Re: [RFC PATCH] UBSan: run-time undefined behavior sanity checker
2014-10-24 12:31 GMT+04:00 y.gribov : >> Unaligned accesses disabled because they are allowed on some arches (see > HAVE_EFFICIENT_UNALIGNED_ACCESS). >> Another reason is that there are to many reports. Not because there are >> lot of bugs, but because >> there are many reports for one bug. > > A side note - unaligned accesses would prevent KASan from doing it's job > well because instrumentation code relies on address alignment when > performing the check. > I guess it only matters for inline instrumentation, right? Because in outline case I've taken care about unaligned accesses. We could do following trick in Kconfig: select HAVE_EFFICIENT_UNALIGNED_ACCESS if !KASAN This will prevent a lot of unaligned accesses, but surely not all of them -- Best regards, Andrey Ryabinin -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [RFC PATCH] UBSan: run-time undefined behavior sanity checker
On Tue, Oct 21, 2014 at 02:09:14PM +0400, Andrey Ryabinin wrote: > On 10/21/2014 01:47 PM, Peter Zijlstra wrote: > > On Mon, Oct 20, 2014 at 02:54:59PM +0400, Andrey Ryabinin wrote: > >> > >> UBSan uses compile-time instrumentation to catch undefined behavior (UB). > >> Compiler inserts code that perform certain kinds of > >> checks before operations that could cause UB. > >> If check fails (i.e. UB detected) __ubsan_handle_* function called. > >> to print error message. > >> > >> So the most of the work is done by compiler. > >> This patch just implements ubsan handlers printing errors. > >> > >> GCC supports this since 4.9, however upcoming GCC 5.0 has > >> more checkers implemented. > > > > It might be useful if you've got a link to the relevant GCC > > documentation of this new shiny stuf. > > > > Documentation is very brief (look for fsanitize=undefined): > https://gcc.gnu.org/onlinedocs/gcc/Debugging-Options.html > GCC 4.9.1 doc: > https://gcc.gnu.org/onlinedocs/gcc-4.9.1/gcc/Debugging-Options.html > > And there is an article which might be interesting: > http://developerblog.redhat.com/2014/10/16/gcc-undefined-behavior-sanitizer-ubsan/ Thanks, please consider including these in the changelog of future postings of this patch set. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [RFC PATCH] UBSan: run-time undefined behavior sanity checker
> Unaligned accesses disabled because they are allowed on some arches (see HAVE_EFFICIENT_UNALIGNED_ACCESS). > Another reason is that there are to many reports. Not because there are > lot of bugs, but because > there are many reports for one bug. A side note - unaligned accesses would prevent KASan from doing it's job well because instrumentation code relies on address alignment when performing the check. -Y -- View this message in context: http://linux-kernel.2935.n7.nabble.com/RFC-UBSan-run-time-undefined-behavior-sanity-checker-tp965203p968477.html Sent from the Linux Kernel mailing list archive at Nabble.com. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [RFC PATCH] UBSan: run-time undefined behavior sanity checker
On 10/22/2014 01:58 PM, Rasmus Villemoes wrote:
> On Mon, Oct 20 2014, Andrey Ryabinin wrote:
>
>> UBSan uses compile-time instrumentation to catch undefined behavior (UB).
>> Compiler inserts code that perform certain kinds of
>> checks before operations that could cause UB.
>> If check fails (i.e. UB detected) __ubsan_handle_* function called.
>> to print error message.
>>
>> So the most of the work is done by compiler.
>> This patch just implements ubsan handlers printing errors.
>>
>> GCC supports this since 4.9, however upcoming GCC 5.0 has
>> more checkers implemented.
>
> [...]
>
>> +
>> +#define REPORTED_BIT 31
>> +#define COLUMN_MASK (~(1U << REPORTED_BIT))
>> +
>> +static bool is_disabled(struct source_location *location)
>> +{
>> +return test_and_set_bit(REPORTED_BIT,
>> +(unsigned long *)&location->column);
>> +}
>
> [...]
>
>> +struct source_location {
>> +const char *file_name;
>> +u32 line;
>> +u32 column;
>> +};
>
>
> AFAICT, this introduces UB and/or memory corruption on big-endian
> systems with BITS_PER_LONG==64. (Also, on both LE and BE 64 bit systems,
> there's the issue of the alignment of location->column, which is likely
> to be 4-but-not-8 byte aligned).
