From patchwork Thu Dec 3 00:44:31 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 11947367 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-20.2 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5C108C83014 for ; Thu, 3 Dec 2020 00:45:51 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 13746221FB for ; Thu, 3 Dec 2020 00:45:51 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727352AbgLCAph (ORCPT ); Wed, 2 Dec 2020 19:45:37 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53734 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726929AbgLCAp2 (ORCPT ); Wed, 2 Dec 2020 19:45:28 -0500 Received: from mail-pf1-x443.google.com (mail-pf1-x443.google.com [IPv6:2607:f8b0:4864:20::443]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 98F84C0617A7 for ; Wed, 2 Dec 2020 16:44:48 -0800 (PST) Received: by mail-pf1-x443.google.com with SMTP id b10so149460pfo.4 for ; Wed, 02 Dec 2020 16:44:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=mRr7mYLqkJh9ZS5e88iIisISPz90UDtap+MXccYRY0c=; b=Cu3txwmM9L0Et0fJH8IoAet6yyQ45awEeS2IvEN9eZ3t+2BUdTbcGdjV6zQL50F6z2 BepwR5GGPU4tUfeIemqLYZGa01qWnISnY/bgQjRqIcs8dvpt8kxFWwXwBPcz3k6IAjBt ktY1ul4dKagosMycRI0EML92cS4vRAfGIuoZ0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=mRr7mYLqkJh9ZS5e88iIisISPz90UDtap+MXccYRY0c=; b=E8TmuqBoj3DETDhDNGXErtQv2Wn/bmZ5eF7sJmXA57chsy9EpUXcyjyAINukSUinBX idRiiwoPWlP8KBqwI6I6Vo2sa3H01ccbkTO1takRbDy5Zowin1FKmeU5AIOWBtcYrAMS P0/EYyrcSJSkr6HEdeCdJ6QbhFFGGP8ryNr3FMJHFJORoKnzY20eoggUblBZt9sMpLSJ bL4I86C8eTHDWWPakVkIH+T0MLA7K9KAuv86mhjxJN/z8U8ySwh0MoXia5igutDz5fi9 DVDA3OKnDcNYawwnt2MH97gd1UMsX4caZ78pgFt35zttmnsbnYy0IgG3xgP1wPwUh2vD NYLA== X-Gm-Message-State: AOAM531q5BaU9REmCPAZxLWOf+4vZE8/ywCjqjq/D//x+MQBsf4g1pP4 Cfo8xUOipvBAAVvYzzUE9zdLF3s9Qi2lfooH X-Google-Smtp-Source: ABdhPJwdDXWg2OKGgjRlcJO+km1WMMWpfuYnvRzFihiv5/Yr6V3754zxNcB71q0sVnOmBJf9S7gO3g== X-Received: by 2002:a62:8c08:0:b029:197:491c:bab1 with SMTP id m8-20020a628c080000b0290197491cbab1mr792967pfd.49.1606956288226; Wed, 02 Dec 2020 16:44:48 -0800 (PST) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id k1sm184483pgm.21.2020.12.02.16.44.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 02 Dec 2020 16:44:46 -0800 (PST) From: Kees Cook To: Andrew Morton Cc: Kees Cook , Linus Torvalds , Ard Biesheuvel , Arnd Bergmann , Masahiro Yamada , Michal Marek , Nathan Chancellor , Nick Desaulniers , Marco Elver , Randy Dunlap , Dmitry Vyukov , George Popescu , Herbert Xu , Peter Oberparleiter , Andrey Ryabinin , clang-built-linux@googlegroups.com, linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v2 1/7] ubsan: Remove redundant -Wno-maybe-uninitialized Date: Wed, 2 Dec 2020 16:44:31 -0800 Message-Id: <20201203004437.389959-2-keescook@chromium.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20201203004437.389959-1-keescook@chromium.org> References: <20201203004437.389959-1-keescook@chromium.org> MIME-Version: 1.0 X-Patch-Hashes: v=1; h=sha256; g=2428e02de8b30f15f15bc076dd88e170ee9eea11; i=tpvA3+fDxfvnjYyYEKdmdqLWx/khXLfRHgeeHKGh3Vo=; m=OMBuArH9nHFHNkTHOfr/Yb/WsrRHnLzoto2YCF8BEV8=; p=EMeFqCFTi1hC44l8oQ2Bi9blFo1D8E+67Yi9oa+iGTQ= X-Patch-Sig: m=pgp; i=keescook@chromium.org; s=0x0x8972F4DFDC6DC026; b=iQIzBAABCgAdFiEEpcP2jyKd1g9yPm4TiXL039xtwCYFAl/INPMACgkQiXL039xtwCZx2g//QBg FTuWhD0o/zTNyMw/Qi9B+fGJLdV7PU0UJcWeheVINnp5Glwm6ycnOs71nNBqYzAwL8xWBJ79QEaRi DgQGlEItQQbq6NkkdnMk7eYUJJPeiDDcRBHYPZIsKS37llGUmhLCoMHDAPeLpWVOgRd7vH3yGFMw8 eTQTMszn6DXNhGx9s8mNGvK/nR8L5Vqncnw3s2zAENb9TpMUnasUbK9IKarPEmob4opb2UYI0clVr AnnuK/HO0Cnn1+zXSJbiwuiCGy3xBacnxhSUm78iNCjkIOau7X7H6qvUAj/cu6OxsYbY4OzCFYmLS sdBtaCRhwwBAXIFHuif85o0WX1rLRv8XsFPDXjbP1JA7K/RPnHPgSgVu69DXr6e0RXM2VhATpzECI 0v5NuhVqhYovZOGEb+QH2I+UJNFBND/8j3Rygr5YivuRVNfoKGFnkRFg9Zxe7xteFDHNLXMcYa48w ZlXZskdEcKlSbCwchYuPOVHsrvwKp6yjwCuejp/otAU3xl5NWVwN2gfOlFn7RbuTGo4L7kBSXVMb3 zPZhMm1sTKqUDM6F/0S9uq7z3KaqTqpmic6qEGM1MTZgn21MhB2XqpbwM01jj9fuokKxAtGFQ9pgO bwL1j50imJgh62z2kNREDuY0zMe98wZzmUGJn4ICZCMUXXYma5yVUpZ2ljoFrw1o= Precedence: bulk List-ID: X-Mailing-List: linux-kbuild@vger.kernel.org In commit 78a5255ffb6a ("Stop the ad-hoc games with -Wno-maybe-initialized") -Wmaybe-uninitialized was disabled globally, so keeping the disabling logic here too doesn't make sense. Signed-off-by: Kees Cook --- lib/Kconfig.ubsan | 4 ---- scripts/Makefile.ubsan | 4 ---- 2 files changed, 8 deletions(-) diff --git a/lib/Kconfig.ubsan b/lib/Kconfig.ubsan index 58f8d03d037b..d8d4d6557b80 100644 --- a/lib/Kconfig.ubsan +++ b/lib/Kconfig.ubsan @@ -72,10 +72,6 @@ config UBSAN_MISC config UBSAN_SANITIZE_ALL bool "Enable instrumentation for the entire kernel" depends on ARCH_HAS_UBSAN_SANITIZE_ALL - - # We build with -Wno-maybe-uninitilzed, but we still want to - # use -Wmaybe-uninitilized in allmodconfig builds. - # So dependsy bellow used to disable this option in allmodconfig depends on !COMPILE_TEST default y help diff --git a/scripts/Makefile.ubsan b/scripts/Makefile.ubsan index 9716dab06bc7..c18fecc53605 100644 --- a/scripts/Makefile.ubsan +++ b/scripts/Makefile.ubsan @@ -31,7 +31,3 @@ endif ifdef CONFIG_UBSAN_TRAP CFLAGS_UBSAN += $(call cc-option, -fsanitize-undefined-trap-on-error) endif - - # -fsanitize=* options makes GCC less smart than usual and - # increase number of 'maybe-uninitialized false-positives - CFLAGS_UBSAN += $(call cc-option, -Wno-maybe-uninitialized) From patchwork Thu Dec 3 00:44:32 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 11947365 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-20.2 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 99ADEC71155 for ; Thu, 3 Dec 2020 00:45:50 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 50EB0221FD for ; Thu, 3 Dec 2020 00:45:50 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727179AbgLCApf (ORCPT ); Wed, 2 Dec 2020 19:45:35 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53740 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725885AbgLCApa (ORCPT ); Wed, 2 Dec 2020 19:45:30 -0500 Received: from mail-pl1-x631.google.com (mail-pl1-x631.google.com [IPv6:2607:f8b0:4864:20::631]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B41D5C061A47 for ; Wed, 2 Dec 2020 16:44:49 -0800 (PST) Received: by mail-pl1-x631.google.com with SMTP id b23so166134pls.11 for ; Wed, 02 Dec 2020 16:44:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=4mF58RYpIRG7fPZoiTOvLhS/VFugc/ZHEabEBpUkj84=; b=Tiwu9KphWULhR4iRZiPZXb2JBsC00BpNWVfUXY8k7af0ucipf0sSge1YTtmxVBZvYY EiiuOlUxKP9GyWwRTVwmcTh8OgeGMHSrFvp53uVAIj6iRd7CmsRawSstRYvCzYWllnev Mzc5P8GRwPxBxjnPWDxEKndrmiconuJSC/o0E= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=4mF58RYpIRG7fPZoiTOvLhS/VFugc/ZHEabEBpUkj84=; b=hYoicjP//DIAmodXV5906/SChHskuZrlVuDIPOlgBARxBqBmp/tD4Vfo/9V0RsN71R cLmDh2FgS+CrzloO0QwMcB/aB/s3x0MmQAE50yqsVw5wk2hDNb5lXKtq+P/BK/ideUu+ 9J2qMDEZUsC0LJuxG3jF/roiDPKwAt1nSmg33XzYlRWd5bU3Rn20kdQ4+PTMQmvQlPx+ lrti/bdaRdfFwtvEx57rV3H1OINqfkSZeoG6B4VwtwlIj9l1XvMLIHK9LexIvjJ9zv95 D2hFIzU86EQoGuEv0pb05ua44n4JzgPEJeUelzFn3WlisgzE1Nx9XZE12MFjEEBzgRC4 mRpA== X-Gm-Message-State: AOAM531rMd6ngyH7l3AZcKUht+l/A2qxE1eCC7s6+U0Gm3EIhmVOKE46 m7LnxF5VIJbVn7cMTYN3zyz5Xg== X-Google-Smtp-Source: ABdhPJweuwwektM2cxwa327VLzhoUoNGxVbyWLmAsQzy++7Jk0gw1HWK6NgmumXCIN8zue+S51HzEA== X-Received: by 2002:a17:902:26f:b029:d9:f9dc:e2db with SMTP id 102-20020a170902026fb02900d9f9dce2dbmr719428plc.65.1606956288968; Wed, 02 Dec 2020 16:44:48 -0800 (PST) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id a81sm224989pfd.178.2020.12.02.16.44.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 02 Dec 2020 16:44:46 -0800 (PST) From: Kees Cook To: Andrew Morton Cc: Kees Cook , Linus Torvalds , Nathan Chancellor , Ard Biesheuvel , Arnd Bergmann , Masahiro Yamada , Michal Marek , Nick Desaulniers , Marco Elver , Randy Dunlap , Dmitry Vyukov , George Popescu , Herbert Xu , Peter Oberparleiter , Andrey Ryabinin , clang-built-linux@googlegroups.com, linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v2 2/7] ubsan: Move cc-option tests into Kconfig Date: Wed, 2 Dec 2020 16:44:32 -0800 Message-Id: <20201203004437.389959-3-keescook@chromium.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20201203004437.389959-1-keescook@chromium.org> References: <20201203004437.389959-1-keescook@chromium.org> MIME-Version: 1.0 X-Patch-Hashes: v=1; h=sha256; g=23601034a948399652856e383ce3b9baabd734cb; i=1TQY5Z7nukcRSTlMqgOgFhdwdnp7eQleiAAeYfV7E8U=; m=olsT5dGDBAih2Gr5eudSRiOFe9OaxbgoUVU4R/ZLtgM=; p=eVrpb0BFWCi/Oj2Iv4KBoX7jRJwE291OHoHKFNJZ4eY= X-Patch-Sig: m=pgp; i=keescook@chromium.org; s=0x0x8972F4DFDC6DC026; b=iQIzBAABCgAdFiEEpcP2jyKd1g9yPm4TiXL039xtwCYFAl/INPMACgkQiXL039xtwCY/bQ/8DV3 0y2AKRc4TPksw0LQDrOqk39XV9Fu94KJk2jOQ3zx8POuqGHo4pKShuPf6VsGAAn5asA3tdNEI2TeX 5qPo/ahYc1HX5WZ5CwZpXiz4ldk3xKXDwaO8BC4MfljKyG6tsNagiKpYAfAafddx+9/n6tM1fTGh9 cPPG4DeOLiHznSlROZpFMaQN/az/Mpixwvih8A554oxEzJE0FM/nkHxruC3bkRhf0GV2UtsYRE5Zs uYnDGHm42c3iuntA9u9W9R16cpwBzkLsxSvMmRFVktF7Tn8o1RGYEiH5QLDplqgR74rFk8gSfxaYn fOnWZaYKvztDBxss/eHcBh9+Jceft2Jfcn/TxNJAGCFdclyXfHC9zxYIy+g0RtqVqr9NVmTe/PBVr YsfeP7Jb5pw/fiN9k/Z/pYIzQJqrnu09ey6pyfvv0ehhFIB0LIzXCr+C4CvzmnZXhdrD8j4HnyJ8S aiDS014u1AWuaqX2DLdbZUka4xsQYqg/kvDC6hYFE2mU0MuByE9MIQh7i/oNSydYTyLP3L3dHj91C 2ZOSWrCpFhubPN4JUQmXP3cJOB4YtEKuhy6SGQPd5k1qinA4bAl9BgKRWj2a3tj3AbA7U/rbhAsvq BS4axf3aYIn4CI+TdG1xgOmM6ELNxTeaN77Ib+WjJW34KYOhMRWtfOP3zoL91gVU= Precedence: bulk List-ID: X-Mailing-List: linux-kbuild@vger.kernel.org Instead of doing if/endif blocks with cc-option calls in the UBSAN Makefile, move all the tests into Kconfig and use the Makefile to collect the results. Suggested-by: Linus Torvalds Link: https://lore.kernel.org/lkml/CAHk-=wjPasyJrDuwDnpHJS2TuQfExwe=px-SzLeN8GFMAQJPmQ@mail.gmail.com/ Reviewed-by: Nathan Chancellor Tested-by: Nathan Chancellor Signed-off-by: Kees Cook --- lib/Kconfig.ubsan | 61 +++++++++++++++++++++++++++++++++++++++--- scripts/Makefile.ubsan | 45 +++++++++++-------------------- 2 files changed, 73 insertions(+), 33 deletions(-) diff --git a/lib/Kconfig.ubsan b/lib/Kconfig.ubsan index d8d4d6557b80..05147112b355 100644 --- a/lib/Kconfig.ubsan +++ b/lib/Kconfig.ubsan @@ -36,10 +36,17 @@ config UBSAN_KCOV_BROKEN See https://bugs.llvm.org/show_bug.cgi?id=45831 for the status in newer releases. +config CC_HAS_UBSAN_BOUNDS + def_bool $(cc-option,-fsanitize=bounds) + +config CC_HAS_UBSAN_ARRAY_BOUNDS + def_bool $(cc-option,-fsanitize=array-bounds) + config UBSAN_BOUNDS bool "Perform array index bounds checking" default UBSAN depends on !UBSAN_KCOV_BROKEN + depends on CC_HAS_UBSAN_ARRAY_BOUNDS || CC_HAS_UBSAN_BOUNDS help This option enables detection of directly indexed out of bounds array accesses, where the array size is known at compile time. @@ -47,15 +54,30 @@ config UBSAN_BOUNDS to the {str,mem}*cpy() family of functions (that is addressed by CONFIG_FORTIFY_SOURCE). +config UBSAN_ONLY_BOUNDS + def_bool CC_HAS_UBSAN_BOUNDS && !CC_HAS_UBSAN_ARRAY_BOUNDS + depends on UBSAN_BOUNDS + help + This is a weird case: Clang's -fsanitize=bounds includes + -fsanitize=local-bounds, but it's trapping-only, so for + Clang, we must use -fsanitize=array-bounds when we want + traditional array bounds checking enabled. For GCC, we + want -fsanitize=bounds. + +config UBSAN_ARRAY_BOUNDS + def_bool CC_HAS_UBSAN_ARRAY_BOUNDS + depends on UBSAN_BOUNDS + config UBSAN_LOCAL_BOUNDS bool "Perform array local bounds checking" depends on UBSAN_TRAP - depends on CC_IS_CLANG depends on !UBSAN_KCOV_BROKEN + depends on $(cc-option,-fsanitize=local-bounds) help This option enables -fsanitize=local-bounds which traps when an - exception/error is detected. Therefore, it should be enabled only - if trapping is expected. + exception/error is detected. Therefore, it may only be enabled + with CONFIG_UBSAN_TRAP. + Enabling this option detects errors due to accesses through a pointer that is derived from an object of a statically-known size, where an added offset (which may not be known statically) is @@ -69,6 +91,38 @@ config UBSAN_MISC own Kconfig options. Disable this if you only want to have individually selected checks. +config UBSAN_SHIFT + def_bool UBSAN_MISC + depends on $(cc-option,-fsanitize=shift) + +config UBSAN_DIV_ZERO + def_bool UBSAN_MISC + depends on $(cc-option,-fsanitize=integer-divide-by-zero) + +config UBSAN_UNREACHABLE + def_bool UBSAN_MISC + depends on $(cc-option,-fsanitize=unreachable) + +config UBSAN_SIGNED_OVERFLOW + def_bool UBSAN_MISC + depends on $(cc-option,-fsanitize=signed-integer-overflow) + +config UBSAN_UNSIGNED_OVERFLOW + def_bool UBSAN_MISC + depends on $(cc-option,-fsanitize=unsigned-integer-overflow) + +config UBSAN_OBJECT_SIZE + def_bool UBSAN_MISC + depends on $(cc-option,-fsanitize=object-size) + +config UBSAN_BOOL + def_bool UBSAN_MISC + depends on $(cc-option,-fsanitize=bool) + +config UBSAN_ENUM + def_bool UBSAN_MISC + depends on $(cc-option,-fsanitize=enum) + config UBSAN_SANITIZE_ALL bool "Enable instrumentation for the entire kernel" depends on ARCH_HAS_UBSAN_SANITIZE_ALL @@ -85,6 +139,7 @@ config UBSAN_ALIGNMENT bool "Enable checks for pointers alignment" default !HAVE_EFFICIENT_UNALIGNED_ACCESS depends on !UBSAN_TRAP + depends on $(cc-option,-fsanitize=alignment) help This option enables the check of unaligned memory accesses. Enabling this option on architectures that support unaligned diff --git a/scripts/Makefile.ubsan b/scripts/Makefile.ubsan index c18fecc53605..0e53a93e8f15 100644 --- a/scripts/Makefile.ubsan +++ b/scripts/Makefile.ubsan @@ -1,33 +1,18 @@ # SPDX-License-Identifier: GPL-2.0 -export CFLAGS_UBSAN := +# Enable available and selected UBSAN features. +ubsan-cflags-$(CONFIG_UBSAN_ALIGNMENT) += -fsanitize=alignment +ubsan-cflags-$(CONFIG_UBSAN_ONLY_BOUNDS) += -fsanitize=bounds +ubsan-cflags-$(CONFIG_UBSAN_ARRAY_BOUNDS) += -fsanitize=array-bounds +ubsan-cflags-$(CONFIG_UBSAN_LOCAL_BOUNDS) += -fsanitize=local-bounds +ubsan-cflags-$(CONFIG_UBSAN_SHIFT) += -fsanitize=shift +ubsan-cflags-$(CONFIG_UBSAN_DIV_ZERO) += -fsanitize=integer-divide-by-zero +ubsan-cflags-$(CONFIG_UBSAN_UNREACHABLE) += -fsanitize=unreachable +ubsan-cflags-$(CONFIG_UBSAN_SIGNED_OVERFLOW) += -fsanitize=signed-integer-overflow +ubsan-cflags-$(CONFIG_UBSAN_UNSIGNED_OVERFLOW) += -fsanitize=unsigned-integer-overflow +ubsan-cflags-$(CONFIG_UBSAN_OBJECT_SIZE) += -fsanitize=object-size +ubsan-cflags-$(CONFIG_UBSAN_BOOL) += -fsanitize=bool +ubsan-cflags-$(CONFIG_UBSAN_ENUM) += -fsanitize=enum +ubsan-cflags-$(CONFIG_UBSAN_TRAP) += -fsanitize-undefined-trap-on-error -ifdef CONFIG_UBSAN_ALIGNMENT - CFLAGS_UBSAN += $(call cc-option, -fsanitize=alignment) -endif - -ifdef CONFIG_UBSAN_BOUNDS - ifdef CONFIG_CC_IS_CLANG - CFLAGS_UBSAN += -fsanitize=array-bounds - else - CFLAGS_UBSAN += $(call cc-option, -fsanitize=bounds) - endif -endif - -ifdef CONFIG_UBSAN_LOCAL_BOUNDS - CFLAGS_UBSAN += -fsanitize=local-bounds -endif - -ifdef CONFIG_UBSAN_MISC - CFLAGS_UBSAN += $(call cc-option, -fsanitize=shift) - CFLAGS_UBSAN += $(call cc-option, -fsanitize=integer-divide-by-zero) - CFLAGS_UBSAN += $(call cc-option, -fsanitize=unreachable) - CFLAGS_UBSAN += $(call cc-option, -fsanitize=signed-integer-overflow) - CFLAGS_UBSAN += $(call cc-option, -fsanitize=object-size) - CFLAGS_UBSAN += $(call cc-option, -fsanitize=bool) - CFLAGS_UBSAN += $(call cc-option, -fsanitize=enum) -endif - -ifdef CONFIG_UBSAN_TRAP - CFLAGS_UBSAN += $(call cc-option, -fsanitize-undefined-trap-on-error) -endif +export CFLAGS_UBSAN := $(ubsan-cflags-y) From patchwork Thu Dec 3 00:44:33 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 11947369 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-20.2 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 47004C6369E for ; Thu, 3 Dec 2020 00:46:27 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id E99CE221F7 for ; Thu, 3 Dec 2020 00:46:26 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726962AbgLCAqI (ORCPT ); Wed, 2 Dec 2020 19:46:08 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53850 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726811AbgLCAqI (ORCPT ); Wed, 2 Dec 2020 19:46:08 -0500 Received: from mail-pl1-x643.google.com (mail-pl1-x643.google.com [IPv6:2607:f8b0:4864:20::643]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EF6F7C061A49 for ; Wed, 2 Dec 2020 16:44:49 -0800 (PST) Received: by mail-pl1-x643.google.com with SMTP id t18so193099plo.0 for ; Wed, 02 Dec 2020 16:44:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=momj+ASHgDWNBxEWCpbYT3s2xBxAd5KeNj7yfrmXJ4k=; b=J+UiHoEEgerhs/xVR+QdCDPPoxkgHW42MgeCYEP5ZKzf7Vvn4mu1VCtSWvVzwKZB05 9IhO2K9pkWg0FX/FPQ0tO6LB9WweTORmn2J7OMPzRrV3rXwlbo5KSyQXc/GWZ07BB0TK Tfab9wMOgBc1pnTcUA0ZNC1ry+dKUWeoPPeNA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=momj+ASHgDWNBxEWCpbYT3s2xBxAd5KeNj7yfrmXJ4k=; b=oYK3lQwFPjrjPNzgG0RkJazlHtczdunrgKDuIduIaEQ9/phGueQsoycp5QsNJkZbay lUWYIg5KWYM9b3vz/ii9g74GNOfJWWAwPSNaJo3kKhscDY+TRiaGBXSMUrTk42e2jk4p 9hVASLDlcy0bvb1W94fPF9MhSr20R2Y0u8U6p0vBv+6PG2gsyLld50aTEnNpfvKJpRCD qs8wA2QhNYSPENO3l6d1CWNJsDMc68txNSR9VsDfaiOFdqyko7G2QoY4n4TIVh6W6GXb Tng3jAMDpjBMunC9YC7Y2lFQuF5GMJZLviT+7p3EmdMY8zJdO44n6NlPRbzlw+82fEoC msww== X-Gm-Message-State: AOAM533GWOPWy98xgdLApt8200+figTLNnLQmhrfI1bvDyiAuVFRyez3 5G3PDHva3Q+EY+0CRGLlRgHpLg== X-Google-Smtp-Source: ABdhPJz7IimuMbq8NNgEZKFOWjQEbfSl4zo0aZDs3ZgHm/hyGTkmgZC5RM5dMSOQOdUowmLVJIq/ug== X-Received: by 2002:a17:90b:3355:: with SMTP id lm21mr527519pjb.115.1606956289515; Wed, 02 Dec 2020 16:44:49 -0800 (PST) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id y25sm231806pfn.44.2020.12.02.16.44.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 02 Dec 2020 16:44:46 -0800 (PST) From: Kees Cook To: Andrew Morton Cc: Kees Cook , Linus Torvalds , Nathan Chancellor , Ard Biesheuvel , Arnd Bergmann , Masahiro Yamada , Michal Marek , Nick Desaulniers , Marco Elver , Randy Dunlap , Dmitry Vyukov , George Popescu , Herbert Xu , Peter Oberparleiter , Andrey Ryabinin , clang-built-linux@googlegroups.com, linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v2 3/7] ubsan: Disable object-size sanitizer under GCC Date: Wed, 2 Dec 2020 16:44:33 -0800 Message-Id: <20201203004437.389959-4-keescook@chromium.