From: Maciej Wieczor-Retman <maciej.wieczor-retman@intel.com>
KASAN's software tag-based mode needs multiple macros/functions to
handle tag and pointer interactions - to set, retrieve and reset tags
from the top bits of a pointer.
Mimic functions currently used by arm64 but change the tag's position to
bits [60:57] in the pointer.
Signed-off-by: Maciej Wieczor-Retman <maciej.wieczor-retman@intel.com>
---
Changelog v7:
- Add KASAN_TAG_BYTE_MASK to avoid circular includes and avoid removing
KASAN_TAG_MASK from mmzone.h.
- Remove Andrey's Acked-by tag.
Changelog v6:
- Remove empty line after ifdef CONFIG_KASAN_SW_TAGS
- Add ifdef 64 bit to avoid problems in vdso32.
- Add Andrey's Acked-by tag.
Changelog v4:
- Rewrite __tag_set() without pointless casts and make it more readable.
Changelog v3:
- Reorder functions so that __tag_*() etc are above the
arch_kasan_*() ones.
- Remove CONFIG_KASAN condition from __tag_set()
arch/x86/include/asm/kasan.h | 42 ++++++++++++++++++++++++++++++++++--
include/linux/kasan-tags.h | 2 ++
include/linux/mmzone.h | 2 +-
3 files changed, 43 insertions(+), 3 deletions(-)
diff --git a/arch/x86/include/asm/kasan.h b/arch/x86/include/asm/kasan.h
index d7e33c7f096b..eab12527ed7f 100644
--- a/arch/x86/include/asm/kasan.h
+++ b/arch/x86/include/asm/kasan.h
@@ -3,6 +3,8 @@
#define _ASM_X86_KASAN_H
#include <linux/const.h>
+#include <linux/kasan-tags.h>
+#include <linux/types.h>
#define KASAN_SHADOW_OFFSET _AC(CONFIG_KASAN_SHADOW_OFFSET, UL)
#define KASAN_SHADOW_SCALE_SHIFT 3
@@ -24,8 +26,43 @@
KASAN_SHADOW_SCALE_SHIFT)))
#ifndef __ASSEMBLER__
+#include <linux/bitops.h>
+#include <linux/bitfield.h>
+#include <linux/bits.h>
+
+#ifdef CONFIG_KASAN_SW_TAGS
+#define __tag_shifted(tag) FIELD_PREP(GENMASK_ULL(60, 57), tag)
+#define __tag_reset(addr) (sign_extend64((u64)(addr), 56))
+#define __tag_get(addr) ((u8)FIELD_GET(GENMASK_ULL(60, 57), (u64)addr))
+#else
+#define __tag_shifted(tag) 0UL
+#define __tag_reset(addr) (addr)
+#define __tag_get(addr) 0
+#endif /* CONFIG_KASAN_SW_TAGS */
+
+#ifdef CONFIG_64BIT
+static inline void *__tag_set(const void *__addr, u8 tag)
+{
+ u64 addr = (u64)__addr;
+
+ addr &= ~__tag_shifted(KASAN_TAG_BYTE_MASK);
+ addr |= __tag_shifted(tag & KASAN_TAG_BYTE_MASK);
+
+ return (void *)addr;
+}
+#else
+static inline void *__tag_set(void *__addr, u8 tag)
+{
+ return __addr;
+}
+#endif
+
+#define arch_kasan_set_tag(addr, tag) __tag_set(addr, tag)
+#define arch_kasan_reset_tag(addr) __tag_reset(addr)
+#define arch_kasan_get_tag(addr) __tag_get(addr)
#ifdef CONFIG_KASAN
+
void __init kasan_early_init(void);
void __init kasan_init(void);
void __init kasan_populate_shadow_for_vaddr(void *va, size_t size, int nid);
@@ -34,8 +71,9 @@ static inline void kasan_early_init(void) { }
static inline void kasan_init(void) { }
static inline void kasan_populate_shadow_for_vaddr(void *va, size_t size,
int nid) { }
-#endif
-#endif
+#endif /* CONFIG_KASAN */
+
+#endif /* __ASSEMBLER__ */
#endif
diff --git a/include/linux/kasan-tags.h b/include/linux/kasan-tags.h
index ad5c11950233..e4f26bec3673 100644
--- a/include/linux/kasan-tags.h
+++ b/include/linux/kasan-tags.h
@@ -10,6 +10,8 @@
#define KASAN_TAG_WIDTH 0
#endif
