mirror of
https://github.com/torvalds/linux
synced 2024-10-16 00:10:42 +00:00
ubsan: Remove CONFIG_UBSAN_SANITIZE_ALL
For simplicity in splitting out UBSan options into separate rules, remove CONFIG_UBSAN_SANITIZE_ALL, effectively defaulting to "y", which is how it is generally used anyway. (There are no ":= y" cases beyond where a specific file is enabled when a top-level ":= n" is in effect.) Cc: Andrey Konovalov <andreyknvl@gmail.com> Cc: Marco Elver <elver@google.com> Cc: linux-doc@vger.kernel.org Cc: linux-kbuild@vger.kernel.org Signed-off-by: Kees Cook <keescook@chromium.org>
This commit is contained in:
parent
30edbdf9b9
commit
918327e9b7
|
@ -49,34 +49,22 @@ Report example
|
||||||
Usage
|
Usage
|
||||||
-----
|
-----
|
||||||
|
|
||||||
To enable UBSAN configure kernel with::
|
To enable UBSAN, configure the kernel with::
|
||||||
|
|
||||||
CONFIG_UBSAN=y
|
CONFIG_UBSAN=y
|
||||||
|
|
||||||
and to check the entire kernel::
|
To exclude files from being instrumented use::
|
||||||
|
|
||||||
CONFIG_UBSAN_SANITIZE_ALL=y
|
|
||||||
|
|
||||||
To enable instrumentation for specific files or directories, add a line
|
|
||||||
similar to the following to the respective kernel Makefile:
|
|
||||||
|
|
||||||
- For a single file (e.g. main.o)::
|
|
||||||
|
|
||||||
UBSAN_SANITIZE_main.o := y
|
|
||||||
|
|
||||||
- For all files in one directory::
|
|
||||||
|
|
||||||
UBSAN_SANITIZE := y
|
|
||||||
|
|
||||||
To exclude files from being instrumented even if
|
|
||||||
``CONFIG_UBSAN_SANITIZE_ALL=y``, use::
|
|
||||||
|
|
||||||
UBSAN_SANITIZE_main.o := n
|
UBSAN_SANITIZE_main.o := n
|
||||||
|
|
||||||
and::
|
and to exclude all targets in one directory use::
|
||||||
|
|
||||||
UBSAN_SANITIZE := n
|
UBSAN_SANITIZE := n
|
||||||
|
|
||||||
|
When disabled for all targets, specific files can be enabled using::
|
||||||
|
|
||||||
|
UBSAN_SANITIZE_main.o := y
|
||||||
|
|
||||||
Detection of unaligned accesses controlled through the separate option -
|
Detection of unaligned accesses controlled through the separate option -
|
||||||
CONFIG_UBSAN_ALIGNMENT. It's off by default on architectures that support
|
CONFIG_UBSAN_ALIGNMENT. It's off by default on architectures that support
|
||||||
unaligned accesses (CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS=y). One could
|
unaligned accesses (CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS=y). One could
|
||||||
|
|
|
@ -29,7 +29,7 @@ config ARM
|
||||||
select ARCH_HAVE_NMI_SAFE_CMPXCHG if CPU_V7 || CPU_V7M || CPU_V6K
|
select ARCH_HAVE_NMI_SAFE_CMPXCHG if CPU_V7 || CPU_V7M || CPU_V6K
|
||||||
select ARCH_HAS_GCOV_PROFILE_ALL
|
select ARCH_HAS_GCOV_PROFILE_ALL
|
||||||
select ARCH_KEEP_MEMBLOCK
|
select ARCH_KEEP_MEMBLOCK
|
||||||
select ARCH_HAS_UBSAN_SANITIZE_ALL
|
select ARCH_HAS_UBSAN
|
||||||
select ARCH_MIGHT_HAVE_PC_PARPORT
|
select ARCH_MIGHT_HAVE_PC_PARPORT
|
||||||
select ARCH_OPTIONAL_KERNEL_RWX if ARCH_HAS_STRICT_KERNEL_RWX
|
select ARCH_OPTIONAL_KERNEL_RWX if ARCH_HAS_STRICT_KERNEL_RWX
|
||||||
select ARCH_OPTIONAL_KERNEL_RWX_DEFAULT if CPU_V7