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20201203004437.389959-1-keescook@chromium.org> References: <20201203004437.389959-1-keescook@chromium.org> MIME-Version: 1.0 X-Patch-Hashes: v=1; h=sha256; g=21c865d368e205cfd26bd9d13e0f9f89f171384b; i=L4GcuPKCev5MNqQc0RCGb8oc+Sj9uj4IyIr1ANDlbWc=; m=PBJG7bVEbrc41Z+BEj2wLGOXm7yrIzzNY1qvha6xoa8=; p=jGS9rva7ilUpon3Qx1DX+0oWwKBNC+al8p6dZtl31EM= X-Patch-Sig: m=pgp; i=keescook@chromium.org; s=0x0x8972F4DFDC6DC026; b=iQIzBAABCgAdFiEEpcP2jyKd1g9yPm4TiXL039xtwCYFAl/INPMACgkQiXL039xtwCbIUQ/+OkV vjffTNt2uERV7vMRuPwpM9Ir02sn2AX3wrTDxTrLYtPKqDQ6Nv0c6If7kt/ix1Z9j6iPVez1vmnT7 N3DCeyorgb97zQFmYBlpuyEHsIix9bA2anZmEsjoB1l0ipZbjuPM2TiXeD+MppW23DcZkVyrhwXe5 ztJkUJ4H2yark/GEYoKKRqU99wCbLNkcd+UqpOEKZramY8SmOXaWZOrARgDtd9mEWSvQ5ZU0cFQxV cmki5bWEQ4VjPbJNFbICL19bQ67TR/fhZk8BkUbW0+YNozVxOCgkRA64YO+CZHnw3kUq5fcP0y/Dl VVqQ1VAvlBXwSZxjrbZxfdY7PtVGDkIUwuWqECT0wgn0Uv8KYFVPABjnI379t1+JrPiQ338pGRCIJ yL5xJCYeuZOKTFinRoko5o9qODMwVFpx/3CAmafnoItqQ9mrD9Oo/a3sCliuPaXSD1Dn6+ISruKdm s1Tv5MeTaEMHnAnsCgr7ZPExglNSNE2hhlciEJhqcOsad6qivPuIoeVt1qIQxfHMhZv56BH15ndSZ zvn0HcwnYU87shYo5CmlStdL4qMi+TaX9t8zUmiAt4mgDgWnzcD9h04B5WKo6Uf0+AaaDUjJd+ZmZ BuA2kGzeINXkrbt45W/br+R2YMpnWBFPx8go/Psajs84OaxalYGLC2AGy0MzUeVQ= Precedence: bulk List-ID: X-Mailing-List: linux-kbuild@vger.kernel.org GCC's -fsanitize=object-size (as part of CONFIG_UBSAN_MISC) greatly increases stack utilization. Do not allow this under GCC. Suggested-by: Linus Torvalds Link: https://lore.kernel.org/lkml/CAHk-=wjPasyJrDuwDnpHJS2TuQfExwe=px-SzLeN8GFMAQJPmQ@mail.gmail.com/ Reviewed-by: Nathan Chancellor Signed-off-by: Kees Cook --- lib/Kconfig.ubsan | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lib/Kconfig.ubsan b/lib/Kconfig.ubsan index 05147112b355..4190a99b1eaa 100644 --- a/lib/Kconfig.ubsan +++ b/lib/Kconfig.ubsan @@ -113,6 +113,9 @@ config UBSAN_UNSIGNED_OVERFLOW config UBSAN_OBJECT_SIZE def_bool UBSAN_MISC + # gcc hugely expands stack usage with -fsanitize=object-size + # https://lore.kernel.org/lkml/CAHk-=wjPasyJrDuwDnpHJS2TuQfExwe=px-SzLeN8GFMAQJPmQ@mail.gmail.com/ + depends on !CC_IS_GCC depends on $(cc-option,-fsanitize=object-size) config UBSAN_BOOL From patchwork Thu Dec 3 00:44:34 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 11947375 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-20.2 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id AADF9C83017 for ; Thu, 3 Dec 2020 00:46:28 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 645A3221F7 for ; Thu, 3 Dec 2020 00:46:28 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728306AbgLCAqQ (ORCPT ); Wed, 2 Dec 2020 19:46:16 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53856 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728062AbgLCAqP (ORCPT ); Wed, 2 Dec 2020 19:46:15 -0500 Received: from mail-pl1-x643.google.com (mail-pl1-x643.google.com [IPv6:2607:f8b0:4864:20::643]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D9861C061A4C for ; Wed, 2 Dec 2020 16:44:50 -0800 (PST) Received: by mail-pl1-x643.google.com with SMTP id p6so177379plo.6 for ; Wed, 02 Dec 2020 16:44:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=bLBtcahHUgRey2bocBX3LpkzES6o85CTkdKSQIoTxiU=; b=Yl9WZnMaww0he7QRfW9jOqZSRgqRB8omuAfQPdgmN+mHSJ/1w2KF6OjEaqZ96ay718 S3/lMBp4ZRYn4a9gxgDJv+VLx28wtp9e/MsAZkKcE7K1gjsFf/4efo8hg1mrkkc01iFJ wdPmigP/DP9pr2Htj3CmyEohPBnNZ8iEoyIcw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=bLBtcahHUgRey2bocBX3LpkzES6o85CTkdKSQIoTxiU=; b=jxDBKe2A+pytq53za+zcZ7Lwe/eNj3sYDYv5MpHm2epc6P/pKUwO+kG9x6e3WyBGYV LvYQr2cEvK/uxUCedcDF66U4BxJq97a886VosBq915DkRPCwJL976qyKbJUJW6pMYt5G woQ8DS730FBP6ZCofW3q5kIgbo6uu+DDwFHmQQfPg3Dqe+7KAav789k9lPo4ycDpUPs+ jfvLlJsoftENgsUeAsd2F8UhmRM1EOsSXXrP2ouH/39L5kuDdyUahp87+/1h3wKIiJOF db/L1LLx/1ueZvNdAyiS9h4Vyc/GhiVM/6zbM8SG0uzvCZBU8HLonU2FdA8NEK/PlKhF MeTQ== X-Gm-Message-State: AOAM533ZoTJvLJK/jRcheTyHj29n0ubDAShSMoxZW7cLsTmblOK8eYKv xnh2vu+BlAdPkaxYuFnc2jTz0Q== X-Google-Smtp-Source: ABdhPJziTF/7Csvco5TbtDuSOeB++T5uRE9JlkYulykOl44Jt3aDFe7dFZSWRfOtFboJKpuZBB8ktg== X-Received: by 2002:a17:90a:eb90:: with SMTP id o16mr546208pjy.45.1606956290467; Wed, 02 Dec 2020 16:44:50 -0800 (PST) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id s189sm235834pfb.60.2020.12.02.16.44.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 02 Dec 2020 16:44:46 -0800 (PST) From: Kees Cook To: Andrew Morton Cc: Kees Cook , Nathan Chancellor , Linus Torvalds , Ard Biesheuvel , Arnd Bergmann , Masahiro Yamada , Michal Marek , Nick Desaulniers , Marco Elver , Randy Dunlap , Dmitry Vyukov , George Popescu , Herbert Xu , Peter Oberparleiter , Andrey Ryabinin , clang-built-linux@googlegroups.com, linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v2 4/7] ubsan: Disable UBSAN_TRAP for all*config Date: Wed, 2 Dec 2020 16:44:34 -0800 Message-Id: <20201203004437.389959-5-keescook@chromium.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20201203004437.389959-1-keescook@chromium.org> References: <20201203004437.389959-1-keescook@chromium.org> MIME-Version: 1.0 X-Patch-Hashes: v=1; h=sha256; g=7ee65f6e259e469145bd4516a970901be12cf3f3; i=K+dhdzJLSQHC/2OrzylSjjcBSx8EEn7IdlM58268AK0=; m=YBBOuBPVmA0P1a8coxM/uNwSE65GsSmjFIZeFPhFxcA=; p=MLch31Yqya7Wm7SW8qWS5SpAYj2nWDWoZGT+cDhNm18= X-Patch-Sig: m=pgp; i=keescook@chromium.org; s=0x0x8972F4DFDC6DC026; b=iQIzBAABCgAdFiEEpcP2jyKd1g9yPm4TiXL039xtwCYFAl/INPMACgkQiXL039xtwCYBSw/8DTc om4n+iIU1idXW55ytKK87K4IZv1Fjd3LIN+1ZMVRkJEffet3ABmM7D2LijRwGurqERGdSbAQNg0ds KMf0NneVxosE8z/1ytEp5P0apQexcdIaXPU/1YlGOCzJ5+FXBJ1BwNFozG2VpPQwOxba9WssYbbtm vyL3W0X2VHGgdQXWv3Ogwx11d6X98S0S0geq4rSgOSzKRHqDr6U/bNQGWQHtr4r6hGOU9p5G4uRV1 gQ7R+2cDrDx0HQb8Avg/vES/td9L/wTh5TjzYr6UZTV/6EJXdEq8f+em9QMbS9DwmtMVt461bXuKv qkUnHX3BnSKqWTlAzymTy+cARSzEFry86Rz8ZxPzjtXo/ubTyD/R3IbT3zCsQNn5J1ZsAj33agvLH mTGNArntPT8jfvhsBe+IFKUUNMgFvli6FZhYcyFAGtq6pV5ILsuWsn7NEEAnjht/3hSH8V83eUqhP z8EikJENhLcSALmAQCW0DEZGsPH2P1Dh8LOgBIxj6xEmeO6kepSI/hs0dCg6KinAlk9BRe53uBCIR OxM/ERuEH3QizmQINLxQe1AuomVsx+e+ZiDjYsyOhRq1ukBclw7QSMR1CyshAr5cswbCztLiwwifR f+LEwKTBqV4vCM8x8FVGlv+bLJ4NqrFhHZ3/cV5rIyu3GZlTWs85IABUKSrnGXRg= Precedence: