On 08/12/25 at 07:14pm, Andrey Konovalov wrote: > On Tue, Aug 12, 2025 at 6:57 PM Andrey Konovalov <[email protected]> wrote: > > > > On Tue, Aug 12, 2025 at 2:49 PM Baoquan He <[email protected]> wrote: > > > > > > Currently only hw_tags mode of kasan can be enabled or disabled with > > > kernel parameter kasan=on|off for built kernel. For kasan generic and > > > sw_tags mode, there's no way to disable them once kernel is built. > > > This is not convenient sometime, e.g in system kdump is configured. > > > When the 1st kernel has KASAN enabled and crash triggered to switch to > > > kdump kernel, the generic or sw_tags mode will cost much extra memory > > > for kasan shadow while in fact it's meaningless to have kasan in kdump > > > kernel. > > > > > > So this patchset moves the kasan=on|off out of hw_tags scope and into > > > common code to make it visible in generic and sw_tags mode too. Then we > > > can add kasan=off in kdump kernel to reduce the unneeded meomry cost for > > > kasan. > > > > Hi Baoquan, > > > > Could you clarify what are you trying to achieve by disabling > > Generic/SW_TAGS KASAN via command-line? Do you want not to see any > > KASAN reports produced? Or gain back the performance? > > > > Because for the no reports goal, it would be much easier to add a > > command-line parameter to silent the reports. > > > > And the performance goal can only be partially achieved, as you cannot > > remove the compiler instrumentation without rebuilding the kernel. > > (What are the boot times for KASAN_GENERIC=n vs KASAN_GENERIC=y + > > kasan=off vs KASAN_GENERIC=y btw?) > >
Thanks a lot for checking this. > > Ah, you don't want the shadow memory for kdump, sorry, I somehow missed that. Yeah, for kdump kernel, the shadow is a heavy burden, and most importantly kasan is useless for kdump. We don't want to capture a kernel memory bug through kdump kernel running becuase kdump is a debugging mechanism. > > I'm not familiar with the internals of kdump, but would it be > possible/reasonable to teach kdump to ignore the KASAN shadow region? Yes, we can teach kdump to do that. Then people may hate those conditional check "if (is_kdump_kernel())" being added in kasan code. E.g even though we skip kasan_init(), we still need to check is_kdump_kernel() in kasan_populate_vmalloc(), right? Combined with the existing kasan_arch_is_ready(), it will make kasan code ugly. I planned to add kasan_enabled() via static key kasan_flag_enabled, then it can also easily remove kasan_arch_is_ready() cleanly.
