0001 KASAN is supported on powerpc on 32-bit and Radix 64-bit only.
0002
0003 32 bit support
0004 ==============
0005
0006 KASAN is supported on both hash and nohash MMUs on 32-bit.
0007
0008 The shadow area sits at the top of the kernel virtual memory space above the
0009 fixmap area and occupies one eighth of the total kernel virtual memory space.
0010
0011 Instrumentation of the vmalloc area is optional, unless built with modules,
0012 in which case it is required.
0013
0014 64 bit support
0015 ==============
0016
0017 Currently, only the radix MMU is supported. There have been versions for hash
0018 and Book3E processors floating around on the mailing list, but nothing has been
0019 merged.
0020
0021 KASAN support on Book3S is a bit tricky to get right:
0022
0023 - It would be good to support inline instrumentation so as to be able to catch
0024 stack issues that cannot be caught with outline mode.
0025
0026 - Inline instrumentation requires a fixed offset.
0027
0028 - Book3S runs code with translations off ("real mode") during boot, including a
0029 lot of generic device-tree parsing code which is used to determine MMU
0030 features.
0031
0032 - Some code - most notably a lot of KVM code - also runs with translations off
0033 after boot.
0034
0035 - Therefore any offset has to point to memory that is valid with
0036 translations on or off.
0037
0038 One approach is just to give up on inline instrumentation. This way boot-time
0039 checks can be delayed until after the MMU is set is up, and we can just not
0040 instrument any code that runs with translations off after booting. This is the
0041 current approach.
0042
0043 To avoid this limitiation, the KASAN shadow would have to be placed inside the
0044 linear mapping, using the same high-bits trick we use for the rest of the linear
0045 mapping. This is tricky:
0046
0047 - We'd like to place it near the start of physical memory. In theory we can do
0048 this at run-time based on how much physical memory we have, but this requires
0049 being able to arbitrarily relocate the kernel, which is basically the tricky
0050 part of KASLR. Not being game to implement both tricky things at once, this
0051 is hopefully something we can revisit once we get KASLR for Book3S.
0052
0053 - Alternatively, we can place the shadow at the _end_ of memory, but this
0054 requires knowing how much contiguous physical memory a system has _at compile
0055 time_. This is a big hammer, and has some unfortunate consequences: inablity
0056 to handle discontiguous physical memory, total failure to boot on machines
0057 with less memory than specified, and that machines with more memory than
0058 specified can't use it. This was deemed unacceptable.
