]> git-server-git.apps.pok.os.sepia.ceph.com Git - ceph-client.git/commitdiff
projects / ceph-client.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 6de23f8)
mm/kfence: disable KFENCE upon KASAN HW tags enablement
authorAlexander Potapenko <glider@google.com>
Fri, 13 Feb 2026 09:54:10 +0000 (10:54 +0100)
committerAndrew Morton <akpm@linux-foundation.org>
Tue, 24 Feb 2026 19:13:25 +0000 (11:13 -0800)
KFENCE does not currently support KASAN hardware tags.  As a result, the
two features are incompatible when enabled simultaneously.

Given that MTE provides deterministic protection and KFENCE is a
sampling-based debugging tool, prioritize the stronger hardware
protections.  Disable KFENCE initialization and free the pre-allocated
pool if KASAN hardware tags are detected to ensure the system maintains
the security guarantees provided by MTE.

Link: https://lkml.kernel.org/r/20260213095410.1862978-1-glider@google.com
Fixes: 0ce20dd84089 ("mm: add Kernel Electric-Fence infrastructure")
Signed-off-by: Alexander Potapenko <glider@google.com>
Suggested-by: Marco Elver <elver@google.com>
Reviewed-by: Marco Elver <elver@google.com>
Cc: Andrey Konovalov <andreyknvl@gmail.com>
Cc: Andrey Ryabinin <ryabinin.a.a@gmail.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: Ernesto Martinez Garcia <ernesto.martinezgarcia@tugraz.at>
Cc: Greg KH <gregkh@linuxfoundation.org>
Cc: Kees Cook <kees@kernel.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
mm/kfence/core.c patch | blob | history

diff --git a/mm/kfence/core.c b/mm/kfence/core.c
index b4ea3262c925f65b5519b70fc981d63a02f80ccb..b5aedf505cecc9587a2ff46ace3018d88d47ae56 100644 (file)
--- a/mm/kfence/core.c
+++ b/mm/kfence/core.c
@@ -13,6 +13,7 @@
 #include <linux/hash.h>
 #include <linux/irq_work.h>
 #include <linux/jhash.h>
+#include <linux/kasan-enabled.h>
 #include <linux/kcsan-checks.h>
 #include <linux/kfence.h>
 #include <linux/kmemleak.h>
@@ -916,6 +917,20 @@ void __init kfence_alloc_pool_and_metadata(void)
        if (!kfence_sample_interval)
                return;
 
+       /*
+        * If KASAN hardware tags are enabled, disable KFENCE, because it
+        * does not support MTE yet.
+        */
+       if (kasan_hw_tags_enabled()) {
+               pr_info("disabled as KASAN HW tags are enabled\n");
+               if (__kfence_pool) {
+                       memblock_free(__kfence_pool, KFENCE_POOL_SIZE);
+                       __kfence_pool = NULL;
+               }
+               kfence_sample_interval = 0;
+               return;
+       }
+
        /*
         * If the pool has already been initialized by arch, there is no need to
         * re-allocate the memory pool.
Unnamed repository; edit this file 'description' to name the repository.