bulk List-ID: X-Mailing-List: linux-kbuild@vger.kernel.org Doing all*config builds attempts to build as much as possible. UBSAN_TRAP effectively short-circuits lib/usban.c, so it should be disabled for COMPILE_TEST so that the lib/ubsan.c code gets built. Reviewed-by: Nathan Chancellor Signed-off-by: Kees Cook --- lib/Kconfig.ubsan | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/Kconfig.ubsan b/lib/Kconfig.ubsan index 4190a99b1eaa..6e8b67d4b0d9 100644 --- a/lib/Kconfig.ubsan +++ b/lib/Kconfig.ubsan @@ -14,6 +14,7 @@ if UBSAN config UBSAN_TRAP bool "On Sanitizer warnings, abort the running kernel code" + depends on !COMPILE_TEST depends on $(cc-option, -fsanitize-undefined-trap-on-error) help Building kernels with Sanitizer features enabled tends to grow From patchwork Thu Dec 3 00:44:35 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 11947371 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-20.2 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id EA709C83013 for ; Thu, 3 Dec 2020 00:46:27 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id ABF72221FB for ; Thu, 3 Dec 2020 00:46:27 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728110AbgLCAqQ (ORCPT ); Wed, 2 Dec 2020 19:46:16 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53880 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727088AbgLCAqO (ORCPT ); Wed, 2 Dec 2020 19:46:14 -0500 Received: from mail-pl1-x644.google.com (mail-pl1-x644.google.com [IPv6:2607:f8b0:4864:20::644]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C3A48C061A51 for ; Wed, 2 Dec 2020 16:44:52 -0800 (PST) Received: by mail-pl1-x644.google.com with SMTP id t18so193165plo.0 for ; Wed, 02 Dec 2020 16:44:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=dc/B94hjAeeyKCOv3YRX+BzkhQc/9V1asn3WsTw2Emg=; b=KCozItYQFWLllJ/3pMAxfk37c5QpWqP3NQUj14wmLRKek80rHiUS1DZNCv0Q4KMxHU 5ejxgGHJdYtjtFFmvZqlkr7a6bJJlthvCpWz+9MxqB/qYgicf9da4F8mcbhAft0oYzCk RWU9I+B0O2HNtnqfmJv9wBdTJs3AzyiFYuFkA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=dc/B94hjAeeyKCOv3YRX+BzkhQc/9V1asn3WsTw2Emg=; b=mPEAu/U1gIiGNTadeeZne2cMAsu3WlCxcoljOcIMm4lT33PO1W9T+H7SMTXg+43dDg 33fFvJmFjFIPawW4fKAR+/TvC+4pnIq1X1JMR789nap0fvNM4M3Solgn/JOeksxNU2B8 xcnP9mEP+wqDib5f5dAXrxwHK8xDwQZgBfIMueosEu5v262JEphNzypUDUC8NIhEn48C hTPwCu/TMlLUl+yA+hJtoMeh3bwbjlkBv2ncbgce8/GYLpYHbvGVg9JrXcWbfb0pTAod KNYBz0m4Qj53+aFfaM7ybpoM68FOMO3Uzmx5gHSJyhtgtqIBDx9Ecwxb6tgMOQrMkgeF OmbA== X-Gm-Message-State: AOAM5334kzWj4LX9FBzQTwmblPtZHiKHk4OLaiF/Zs8qLBSvCN1hMV7f UxETStnolgw3Tr1pl8Fn6A/qBA== X-Google-Smtp-Source: ABdhPJx6xQenCwuNX2ZCZy/A6ik6/e/dmVRk804M2XukKlxvRwKY15kPrAy5XgSLxnGDaXlwpripig== X-Received: by 2002:a17:90a:2941:: with SMTP id x1mr536181pjf.25.1606956292378; Wed, 02 Dec 2020 16:44:52 -0800 (PST) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id v17sm182577pga.58.2020.12.02.16.44.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 02 Dec 2020 16:44:50 -0800 (PST) From: Kees Cook To: Andrew Morton Cc: Kees Cook , Linus Torvalds , Ard Biesheuvel , Arnd Bergmann , Masahiro Yamada , Michal Marek , Nathan Chancellor , Nick Desaulniers , Marco Elver , Randy Dunlap , Dmitry Vyukov , George Popescu , Herbert Xu , Peter Oberparleiter , Andrey Ryabinin , clang-built-linux@googlegroups.com, linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v2 5/7] ubsan: Enable for all*config builds Date: Wed, 2 Dec 2020 16:44:35 -0800 Message-Id: <20201203004437.389959-6-keescook@chromium.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20201203004437.389959-1-keescook@chromium.org> References: <20201203004437.389959-1-keescook@chromium.org> MIME-Version: 1.0 X-Patch-Hashes: v=1; h=sha256; g=b538973a44c54262367b4d33deb73da5b9328033; i=y2ZB2kMMmteaaxHC5mHSUdhJgsBf0nGKs7RacrLCqlE=; m=zUsL7RmnkOj+b6Khcg8fr3fiXPqryJ08VhnTKbEU1Mg=; p=adBx699hUBCCxPOKJsyVzds6QQ4qK9em/JNMtma7uYk= X-Patch-Sig: m=pgp; i=keescook@chromium.org; s=0x0x8972F4DFDC6DC026; b=iQIzBAABCgAdFiEEpcP2jyKd1g9yPm4TiXL039xtwCYFAl/INPQACgkQiXL039xtwCbckw/+MHF DMemlYPqFYSNUkcUBfZkp72BYFal/uMFeRTNr+JH7SmQ4qADnIuKPhg/IkuA1CrBhfLoCIVZz0wJp 9uXYIeY73Y9goLfi/uQycbAv2+6n0Ev1ZnEKbRWTXDmJ1PBJdM+SIxx6LgRh+6pwNhF9w+0l4GCuD lU10CJhAwxFaCaA92ijuU25oCLheb+3gCqKK4N0u6diUnxDr61oGnupq/ErwQs0jI5JcoP8tM6T2Y BDRqMr7ZcM5nf/BUTL44oFo0xTWzCfpRzae2Q/OwzWOrAD/ni6Vxtuh59XtxEtMhPXj/GqJTbfl+t DP1xgLbIOiWPC/SCWcg5KS4XEwVCTttkr5pfITzNMs2aqkq5ZvwrX3tHrKHuwZTnje9g1Sxqc8Klq ivVMtK/UrUIZNjMjgzuKIzDwomKSD1u+u2k9Lj+1hnMM+6IceZSDVufUKHMbDnQDZqpBzWGLd07Uv e9EHanX905neUm1uHstqg3R0vX+AP+7DfhYZPwLCTRR2fQoIZIlWvE31QwgZZaSML8wCUUhYAIb4n X2Y/CFvjoyQrNIGHgmOnX9DlUZyFwiljzrqGgUUQCSWv5r3M2tdqkqDtZv99lBPJo/p+Bq3aNUp1V SH9kNgtWPR7W5Gk/bdHcXz7b/lYxykHiAFMe+nZzOBSr4nn/jSKTTDQPJqE8e7Tc= Precedence: bulk List-ID: X-Mailing-List: linux-kbuild@vger.kernel.org With UBSAN_OBJECT_SIZE disabled for GCC, only UBSAN_ALIGNMENT remained a noisy UBSAN option. Disable it for COMPILE_TEST so the rest of UBSAN can be used for full all*config builds or other large combinations. Link: https://lore.kernel.org/lkml/CAHk-=wgXW=YLxGN0QVpp-1w5GDd2pf1W-FqY15poKzoVfik2qA@mail.gmail.com/ Signed-off-by: Kees Cook --- lib/Kconfig.ubsan | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/lib/Kconfig.ubsan b/lib/Kconfig.ubsan index 6e8b67d4b0d9..fa78f0f3c1dc 100644 --- a/lib/Kconfig.ubsan +++ b/lib/Kconfig.ubsan @@ -130,7 +130,6 @@ config UBSAN_ENUM config UBSAN_SANITIZE_ALL bool "Enable instrumentation for the entire kernel" depends on ARCH_HAS_UBSAN_SANITIZE_ALL - depends on !COMPILE_TEST default y help This option activates instrumentation for the entire kernel. @@ -142,7 +141,7 @@ config UBSAN_SANITIZE_ALL config UBSAN_ALIGNMENT bool "Enable checks for pointers alignment" default !HAVE_EFFICIENT_UNALIGNED_ACCESS - depends on !UBSAN_TRAP + depends on !UBSAN_TRAP && !COMPILE_TEST depends on $(cc-option,-fsanitize=alignment) help This option enables the check of unaligned memory accesses. From patchwork Thu Dec 3 00:44:36 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 11947377 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-20.2 