On Thu, Feb 18, 2021 at 8:46 PM David Hildenbrand [off-list ref] wrote:

quoted

1. For KASAN_GENERIC: leave everything as is to be able to detect
these boot-time bugs.

2. For KASAN_SW_TAGS: remove boot-time poisoning via
kasan_free_pages(), but use the "invalid" tag as the default shadow
value. The end result should be the same: bad accesses will be
detected. For unallocated memory as it has the default "invalid" tag,
and for allocated memory as it's poisoned properly when
allocated/freed.

3. For KASAN_HW_TAGS: just remove boot-time poisoning via
kasan_free_pages(). As the memory tags have a random unspecified
value, we'll still have a 15/16 chance to detect a memory corruption.

This also makes sense from the performance perspective: KASAN_GENERIC
isn't meant to be running in production, so having a larger perf
impact is acceptable. The other two modes will be faster.

Sounds in principle sane to me.

I'll post a v2 soon, thanks!

Side note: I am not sure if anybody runs KASAN in production. Memory is
expensive. Feel free to prove me wrong, I'd be very interest in actual
users.

We run KASAN_SW_TAGS on some dogfood testing devices, and
KASAN_HW_TAGS is being developed with the goal to be running in
production.