On Sat, Jan 31, 2026 at 10:42:35AM -0800, Kees Cook wrote:
> On Sat, Jan 31, 2026 at 10:39:42AM +0100, Salvatore Bonaccorso wrote:
> > Kees, Peter approached the Debian kernel list above to drop
> > CONFIG_UBSAN again, which, so I think we need to revert your
> > 6cfadabfe015 ("Enable UBSAN_BOUNDS and UBSAN_SHIFT"):
> > https://salsa.debian.org/kernel-team/linux/-/commit/6cfadabfe015fa0d659fc8e3efd495cbcae3e44e
> >
> > I have make a MR for our packaging for the change in
> > https://salsa.debian.org/kernel-team/linux/-/merge_requests/1804
>
> I am strongly opposed -- this undoes years of security flaw mitigation
> work and leaves Debian (and only Debian!) exposed to trivial array index
> overflows. The bounds sanitizer is the corner stone of memory safety
> for C, and is not some "experimental" feature. GCC has a long history
> of trouble with inlining, so this is not something unique to enabling
> this feature.
>
> I replied similarly to the PR. This would be a major mistake to disable.
Why the heck is bounds checking part of UBSAN? The simple fix here is to
get it out from CONFIG_UBSAN, so that CONFIG_UBSAN is debug only crap.
Notably, none of the UBSAN configs that tripped the optimization fail
even had bounds checking enabled.
