On 2025-09-06 at 19:19:33 +0200, Andrey Konovalov wrote:
>On Mon, Aug 25, 2025 at 10:32 PM Maciej Wieczor-Retman
><maciej.wieczor-retman@xxxxxxxxx> wrote:
>>
>> Make CONFIG_KASAN_SW_TAGS available for x86 machines if they have
>> ADDRESS_MASKING enabled (LAM) as that works similarly to Top-Byte Ignore
>> (TBI) that allows the software tag-based mode on arm64 platform.
>>
>> Set scale macro based on KASAN mode: in software tag-based mode 16 bytes
>> of memory map to one shadow byte and 8 in generic mode.
>>
>> Disable CONFIG_KASAN_INLINE and CONFIG_KASAN_STACK when
>> CONFIG_KASAN_SW_TAGS is enabled on x86 until the appropriate compiler
>> support is available.
>>
>> Signed-off-by: Maciej Wieczor-Retman <maciej.wieczor-retman@xxxxxxxxx>
>> ---
>> Changelog v4:
>> - Add x86 specific kasan_mem_to_shadow().
>> - Revert x86 to the older unsigned KASAN_SHADOW_OFFSET. Do the same to
>> KASAN_SHADOW_START/END.
>> - Modify scripts/gdb/linux/kasan.py to keep x86 using unsigned offset.
>> - Disable inline and stack support when software tags are enabled on
>> x86.
>>
>> Changelog v3:
>> - Remove runtime_const from previous patch and merge the rest here.
>> - Move scale shift definition back to header file.
>> - Add new kasan offset for software tag based mode.
>> - Fix patch message typo 32 -> 16, and 16 -> 8.
>> - Update lib/Kconfig.kasan with x86 now having software tag-based
>> support.
>>
>> Changelog v2:
>> - Remove KASAN dense code.
>>
>> Documentation/arch/x86/x86_64/mm.rst | 6 ++++--
>> arch/x86/Kconfig | 4 +++-
>> arch/x86/boot/compressed/misc.h | 1 +
>> arch/x86/include/asm/kasan.h | 1 +
>> arch/x86/kernel/setup.c | 2 ++
>> lib/Kconfig.kasan | 3 ++-
>> scripts/gdb/linux/kasan.py | 4 ++--
>> 7 files changed, 15 insertions(+), 6 deletions(-)
>>
>> diff --git a/Documentation/arch/x86/x86_64/mm.rst b/Documentation/arch/x86/x86_64/mm.rst
>> index a6cf05d51bd8..ccbdbb4cda36 100644
>> --- a/Documentation/arch/x86/x86_64/mm.rst
>> +++ b/Documentation/arch/x86/x86_64/mm.rst
>> @@ -60,7 +60,8 @@ Complete virtual memory map with 4-level page tables
>> ffffe90000000000 | -23 TB | ffffe9ffffffffff | 1 TB | ... unused hole
>> ffffea0000000000 | -22 TB | ffffeaffffffffff | 1 TB | virtual memory map (vmemmap_base)
>> ffffeb0000000000 | -21 TB | ffffebffffffffff | 1 TB | ... unused hole
>> - ffffec0000000000 | -20 TB | fffffbffffffffff | 16 TB | KASAN shadow memory
>> + ffffec0000000000 | -20 TB | fffffbffffffffff | 16 TB | KASAN shadow memory (generic mode)
>> + fffff40000000000 | -8 TB | fffffbffffffffff | 8 TB | KASAN shadow memory (software tag-based mode)
>> __________________|____________|__________________|_________|____________________________________________________________
>> |
>> | Identical layout to the 56-bit one from here on:
>> @@ -130,7 +131,8 @@ Complete virtual memory map with 5-level page tables
>> ffd2000000000000 | -11.5 PB | ffd3ffffffffffff | 0.5 PB | ... unused hole
>> ffd4000000000000 | -11 PB | ffd5ffffffffffff | 0.5 PB | virtual memory map (vmemmap_base)
>> ffd6000000000000 | -10.5 PB | ffdeffffffffffff | 2.25 PB | ... unused hole
>> - ffdf000000000000 | -8.25 PB | fffffbffffffffff | ~8 PB | KASAN shadow memory
>> + ffdf000000000000 | -8.25 PB | fffffbffffffffff | ~8 PB | KASAN shadow memory (generic mode)
>> + ffeffc0000000000 | -6 PB | fffffbffffffffff | 4 PB | KASAN shadow memory (software tag-based mode)
>> __________________|____________|__________________|_________|____________________________________________________________
>> |
>> | Identical layout to the 47-bit one from here on:
>> diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
>> index b8df57ac0f28..f44fec1190b6 100644
>> --- a/arch/x86/Kconfig
>> +++ b/arch/x86/Kconfig
>> @@ -69,6 +69,7 @@ config X86
>> select ARCH_CLOCKSOURCE_INIT
>> select ARCH_CONFIGURES_CPU_MITIGATIONS
>> select ARCH_CORRECT_STACKTRACE_ON_KRETPROBE
>> + select ARCH_DISABLE_KASAN_INLINE if X86_64 && KASAN_SW_TAGS
>
>Do you think it would make sense to drop the parts of the series that
>add int3 handling, since the inline instrumentation does not work yet
>anyway?
