On Fri, Mar 12, 2021 at 03:24PM +0100, Andrey Konovalov wrote: > Update the "Ignoring accesses" section in KASAN documentation: > > - Mention __no_sanitize_address/noinstr. > - Mention kasan_disable/enable_current(). > - Mention kasan_reset_tag()/page_kasan_tag_reset(). > - Readability and punctuation clean-ups. > > Signed-off-by: Andrey Konovalov <andreyknvl@xxxxxxxxxx> Reviewed-by: Marco Elver <elver@xxxxxxxxxx> > --- > > Changes in v1->v2: > - Mention __no_sanitize_address/noinstr. > - Reword the whole section to make it clear which method works for which > mode. > --- > Documentation/dev-tools/kasan.rst | 34 +++++++++++++++++++++++++++---- > 1 file changed, 30 insertions(+), 4 deletions(-) > > diff --git a/Documentation/dev-tools/kasan.rst b/Documentation/dev-tools/kasan.rst > index d0c1796122df..5749c14b38d0 100644 > --- a/Documentation/dev-tools/kasan.rst > +++ b/Documentation/dev-tools/kasan.rst > @@ -368,12 +368,18 @@ Ignoring accesses > ~~~~~~~~~~~~~~~~~ > > Software KASAN modes use compiler instrumentation to insert validity checks. > -Such instrumentation might be incompatible with some part of the kernel, and > -therefore needs to be disabled. To disable instrumentation for specific files > -or directories, add a line similar to the following to the respective kernel > +Such instrumentation might be incompatible with some parts of the kernel, and > +therefore needs to be disabled. > + > +Other parts of the kernel might access metadata for allocated objects. > +Normally, KASAN detects and reports such accesses, but in some cases (e.g., > +in memory allocators), these accesses are valid. > + > +For software KASAN modes, to disable instrumentation for a specific file or > +directory, add a ``KASAN_SANITIZE`` annotation to the respective kernel > Makefile: > > -- For a single file (e.g. main.o):: > +- For a single file (e.g., main.o):: > > KASAN_SANITIZE_main.o := n > > @@ -381,6 +387,26 @@ Makefile: > > KASAN_SANITIZE := n > > +For software KASAN modes, to disable instrumentation on a per-function basis, > +use the KASAN-specific ``__no_sanitize_address`` function attribute or the > +generic ``noinstr`` one. > + > +Note that disabling compiler instrumentation (either on a per-file or a > +per-function basis) makes KASAN ignore the accesses that happen directly in > +that code for software KASAN modes. It does not help when the accesses happen > +indirectly (through calls to instrumented functions) or with the hardware > +tag-based mode that does not use compiler instrumentation. > + > +For software KASAN modes, to disable KASAN reports in a part of the kernel code > +for the current task, annotate this part of the code with a > +``kasan_disable_current()``/``kasan_enable_current()`` section. This also > +disables the reports for indirect accesses that happen through function calls. > + > +For tag-based KASAN modes (include the hardware one), to disable access > +checking, use ``kasan_reset_tag()`` or ``page_kasan_tag_reset()``. Note that > +temporarily disabling access checking via ``page_kasan_tag_reset()`` requires > +saving and restoring the per-page KASAN tag via > +``page_kasan_tag``/``page_kasan_tag_set``. > > Tests > ~~~~~ > -- > 2.31.0.rc2.261.g7f71774620-goog >