[PATCH 1/2] kernel: add missing UBSAN config symbols
Stijn Tintel
stijn at linux-ipv6.be
Wed Nov 3 11:08:22 PDT 2021
Enabling KERNEL_UBSAN exposes several missing symbols. Add new kernel
build options for UBSAN_BOUNDS and UBSAN_TRAP, disable CONFIG_TEST_UBSAN
in the generic kernel configs and enable CONFIG_UBSAN_MISC in generic
5.10 config. The latter symbol was removed in later kernels, so just set
it to the default value in 5.10 instead of adding a build option for it.
Fixes build failures with KERNEL_UBSAN enabled.
Signed-off-by: Stijn Tintel <stijn at linux-ipv6.be>
---
config/Config-kernel.in | 23 +++++++++++++++++++++++
target/linux/generic/config-5.10 | 2 ++
target/linux/generic/config-5.4 | 1 +
3 files changed, 26 insertions(+)
diff --git a/config/Config-kernel.in b/config/Config-kernel.in
index dc249a6031..6758d278e7 100644
--- a/config/Config-kernel.in
+++ b/config/Config-kernel.in
@@ -114,6 +114,16 @@ config KERNEL_UBSAN_ALIGNMENT
Enabling this option on architectures that support unaligned
accesses may produce a lot of false positives.
+config KERNEL_UBSAN_BOUNDS
+ bool "Perform array index bounds checking"
+ depends on KERNEL_UBSAN
+ help
+ This option enables detection of directly indexed out of bounds array
+ accesses, where the array size is known at compile time. Note that
+ this does not protect array overflows via bad calls to the
+ {str,mem}*cpy() family of functions (that is addressed by
+ FORTIFY_SOURCE).
+
config KERNEL_UBSAN_NULL
bool "Enable checking of null pointers"
depends on KERNEL_UBSAN
@@ -121,6 +131,19 @@ config KERNEL_UBSAN_NULL
This option enables detection of memory accesses via a
null pointer.
+config KERNEL_UBSAN_TRAP
+ bool "On Sanitizer warnings, abort the running kernel code"
+ depends on KERNEL_UBSAN
+ help
+ Building kernels with Sanitizer features enabled tends to grow the
+ kernel size by around 5%, due to adding all the debugging text on
+ failure paths. To avoid this, Sanitizer instrumentation can just
+ issue a trap. This reduces the kernel size overhead but turns all
+ warnings (including potentially harmless conditions) into full
+ exceptions that abort the running kernel code (regardless of context,
+ locks held, etc), which may destabilize the system. For some system
+ builders this is an acceptable trade-off.
+
config KERNEL_KASAN
bool "Compile the kernel with KASan: runtime memory debugger"
select KERNEL_SLUB_DEBUG
diff --git a/target/linux/generic/config-5.10 b/target/linux/generic/config-5.10
index 7b952e8ca8..83004d0879 100644
--- a/target/linux/generic/config-5.10
+++ b/target/linux/generic/config-5.10
@@ -6082,6 +6082,7 @@ CONFIG_TCP_CONG_CUBIC=y
# CONFIG_TEST_STRING_HELPERS is not set
# CONFIG_TEST_STRSCPY is not set
# CONFIG_TEST_SYSCTL is not set
+# CONFIG_TEST_UBSAN is not set
# CONFIG_TEST_UDELAY is not set
# CONFIG_TEST_USER_COPY is not set
# CONFIG_TEST_UUID is not set
@@ -6348,6 +6349,7 @@ CONFIG_UBIFS_FS_ZLIB=y
CONFIG_UBIFS_FS_ZSTD=y
# CONFIG_UBSAN is not set
CONFIG_UBSAN_ALIGNMENT=y
+CONFIG_UBSAN_MISC=y
# CONFIG_UCB1400_CORE is not set
# CONFIG_UCSI is not set
# CONFIG_UDF_FS is not set
diff --git a/target/linux/generic/config-5.4 b/target/linux/generic/config-5.4
index c44e9cf40b..bf2b462529 100644
--- a/target/linux/generic/config-5.4
+++ b/target/linux/generic/config-5.4
@@ -5631,6 +5631,7 @@ CONFIG_TCP_CONG_CUBIC=y
# CONFIG_TEST_STRING_HELPERS is not set
# CONFIG_TEST_STRSCPY is not set
# CONFIG_TEST_SYSCTL is not set
+# CONFIG_TEST_UBSAN is not set
# CONFIG_TEST_UDELAY is not set
# CONFIG_TEST_USER_COPY is not set
# CONFIG_TEST_UUID is not set
--
2.32.0
More information about the openwrt-devel
mailing list