>
You are right. This should fix it:
diff --git a/lib/ubsan.c b/lib/ubsan.c
index 7788f47..cfdf017 100644
--- a/lib/ubsan.c
+++ b/lib/ubsan.c
@@ -53,18 +53,24 @@ static bool handler_enabled(unsigned int handler)
}
#define REPORTED_BIT 31
-#define COLUMN_MASK (~(1U << REPORTED_BIT))
+
+#if (BITS_PER_LONG == 64) && defined(__BIG_ENDIAN)
+#define COLUMN_MASK (~(1U << REPORTED_BIT)
+#define LINE_MASK (~0U)
+#else
+#define COLUMN_MASK (~0U)
+#define LINE_MASK (~(1U << REPORTED_BIT))
+#endif
static bool is_disabled(struct source_location *location)
{
- return test_and_set_bit(REPORTED_BIT,
- (unsigned long *)&location->column);
+ return test_and_set_bit(REPORTED_BIT, &location->reported);
}
static void print_source_location(const char *prefix, struct source_location
*loc)
{
pr_err("%s %s:%d:%d\n", prefix, loc->file_name,
- loc->line, loc->column & COLUMN_MASK);
+ loc->line & LINE_MASK, loc->column & COLUMN_MASK);
}
static bool type_is_int(struct type_descriptor *type)
diff --git a/lib/ubsan.h b/lib/ubsan.h
index e2d8634..8965591 100644
--- a/lib/ubsan.h
+++ b/lib/ubsan.h
@@ -15,8 +15,13 @@ struct type_descriptor {
struct source_location {
const char *file_name;
- u32 line;
- u32 column;
+ union {
+ unsigned long reported;
+ struct {
+ u32 line;
+ u32 column;
+ };
+ };
};
struct overflow_data {
> Is the layout of struct source_location dictated by gcc?
>
Yes.
> Rasmus
>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Re: [RFC PATCH] UBSan: run-time undefined behavior sanity checker
On Mon, Oct 20 2014, Andrey Ryabinin wrote:
> UBSan uses compile-time instrumentation to catch undefined behavior (UB).
> Compiler inserts code that perform certain kinds of
> checks before operations that could cause UB.
> If check fails (i.e. UB detected) __ubsan_handle_* function called.
> to print error message.
>
> So the most of the work is done by compiler.
> This patch just implements ubsan handlers printing errors.
>
> GCC supports this since 4.9, however upcoming GCC 5.0 has
> more checkers implemented.
[...]
> +
> +#define REPORTED_BIT 31
> +#define COLUMN_MASK (~(1U << REPORTED_BIT))
> +
> +static bool is_disabled(struct source_location *location)
> +{
> + return test_and_set_bit(REPORTED_BIT,
> + (unsigned long *)&location->column);
> +}
[...]
> +struct source_location {
> + const char *file_name;
> + u32 line;
> + u32 column;
> +};
AFAICT, this introduces UB and/or memory corruption on big-endian
systems with BITS_PER_LONG==64. (Also, on both LE and BE 64 bit systems,
there's the issue of the alignment of location->column, which is likely
to be 4-but-not-8 byte aligned).
Is the layout of struct source_location dictated by gcc?