+#define KASAN_TAG_BYTE_MASK ((1UL << KASAN_TAG_WIDTH) - 1)
+
#ifndef KASAN_TAG_KERNEL
#define KASAN_TAG_KERNEL 0xFF /* native kernel pointers tag */
#endif
diff --git a/include/linux/mmzone.h b/include/linux/mmzone.h
index 75ef7c9f9307..3839052121d4 100644
--- a/include/linux/mmzone.h
+++ b/include/linux/mmzone.h
@@ -1177,7 +1177,7 @@ static inline bool zone_is_empty(const struct zone *zone)
#define NODES_MASK ((1UL << NODES_WIDTH) - 1)
#define SECTIONS_MASK ((1UL << SECTIONS_WIDTH) - 1)
#define LAST_CPUPID_MASK ((1UL << LAST_CPUPID_SHIFT) - 1)
-#define KASAN_TAG_MASK ((1UL << KASAN_TAG_WIDTH) - 1)
+#define KASAN_TAG_MASK KASAN_TAG_BYTE_MASK
#define ZONEID_MASK ((1UL << ZONEID_SHIFT) - 1)
static inline enum zone_type memdesc_zonenum(memdesc_flags_t flags)
--
2.52.0On 1/12/26 6:27 PM, Maciej Wieczor-Retman wrote: > From: Maciej Wieczor-Retman <maciej.wieczor-retman@intel.com> > > KASAN's software tag-based mode needs multiple macros/functions to > handle tag and pointer interactions - to set, retrieve and reset tags > from the top bits of a pointer. > > Mimic functions currently used by arm64 but change the tag's position to > bits [60:57] in the pointer. > > Signed-off-by: Maciej Wieczor-Retman <maciej.wieczor-retman@intel.com> > --- Reviewed-by: Andrey Ryabinin <ryabinin.a.a@gmail.com>
On Mon, Jan 12, 2026 at 6:27 PM Maciej Wieczor-Retman
<m.wieczorretman@pm.me> wrote:
>
> From: Maciej Wieczor-Retman <maciej.wieczor-retman@intel.com>
>
> KASAN's software tag-based mode needs multiple macros/functions to
> handle tag and pointer interactions - to set, retrieve and reset tags
> from the top bits of a pointer.
>
> Mimic functions currently used by arm64 but change the tag's position to
> bits [60:57] in the pointer.
>
> Signed-off-by: Maciej Wieczor-Retman <maciej.wieczor-retman@intel.com>
> ---
> Changelog v7:
> - Add KASAN_TAG_BYTE_MASK to avoid circular includes and avoid removing
> KASAN_TAG_MASK from mmzone.h.
> - Remove Andrey's Acked-by tag.
>
> Changelog v6:
> - Remove empty line after ifdef CONFIG_KASAN_SW_TAGS
> - Add ifdef 64 bit to avoid problems in vdso32.
> - Add Andrey's Acked-by tag.
>
> Changelog v4:
> - Rewrite __tag_set() without pointless casts and make it more readable.
>
> Changelog v3:
> - Reorder functions so that __tag_*() etc are above the
> arch_kasan_*() ones.
> - Remove CONFIG_KASAN condition from __tag_set()
>
> arch/x86/include/asm/kasan.h | 42 ++++++++++++++++++++++++++++++++++--
> include/linux/kasan-tags.h | 2 ++
> include/linux/mmzone.h | 2 +-
> 3 files changed, 43 insertions(+), 3 deletions(-)
>
> diff --git a/arch/x86/include/asm/kasan.h b/arch/x86/include/asm/kasan.h
> index d7e33c7f096b..eab12527ed7f 100644
> --- a/arch/x86/include/asm/kasan.h
> +++ b/arch/x86/include/asm/kasan.h
> @@ -3,6 +3,8 @@
> #define _ASM_X86_KASAN_H
>
> #include <linux/const.h>
> +#include <linux/kasan-tags.h>
> +#include <linux/types.h>
> #define KASAN_SHADOW_OFFSET _AC(CONFIG_KASAN_SHADOW_OFFSET, UL)
> #define KASAN_SHADOW_SCALE_SHIFT 3
>
> @@ -24,8 +26,43 @@
> KASAN_SHADOW_SCALE_SHIFT)))
>
> #ifndef __ASSEMBLER__
> +#include <linux/bitops.h>
> +#include <linux/bitfield.h>
> +#include <linux/bits.h>
> +
> +#ifdef CONFIG_KASAN_SW_TAGS
> +#define __tag_shifted(tag) FIELD_PREP(GENMASK_ULL(60, 57), tag)
