The patch titled Subject: kasan: docs: update ignoring accesses section has been added to the -mm tree. Its filename is kasan-docs-update-ignoring-accesses-section.patch This patch should soon appear at https://ozlabs.org/~akpm/mmots/broken-out/kasan-docs-update-ignoring-accesses-section.patch and later at https://ozlabs.org/~akpm/mmotm/broken-out/kasan-docs-update-ignoring-accesses-section.patch Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Andrey Konovalov <andreyknvl@xxxxxxxxxx> Subject: kasan: docs: update ignoring accesses section Update the "Ignoring accesses" section in KASAN documentation: - Mention __no_sanitize_address/noinstr. - Mention kasan_disable/enable_current(). - Mention kasan_reset_tag()/page_kasan_tag_reset(). - Readability and punctuation clean-ups. Link: https://lkml.kernel.org/r/4531ba5f3eca61f6aade863c136778cc8c807a64.1615559068.git.andreyknvl@xxxxxxxxxx Signed-off-by: Andrey Konovalov <andreyknvl@xxxxxxxxxx> Reviewed-by: Marco Elver <elver@xxxxxxxxxx> Cc: Alexander Potapenko <glider@xxxxxxxxxx> Cc: Andrey Ryabinin <aryabinin@xxxxxxxxxxxxx> Cc: Dmitry Vyukov <dvyukov@xxxxxxxxxx> Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> --- Documentation/dev-tools/kasan.rst | 34 ++++++++++++++++++++++++---- 1 file changed, 30 insertions(+), 4 deletions(-) --- a/Documentation/dev-tools/kasan.rst~kasan-docs-update-ignoring-accesses-section +++ a/Documentation/dev-tools/kasan.rst @@ -368,12 +368,18 @@ Ignoring accesses ~~~~~~~~~~~~~~~~~ Software KASAN modes use compiler instrumentation to insert validity checks. -Such instrumentation might be incompatible with some part of the kernel, and -therefore needs to be disabled. To disable instrumentation for specific files -or directories, add a line similar to the following to the respective kernel +Such instrumentation might be incompatible with some parts of the kernel, and +therefore needs to be disabled. + +Other parts of the kernel might access metadata for allocated objects. +Normally, KASAN detects and reports such accesses, but in some cases (e.g., +in memory allocators), these accesses are valid. + +For software KASAN modes, to disable instrumentation for a specific file or +directory, add a ``KASAN_SANITIZE`` annotation to the respective kernel Makefile: -- For a single file (e.g. main.o):: +- For a single file (e.g., main.o):: KASAN_SANITIZE_main.o := n @@ -381,6 +387,26 @@ Makefile: KASAN_SANITIZE := n +For software KASAN modes, to disable instrumentation on a per-function basis, +use the KASAN-specific ``__no_sanitize_address`` function attribute or the +generic ``noinstr`` one. + +Note that disabling compiler instrumentation (either on a per-file or a +per-function basis) makes KASAN ignore the accesses that happen directly in +that code for software KASAN modes. It does not help when the accesses happen +indirectly (through calls to instrumented functions) or with the hardware +tag-based mode that does not use compiler instrumentation. + +For software KASAN modes, to disable KASAN reports in a part of the kernel code +for the current task, annotate this part of the code with a +``kasan_disable_current()``/``kasan_enable_current()`` section. This also +disables the reports for indirect accesses that happen through function calls. + +For tag-based KASAN modes (include the hardware one), to disable access +checking, use ``kasan_reset_tag()`` or ``page_kasan_tag_reset()``. Note that +temporarily disabling access checking via ``page_kasan_tag_reset()`` requires +saving and restoring the per-page KASAN tag via +``page_kasan_tag``/``page_kasan_tag_set``. Tests ~~~~~ _ Patches currently in -mm which might be from andreyknvl@xxxxxxxxxx are kasan-mm-fix-crash-with-hw_tags-and-debug_pagealloc.patch kasan-fix-kasan_stack-dependency-for-hw_tags.patch kasan-fix-per-page-tags-for-non-page_alloc-pages.patch kasan-initialize-shadow-to-tag_invalid-for-sw_tags.patch mm-kasan-dont-poison-boot-memory-with-tag-based-modes.patch arm64-kasan-allow-to-init-memory-when-setting-tags.patch kasan-init-memory-in-kasan_unpoison-for-hw_tags.patch kasan-mm-integrate-page_alloc-init-with-hw_tags.patch kasan-mm-integrate-slab-init_on_alloc-with-hw_tags.patch kasan-mm-integrate-slab-init_on_free-with-hw_tags.patch kasan-docs-clean-up-sections.patch kasan-docs-update-overview-section.patch kasan-docs-update-usage-section.patch kasan-docs-update-error-reports-section.patch kasan-docs-update-boot-parameters-section.patch kasan-docs-update-generic-implementation-details-section.patch kasan-docs-update-sw_tags-implementation-details-section.patch kasan-docs-update-hw_tags-implementation-details-section.patch kasan-docs-update-shadow-memory-section.patch kasan-docs-update-ignoring-accesses-section.patch kasan-docs-update-tests-section.patch