I thought we might as well put it into the kernel, so once the compiler side
gets upstreamed only the Kconfig needs to be modified.
But both options are okay, I thought itd be easy to argument changes to LLVM if
this inline mode is already prepared in the kernel.
>
>> select ARCH_ENABLE_HUGEPAGE_MIGRATION if X86_64 && HUGETLB_PAGE && MIGRATION
>> select ARCH_ENABLE_MEMORY_HOTPLUG if X86_64
>> select ARCH_ENABLE_MEMORY_HOTREMOVE if MEMORY_HOTPLUG
>> @@ -199,6 +200,7 @@ config X86
>> select HAVE_ARCH_JUMP_LABEL_RELATIVE
>> select HAVE_ARCH_KASAN if X86_64
>> select HAVE_ARCH_KASAN_VMALLOC if X86_64
>> + select HAVE_ARCH_KASAN_SW_TAGS if ADDRESS_MASKING
>> select HAVE_ARCH_KFENCE
>> select HAVE_ARCH_KMSAN if X86_64
>> select HAVE_ARCH_KGDB
>> @@ -403,7 +405,7 @@ config AUDIT_ARCH
>>
>> config KASAN_SHADOW_OFFSET
>> hex
>> - depends on KASAN
>
>Line accidentally removed?
Yes, sorry, I'll put it back in.
>
>> + default 0xeffffc0000000000 if KASAN_SW_TAGS
>> default 0xdffffc0000000000
>>
>> config HAVE_INTEL_TXT
>> diff --git a/arch/x86/boot/compressed/misc.h b/arch/x86/boot/compressed/misc.h
>> index db1048621ea2..ded92b439ada 100644
>> --- a/arch/x86/boot/compressed/misc.h
>> +++ b/arch/x86/boot/compressed/misc.h
>> @@ -13,6 +13,7 @@
>> #undef CONFIG_PARAVIRT_SPINLOCKS
>> #undef CONFIG_KASAN
>> #undef CONFIG_KASAN_GENERIC
>> +#undef CONFIG_KASAN_SW_TAGS
>>
>> #define __NO_FORTIFY
>>
>> diff --git a/arch/x86/include/asm/kasan.h b/arch/x86/include/asm/kasan.h
>> index f3e34a9754d2..385f4e9daab3 100644
>> --- a/arch/x86/include/asm/kasan.h
>> +++ b/arch/x86/include/asm/kasan.h
>> @@ -7,6 +7,7 @@
>> #include <linux/types.h>
>> #define KASAN_SHADOW_OFFSET _AC(CONFIG_KASAN_SHADOW_OFFSET, UL)
>> #ifdef CONFIG_KASAN_SW_TAGS
>> +#define KASAN_SHADOW_SCALE_SHIFT 4
>>
>> /*
>> * LLVM ABI for reporting tag mismatches in inline KASAN mode.
>> diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
>> index 1b2edd07a3e1..5b819f84f6db 100644
>> --- a/arch/x86/kernel/setup.c
>> +++ b/arch/x86/kernel/setup.c
>> @@ -1207,6 +1207,8 @@ void __init setup_arch(char **cmdline_p)
>>
>> kasan_init();
>>
>> + kasan_init_sw_tags();
>> +
>> /*
>> * Sync back kernel address range.
>> *
>> diff --git a/lib/Kconfig.kasan b/lib/Kconfig.kasan
>> index f82889a830fa..9ddbc6aeb5d5 100644
>> --- a/lib/Kconfig.kasan
>> +++ b/lib/Kconfig.kasan
>> @@ -100,7 +100,8 @@ config KASAN_SW_TAGS
>>
>> Requires GCC 11+ or Clang.
>>
>> - Supported only on arm64 CPUs and relies on Top Byte Ignore.
>> + Supported on arm64 CPUs that support Top Byte Ignore and on x86 CPUs
>> + that support Linear Address Masking.
>>
>> Consumes about 1/16th of available memory at kernel start and
>> add an overhead of ~20% for dynamic allocations.
>> diff --git a/scripts/gdb/linux/kasan.py b/scripts/gdb/linux/kasan.py
>> index fca39968d308..4b86202b155f 100644
>> --- a/scripts/gdb/linux/kasan.py
>> +++ b/scripts/gdb/linux/kasan.py
>> @@ -7,7 +7,7 @@
>> #
>>
>> import gdb
>> -from linux import constants, mm
>> +from linux import constants, utils, mm
>> from ctypes import c_int64 as s64
>>
>> def help():
>> @@ -40,7 +40,7 @@ class KasanMemToShadow(gdb.Command):
>> else:
>> help()
>> def kasan_mem_to_shadow(self, addr):
>> - if constants.CONFIG_KASAN_SW_TAGS:
>> + if constants.CONFIG_KASAN_SW_TAGS and not utils.is_target_arch('x86'):
>
>This change seems to belong to the patch that changes how the shadow
>memory address is calculated.
Okay, I can move it there.
>
>> addr = s64(addr)
>> return (addr >> self.p_ops.KASAN_SHADOW_SCALE_SHIFT) + self.p_ops.KASAN_SHADOW_OFFSET
>>
>> --
>> 2.50.1
>>
--
Kind regards
Maciej Wieczór-Retman
