Re: [PATCH v4 00/17] khwasan: kernel hardware assisted address sanitizer

From: Geert Uytterhoeven
Date: Thu Jun 28 2018 - 03:02:00 EST

Next message: Gilad Ben-Yossef: "Re: [PATCH] crypto: ccree: fix finup"
Previous message: Chen-Yu Tsai: "Re: [linux-sunxi] Re: [PATCH v3 15/24] dt-bindings: display: sun4i-drm: Add description of A64 HDMI PHY"
In reply to: Andrey Konovalov: "Re: [PATCH v4 00/17] khwasan: kernel hardware assisted address sanitizer"
Next in thread: Andrey Konovalov: "Re: [PATCH v4 00/17] khwasan: kernel hardware assisted address sanitizer"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Kostya,

On Thu, Jun 28, 2018 at 2:04 AM Kostya Serebryany <kcc@xxxxxxxxxx> wrote:
> On Wed, Jun 27, 2018 at 4:08 PM Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> wrote:
> > On Tue, 26 Jun 2018 15:15:10 +0200 Andrey Konovalov <andreyknvl@xxxxxxxxxx> wrote:
> > > This patchset adds a new mode to KASAN [1], which is called KHWASAN
> > > (Kernel HardWare assisted Address SANitizer).
> > >
> > > The plan is to implement HWASan [2] for the kernel with the incentive,
> > > that it's going to have comparable to KASAN performance, but in the same
> > > time consume much less memory, trading that off for somewhat imprecise
> > > bug detection and being supported only for arm64.
> >
> > Why do we consider this to be a worthwhile change?
> >
> > Is KASAN's memory consumption actually a significant problem? Some
> > data regarding that would be very useful.
>
> On mobile, ASAN's and KASAN's memory usage is a significant problem.
> Not sure if I can find scientific evidence of that.
> CC-ing Vishwath Mohan who deals with KASAN on Android to provide
> anecdotal evidence.
>
> There are several other benefits too:
> * HWASAN more reliably detects non-linear-buffer-overflows compared to
> ASAN (same for kernel-HWASAN vs kernel-ASAN)
> * Same for detecting use-after-free (since HWASAN doesn't rely on quarantine).
> * Much easier to implement stack-use-after-return detection (which
> IIRC KASAN doesn't have yet, because in KASAN it's too hard)
>
> > If it is a large problem then we still have that problem on x86, so the
> > problem remains largely unsolved?
>
> The problem is more significant on mobile devices than on desktop/server.
> I'd love to have [K]HWASAN on x86_64 as well, but it's less trivial since x86_64
> doesn't have an analog of aarch64's top-byte-ignore hardware feature.

This depends on your mobile devices and desktops and servers.
There exist mobile devices with more memory than some desktops or servers.

So actual numbers (O(KiB)? O(MiB)? O(GiB)?) would be nice to have.

Thanks!

Gr{oetje,eeting}s,

Geert

--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@xxxxxxxxxxxxxx

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds

Next message: Gilad Ben-Yossef: "Re: [PATCH] crypto: ccree: fix finup"
Previous message: Chen-Yu Tsai: "Re: [linux-sunxi] Re: [PATCH v3 15/24] dt-bindings: display: sun4i-drm: Add description of A64 HDMI PHY"
In reply to: Andrey Konovalov: "Re: [PATCH v4 00/17] khwasan: kernel hardware assisted address sanitizer"
Next in thread: Andrey Konovalov: "Re: [PATCH v4 00/17] khwasan: kernel hardware assisted address sanitizer"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]