Re: [PATCH v2 01/14] kasan: sw_tags: Use arithmetic shift for shadow computation
From: Maciej Wieczor-Retman
Date: Fri Mar 14 2025 - 11:58:32 EST
On 2025-03-07 at 02:10:12 +0100, Andrey Konovalov wrote:
>On Tue, Mar 4, 2025 at 1:31 PM Maciej Wieczor-Retman
><maciej.wieczor-retman@xxxxxxxxx> wrote:
>>
>> One other question that came to me about how KASAN works, is there some
>> mechanism to prevent data races between two threads? In the compiler perhaps?
>>
>> For example memory is de-allocated and shadow memory is poisoned but some other
>> thread was just about to do a shadow memory check and was interrupted?
>>
>> I've read the kasan/vmalloc.c comments and from them I'd extrapolate that the
>> caller needs to make sure there are not data races / memory barriers are in
>> place.
>
>KASAN does nothing to deliberately prevent or detect races. Even if
>the race leads to an OOB or UAF, KASAN might not be able to detect it.
>But sometimes it does: if poisoned shadow memory values become visible
>to the other thread/CPU before it makes a shadow memory value check.
Thanks :)
I've came up with a theoretical issue for the following dense series that might
happen if there is some racing but I'll have to experiment if it actually
happens.
--
Kind regards
Maciej Wieczór-Retman