Re: [PATCH v2 2/3] kasan: skip HW tagging for all kernel thread stacks

Next message: John Groves: "Re: [PATCH V10 00/10] famfs: port into fuse"
Previous message: Sina Hassani: "[PATCH v4] Fixes a race in iopt_unmap_iova_range"
In reply to: Catalin Marinas: "Re: [PATCH v2 2/3] kasan: skip HW tagging for all kernel thread stacks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Catalin Marinas

Date: Fri Apr 10 2026 - 14:37:27 EST

On Fri, Apr 10, 2026 at 07:32:23PM +0100, Catalin Marinas wrote:
> What the original approach might help with is use-after-realloc in case
> we had a tagged pointer in a past life of a page and it still works now.
> Oh well, that's I guess for other types of hardening to address like
> delayed reallocation.

Another thought (for a separate series) - we could try to map the stack
as Untagged (unless stack tagging is enabled; needs compiler
instrumentation) and enable canonical tag checking (newer addition to
MTE). This way, any stray tagged pointer won't work on the stack since
it needs a 0xf tag (canonical).

--
Catalin