|
select ARCH_OPTIONAL_KERNEL_RWX_DEFAULT if CPU_V7
|
||||||
|
|
|
@ -107,7 +107,7 @@ config ARM64
|
||||||
select ARCH_WANT_LD_ORPHAN_WARN
|
select ARCH_WANT_LD_ORPHAN_WARN
|
||||||
select ARCH_WANTS_NO_INSTR
|
select ARCH_WANTS_NO_INSTR
|
||||||
select ARCH_WANTS_THP_SWAP if ARM64_4K_PAGES
|
select ARCH_WANTS_THP_SWAP if ARM64_4K_PAGES
|
||||||
select ARCH_HAS_UBSAN_SANITIZE_ALL
|
select ARCH_HAS_UBSAN
|
||||||
select ARM_AMBA
|
select ARM_AMBA
|
||||||
select ARM_ARCH_TIMER
|
select ARM_ARCH_TIMER
|
||||||
select ARM_GIC
|
select ARM_GIC
|
||||||
|
|
|
@ -14,7 +14,7 @@ config MIPS
|
||||||
select ARCH_HAS_STRNCPY_FROM_USER
|
select ARCH_HAS_STRNCPY_FROM_USER
|
||||||
select ARCH_HAS_STRNLEN_USER
|
select ARCH_HAS_STRNLEN_USER
|
||||||
select ARCH_HAS_TICK_BROADCAST if GENERIC_CLOCKEVENTS_BROADCAST
|
select ARCH_HAS_TICK_BROADCAST if GENERIC_CLOCKEVENTS_BROADCAST
|
||||||
select ARCH_HAS_UBSAN_SANITIZE_ALL
|
select ARCH_HAS_UBSAN
|
||||||
select ARCH_HAS_GCOV_PROFILE_ALL
|
select ARCH_HAS_GCOV_PROFILE_ALL
|
||||||
select ARCH_KEEP_MEMBLOCK
|
select ARCH_KEEP_MEMBLOCK
|
||||||
select ARCH_USE_BUILTIN_BSWAP
|
select ARCH_USE_BUILTIN_BSWAP
|
||||||
|
|
|
@ -12,7 +12,7 @@ config PARISC
|
||||||
select ARCH_HAS_ELF_RANDOMIZE
|
select ARCH_HAS_ELF_RANDOMIZE
|
||||||
select ARCH_HAS_STRICT_KERNEL_RWX
|
select ARCH_HAS_STRICT_KERNEL_RWX
|
||||||
select ARCH_HAS_STRICT_MODULE_RWX
|
select ARCH_HAS_STRICT_MODULE_RWX
|
||||||
select ARCH_HAS_UBSAN_SANITIZE_ALL
|
select ARCH_HAS_UBSAN
|
||||||
select ARCH_HAS_PTE_SPECIAL
|
select ARCH_HAS_PTE_SPECIAL
|
||||||
select ARCH_NO_SG_CHAIN
|
select ARCH_NO_SG_CHAIN
|
||||||
select ARCH_SUPPORTS_HUGETLBFS if PA20
|
select ARCH_SUPPORTS_HUGETLBFS if PA20
|
||||||
|
|
|
@ -154,7 +154,7 @@ config PPC
|
||||||
select ARCH_HAS_SYSCALL_WRAPPER if !SPU_BASE && !COMPAT
|
select ARCH_HAS_SYSCALL_WRAPPER if !SPU_BASE && !COMPAT
|
||||||
select ARCH_HAS_TICK_BROADCAST if GENERIC_CLOCKEVENTS_BROADCAST
|
select ARCH_HAS_TICK_BROADCAST if GENERIC_CLOCKEVENTS_BROADCAST
|
||||||
select ARCH_HAS_UACCESS_FLUSHCACHE
|
select ARCH_HAS_UACCESS_FLUSHCACHE
|
||||||
select ARCH_HAS_UBSAN_SANITIZE_ALL
|
select ARCH_HAS_UBSAN
|
||||||
select ARCH_HAVE_NMI_SAFE_CMPXCHG
|
select ARCH_HAVE_NMI_SAFE_CMPXCHG
|
||||||
select ARCH_KEEP_MEMBLOCK
|
select ARCH_KEEP_MEMBLOCK
|
||||||
select ARCH_MHP_MEMMAP_ON_MEMORY_ENABLE if PPC_RADIX_MMU
|
select ARCH_MHP_MEMMAP_ON_MEMORY_ENABLE if PPC_RADIX_MMU
|
||||||
|
|
|
@ -37,7 +37,7 @@ config RISCV
|
||||||
select ARCH_HAS_STRICT_MODULE_RWX if MMU && !XIP_KERNEL
|
select ARCH_HAS_STRICT_MODULE_RWX if MMU && !XIP_KERNEL
|
||||||
select ARCH_HAS_SYSCALL_WRAPPER
|
select ARCH_HAS_SYSCALL_WRAPPER
|
||||||
select ARCH_HAS_TICK_BROADCAST if GENERIC_CLOCKEVENTS_BROADCAST
|
select ARCH_HAS_TICK_BROADCAST if GENERIC_CLOCKEVENTS_BROADCAST
|
||||||
select ARCH_HAS_UBSAN_SANITIZE_ALL
|
select ARCH_HAS_UBSAN
|
||||||
select ARCH_HAS_VDSO_DATA
|
select ARCH_HAS_VDSO_DATA
|
||||||
select ARCH_KEEP_MEMBLOCK if ACPI
|
select ARCH_KEEP_MEMBLOCK if ACPI
|
||||||