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id CCCC6C83019 for ; Thu, 3 Dec 2020 00:46:28 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 955BF221FB for ; Thu, 3 Dec 2020 00:46:28 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728139AbgLCAqQ (ORCPT ); Wed, 2 Dec 2020 19:46:16 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53862 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728090AbgLCAqQ (ORCPT ); Wed, 2 Dec 2020 19:46:16 -0500 Received: from mail-pf1-x444.google.com (mail-pf1-x444.google.com [IPv6:2607:f8b0:4864:20::444]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4FDD2C061A4E for ; Wed, 2 Dec 2020 16:44:52 -0800 (PST) Received: by mail-pf1-x444.google.com with SMTP id w187so146803pfd.5 for ; Wed, 02 Dec 2020 16:44:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=D3rSAsRP5x/CxsRx1K7+9IiYGckWnNmsJInSwUMhv5g=; b=eoR3a558YUW0zQVtWJzpKXO8Ku7gX4+fRG6Umi1lqcleS34JfREwI/NTJ9wKaZBsGD r9e1MEW9IGZzmEstid7zIadkRgNIPB1HMbolfrLw8mDZhhGuIGV1bsZJ8UEYQT4xF0nY flo0E91lNOm/czn/X5n9WLEL09xGJh5SPXftA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=D3rSAsRP5x/CxsRx1K7+9IiYGckWnNmsJInSwUMhv5g=; b=VytsUMSt7Bly7bROgEafL7ve0bq2D0fNS7LzttFqVkL97NqeCDhPVIaLEO9n1wu7AW 7awaL3ETaCtW10ij49mLSOn9dq9vkC28s/6v1QP0DuVRAIrSjTZ1ZkQvdhL83fI+bSnl OW/eVX3/duP1nRPkNp/uaXrUKHcPKaaYTOo4NwqTkR2FByWQ0fIUXmI5KaNC+0YUTc70 rycwsrdraSDaV38mtCFVX7rFp156BiBmKnUVVOZaCNRLaED+x+7qLLbdITukCjn2F7Bi 28JERTAAvONC7UndNVrmgu9huXThIONB7hRNkSEzKkgzHAGl/RobGwyDN2czPH5ilkUm nheg== X-Gm-Message-State: AOAM532OD5q4Is3vvFTMEQV2uAL/GIvCaXRza5XgJUqq52HCb2My9Ezx B//JTGthuxnAcVY3phiqu0Jd4Q== X-Google-Smtp-Source: ABdhPJw7jToabYGbU5tDQP8U8BkLj8bNhmDVtrlJVGbwkvpxVM3/jclTBRITaF8qP2gBf2rmnkRewg== X-Received: by 2002:a63:ed0b:: with SMTP id d11mr760249pgi.261.1606956291860; Wed, 02 Dec 2020 16:44:51 -0800 (PST) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id n21sm230422pfo.182.2020.12.02.16.44.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 02 Dec 2020 16:44:50 -0800 (PST) From: Kees Cook To: Andrew Morton Cc: Kees Cook , Linus Torvalds , Ard Biesheuvel , Arnd Bergmann , Masahiro Yamada , Michal Marek , Nathan Chancellor , Nick Desaulniers , Marco Elver , Randy Dunlap , Dmitry Vyukov , George Popescu , Herbert Xu , Peter Oberparleiter , Andrey Ryabinin , clang-built-linux@googlegroups.com, linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v2 6/7] ubsan: Remove UBSAN_MISC in favor of individual options Date: Wed, 2 Dec 2020 16:44:36 -0800 Message-Id: <20201203004437.389959-7-keescook@chromium.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20201203004437.389959-1-keescook@chromium.org> References: <20201203004437.389959-1-keescook@chromium.org> MIME-Version: 1.0 X-Patch-Hashes: v=1; h=sha256; g=98f34d5fbfed6ff416ce29bc14c98da671c5a74e; i=qsNPBp3XqKD5ClMcmoFVdPno8vVa6V82W9N+tYkUn5o=; m=X9WlXliVH0dggoDRXxIEqhpygHwSBybiBEFjYbQarK0=; p=9rwQpbxNzNmGzM3mxzigXaMASvy49MXh/Xrd8ThGD6A= X-Patch-Sig: m=pgp; i=keescook@chromium.org; s=0x0x8972F4DFDC6DC026; b=iQIzBAABCgAdFiEEpcP2jyKd1g9yPm4TiXL039xtwCYFAl/INPQACgkQiXL039xtwCZXQA//Stz jVORVR8zVmwIBKAiJEq7TE/rVKuZvRM47faxrT9A2J52n527SKIFojrlXHMgvckVGI1AL60z9GJFw rdQ/uXUNUCShg9MlTDNjLFel3yRmTIV5ohvRZJdNSiFWxqmpvfbXZC68MwgwGFBbXvGaAcGF2A0Ec hzFrLDFJKQj1LoFj7vVz+LCo9nrlgpwh+7hrnNGzySqtdC0DmB3RjXA2j0SHCTnHNyuTNfoJAQ9bt ZzkrKZldAhrq35eurB82kb0/QXpvUFE4wqFGpp9w295ztTBrG8A9Y6nG4SjhC6EzYgj3ueD7EOc5m HHPyTcnTsM4hobUXJuvnOn5znpwKXQPBiIcEg+ehw04/AG5binRyb/Nrk5Tb0xaELWT5fwyly0+BN VgwtPDwSf9BT0LXk8b8k16IbHGKXxf256bLsBVLNxb7TeC3ZL8MG9ACuRqK/nOrHz2SClAFUAOnxU TAQResBPkL43zH/uS6ux1K9z6s1KhP8UW1euApYceGlXX51XDuGO6CMqfGxcQbT+N6NIqq7l8M8c1 QgHTCvtlV0EoJ5LQmy4fHbxsgSdYm+40xQs1XD/eqrIDomFSsCSqWOCztkSYIe/32DAEVgkniNdcO EPvYaYd6ssPkrQN59NEUgmGhZrGx3hbd3d8lQnyUWXAOICnhJU8g73TDiO/8P9Bo= Precedence: bulk List-ID: X-Mailing-List: linux-kbuild@vger.kernel.org Make each UBSAN option individually selectable and remove UBSAN_MISC which no longer has any purpose. Add help text for each Kconfig, and include a reference to the Clang sanitizer documentation. Disable unsigned overflow by default (not available with GCC and makes x86 unbootable with Clang). Disable unreachable when objtool is in use (redundant and confuses things: instrumentation appears at unreachable locations). Signed-off-by: Kees Cook --- Documentation/dev-tools/ubsan.rst | 1 + lib/Kconfig.ubsan | 82 +++++++++++++++++++++---------- 2 files changed, 57 insertions(+), 26 deletions(-) diff --git a/Documentation/dev-tools/ubsan.rst b/Documentation/dev-tools/ubsan.rst index 655e6b63c227..1be6618e232d 100644 --- a/Documentation/dev-tools/ubsan.rst +++ b/Documentation/dev-tools/ubsan.rst @@ -86,3 +86,4 @@ References .. _1: https://gcc.gnu.org/onlinedocs/gcc-4.9.0/gcc/Debugging-Options.html .. _2: https://gcc.gnu.org/onlinedocs/gcc/Debugging-Options.html +.. _3: https://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html diff --git a/lib/Kconfig.ubsan b/lib/Kconfig.ubsan index fa78f0f3c1dc..8b635fd75fe4 100644 --- a/lib/Kconfig.ubsan +++ b/lib/Kconfig.ubsan @@ -84,48 +84,88 @@ config UBSAN_LOCAL_BOUNDS where an added offset (which may not be known statically) is out-of-bounds. -config UBSAN_MISC - bool "Enable all other Undefined Behavior sanity checks" - default UBSAN - help - This option enables all sanity checks that don't have their - own Kconfig options. Disable this if you only want to have - individually selected checks. - config UBSAN_SHIFT - def_bool UBSAN_MISC + bool "Perform checking for bit-shift overflows" + default UBSAN depends on $(cc-option,-fsanitize=shift) + help + This option enables -fsanitize=shift which checks for bit-shift + operations that overflow to the left or go switch to negative + for signed types. config UBSAN_DIV_ZERO - def_bool UBSAN_MISC + bool "Perform checking for integer divide-by-zero" depends on $(cc-option,-fsanitize=integer-divide-by-zero) + help + This option enables -fsanitize=integer-divide-by-zero which checks + for integer division by zero. This is effectively redundant with the + kernel's