https://lwn.net/Articles/766768/ This is a special feed containing comments posted to the individual LWN article titled "Software-tag-based KASAN". en-us Tue, 07 Oct 2025 00:13:32 +0000 Tue, 07 Oct 2025 00:13:32 +0000 https://www.rssboard.org/rss-specification lwn@lwn.net https://lwn.net/Articles/769315/ https://lwn.net/Articles/769315/ mcortese <div class="FormattedComment"> Right. However you shouldn't worry about two unrelated pointers sharing the same tag. You should wonder what's the probability of one pointer gone rogue pointing out of its original bounds into the range of another pointer, and *those* two pointers sharing the same tag.<br> </div> Tue, 23 Oct 2018 20:17:38 +0000 https://lwn.net/Articles/767644/ https://lwn.net/Articles/767644/ Wol <div class="FormattedComment"> <font class="QuotedText">&gt; I'm pretty certain that the kernel can have more then 256 live allocations at any given time, hence, tag collisions are guaranteed to happen even when regarding "about 4 collisions in 1000 allocations" as "small probability" (doesn't seem small to me).</font><br> <p> If you've only got 256 possible tag values, then I would think that the probability of a collision is more than 50% with just 25 live allocations. Think birthday paradox.<br> <p> You only need 30 people, chosen at random, for the chances of two of them sharing a birthday to go over 50%. That's 30 people, 365 days, and a collision. Extrapolating (yes I know that's very dangerous with statistics), I would guess that once a hash table is over 10% full, the chances of a collision go over 50%.<br> <p> Cheers,<br> Wol<br> </div> Thu, 04 Oct 2018 22:22:29 +0000 https://lwn.net/Articles/767425/ https://lwn.net/Articles/767425/ mtaht <div class="FormattedComment"> One of the stumbling blocks on the Mill cpu's compiler (which has tagged pointers also), was that llvm considered long ints and pointers to be equivalent in various stages of the optimizer. Is this fixed now in llvm 7?<br> </div> Tue, 02 Oct 2018 11:07:21 +0000 https://lwn.net/Articles/767312/ https://lwn.net/Articles/767312/ cmarinas <div class="FormattedComment"> That's x86, on arm64 we can still build the kernel without asm goto (albeit a small performance degradation).<br> </div> Mon, 01 Oct 2018 13:00:38 +0000 https://lwn.net/Articles/767269/ https://lwn.net/Articles/767269/ rweikusat2 <div class="FormattedComment"> I'm pretty certain that the kernel can have more then 256 live allocations at any given time, hence, tag collisions are guaranteed to happen even when regarding "about 4 collisions in 1000 allocations" as "small probability" (doesn't seem small to me). And there's of course Knuth's classic statement that a arbitrarily long sequence of twos is a perfectly random sequence. This means if this mechanism considers an access valid, there's absolutely no way to determine that it's actually valid short of examining the code for correct pointer usages. And if this was such an easy thing to do, surely, there shouldn't be any incorrect pointer uses.<br> <p> </div> Sun, 30 Sep 2018 15:42:46 +0000 https://lwn.net/Articles/766981/ https://lwn.net/Articles/766981/ NHO <div class="FormattedComment"> I thought ASM goto caused kernel to stop building with Clang. It's restored with Clang 7?<br> </div> Thu, 27 Sep 2018 17:26:47 +0000 https://lwn.net/Articles/766978/ https://lwn.net/Articles/766978/ stonedown <div class="FormattedComment"> I really appreciate articles like this, which are helpful for those of us debugging embedded systems.<br> </div> Thu, 27 Sep 2018 17:16:33 +0000 https://lwn.net/Articles/766845/ https://lwn.net/Articles/766845/ Cyberax <div class="FormattedComment"> <font class="QuotedText">&gt; rather larger than is actually needed on current systems, even if a web browser is running.</font><br> LOL<br> </div> Thu, 27 Sep 2018 00:01:08 +0000