> +#define __tag_reset(addr) (sign_extend64((u64)(addr), 56))
> +#define __tag_get(addr) ((u8)FIELD_GET(GENMASK_ULL(60, 57), (u64)addr))
> +#else
> +#define __tag_shifted(tag) 0UL
> +#define __tag_reset(addr) (addr)
> +#define __tag_get(addr) 0
> +#endif /* CONFIG_KASAN_SW_TAGS */
> +
> +#ifdef CONFIG_64BIT
> +static inline void *__tag_set(const void *__addr, u8 tag)
> +{
> + u64 addr = (u64)__addr;
> +
> + addr &= ~__tag_shifted(KASAN_TAG_BYTE_MASK);
> + addr |= __tag_shifted(tag & KASAN_TAG_BYTE_MASK);
> +
> + return (void *)addr;
> +}
> +#else
> +static inline void *__tag_set(void *__addr, u8 tag)
> +{
> + return __addr;
> +}
> +#endif
> +
> +#define arch_kasan_set_tag(addr, tag) __tag_set(addr, tag)
> +#define arch_kasan_reset_tag(addr) __tag_reset(addr)
> +#define arch_kasan_get_tag(addr) __tag_get(addr)
>
> #ifdef CONFIG_KASAN
> +
> void __init kasan_early_init(void);
> void __init kasan_init(void);
> void __init kasan_populate_shadow_for_vaddr(void *va, size_t size, int nid);
> @@ -34,8 +71,9 @@ static inline void kasan_early_init(void) { }
> static inline void kasan_init(void) { }
> static inline void kasan_populate_shadow_for_vaddr(void *va, size_t size,
> int nid) { }
> -#endif
>
> -#endif
> +#endif /* CONFIG_KASAN */
> +
> +#endif /* __ASSEMBLER__ */
>
> #endif
> diff --git a/include/linux/kasan-tags.h b/include/linux/kasan-tags.h
> index ad5c11950233..e4f26bec3673 100644
> --- a/include/linux/kasan-tags.h
> +++ b/include/linux/kasan-tags.h
> @@ -10,6 +10,8 @@
> #define KASAN_TAG_WIDTH 0
> #endif
>
> +#define KASAN_TAG_BYTE_MASK ((1UL << KASAN_TAG_WIDTH) - 1)
How about KASAN_TAG_BITS_MASK?
When KASAN_TAG_WIDTH == 4, the mask does not cover a whole byte.
> +
> #ifndef KASAN_TAG_KERNEL
> #define KASAN_TAG_KERNEL 0xFF /* native kernel pointers tag */
> #endif
> diff --git a/include/linux/mmzone.h b/include/linux/mmzone.h
> index 75ef7c9f9307..3839052121d4 100644
> --- a/include/linux/mmzone.h
> +++ b/include/linux/mmzone.h
> @@ -1177,7 +1177,7 @@ static inline bool zone_is_empty(const struct zone *zone)
> #define NODES_MASK ((1UL << NODES_WIDTH) - 1)
> #define SECTIONS_MASK ((1UL << SECTIONS_WIDTH) - 1)
> #define LAST_CPUPID_MASK ((1UL << LAST_CPUPID_SHIFT) - 1)
> -#define KASAN_TAG_MASK ((1UL << KASAN_TAG_WIDTH) - 1)
> +#define KASAN_TAG_MASK KASAN_TAG_BYTE_MASK
> #define ZONEID_MASK ((1UL << ZONEID_SHIFT) - 1)
>
> static inline enum zone_type memdesc_zonenum(memdesc_flags_t flags)
> --
> 2.52.0
>
>
On 2026-01-13 at 02:21:15 +0100, Andrey Konovalov wrote: >On Mon, Jan 12, 2026 at 6:27 PM Maciej Wieczor-Retman ><m.wieczorretman@pm.me> wrote: >> >> From: Maciej Wieczor-Retman <maciej.wieczor-retman@intel.com> >> diff --git a/include/linux/kasan-tags.h b/include/linux/kasan-tags.h >> index ad5c11950233..e4f26bec3673 100644 >> --- a/include/linux/kasan-tags.h >> +++ b/include/linux/kasan-tags.h >> @@ -10,6 +10,8 @@ >> #define KASAN_TAG_WIDTH 0 >> #endif >> >> +#define KASAN_TAG_BYTE_MASK ((1UL << KASAN_TAG_WIDTH) - 1) > >How about KASAN_TAG_BITS_MASK? > >When KASAN_TAG_WIDTH == 4, the mask does not cover a whole byte. Yes, I suppose that name makes more sense :) -- Kind regards Maciej Wieczór-Retman
© 2016 - 2026 Red Hat, Inc.