select ARCH_OPTIONAL_KERNEL_RWX if ARCH_HAS_STRICT_KERNEL_RWX
|
select ARCH_OPTIONAL_KERNEL_RWX if ARCH_HAS_STRICT_KERNEL_RWX
|
||||||
|
|
|
@ -82,7 +82,7 @@ config S390
|
||||||
select ARCH_HAS_STRICT_KERNEL_RWX
|
select ARCH_HAS_STRICT_KERNEL_RWX
|
||||||
select ARCH_HAS_STRICT_MODULE_RWX
|
select ARCH_HAS_STRICT_MODULE_RWX
|
||||||
select ARCH_HAS_SYSCALL_WRAPPER
|
select ARCH_HAS_SYSCALL_WRAPPER
|
||||||
select ARCH_HAS_UBSAN_SANITIZE_ALL
|
select ARCH_HAS_UBSAN
|
||||||
select ARCH_HAS_VDSO_DATA
|
select ARCH_HAS_VDSO_DATA
|
||||||
select ARCH_HAVE_NMI_SAFE_CMPXCHG
|
select ARCH_HAVE_NMI_SAFE_CMPXCHG
|
||||||
select ARCH_INLINE_READ_LOCK
|
select ARCH_INLINE_READ_LOCK
|
||||||
|
|
|
@ -100,7 +100,7 @@ config X86
|
||||||
select ARCH_HAS_STRICT_MODULE_RWX
|
select ARCH_HAS_STRICT_MODULE_RWX
|
||||||
select ARCH_HAS_SYNC_CORE_BEFORE_USERMODE
|
select ARCH_HAS_SYNC_CORE_BEFORE_USERMODE
|
||||||
select ARCH_HAS_SYSCALL_WRAPPER
|
select ARCH_HAS_SYSCALL_WRAPPER
|
||||||
select ARCH_HAS_UBSAN_SANITIZE_ALL
|
select ARCH_HAS_UBSAN
|
||||||
select ARCH_HAS_DEBUG_WX
|
select ARCH_HAS_DEBUG_WX
|
||||||
select ARCH_HAS_ZONE_DMA_SET if EXPERT
|
select ARCH_HAS_ZONE_DMA_SET if EXPERT
|
||||||
select ARCH_HAVE_NMI_SAFE_CMPXCHG
|
select ARCH_HAVE_NMI_SAFE_CMPXCHG
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
# SPDX-License-Identifier: GPL-2.0-only
|
# SPDX-License-Identifier: GPL-2.0-only
|
||||||
config ARCH_HAS_UBSAN_SANITIZE_ALL
|
config ARCH_HAS_UBSAN
|
||||||
bool
|
bool
|
||||||
|
|
||||||
menuconfig UBSAN
|
menuconfig UBSAN
|
||||||
|
@ -142,17 +142,6 @@ config UBSAN_ALIGNMENT
|
||||||
Enabling this option on architectures that support unaligned
|
Enabling this option on architectures that support unaligned
|
||||||
accesses may produce a lot of false positives.
|
accesses may produce a lot of false positives.
|
||||||
|
|
||||||
config UBSAN_SANITIZE_ALL
|
|
||||||
bool "Enable instrumentation for the entire kernel"
|
|
||||||
depends on ARCH_HAS_UBSAN_SANITIZE_ALL
|
|
||||||
default y
|
|
||||||
help
|
|
||||||
This option activates instrumentation for the entire kernel.
|
|
||||||
If you don't enable this option, you have to explicitly specify
|
|
||||||
UBSAN_SANITIZE := y for the files/directories you want to check for UB.
|
|
||||||
Enabling this option will get kernel image size increased
|
|
||||||
significantly.
|
|
||||||
|
|
||||||
config TEST_UBSAN
|
config TEST_UBSAN
|
||||||
tristate "Module for testing for undefined behavior detection"
|
tristate "Module for testing for undefined behavior detection"
|
||||||
depends on m
|
depends on m
|
||||||
|
|
|
@ -175,7 +175,7 @@ endif
|
||||||
|
|
||||||
ifeq ($(CONFIG_UBSAN),y)
|
ifeq ($(CONFIG_UBSAN),y)
|
||||||
_c_flags += $(if $(patsubst n%,, \
|
_c_flags += $(if $(patsubst n%,, \
|
||||||
$(UBSAN_SANITIZE_$(basetarget).o)$(UBSAN_SANITIZE)$(CONFIG_UBSAN_SANITIZE_ALL)), \
|
$(UBSAN_SANITIZE_$(basetarget).o)$(UBSAN_SANITIZE)y), \
|
||||||
$(CFLAGS_UBSAN))
|
$(CFLAGS_UBSAN))
|
||||||
endif
|
endif
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue