[RFC PATCH 0/2] kasan: hw_tags: Add option to tag only at allocation time
Lance Yang
lance.yang at linux.dev
Fri Jun 12 23:06:37 PDT 2026
On Fri, Jun 12, 2026 at 04:44:22AM +0000, Dev Jain wrote:
>Introduce a boot option to tag only at allocation time of the objects. This
>reduces KASAN MTE overhead, the tradeoff being reduced ability of
>catching bugs.
>
>Now, when a memory object will be freed, it will retain the random tag it
>had at allocation time. This compromises on catching UAF bugs, till the
>time the object is not reallocated, at which point it will have a new
>random tag.
>
>Hence, not catching "use-after-free-before-reallocation" and not catching
>"double-free" will be the compromise for reduced KASAN overhead.
Hmm ... do we also need to teach the KASAN KUnit tests about this mode?
With kasan.tag_only_on_alloc=on, free-time poisoning is skipped, so
some UAF and double-free reports are skipped on purpose, but the tests
still expect them :)
Cheers, Lance
More information about the linux-arm-kernel
mailing list