existing exception handling, though it can provide greater + debugging information under CONFIG_UBSAN_REPORT_FULL. config UBSAN_UNREACHABLE - def_bool UBSAN_MISC + bool "Perform checking for unreachable code" + # objtool already handles unreachable checking and gets angry about + # seeing UBSan instrumentation located in unreachable places. + depends on !STACK_VALIDATION depends on $(cc-option,-fsanitize=unreachable) + help + This option enables -fsanitize=unreachable which checks for control + flow reaching an expected-to-be-unreachable position. config UBSAN_SIGNED_OVERFLOW - def_bool UBSAN_MISC + bool "Perform checking for signed arithmetic overflow" + default UBSAN depends on $(cc-option,-fsanitize=signed-integer-overflow) + help + This option enables -fsanitize=signed-integer-overflow which checks + for overflow of any arithmetic operations with signed integers. config UBSAN_UNSIGNED_OVERFLOW - def_bool UBSAN_MISC + bool "Perform checking for unsigned arithmetic overflow" depends on $(cc-option,-fsanitize=unsigned-integer-overflow) + help + This option enables -fsanitize=unsigned-integer-overflow which checks + for overflow of any arithmetic operations with unsigned integers. This + currently causes x86 to fail to boot. config UBSAN_OBJECT_SIZE - def_bool UBSAN_MISC + bool "Perform checking for accesses beyond the end of objects" + default UBSAN # gcc hugely expands stack usage with -fsanitize=object-size # https://lore.kernel.org/lkml/CAHk-=wjPasyJrDuwDnpHJS2TuQfExwe=px-SzLeN8GFMAQJPmQ@mail.gmail.com/ depends on !CC_IS_GCC depends on $(cc-option,-fsanitize=object-size) + help + This option enables -fsanitize=object-size which checks for accesses + beyond the end of objects where the optimizer can determine both the + object being operated on and its size, usually seen with bad downcasts, + or access to struct members from NULL pointers. config UBSAN_BOOL - def_bool UBSAN_MISC + bool "Perform checking for non-boolean values used as boolean" + default UBSAN depends on $(cc-option,-fsanitize=bool) + help + This option enables -fsanitize=bool which checks for boolean values being + loaded that are neither 0 nor 1. config UBSAN_ENUM - def_bool UBSAN_MISC + bool "Perform checking for out of bounds enum values" + default UBSAN depends on $(cc-option,-fsanitize=enum) + help + This option enables -fsanitize=enum which checks for values being loaded + into an enum that are outside the range of given values for the given enum. + +config UBSAN_ALIGNMENT + bool "Perform checking for misaligned pointer usage" + default !HAVE_EFFICIENT_UNALIGNED_ACCESS + depends on !UBSAN_TRAP && !COMPILE_TEST + depends on $(cc-option,-fsanitize=alignment) + help + This option enables the check of unaligned memory accesses. + Enabling this option on architectures that support unaligned + accesses may produce a lot of false positives. config UBSAN_SANITIZE_ALL bool "Enable instrumentation for the entire kernel" @@ -138,16 +178,6 @@ config UBSAN_SANITIZE_ALL Enabling this option will get kernel image size increased significantly. -config UBSAN_ALIGNMENT - bool "Enable checks for pointers alignment" - default !HAVE_EFFICIENT_UNALIGNED_ACCESS - depends on !UBSAN_TRAP && !COMPILE_TEST - depends on $(cc-option,-fsanitize=alignment) - help - This option enables the check of unaligned memory accesses. - Enabling this option on architectures that support unaligned - accesses may produce a lot of false positives. - config TEST_UBSAN tristate "Module for testing for undefined behavior detection" depends on m From patchwork Thu Dec 3 00:44:37 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 11947373 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-20.2 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2330BC8300F for ; Thu, 3 Dec 2020 00:46:28 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id D9C45221FD for ; Thu, 3 Dec 2020 00:46:27 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727088AbgLCAqQ (ORCPT ); Wed, 2 Dec 2020 19:46:16 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53882 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728009AbgLCAqO (ORCPT ); Wed, 2 Dec 2020 19:46:14 -0500 Received: from mail-pg1-x542.google.com (mail-pg1-x542.google.com [IPv6:2607:f8b0:4864:20::542]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 262A4C061A52 for ; Wed, 2 Dec 2020 16:44:54 -0800 (PST) Received: by mail-pg1-x542.google.com with SMTP id w16so320890pga.9 for ; Wed, 02 Dec 2020 16:44:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=Z1WNWr4Yssq0/5Vtew+l4Dfo12ADeEEDmVhirIMi4z0=; b=V09WbiGv0UIvjMaB1tgeu63AuzE7TH1mzAOpyP3g3j9W5AgLjwKDvgnE3LHFfgqWjW 0kKOM/r4AIPvRv1TX1FsfW9kXlB+PkWLSohCBDpg5eHla2bgYm0rWENsuCZaC8Vj9cFv QvCrHlRR0Zp7FaQJQNfH6O0b2exmGO1EXUayA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=Z1WNWr4Yssq0/5Vtew+l4Dfo12ADeEEDmVhirIMi4z0=; b=TJ85/Qh2yXc4a0mOyU83xhNT7JHpXBdFbEX6xhbd9uTi1JFQJ+Ko0bwEj0SWSZ8c/B co0Jj9yWazqTIfEvLqKApixBeN9cvSRljrX+TLMRMaqvaiQmdNRtmTMH9tZ0knncSL8S kawrdxUyXYcbYX7/3ICyq+C+4mEJff4Waq6PxL27YxFI1xrlh12EDdfyOb+zsKbuofy8 CVPw7pu8ahVQYdOpdDU21qAUKR6s7A/VlOWDJ5F8mtQuQWGiJ5dhVnd5R2sFhWRlu9iY 3vbEYXKkSEWF4qFHU8VajUhfy/ecJ3i3ygIVHxm8nnuOYpkt2j6V5KstZbj40qQlERoF p7cg== X-Gm-Message-State: AOAM532fymnlkRW/Fasi4DSgrCpvFpddz7JXTdpfev8gGYvLPWd07LI5 AIoejtQiTatLGdL2LcMY13U7DfDAmukqaNWh X-Google-Smtp-Source: ABdhPJxupcqKAfA+6spUnlhW8IX/viTvkmgPPQK2M4J/B8WH49ApqBuj68hx69v8fVuEibwX6AJSQA== X-Received: by 2002:a05:6a00:804:b029:198:28cb:5564 with SMTP id m4-20020a056a000804b029019828cb5564mr585025pfk.34.1606956293726; Wed, 02 Dec 2020 16:44:53 -0800 (PST) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id e3sm230780pfe.154.2020.12.02.16.44.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 02 Dec 2020 16:44:50 -0800 (PST) From: Kees Cook To: Andrew Morton Cc: Kees Cook , Linus Torvalds , Ard Biesheuvel , Arnd Bergmann , Masahiro Yamada , Michal Marek , Nathan Chancellor , Nick Desaulniers , Marco Elver , Randy Dunlap , Dmitry Vyukov , George Popescu , Herbert Xu , Peter Oberparleiter , Andrey Ryabinin , clang-built-linux@googlegroups.com, linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v2 7/7] ubsan: Expand tests and reporting Date: Wed, 2 Dec 2020 16:44:37 -0800 Message-Id: <20201203004437.389959-8-keescook@chromium.