Rasmus
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Re: [RFC PATCH] UBSan: run-time undefined behavior sanity checker
On 10/20/14 03:54, Andrey Ryabinin wrote: > > diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug > index 4e35a5d..7dc9b89 100644 > --- a/lib/Kconfig.debug > +++ b/lib/Kconfig.debug > @@ -646,6 +646,29 @@ config DEBUG_SHIRQ > Drivers ought to be able to handle interrupts coming in at those > points; some don't and need to be caught. > > +config HAVE_ARCH_UBSAN_SANTIZE_ALL > + bool > + > +config UBSAN > + bool "Undefined behaviour sanity checker" > + help > + This option enables undefined behaviour sanity checker checker. > + Compile-time instrumentataion used to detect various undefined instrumentation is used > + behaviours in runtime. Different kinds of checks could be enabled prefer:may be enabled > + via boot parameter ubsan_handle (see: Documentation/ubsan.txt). > + (TODO: write docs). > + > +config UBSAN_SANITIZE_ALL > + bool "Enable instrumentation for the entire kernel" > + depends on UBSAN > + depends on HAVE_ARCH_UBSAN_SANTIZE_ALL > + default y > + help > + This option acitivates instrumentation for the entire kernel. activates > + If you don't enable this option, you have to explicitly specify > + UBSAN_SANITIZE := y for the files/directories you want to check for > UB. > + > + > menu "Debug Lockups and Hangs" > > config LOCKUP_DETECTOR -- ~Randy -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [RFC PATCH] UBSan: run-time undefined behavior sanity checker
On 10/21/2014 01:47 PM, Peter Zijlstra wrote: > On Mon, Oct 20, 2014 at 02:54:59PM +0400, Andrey Ryabinin wrote: >> >> UBSan uses compile-time instrumentation to catch undefined behavior (UB). >> Compiler inserts code that perform certain kinds of >> checks before operations that could cause UB. >> If check fails (i.e. UB detected) __ubsan_handle_* function called. >> to print error message. >> >> So the most of the work is done by compiler. >> This patch just implements ubsan handlers printing errors. >> >> GCC supports this since 4.9, however upcoming GCC 5.0 has >> more checkers implemented. > > It might be useful if you've got a link to the relevant GCC > documentation of this new shiny stuf. > Documentation is very brief (look for fsanitize=undefined): https://gcc.gnu.org/onlinedocs/gcc/Debugging-Options.html GCC 4.9.1 doc: https://gcc.gnu.org/onlinedocs/gcc-4.9.1/gcc/Debugging-Options.html And there is an article which might be interesting: http://developerblog.redhat.com/2014/10/16/gcc-undefined-behavior-sanitizer-ubsan/ -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [RFC PATCH] UBSan: run-time undefined behavior sanity checker
On Mon, Oct 20, 2014 at 02:54:59PM +0400, Andrey Ryabinin wrote: > > UBSan uses compile-time instrumentation to catch undefined behavior (UB). > Compiler inserts code that perform certain kinds of > checks before operations that could cause UB. > If check fails (i.e. UB detected) __ubsan_handle_* function called. > to print error message. > > So the most of the work is done by compiler. > This patch just implements ubsan handlers printing errors. > > GCC supports this since 4.9, however upcoming GCC 5.0 has > more checkers implemented. It might be useful if you've got a link to the relevant GCC documentation of this new shiny stuf. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [RFC PATCH] UBSan: run-time undefined behavior sanity checker
On 10/20/2014 11:35 PM, Sasha Levin wrote: > On 10/20/2014 06:54 AM, Andrey Ryabinin wrote: >> >> UBSan uses compile-time instrumentation to catch undefined behavior (UB). >> Compiler inserts code that perform certain kinds of >> checks before operations that could cause UB. >> If check fails (i.e. UB detected) __ubsan_handle_* function called. >> to print error message. >> >> So the most of the work is done by compiler. >> This patch just implements ubsan handlers printing errors. >> >> GCC supports this since 4.9, however upcoming GCC 5.0 has >> more checkers implemented. >> >> Different kinds of checks could be enabled via boot parameter: >> ubsan_handle=OEAINVBSLF. >> If ubsan_handle not present in cmdline default options are used: ELNVBSLF >> >> O - different kinds of overflows >> E - negation overflow, division overflow, division by zero. >> A - misaligned memory access. >> I - load from/store to an object with insufficient space. >> N - null argument declared with nonnull attribute, >>returned null from function which never returns null, null ptr >> dereference. >> V - variable size array with non-positive length >> B - out-of-bounds accesses. >> S - shifting out-of-bounds. >> L - load of invalid value (value out of range for the enum type, >> loading other then 0/1 to bool type) >> F - call to function