Re: [PATCH v6 00/18] khwasan: kernel hardware assisted address sanitizer
From: Andrey Konovalov
Date: Wed Sep 19 2018 - 14:53:56 EST
On Fri, Sep 14, 2018 at 5:28 PM, Will Deacon <will.deacon@xxxxxxx> wrote:
> On Thu, Sep 06, 2018 at 01:06:23PM +0200, Andrey Konovalov wrote:
>> On Thu, Sep 6, 2018 at 12:05 PM, Will Deacon <will.deacon@xxxxxxx> wrote:
>> > On Wed, Sep 05, 2018 at 02:10:32PM -0700, Andrew Morton wrote:
>> >> On Wed, 29 Aug 2018 13:35:04 +0200 Andrey Konovalov <andreyknvl@xxxxxxxxxx> wrote:
>> >>
>> >> > This patchset adds a new mode to KASAN [1], which is called KHWASAN
>> >> > (Kernel HardWare assisted Address SANitizer).
>> >>
>> >> We're at v6 and there are no reviewed-by's or acked-by's to be seen.
>> >> Is that a fair commentary on what has been happening, or have people
>> >> been remiss in sending and gathering such things?
>> >
>> > I still have concerns about the consequences of merging this as anything
>> > other than a debug option [1]. Unfortunately, merging it as a debug option
>> > defeats the whole point, so I think we need to spend more effort on developing
>> > tools that can help us to find and fix the subtle bugs which will arise from
>> > enabling tagged pointers in the kernel.
>>
>> I totally don't mind calling it a debug option. Do I need to somehow
>> specify it somewhere?
>
> Ok, sorry, I completely misunderstood you earlier on then! For some reason
> I thought you wanted this on by default.
>
> In which case, I'm ok with the overall idea as long as we make the caveats
> clear in the Kconfig text. In particular, that enabling this option may
> introduce problems relating to pointer casting and comparison, but can
> offer better coverage and lower memory consumption than a fully
> software-based KASAN solution.
Great! I'll explicitly call it debug feature and mention the caveats
in v7. Thanks!