From 435e2a6a6c8ba8d0eb55f9aaade53e7a3957322b Mon Sep 17 00:00:00 2001 From: Andrey Konovalov Date: Wed, 11 Jan 2023 02:19:46 +0100 Subject: [PATCH] ANDROID: gki_defconfig: sample large page_alloc allocations with HW_TAGS KASAN Add kasan.page_alloc.sample=10 to CONFIG_CMDLINE in gki_defconfig to make Hardware Tag-Based (MTE) KASAN tag only one out of every 10 page_alloc allocations with the order equal or larger than 3, which the omitted default value for the kasan.page_alloc.sample.order parameter. As Hardware Tag-Based KASAN is intended to be used in production, its performance impact is crucial. As page_alloc allocations tend to be big, tagging and checking all such allocations can introduce a significant slowdown. When running a local loopback test on a testing MTE-enabled device in sync mode, enabling Hardware Tag-Based KASAN introduces a ~50% slowdown. Setting kasan.page_alloc.sampling to a value higher than 1 allows to lower the slowdown. The performance improvement saturates around the sampling interval value of 10 with the default sampling page order of 3, see b/238286329. This lowers the slowdown to ~20%. The slowdown in real scenarios involving the network will likely be better. Enabling page_alloc sampling has a downside: KASAN misses bad accesses to a page_alloc allocation that has not been tagged. This lowers the value of KASAN as a security mitigation. However, based on measuring the number of page_alloc allocations of different orders during boot in a test build, sampling with the default kasan.page_alloc.sample.order value affects only ~7% of allocations. The rest ~93% of allocations are still checked deterministically. Bug: 238286329 Bug: 264310057 Change-Id: Idfc8600d1f7cc7af28482ff2c8e8ad5ad5948058 Signed-off-by: Andrey Konovalov --- arch/arm64/configs/gki_defconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm64/configs/gki_defconfig b/arch/arm64/configs/gki_defconfig index e6836ce9c0c2..364672cccecc 100644 --- a/arch/arm64/configs/gki_defconfig +++ b/arch/arm64/configs/gki_defconfig @@ -57,7 +57,7 @@ CONFIG_CP15_BARRIER_EMULATION=y CONFIG_SETEND_EMULATION=y CONFIG_RANDOMIZE_BASE=y # CONFIG_RANDOMIZE_MODULE_REGION_FULL is not set -CONFIG_CMDLINE="console=ttynull stack_depot_disable=on cgroup_disable=pressure kasan.stacktrace=off kvm-arm.mode=protected bootconfig ioremap_guard" +CONFIG_CMDLINE="console=ttynull stack_depot_disable=on cgroup_disable=pressure kasan.page_alloc.sample=10 kasan.stacktrace=off kvm-arm.mode=protected bootconfig ioremap_guard" CONFIG_CMDLINE_EXTEND=y # CONFIG_DMI is not set CONFIG_PM_WAKELOCKS=y