stable: KASan for ARM

Michał Mirosław mirq-linux at rere.qmqm.pl
Sun Mar 7 23:34:39 GMT 2021 

On Sun, Mar 07, 2021 at 10:48:54PM +0000, Russell King - ARM Linux admin wrote:
> On Sun, Mar 07, 2021 at 05:10:43PM +0100, Ard Biesheuvel wrote:
> > (+ Russell)
> > 
> > On Sun, 7 Mar 2021 at 16:21, Greg Kroah-Hartman
> > <gregkh at linuxfoundation.org> wrote:
> > >
> > > On Sun, Mar 07, 2021 at 04:00:40PM +0100, Michał Mirosław wrote:
> > > > Dear Greg,
> > > >
> > > > Would you consider KASan for ARM patches for LTS (5.10) kernel? Those
> > > > are 7a1be318f579..421015713b30 if I understand correctly. They are
> > > > not normal stable material, but I think they will help tremendously in
> > > > discovering kernel bugs on 32-bit ARMs.
> > >
> > > Looks like a new feature to me, right?
> > >
> > > How many patches, and have you tested them?  If so, submit them as a
> > > patch series and we can review them, but if this is a new feature, it
> > > does not meet the stable kernel rules.
> > >
> > > And why not just use 5.11 or newer for discovering kernel bugs?  Why
> > > does 5.10 matter here?
> > 
> > The KASan support was rather tricky to get right, so I don't think
> > this is suitable for stable. The range 7a1be318f579..421015713b30 is
> > definitely not complete (we'd need at least
> > e9a2f8b599d0bc22a1b13e69527246ac39c697b4 and
> > 10fce53c0ef8f6e79115c3d9e0d7ea1338c3fa37 as well), and the intrusive
> > nature of those changes means they are definitely not appropriate as
> > stable backports.
> 
> I agree - it took quite a while for KASan to settle down - and our last
> issue with KASan causing a panic in the Kprobes codes was in February.
> So, I think at the very least, requesting to backport this so soon is
> premature. That fix is not included even in what you mention above.
> Maybe that fix has already been picked up in stable, I don't know.
> 
> So, we know that there's probably more to getting kprobes working on
> 32-bit ARM than even you've mentioned above.
> 
> Is it worth backporting such a major feature to stable kernels? Or
> would it be better to backport the fixes found by KASan from later
> kernels? My feeling is the latter is the better all round approach.

I guessed that KASan support code does not pose problems with
CONFIG_KASAN=n.  If it does, then I understand that this is definitely
a deal-breaker for stable, and I agree there is no point in further
discussion. But, if in disabled state KASan patches meet the stable
requirements, then maybe it is worth the trouble to help those who
have to stay on a LTS kernel?

Regarding testing KASan for ARM: I'm currently running it on a SAMA5D2
board. The 4 patches on top of v5.10.21 did allow the device to boot up
(after fixing a false-positive in __clear_user_memset()).  I also applied
the three patches Ard mentioned just to be closer to upstream and the
board still went up. Kernel gets big and slow after enabling KASan,
but I think this is expected.

Best Regards
Michał Mirosław

More information about the linux-arm-kernel mailing list