through pointer with incorrect function type >> (AFAIK this is not implemented in gcc yet, probably works with >> clang, though >> I didn't check ubsan with clang at all). >> >> Instrumentation in kernel/printk/printk.c is disabled because struct >> printk_log is not properly aligned, >> therefore we are recursively taking logbuf_lock while trying to print error >> in __ubsan_handle*(). >> >> Signed-off-by: Andrey Ryabinin >> --- >> Makefile | 12 +- >> arch/x86/Kconfig | 1 + >> arch/x86/boot/Makefile| 1 + >> arch/x86/boot/compressed/Makefile | 1 + >> arch/x86/realmode/rm/Makefile | 1 + >> arch/x86/vdso/Makefile| 2 + >> drivers/firmware/efi/libstub/Makefile | 1 + >> include/linux/sched.h | 4 + >> kernel/printk/Makefile| 1 + >> lib/Kconfig.debug | 23 ++ >> lib/Makefile | 3 + >> lib/ubsan.c | 559 >> ++ >> lib/ubsan.h | 84 + >> scripts/Makefile.lib | 6 + >> 14 files changed, 698 insertions(+), 1 deletion(-) >> create mode 100644 lib/ubsan.c >> create mode 100644 lib/ubsan.h >> >> diff --git a/Makefile b/Makefile >> index 05d67af..d3e23f9 100644 >> --- a/Makefile >> +++ b/Makefile >> @@ -377,6 +377,9 @@ LDFLAGS_MODULE = >> CFLAGS_KERNEL = >> AFLAGS_KERNEL = >> CFLAGS_GCOV = -fprofile-arcs -ftest-coverage >> +CFLAGS_UBSAN= $(call cc-option, -fsanitize=undefined) \ >> +$(call cc-option, -fno-sanitize=unreachable) \ >> +$(call cc-option, -fno-sanitize=float-cast-overflow) > > What's the reason behind those two -fno-sanitize? Both not implemented. float-cast-overflow is for floating point arithmetic which we don't have in kernel. This could be removed safely without needing to implement __ubsan_handle_float_cast_overflow(). fsanitize=unreachable is for catching calls to __builtin_unreachable(). >> +config HAVE_ARCH_UBSAN_SANTIZE_ALL >> +bool >> + >> +config UBSAN >> +bool "Undefined behaviour sanity checker" >> +help >> + This option enables undefined behaviour sanity checker >> + Compile-time instrumentataion used to detect various undefined > instrumentation >> + behaviours in runtime. Different kinds of checks could be enabled >> + via boot parameter ubsan_handle (see: Documentation/ubsan.txt). >> + (TODO: write docs). >> + >> +config UBSAN_SANITIZE_ALL >> +bool "Enable instrumentation for the entire kernel" >> +depends on UBSAN >> +depends on HAVE_ARCH_UBSAN_SANTIZE_ALL >> +default y >> +help >> + This option acitivates instrumentation for the entire kernel. > activates >> + If you don't enable this option, you have to explicitly specify >> + UBSAN_SANITIZE := y for the files/directories you want to check for >> UB. >> + >> + > [snip > >> +/* By default enable everything except signed overflows and >> + * misaligned accesses >> + */ > > Why those two are disabled? Maybe we should be fixing them rather > than ignoring? > Signed overflows are disabled because they are allowed in linux kernel. Using -fno-strict-alliasing disables compiler's optimization based on assumption that signed overflow never happens. Though this option doesn't make signed overflows defined, it was proven by years that it just works. There is
Re: [RFC PATCH] UBSan: run-time undefined behavior sanity checker
On 10/20/2014 06:54 AM, Andrey Ryabinin wrote:
>
> UBSan uses compile-time instrumentation to catch undefined behavior (UB).
> Compiler inserts code that perform certain kinds of
> checks before operations that could cause UB.
> If check fails (i.e. UB detected) __ubsan_handle_* function called.
> to print error message.
>
> So the most of the work is done by compiler.
> This patch just implements ubsan handlers printing errors.
>
> GCC supports this since 4.9, however upcoming GCC 5.0 has
> more checkers implemented.
>
> Different kinds of checks could be enabled via boot parameter:
> ubsan_handle=OEAINVBSLF.
> If ubsan_handle not present in cmdline default options are used: ELNVBSLF
>
> O - different kinds of overflows
> E - negation overflow, division overflow, division by zero.
> A - misaligned memory access.
> I - load from/store to an object with insufficient space.
> N - null argument declared with nonnull attribute,
> returned null from function which never returns null, null ptr
> dereference.
> V - variable size array with non-positive length
> B - out-of-bounds accesses.
> S - shifting out-of-bounds.
> L - load of invalid value (value out of range for the enum type,
> loading other then 0/1 to bool type)
> F - call to function through pointer with incorrect function type
> (AFAIK this is not implemented in gcc yet, probably works with
> clang, though
> I didn't check ubsan with clang at all).
>
> Instrumentation in kernel/printk/printk.c is disabled because struct
> printk_log is not properly aligned,
> therefore we are recursively taking logbuf_lock while trying to print error
> in __ubsan_handle*().
>
> Signed-off-by: Andrey Ryabinin
> ---
> Makefile | 12 +-
> arch/x86/Kconfig | 1 +
> arch/x86/boot/Makefile| 1 +
> arch/x86/boot/compressed/Makefile | 1 +
> arch/x86/realmode/rm/Makefile | 1 +
> arch/x86/vdso/Makefile| 2 +
> drivers/firmware/efi/libstub/Makefile | 1 +
> include/linux/sched.h | 4 +
> kernel/printk/Makefile| 1 +
> lib/Kconfig.debug | 23 ++
> lib/Makefile | 3 +
> lib/ubsan.c | 559
> ++
> lib/ubsan.h | 84 +
> scripts/Makefile.lib | 6 +
> 14 files changed, 698 insertions(+), 1 deletion(-)
> create mode 100644 lib/ubsan.c
> create mode 100644 lib/ubsan.h
>
> diff --git a/Makefile b/Makefile
> index 05d67af..d3e23f9 100644
> --- a/Makefile
> +++ b/Makefile
> @@ -377,6 +377,9 @@ LDFLAGS_MODULE =
> CFLAGS_KERNEL=
> AFLAGS_KERNEL=
> CFLAGS_GCOV = -fprofile-arcs -ftest-coverage
> +CFLAGS_UBSAN = $(call cc-option, -fsanitize=undefined) \
> + $(call cc-option, -fno-sanitize=unreachable) \
> + $(call cc-option, -fno-sanitize=float-cast-overflow)
What's the reason behind those two -fno-sanitize?
[snip]
> +config HAVE_ARCH_UBSAN_SANTIZE_ALL
> + bool
> +
> +config UBSAN
> + bool "Undefined behaviour sanity checker"
> + help
> + This option enables undefined behaviour sanity checker
> + Compile-time instrumentataion used to detect various undefined
instrumentation
> + behaviours in runtime. Different kinds of checks could be enabled
> + via boot parameter ubsan_handle (see: Documentation/ubsan.txt).
> + (TODO: write docs).
> +
> +config UBSAN_SANITIZE_ALL
> + bool "Enable instrumentation for the entire kernel"
> + depends on UBSAN
> + depends on HAVE_ARCH_UBSAN_SANTIZE_ALL
> + default y
> + help
> + This option acitivates instrumentation for the entire kernel.
activates
> + If you don't enable this option, you have to explicitly specify
> + UBSAN_SANITIZE := y for the files/directories you want to check for
> UB.
> +
> +
[snip
> +/* By default enable everything except signed overflows and
> + * misaligned accesses
> + */
Why those two are disabled? Maybe we should be fixing them rather
than ignoring?
> +static unsigned long ubsan_handle = GENMASK(HANDLERS_END, 0) &
> + ~(BIT_MASK(SUM_OVERFLOW) | BIT_MASK(SUB_OVERFLOW) |
> + BIT_MASK(NEG_OVERFLOW) | BIT_MASK(ALIGNMENT));
> +
> +static void enable_handler(unsigned int handler)
> +{
> + set_bit(handler, &ubsan_handle);
> +}
> +
> +static bool handler_enabled(unsigned int handler)
> +{
> + return test_bit(handler, &ubsan_handle);
> +}
> +
> +#define REPORTED_BIT 31
> +#define COLUMN_MASK (~(1U << REPORTED_BIT))
> +
> +static bool is_disabled(struct source_location *location)
> +{
> + return test_and_set_bit(REPORTED_BIT,
> + (unsigned long *)&location->column);
> +}
> +
> +static void prin
[RFC PATCH] UBSan: run-time undefined behavior sanity checker
UBSan uses compile-time instrumentation to catch undefined behavior (UB). Compiler inserts code that perform certain kinds of checks before operations that could cause UB. If check fails (i.e. UB detected) __ubsan_handle_* function called. to print error message. So the most of the work is done by compiler. This patch just implements ubsan handlers printing errors. GCC supports this since 4.9, however upcoming GCC 5.0 has more checkers implemented. Different kinds of checks could be enabled via boot parameter: ubsan_handle=OEAINVBSLF. If ubsan_handle not present in cmdline default options are used: ELNVBSLF O - different kinds of overflows E - negation overflow, division overflow, division by zero. A - misaligned memory access. I - load from/store to an object with insufficient space. N - null