On Tue, Oct 10, 2023 at 11:12:35AM +0200, Borislav Petkov wrote:
On Tue, Oct 10, 2023 at 11:40:41AM +0300, Kirill A. Shutemov wrote:
__VIRTUAL_MASK_SHIFT used in many places. I don't think it is good idea to give up on patching completely.
Have you even looked at boot_cpu_has()'s asm?
Obviously not :/
Okay, as alternative, the patch below also make the issue go away.
But I am not sure it is fundamentaly better. boot_cpu_has() generates call to __asan_load8_noabort(). I think it only works because all KASAN code has ASAN instrumentation disabled.
diff --git a/arch/x86/include/asm/kasan.h b/arch/x86/include/asm/kasan.h index de75306b932e..bfe97013abb0 100644 --- a/arch/x86/include/asm/kasan.h +++ b/arch/x86/include/asm/kasan.h @@ -12,8 +12,15 @@ * for kernel really starts from compiler's shadow offset + * 'kernel address space start' >> KASAN_SHADOW_SCALE_SHIFT */ + +#ifdef USE_EARLY_PGTABLE_L5 +#define __KASAN_VIRT_SHIFT (__pgtable_l5_enabled ? 56 : 47) +#else +#define __KASAN_VIRT_SHIFT (boot_cpu_has(X86_FEATURE_LA57) ? 56 : 47) +#endif + #define KASAN_SHADOW_START (KASAN_SHADOW_OFFSET + \ - ((-1UL << __VIRTUAL_MASK_SHIFT) >> \ + ((-1UL << __KASAN_VIRT_SHIFT) >> \ KASAN_SHADOW_SCALE_SHIFT)) /* * 47 bits for kernel address -> (47 - KASAN_SHADOW_SCALE_SHIFT) bits for shadow