lib/Kconfig.kasan | 8 ++++++++ scripts/Makefile.lib | 3 +++ 2 files changed, 11 insertions(+)
Fow low memory device, full enabled kasan just not work.
Set KASAN_SANITIZE to n when CONFIG_KASAN_WHITELIST_ONLY=y.
So we can enable kasan for single file or module.
Signed-off-by: Joey Jiao <quic_jiangenj@quicinc.com>
---
lib/Kconfig.kasan | 8 ++++++++
scripts/Makefile.lib | 3 +++
2 files changed, 11 insertions(+)
diff --git a/lib/Kconfig.kasan b/lib/Kconfig.kasan
index fdca89c05745..1cec4e204831 100644
--- a/lib/Kconfig.kasan
+++ b/lib/Kconfig.kasan
@@ -153,6 +153,14 @@ config KASAN_INLINE
endchoice
+config KASAN_WHITELIST_ONLY
+ bool "Whitelist only KASAN"
+ depends on KASAN && !KASAN_HW_TAGS
+ default n
+ help
+ Say Y here to only enable KASAN for module or files which has explicitly
+ set KASAN_SANITIZE:=y which is helpful especially for memory limited devices.
+
config KASAN_STACK
bool "Stack instrumentation (unsafe)" if CC_IS_CLANG && !COMPILE_TEST
depends on KASAN_GENERIC || KASAN_SW_TAGS
diff --git a/scripts/Makefile.lib b/scripts/Makefile.lib
index 68d0134bdbf9..e8d608ea369c 100644
--- a/scripts/Makefile.lib
+++ b/scripts/Makefile.lib
@@ -158,6 +158,9 @@ endif
#
ifeq ($(CONFIG_KASAN),y)
ifneq ($(CONFIG_KASAN_HW_TAGS),y)
+ifeq ($(CONFIG_KASAN_WHITELIST_ONLY),y)
+KASAN_SANITIZE ?= n
+endif
_c_flags += $(if $(patsubst n%,, \
$(KASAN_SANITIZE_$(basetarget).o)$(KASAN_SANITIZE)y), \
$(CFLAGS_KASAN), $(CFLAGS_KASAN_NOSANITIZE))
--
2.38.1(CC Masahiro Yamada) On Thu, Sep 28, 2023 at 6:16 AM Joey Jiao <quic_jiangenj@quicinc.com> wrote: > > Fow low memory device, full enabled kasan just not work. > Set KASAN_SANITIZE to n when CONFIG_KASAN_WHITELIST_ONLY=y. > So we can enable kasan for single file or module. I don't have technical objections here, but it bothers me a bit that we are adding support for KASAN_SANITIZE:=y, although nobody will be adding KASAN_SANITIZE:=y to upstream Makefiles - only development kernels when debugging on low-end devices. Masahiro, is this something worth having in upstream Kconfig code? > Signed-off-by: Joey Jiao <quic_jiangenj@quicinc.com> Reviewed-by: Alexander Potapenko <glider@google.com>
On Fri, Sep 29, 2023 at 11:06 PM Alexander Potapenko <glider@google.com> wrote: > > (CC Masahiro Yamada) > > On Thu, Sep 28, 2023 at 6:16 AM Joey Jiao <quic_jiangenj@quicinc.com> wrote: > > > > Fow low memory device, full enabled kasan just not work. > > Set KASAN_SANITIZE to n when CONFIG_KASAN_WHITELIST_ONLY=y. > > So we can enable kasan for single file or module. > > I don't have technical objections here, but it bothers me a bit that > we are adding support for KASAN_SANITIZE:=y, although nobody will be > adding KASAN_SANITIZE:=y to upstream Makefiles - only development > kernels when debugging on low-end devices. > > Masahiro, is this something worth having in upstream Kconfig code? Even if we apply this patch to the upstream, you will end up with adding 'KASAN_SANITIZE :=y' to the single file/Makefile. I am not convinced with this patch since this nod is not so useful standalone. > > Signed-off-by: Joey Jiao <quic_jiangenj@quicinc.com> > Reviewed-by: Alexander Potapenko <glider@google.com> -- Best Regards Masahiro Yamada
Right, it will be only useful for low memory kernel where 'KASAN_SANITIZE :=y' has to be added explicitly in local as hotfix. -----Original Message----- From: Masahiro Yamada <masahiroy@kernel.org> Sent: Saturday, September 30, 2023 6:12 PM To: Alexander Potapenko <glider@google.com> Cc: Joey Jiao (QUIC) <quic_jiangenj@quicinc.com>; kasan-dev@googlegroups.com; Kevin Ding (QUIC) <quic_likaid@quicinc.com>; Andrey Ryabinin <ryabinin.a.a@gmail.com>; Andrey Konovalov <andreyknvl@gmail.com>; Dmitry Vyukov <dvyukov@google.com>; Vincenzo Frascino <vincenzo.frascino@arm.com>; Nathan Chancellor <nathan@kernel.org>; Nick Desaulniers <ndesaulniers@google.com>; Nicolas Schier <nicolas@fjasle.eu>; linux-kernel@vger.kernel.org; linux-kbuild@vger.kernel.org Subject: Re: [PATCH] kasan: Add CONFIG_KASAN_WHITELIST_ONLY mode On Fri, Sep 29, 2023 at 11:06 PM Alexander Potapenko <glider@google.com> wrote: > > (CC Masahiro Yamada) > > On Thu, Sep 28, 2023 at 6:16 AM Joey Jiao <quic_jiangenj@quicinc.com> wrote: > > > > Fow low memory device, full enabled kasan just not work. > > Set KASAN_SANITIZE to n when CONFIG_KASAN_WHITELIST_ONLY=y. > > So we can enable kasan for single file or module. > > I don't have technical objections here, but it bothers me a bit that > we are adding support for KASAN_SANITIZE:=y, although nobody will be > adding KASAN_SANITIZE:=y to upstream Makefiles - only development > kernels when debugging on low-end devices. > > Masahiro, is this something worth having in upstream Kconfig code? Even if we apply this patch to the upstream, you will end up with adding 'KASAN_SANITIZE :=y' to the single file/Makefile. I am not convinced with this patch since this nod is not so useful standalone. > > Signed-off-by: Joey Jiao <quic_jiangenj@quicinc.com> > Reviewed-by: Alexander Potapenko <glider@google.com> -- Best Regards Masahiro Yamada
On Sat, Sep 30, 2023 at 12:13 PM Masahiro Yamada <masahiroy@kernel.org> wrote: > > On Fri, Sep 29, 2023 at 11:06 PM Alexander Potapenko <glider@google.com> wrote: > > > > (CC Masahiro Yamada) > > > > On Thu, Sep 28, 2023 at 6:16 AM Joey Jiao <quic_jiangenj@quicinc.com> wrote: > > > > > > Fow low memory device, full enabled kasan just not work. > > > Set KASAN_SANITIZE to n when CONFIG_KASAN_WHITELIST_ONLY=y. > > > So we can enable kasan for single file or module. > > > > I don't have technical objections here, but it bothers me a bit that > > we are adding support for KASAN_SANITIZE:=y, although nobody will be > > adding KASAN_SANITIZE:=y to upstream Makefiles - only development > > kernels when debugging on low-end devices. > > > > Masahiro, is this something worth having in upstream Kconfig code? > > > Even if we apply this patch to the upstream, > you will end up with adding 'KASAN_SANITIZE :=y' > to the single file/Makefile. > > I am not convinced with this patch > since this nod is not so useful standalone. Yeah, I agree here, I don't think this change belongs as is in the upstream KASAN code.
© 2016 - 2025 Red Hat, Inc.