| Message ID | 20250414-drop-default-ubsan-integer-wrap-v1-1-392522551d6b@kernel.org (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | lib/Kconfig.ubsan: Remove 'default UBSAN' from UBSAN_INTEGER_WRAP | expand |
On Mon, 14 Apr 2025 15:00:59 -0700, Nathan Chancellor wrote: > CONFIG_UBSAN_INTEGER_WRAP is 'default UBSAN', which is problematic for a > couple of reasons. > > The first is that this sanitizer is under active development on the > compiler side to come up with a solution that is maintainable on the > compiler side and usable on the kernel side. As a result of this, there > are many warnings when the sanitizer is enabled that have no clear path > to resolution yet but users may see them and report them in the meantime. > > [...] Applied to for-linus/hardening, thanks! [1/1] lib/Kconfig.ubsan: Remove 'default UBSAN' from UBSAN_INTEGER_WRAP https://git.kernel.org/kees/c/dcf165123e7f Take care,
diff --git a/lib/Kconfig.ubsan b/lib/Kconfig.ubsan index 4216b3a4ff21..f6ea0c5b5da3 100644 --- a/lib/Kconfig.ubsan +++ b/lib/Kconfig.ubsan @@ -118,7 +118,6 @@ config UBSAN_UNREACHABLE config UBSAN_INTEGER_WRAP bool "Perform checking for integer arithmetic wrap-around" - default UBSAN depends on !COMPILE_TEST depends on $(cc-option,-fsanitize-undefined-ignore-overflow-pattern=all) depends on $(cc-option,-fsanitize=signed-integer-overflow)
CONFIG_UBSAN_INTEGER_WRAP is 'default UBSAN', which is problematic for a couple of reasons. The first is that this sanitizer is under active development on the compiler side to come up with a solution that is maintainable on the compiler side and usable on the kernel side. As a result of this, there are many warnings when the sanitizer is enabled that have no clear path to resolution yet but users may see them and report them in the meantime. The second is that this option was renamed from CONFIG_UBSAN_SIGNED_WRAP, meaning that if a configuration has CONFIG_UBSAN=y but CONFIG_UBSAN_SIGNED_WRAP=n and it is upgraded via olddefconfig (common in non-interactive scenarios such as CI), CONFIG_UBSAN_INTEGER_WRAP will be silently enabled again. Remove 'default UBSAN' from CONFIG_UBSAN_INTEGER_WRAP until it is ready for regular usage and testing from a broader community than the folks actively working on the feature. Cc: stable@vger.kernel.org Fixes: 557f8c582a9b ("ubsan: Reintroduce signed overflow sanitizer") Signed-off-by: Nathan Chancellor <nathan@kernel.org> --- lib/Kconfig.ubsan | 1 - 1 file changed, 1 deletion(-) --- base-commit: 26fe62cc5e8420d5c650d6b86fee061952d348cd change-id: 20250414-drop-default-ubsan-integer-wrap-bf0eb6efb29b Best regards,