Re: [PATCH 0/4] mm/kasan: make kasan=on|off work for all three modes

From: Baoquan He
Date: Fri Aug 08 2025 - 08:55:40 EST

Next message: Jay Liu: "[PATCH v3 0/6] porting pq compnent for MT8196"
Previous message: Selvarasu Ganesan: "[PATCH v3] usb: dwc3: Remove WARN_ON for device endpoint command timeouts"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 08/07/25 at 06:34pm, Andrey Ryabinin wrote:
>
>
> On 8/5/25 8:23 AM, Baoquan He wrote:
> > Currently only hw_tags mode of kasan can be enabled or disabled with
> > kernel parameter kasan=on|off for built kernel. For kasan generic and
> > sw_tags mode, there's no way to disable them once kernel is built.
> > This is not convenient sometime, e.g in system kdump is configured.
> > When the 1st kernel has KASAN enabled and crash triggered to switch to
> > kdump kernel, the generic or sw_tags mode will cost much extra memory
> > for kasan shadow while in fact it's meaningless to have kasan in kdump
> > kernel.
> >
>
> Ideally this problem should be solved by having kdump kernel with different
> config. Because if we want only reliably collect crash dumps, than we probably
> don't want other debug features, e.g. like VM_BUG_ON() crashing our kdump kernel.

Yeah, we have done that in Redhat's internal CI testing. While we still
want to switch back to let kdump take the same kernel as the 1st kernel.
Like this, we have chance to test debug kernel for vmcore dumping. In
this case, KASAN is the main barrier. For other debug features,
VM_BUG_ON() should be captured in 1st kernel's running, we won't wait to
run kdump kernel to catch it. I am planning to check and adding feature
switch for kdump to disable if it's not needed in kdump kernel. E.g I
have done in ima=on|off, and the existing 'kfence.sample_interval=0' for
kfence.

And the public kasan=on|off kernel parameter can make kasan feature more
flexible. It can be used in production environment with kasan=off, and
can switch to the same kernel to catch issues easily by stripping the
cmdline setting. As adding a cmdline is much easier than setting kernel
config and rebuild kernel.

Besides, based on this patchset, we can easily remove
kasan_arch_is_ready() by detecting the arch's support and disable
kasan_flag_enabled. And when I testing generic/sw_tags/hw_tags on arm64,
I feel if adding a kernel parameter for choosing different KASAN mode is
much more convenient than changing kernel config and rebuild. If we
choose to KASAN_OUTLINE, this even doesn't impact much in production
environment. I would like to hear your suggestion.

Thanks
Baoquan
>
>
> > So this patchset moves the kasan=on|off out of hw_tags scope and into
> > common code to make it visible in generic and sw_tags mode too. Then we
> > can add kasan=off in kdump kernel to reduce the unneeded meomry cost for
> > kasan.
> >
> > Test:
> > =====
> > I only took test on x86_64 for generic mode, and on arm64 for
> > generic, sw_tags and hw_tags mode. All of them works well.
> >
> > However when I tested sw_tags on a HPE apollo arm64 machine, it always
> > breaks kernel with a KASAN bug. Even w/o this patchset applied, the bug
> > can always be seen too.
> >
> > "BUG: KASAN: invalid-access in pcpu_alloc_noprof+0x42c/0x9a8"
> >
> > I haven't got root cause of the bug, will report the bug later in
> > another thread.
> > ====
> >
> > Baoquan He (4):
> > mm/kasan: add conditional checks in functions to return directly if
> > kasan is disabled
> > mm/kasan: move kasan= code to common place
> > mm/kasan: don't initialize kasan if it's disabled
> > mm/kasan: make kasan=on|off take effect for all three modes
> >
> > arch/arm/mm/kasan_init.c | 6 +++++
> > arch/arm64/mm/kasan_init.c | 7 ++++++
> > arch/loongarch/mm/kasan_init.c | 5 ++++
> > arch/powerpc/mm/kasan/init_32.c | 8 +++++-
> > arch/powerpc/mm/kasan/init_book3e_64.c | 6 +++++
> > arch/powerpc/mm/kasan/init_book3s_64.c | 6 +++++
> > arch/riscv/mm/kasan_init.c | 6 +++++
> > arch/um/kernel/mem.c | 6 +++++
> > arch/x86/mm/kasan_init_64.c | 6 +++++
> > arch/xtensa/mm/kasan_init.c | 6 +++++
> > include/linux/kasan-enabled.h | 11 ++------
> > mm/kasan/common.c | 27 ++++++++++++++++++++
> > mm/kasan/generic.c | 20 +++++++++++++--
> > mm/kasan/hw_tags.c | 35 ++------------------------
> > mm/kasan/init.c | 6 +++++
> > mm/kasan/quarantine.c | 3 +++
> > mm/kasan/shadow.c | 23 ++++++++++++++++-
> > mm/kasan/sw_tags.c | 9 +++++++
> > 18 files changed, 150 insertions(+), 46 deletions(-)
> >
>

Next message: Jay Liu: "[PATCH v3 0/6] porting pq compnent for MT8196"
Previous message: Selvarasu Ganesan: "[PATCH v3] usb: dwc3: Remove WARN_ON for device endpoint command timeouts"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]