-09  1:14 UTC (permalink / raw)
  To: Masahiro Yamada, Alexander Potapenko
  Cc: kasan-dev@googlegroups.com, Kevin Ding (QUIC), Andrey Ryabinin,
	Andrey Konovalov, Dmitry Vyukov, Vincenzo Frascino,
	Nathan Chancellor, Nick Desaulniers, Nicolas Schier,
	linux-kernel@vger.kernel.org, linux-kbuild@vger.kernel.org,
	Changmin Liu (QUIC)

Right, it will be only useful for low memory kernel where 'KASAN_SANITIZE :=y' has to be added explicitly in local as hotfix.

-----Original Message-----
From: Masahiro Yamada <masahiroy@kernel.org> 
Sent: Saturday, September 30, 2023 6:12 PM
To: Alexander Potapenko <glider@google.com>
Cc: Joey Jiao (QUIC) <quic_jiangenj@quicinc.com>; kasan-dev@googlegroups.com; Kevin Ding (QUIC) <quic_likaid@quicinc.com>; Andrey Ryabinin <ryabinin.a.a@gmail.com>; Andrey Konovalov <andreyknvl@gmail.com>; Dmitry Vyukov <dvyukov@google.com>; Vincenzo Frascino <vincenzo.frascino@arm.com>; Nathan Chancellor <nathan@kernel.org>; Nick Desaulniers <ndesaulniers@google.com>; Nicolas Schier <nicolas@fjasle.eu>; linux-kernel@vger.kernel.org; linux-kbuild@vger.kernel.org
Subject: Re: [PATCH] kasan: Add CONFIG_KASAN_WHITELIST_ONLY mode

On Fri, Sep 29, 2023 at 11:06 PM Alexander Potapenko <glider@google.com> wrote:
>
> (CC Masahiro Yamada)
>
> On Thu, Sep 28, 2023 at 6:16 AM Joey Jiao <quic_jiangenj@quicinc.com> wrote:
> >
> > Fow low memory device, full enabled kasan just not work.
> > Set KASAN_SANITIZE to n when CONFIG_KASAN_WHITELIST_ONLY=y.
> > So we can enable kasan for single file or module.
>
> I don't have technical objections here, but it bothers me a bit that 
> we are adding support for KASAN_SANITIZE:=y, although nobody will be 
> adding KASAN_SANITIZE:=y to upstream Makefiles - only development 
> kernels when debugging on low-end devices.
>
> Masahiro, is this something worth having in upstream Kconfig code?


Even if we apply this patch to the upstream, you will end up with adding 'KASAN_SANITIZE :=y'
to the single file/Makefile.

I am not convinced with this patch
since this nod is not so useful standalone.



> > Signed-off-by: Joey Jiao <quic_jiangenj@quicinc.com>
> Reviewed-by: Alexander Potapenko <glider@google.com>



--
Best Regards
Masahiro Yamada

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2023-10-09  1:14 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-09-28  4:15 [PATCH] kasan: Add CONFIG_KASAN_WHITELIST_ONLY mode Joey Jiao
2023-09-29 14:05 ` Alexander Potapenko
2023-09-30 10:12   ` Masahiro Yamada
2023-10-01  6:58     ` Andrey Konovalov
2023-10-09  1:14     ` Joey Jiao (QUIC)

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox