On Mon, 21 Sep 2020 at 09:51, George-Aurelian Popescu <georgep...@google.com> wrote: > > From: George Popescu <georgep...@android.com> > > When the kernel is compiled with Clang, -fsanitize=bounds expands to > -fsanitize=array-bounds and -fsanitize=local-bounds. > > Enabling -fsanitize=local-bounds with Clang has the unfortunate > side-effect of inserting traps; this goes back to its original intent, > which was as a hardening and not a debugging feature [1]. The same feature > made its way into -fsanitize=bounds, but the traps remained. For that > reason, -fsanitize=bounds was split into 'array-bounds' and > 'local-bounds' [2]. > > Since 'local-bounds' doesn't behave like a normal sanitizer, enable > it with Clang only if trapping behaviour was requested by > CONFIG_UBSAN_TRAP=y. > > Add the UBSAN_LOCAL_BOUNDS config to Kconfig.ubsan to enable the > 'local-bounds' option by default when UBSAN_TRAP is enabled. > > [1] http://lists.llvm.org/pipermail/llvm-dev/2012-May/049972.html > [2] > http://lists.llvm.org/pipermail/cfe-commits/Week-of-Mon-20131021/091536.html > > Suggested-by: Marco Elver <el...@google.com> > Reviewed-by: David Brazdil <dbraz...@google.com> > Signed-off-by: George Popescu <georgep...@android.com>
Reviewed-by: Marco Elver <el...@google.com> Thank you! > --- > v1: changed the name of the config to UBSAN_LOCAL_BOUNDS in Kconfig This version is v2, so this should have said "v2: <summary of what changed>". The subject should have said "PATCH v2" (you can get this by passing --reroll-count=2 to git). (I also see you fixed the the Signed-off-by/From inconsistency.) > --- > --- > lib/Kconfig.ubsan | 14 ++++++++++++++ > scripts/Makefile.ubsan | 10 +++++++++- > 2 files changed, 23 insertions(+), 1 deletion(-) > > diff --git a/lib/Kconfig.ubsan b/lib/Kconfig.ubsan > index 774315de555a..58f8d03d037b 100644 > --- a/lib/Kconfig.ubsan > +++ b/lib/Kconfig.ubsan > @@ -47,6 +47,20 @@ config UBSAN_BOUNDS > to the {str,mem}*cpy() family of functions (that is addressed > by CONFIG_FORTIFY_SOURCE). > > +config UBSAN_LOCAL_BOUNDS > + bool "Perform array local bounds checking" > + depends on UBSAN_TRAP > + depends on CC_IS_CLANG > + depends on !UBSAN_KCOV_BROKEN > + help > + This option enables -fsanitize=local-bounds which traps when an > + exception/error is detected. Therefore, it should be enabled only > + if trapping is expected. > + Enabling this option detects errors due to accesses through a > + pointer that is derived from an object of a statically-known size, > + where an added offset (which may not be known statically) is > + out-of-bounds. > + > config UBSAN_MISC > bool "Enable all other Undefined Behavior sanity checks" > default UBSAN > diff --git a/scripts/Makefile.ubsan b/scripts/Makefile.ubsan > index 27348029b2b8..4e3fff0745e8 100644 > --- a/scripts/Makefile.ubsan > +++ b/scripts/Makefile.ubsan > @@ -4,7 +4,15 @@ ifdef CONFIG_UBSAN_ALIGNMENT > endif > > ifdef CONFIG_UBSAN_BOUNDS > - CFLAGS_UBSAN += $(call cc-option, -fsanitize=bounds) > + ifdef CONFIG_CC_IS_CLANG > + CFLAGS_UBSAN += -fsanitize=array-bounds > + else > + CFLAGS_UBSAN += $(call cc-option, -fsanitize=bounds) > + endif > +endif > + > +ifdef CONFIG_UBSAN_LOCAL_BOUNDS > + CFLAGS_UBSAN += -fsanitize=local-bounds > endif > > ifdef CONFIG_UBSAN_MISC > -- > 2.28.0.681.g6f77f65b4e-goog >