argument declared with nonnull attribute, returned null from function which never returns null, null ptr dereference. V - variable size array with non-positive length B - out-of-bounds accesses. S - shifting out-of-bounds. L - load of invalid value (value out of range for the enum type, loading other then 0/1 to bool type) F - call to function through pointer with incorrect function type (AFAIK this is not implemented in gcc yet, probably works with clang, though I didn't check ubsan with clang at all). Instrumentation in kernel/printk/printk.c is disabled because struct printk_log is not properly aligned, therefore we are recursively taking logbuf_lock while trying to print error in __ubsan_handle*(). Signed-off-by: Andrey Ryabinin --- Makefile | 12 +- arch/x86/Kconfig | 1 + arch/x86/boot/Makefile| 1 + arch/x86/boot/compressed/Makefile | 1 + arch/x86/realmode/rm/Makefile | 1 + arch/x86/vdso/Makefile| 2 + drivers/firmware/efi/libstub/Makefile | 1 + include/linux/sched.h | 4 + kernel/printk/Makefile| 1 + lib/Kconfig.debug | 23 ++ lib/Makefile | 3 + lib/ubsan.c | 559 ++ lib/ubsan.h | 84 + scripts/Makefile.lib | 6 + 14 files changed, 698 insertions(+), 1 deletion(-) create mode 100644 lib/ubsan.c create mode 100644 lib/ubsan.h diff --git a/Makefile b/Makefile index 05d67af..d3e23f9 100644 --- a/Makefile +++ b/Makefile @@ -377,6 +377,9 @@ LDFLAGS_MODULE = CFLAGS_KERNEL = AFLAGS_KERNEL = CFLAGS_GCOV= -fprofile-arcs -ftest-coverage +CFLAGS_UBSAN = $(call cc-option, -fsanitize=undefined) \ + $(call cc-option, -fno-sanitize=unreachable) \ + $(call cc-option, -fno-sanitize=float-cast-overflow) # Use USERINCLUDE when you must reference the UAPI directories only. @@ -421,7 +424,7 @@ export MAKE AWK GENKSYMS INSTALLKERNEL PERL PYTHON UTS_MACHINE export HOSTCXX HOSTCXXFLAGS LDFLAGS_MODULE CHECK CHECKFLAGS export KBUILD_CPPFLAGS NOSTDINC_FLAGS LINUXINCLUDE OBJCOPYFLAGS LDFLAGS -export KBUILD_CFLAGS CFLAGS_KERNEL CFLAGS_MODULE CFLAGS_GCOV +export KBUILD_CFLAGS CFLAGS_KERNEL CFLAGS_MODULE CFLAGS_GCOV CFLAGS_UBSAN export KBUILD_AFLAGS AFLAGS_KERNEL AFLAGS_MODULE export KBUILD_AFLAGS_MODULE KBUILD_CFLAGS_MODULE KBUILD_LDFLAGS_MODULE export KBUILD_AFLAGS_KERNEL KBUILD_CFLAGS_KERNEL @@ -670,6 +673,13 @@ endif endif KBUILD_CFLAGS += $(stackp-flag) +ifdef CONFIG_UBSAN + ifeq ($(strip $(CFLAGS_UBSAN)),) +$(warning Cannot use CONFIG_UBSAN: \ + -fsanitize=undefined not supported by compiler) + endif +endif + ifeq ($(COMPILER),clang) KBUILD_CPPFLAGS += $(call cc-option,-Qunused-arguments,) KBUILD_CPPFLAGS += $(call cc-option,-Wno-unknown-warning-option,) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index f2327e8..b318fe8 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -55,6 +55,7 @@ config X86 select HAVE_FUNCTION_TRACER select HAVE_FUNCTION_GRAPH_TRACER select HAVE_FUNCTION_GRAPH_FP_TEST + select HAVE_ARCH_UBSAN_SANTIZE_ALL select HAVE_SYSCALL_TRACEPOINTS select SYSCTL_EXCEPTION_TRACE select HAVE_KVM diff --git a/arch/x86/boot/Makefile b/arch/x86/boot/Makefile index 5b016e2..95bf522 100644 --- a/arch/x86/boot/Makefile +++ b/arch/x86/boot/Makefile @@ -57,6 +57,7 @@ endif KBUILD_CFLAGS := $(USERINCLUDE) $(REALMODE_CFLAGS) -D_SETUP KBUILD_AFLAGS := $(KBUILD_CFLAGS) -D__ASSEMBLY__ GCOV_PROFILE := n +UBSAN_SANITIZE := n $(obj)/bzImage: asflags-y := $(SVGA_MODE) diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile index 704f58a..16940f8 100644 --- a/arch/x86/boot/compressed/Makefile +++ b/arch/x86/boot/compressed/Makefile @@ -19,6 +19,7 @@ KBUILD_CFLAGS += $(call cc-option,-fno-stack-protector) KBUILD_AF