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20201203004437.389959-1-keescook@chromium.org> References: <20201203004437.389959-1-keescook@chromium.org> MIME-Version: 1.0 X-Patch-Hashes: v=1; h=sha256; g=2cf313139724ec58519e6664e9a14e6268ecf30d; i=5lkU2JU0knpRbnEGI0MkYsIoBxjXl4xXGIllYmzSIGQ=; m=kgOPxhW7R6TIbM/bwRigMo8Ka2QwPGpIF95ynIKphxM=; p=/LAtDzvPWFywHprOgzGx/Lz/VhGmTOdUpXFh8ZmZT5A= X-Patch-Sig: m=pgp; i=keescook@chromium.org; s=0x0x8972F4DFDC6DC026; b=iQIzBAABCgAdFiEEpcP2jyKd1g9yPm4TiXL039xtwCYFAl/INPQACgkQiXL039xtwCYy2g//e1+ EI1BbChrdfCHCWJRFW7pVBIi1oM7zL0fF/he+6qvH91idsBFvsoEuQ371CZ4yo5uemkHx/KHNRemK 2q+lvPRUKztKEAK7aaF6SWheUaR5xWDzz6ny7xH2xAfvbe2oX4ahOv9fNhXaAeWaUri7d17/1HV7D P7Z7RgPYEmp056ngiT2jSlktgQBG0Q+r45RDL/Sla86inHgveJd2sSN+PMJyQGspcy2XyxqpQZxl7 LJ0/cRVRcJ8VXx+ufiJlyxNujf2edBwJRuc6+1L/MUzKfFykDKkyNalC7wgPhPJIAiAiFlxgf+hU5 ZJEAKmrN+kLai7Z+8sMy4n/m3zR6rrY0Tl93gFGoThoZwqrbbMut/qC0SogF1WWZ/xNd/zkQ8iVJi Jt60P6ogGMslmJqbBMxBLi6xGIPLr6950ImItmEz5IiHqL8XLlEIsxgyY7KazqxjCNAP3iXaihhZF 4TSscntGIXvD8lZyC9QyZHosH4WrLAcVlJg8hWPxQ6HzbVecyvPRiDJSYWlV2J3OmqEb7jlZvKlOE evxk1QPQx9PiGLAnIPyj2szgqkcMnRZzpQlBKZ9IhmKEzGp2T6PnOnq+UKbBpL3Pd4xC/DinXUkME SEzxqPks1RSUkIZMGt14EUdHymcTu6QVY5QZASn2sUz7Pt6ytA3kqrlOX+5q/ZSQ= Precedence: bulk List-ID: X-Mailing-List: linux-kbuild@vger.kernel.org Expand the UBSAN tests to include some additional UB cases. Notably the out-of-bounds enum loading appears not to work. Also include per-test reporting, including the relevant CONFIG_UBSAN... Kconfigs. Signed-off-by: Kees Cook --- lib/test_ubsan.c | 74 ++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 66 insertions(+), 8 deletions(-) diff --git a/lib/test_ubsan.c b/lib/test_ubsan.c index 9ea10adf7a66..5e5d9355ef49 100644 --- a/lib/test_ubsan.c +++ b/lib/test_ubsan.c @@ -5,32 +5,54 @@ typedef void(*test_ubsan_fp)(void); +#define UBSAN_TEST(config, ...) do { \ + pr_info("%s " __VA_ARGS__ "%s(%s=%s)\n", __func__, \ + sizeof(" " __VA_ARGS__) > 2 ? " " : "", \ + #config, IS_ENABLED(config) ? "y" : "n"); \ + } while (0) + static void test_ubsan_add_overflow(void) { volatile int val = INT_MAX; + volatile unsigned int uval = UINT_MAX; + UBSAN_TEST(CONFIG_UBSAN_SIGNED_OVERFLOW); val += 2; + + UBSAN_TEST(CONFIG_UBSAN_UNSIGNED_OVERFLOW); + uval += 2; } static void test_ubsan_sub_overflow(void) { volatile int val = INT_MIN; + volatile unsigned int uval = 0; volatile int val2 = 2; + UBSAN_TEST(CONFIG_UBSAN_SIGNED_OVERFLOW); val -= val2; + + UBSAN_TEST(CONFIG_UBSAN_UNSIGNED_OVERFLOW); + uval -= val2; } static void test_ubsan_mul_overflow(void) { volatile int val = INT_MAX / 2; + volatile unsigned int uval = UINT_MAX / 2; + UBSAN_TEST(CONFIG_UBSAN_SIGNED_OVERFLOW); val *= 3; + + UBSAN_TEST(CONFIG_UBSAN_UNSIGNED_OVERFLOW); + uval *= 3; } static void test_ubsan_negate_overflow(void) { volatile int val = INT_MIN; + UBSAN_TEST(CONFIG_UBSAN_SIGNED_OVERFLOW); val = -val; } @@ -39,37 +61,67 @@ static void test_ubsan_divrem_overflow(void) volatile int val = 16; volatile int val2 = 0; + UBSAN_TEST(CONFIG_UBSAN_DIV_ZERO); val /= val2; } static void test_ubsan_shift_out_of_bounds(void) { - volatile int val = -1; - int val2 = 10; + volatile int neg = -1, wrap = 4; + int val1 = 10; + int val2 = INT_MAX; + + UBSAN_TEST(CONFIG_UBSAN_SHIFT, "negative exponent"); + val1 <<= neg; - val2 <<= val; + UBSAN_TEST(CONFIG_UBSAN_SHIFT, "left overflow"); + val2 <<= wrap; } static void test_ubsan_out_of_bounds(void) { - volatile int i = 4, j = 5; + volatile int i = 4, j = 5, k = -1; + volatile char above[4] = { }; /* Protect surrounding memory. */ volatile int arr[4]; + volatile char below[4] = { }; /* Protect surrounding memory. */ + above[0] = below[0]; + + UBSAN_TEST(CONFIG_UBSAN_BOUNDS, "above"); arr[j] = i; + + UBSAN_TEST(CONFIG_UBSAN_BOUNDS, "below"); + arr[k] = i; } +enum ubsan_test_enum { + UBSAN_TEST_ZERO = 0, + UBSAN_TEST_ONE, + UBSAN_TEST_MAX, +}; + static void test_ubsan_load_invalid_value(void) { volatile char *dst, *src; bool val, val2, *ptr; - char c = 4; + enum ubsan_test_enum eval, eval2, *eptr; + unsigned char c = 0xff; + UBSAN_TEST(CONFIG_UBSAN_BOOL, "bool"); dst = (char *)&val; src = &c; *dst = *src; ptr = &val2; val2 = val; + + UBSAN_TEST(CONFIG_UBSAN_ENUM, "enum"); + dst = (char *)&eval; + src = &c; + *dst = *src; + + eptr = &eval2; + eval2 = eval; } static void test_ubsan_null_ptr_deref(void) @@ -77,6 +129,7 @@ static void test_ubsan_null_ptr_deref(void) volatile int *ptr = NULL; int val; + UBSAN_TEST(CONFIG_UBSAN_OBJECT_SIZE); val = *ptr; } @@ -85,6 +138,7 @@ static void test_ubsan_misaligned_access(void) volatile char arr[5] __aligned(4) = {1, 2, 3, 4, 5}; volatile int *ptr, val = 6; + UBSAN_TEST(CONFIG_UBSAN_ALIGNMENT); ptr = (int *)(arr + 1); *ptr = val; } @@ -95,6 +149,7 @@ static void test_ubsan_object_size_mismatch(void) volatile int val __aligned(8) = 4; volatile long long *ptr, val2; + UBSAN_TEST(CONFIG_UBSAN_OBJECT_SIZE); ptr = (long long *)&val; val2 = *ptr; } @@ -104,15 +159,19 @@ static const test_ubsan_fp test_ubsan_array[] = { test_ubsan_sub_overflow, test_ubsan_mul_overflow, test_ubsan_negate_overflow, - test_ubsan_divrem_overflow, test_ubsan_shift_out_of_bounds, test_ubsan_out_of_bounds, test_ubsan_load_invalid_value, - //test_ubsan_null_ptr_deref, /* exclude it because there is a crash */ test_ubsan_misaligned_access, test_ubsan_object_size_mismatch, }; +/* Excluded because they Oops the module. */ +static const test_ubsan_fp skip_ubsan_array[] = { + test_ubsan_divrem_overflow, + test_ubsan_null_ptr_deref, +}; + static int __init test_ubsan_init(void) { unsigned int i; @@ -120,7 +179,6 @@ static int __init test_ubsan_init(void) for (i = 0; i < ARRAY_SIZE(test_ubsan_array); i++) test_ubsan_array[i](); - (void)test_ubsan_null_ptr_deref; /* to avoid unsed-function warning */ return 0; } module_init(test_ubsan_init);