On Mon, Aug 20, 2018 at 02:00:25AM +0200, Eugeniu Rosca wrote: > Import Undefined Behavior SANitizer from Linux Kernel v4.18, as > implemented by Andrey Ryabinin <[email protected]>. > > Roughly, the UBSAN development history in Linux kernel looks like: > > $ git log --format="%h (\"%s\")" --no-merges -- "*ubsan*" > v4.18 3ca17b1f3628 ("lib/ubsan: remove null-pointer checks") > v4.17-rc1 317506009216 ("lib/test_ubsan.c: make > test_ubsan_misaligned_access() static") > v4.17-rc1 854686f4edf4 ("lib: add testing module for UBSAN") > v4.16-rc1 bac7a1fff792 ("lib/ubsan: remove returns-nonnull-attribute checks") > v4.16-rc1 42440c1f9911 ("lib/ubsan: add type mismatch handler for new > GCC/Clang") > v4.16-rc1 b8fe1120b4ba ("lib/ubsan.c: s/missaligned/misaligned/") > v4.14-rc8 b24413180f56 ("License cleanup: add SPDX GPL-2.0 license identifier > to files with no license") > v4.10-rc1 0462554707d6 ("Kconfig: lib/Kconfig.ubsan fix reference to ubsan > documentation") > v4.9-rc5 a76bcf557ef4 ("Kbuild: enable -Wmaybe-uninitialized warning for > "make W=1"") > v4.9-rc1 725c4d22bbc4 ("ubsan: allow to disable the null sanitizer") > v4.9-rc1 1ead009cd622 ("docs: sphinxify ubsan.txt and move it to dev-tools") > v4.8-rc1 901d805c33fc ("UBSAN: fix typo in format string") > v4.8-rc1 6e8d666e9253 ("Disable "maybe-uninitialized" warning globally") > v4.6-rc1 dde5cf39d4d2 ("ubsan: fix tree-wide -Wmaybe-uninitialized false > positives") > v4.5-rc4 7707535ab95e ("ubsan: cosmetic fix to Kconfig text") > v4.5-rc1 c6d308534aef ("UBSAN: run-time undefined behavior sanity checker") > > What's not interesting for U-Boot is: > - 317506009216 ("lib/test_ubsan.c: make test_ubsan_misaligned_access() > static") > - 854686f4edf4 ("lib: add testing module for UBSAN") > since they add a module-only test functionality. > - any Documentation commits. > > Since dump_stack() evaluates to NOOP in U-Boot, the UBSAN report > retains only the header from the original kernel report. > > As example, below is a UB found in U-Boot thanks to UBSAN: > > ==================================================================== > UBSAN: Undefined behaviour in drivers/net/phy/phy.c:728:19 > left shift of 1 by 31 places cannot be represented in type 'int' > ==================================================================== > > For comparison, below is a full-fledged kernel UBSAN report, based on > Linux kernel commit 0dfc0c792d69 ("iommu/vt-d: fix shift-out-of-bounds > in bug checking"): > > ================================================================================ > UBSAN: Undefined behaviour in drivers/iommu/dmar.c:1348:3 > shift exponent 64 is too large for 32-bit type 'int' > CPU: 2 PID: 0 Comm: swapper/2 Tainted: G U 4.17.0-rc1+ #89 > Hardware name: Dell Inc. OptiPlex 7040/0Y7WYT, BIOS 1.2.8 01/26/2016 > Call Trace: > <IRQ> > dump_stack+0x90/0xfb > ubsan_epilogue+0x9/0x40 > __ubsan_handle_shift_out_of_bounds+0x10e/0x170 > ? qi_flush_dev_iotlb+0x124/0x180 > ------[snip]----- > apic_timer_interrupt+0xf/0x20 > </IRQ> > RIP: 0010:poll_idle+0x60/0xe7 > RSP: 0018:ffffb1b201943e30 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 > RAX: 0000000080200000 RBX: 000000000000008e RCX: 000000000000001f > RDX: 0000000000000000 RSI: 000000002819aa06 RDI: 0000000000000000 > RBP: ffff9e93c6b33280 R08: 00000010f717d567 R09: 000000000010d205 > R10: ffffb1b201943df8 R11: 0000000000000001 R12: 00000000e01b169d > R13: 0000000000000000 R14: ffffffffb12aa400 R15: 0000000000000000 > cpuidle_enter_state+0xb4/0x470 > do_idle+0x222/0x310 > cpu_startup_entry+0x78/0x90 > start_secondary+0x205/0x2e0 > secondary_startup_64+0xa5/0xb0 > ================================================================================ > > To enable UBSAN, two prerequisites must be met from Kconfig perspective: > - ARCH has to select CONFIG_ARCH_HAS_UBSAN_SANITIZE_ALL > - defconfig has to enable CONFIG_UBSAN > > This commit selects CONFIG_ARCH_HAS_UBSAN_SANITIZE_ALL for SANDBOX and > ARM64 (r8a7795_salvator-x_defconfig is the only tested ARM64 platform). > No defconfig changes are expected, since UBSAN is a development (not > production) option. With CONFIG_UBSAN disabled, no functional change > is expected from this commit. > > The size increase of sanbox U-Boot (gcc 8.1.0): > $ size u-boot.sandbox.* > text data bss dec hex filename > 1234958 80048 291472 1606478 18834e u-boot.sandbox.default > 1422710 272240 291472 1986422 1e4f76 u-boot.sandbox.ubsan > +187752 +192192 0 +379944 > > The size increase of H3 Salvator-X U-Boot (aarch64-linux-gnu-gcc 7.2.1): > $ size u-boot.r8a7795-salvator-x.* > text data bss dec hex filename > 589954 23504 263984 877442 d6382 > u-boot.r8a7795-salvator-x.default > 810968 103304 263984 1178256 11fa90 u-boot.r8a7795-salvator-x.ubsan > +221014 +79800 0 +300814
Can we re-work this so that there isn't a size increase unless UBSAN is enabled? I ask since I think for a v2 we should be able to say more broadly that just about everyone can enable this, but only out of the box sandbox should. -- Tom
signature.asc
Description: PGP signature
_______________________________________________ U-Boot mailing list [email protected] https://lists.denx.de/listinfo/u-boot
