Re: [PATCH v8 00/14] kasan: x86: arm64: KASAN tag-based mode for x86

Next message: Yangfl: "Re: [PATCH net] idpf: Fix data race in idpf_net_dim"
Previous message: Jakub Kicinski: "Re: [PATCH net v2] rxrpc: Fix recvmsg() unconditional requeue"
Next in thread: Maciej Wieczor-Retman: "Re: [PATCH v8 00/14] kasan: x86: arm64: KASAN tag-based mode for x86"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Andrey Ryabinin

Date: Mon Jan 19 2026 - 13:08:23 EST

On 1/12/26 6:26 PM, Maciej Wieczor-Retman wrote:

> ======= Compilation
> Clang was used to compile the series (make LLVM=1) since gcc doesn't
> seem to have support for KASAN tag-based compiler instrumentation on
> x86.
>

It appears that GCC nominally supports this, but in practice it does not work.
Here is a minimal reproducer: https://godbolt.org/z/s85e11T5r

As far as I understand, calling a function through a tagged pointer is not
supported by the hardware, so GCC attempts to clear the tag before the call.
This behavior seems to be inherited from the userspace implementation of HWASan (-fsanitize=hwaddress).

I have filed a GCC bug report: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=123696

For the kernel, we probably do not want this masking at all, as effectively 99.9–100%
of function pointer calls are expected to be untagged anyway.

Clang does not appear to do this, not even for userspace.