On 12/11/19 5:24 PM, Daniel Axtens wrote: > Hi Balbir, > >>>>> +Discontiguous memory can occur when you have a machine with memory spread >>>>> +across multiple nodes. For example, on a Talos II with 64GB of RAM: >>>>> + >>>>> + - 32GB runs from 0x0 to 0x0000_0008_0000_0000, >>>>> + - then there's a gap, >>>>> + - then the final 32GB runs from 0x0000_2000_0000_0000 to 0x0000_2008_0000_0000 >>>>> + >>>>> +This can create _significant_ issues: >>>>> + >>>>> + - If we try to treat the machine as having 64GB of _contiguous_ RAM, we would >>>>> + assume that ran from 0x0 to 0x0000_0010_0000_0000. We'd then reserve the >>>>> + last 1/8th - 0x0000_000e_0000_0000 to 0x0000_0010_0000_0000 as the shadow >>>>> + region. But when we try to access any of that, we'll try to access pages >>>>> + that are not physically present. >>>>> + >>>> >>>> If we reserved memory for KASAN from each node (discontig region), we might survive >>>> this no? May be we need NUMA aware KASAN? That might be a generic change, just thinking >>>> out loud. >>> >>> The challenge is that - AIUI - in inline instrumentation, the compiler >>> doesn't generate calls to things like __asan_loadN and >>> __asan_storeN. Instead it uses -fasan-shadow-offset to compute the >>> checks, and only calls the __asan_report* family of functions if it >>> detects an issue. This also matches what I can observe with objdump >>> across outline and inline instrumentation settings. >>> >>> This means that for this sort of thing to work we would need to either >>> drop back to out-of-line calls, or teach the compiler how to use a >>> nonlinear, NUMA aware mem-to-shadow mapping. >> >> Yes, out of line is expensive, but seems to work well for all use cases. > > I'm not sure this is true. Looking at scripts/Makefile.kasan, allocas, > stacks and globals will only be instrumented if you can provide > KASAN_SHADOW_OFFSET. In the case you're proposing, we can't provide a > static offset. I _think_ this is a compiler limitation, where some of > those instrumentations only work/make sense with a static offset, but > perhaps that's not right? Dmitry and Andrey, can you shed some light on > this? > There is no code in the kernel is poisoning/unpoisoning redzones/variables on stack. It's because it's always done by the compiler, it inserts some code in prologue/epilogue of every function. So compiler needs to know the shadow offset which will be used to poison/unpoison stack frames. There is no such kind of limitation on globals instrumentation. The only reason globals instrumentation depends on -fasan-shadow-offset is because there was some bug related to globals in old gcc version which didn't support -fasan-shadow-offset. If you want stack instrumentation with not standard mem-to-shadow mapping, the options are: 1. Patch compiler to make it possible the poisoning/unpoisonig of stack frames via function calls. 2. Use out-line instrumentation and do whatever mem-to-shadow mapping you want, but keep all kernel stacks in some special place for which standard mem-to-shadow mapping (addr >>3 +offset) works. > Also, as it currently stands, the speed difference between inline and > outline is approximately 2x, and given that we'd like to run this > full-time in syzkaller I think there is value in trading off speed for > some limitations. >
