1 # SPDX-License-Identifier: GPL-2.0-only !! 1 config ARCH_HAS_UBSAN_SANITIZE_ALL 2 config ARCH_HAS_UBSAN << 3 bool 2 bool 4 3 5 menuconfig UBSAN !! 4 config ARCH_WANTS_UBSAN_NO_NULL >> 5 def_bool n >> 6 >> 7 config UBSAN 6 bool "Undefined behaviour sanity check 8 bool "Undefined behaviour sanity checker" 7 depends on ARCH_HAS_UBSAN << 8 help 9 help 9 This option enables the Undefined Be !! 10 This option enables undefined behaviour sanity checker 10 Compile-time instrumentation is used 11 Compile-time instrumentation is used to detect various undefined 11 behaviours at runtime. For more deta !! 12 behaviours in runtime. Various types of checks may be enabled 12 Documentation/dev-tools/ubsan.rst !! 13 via boot parameter ubsan_handle 13 !! 14 (see: Documentation/dev-tools/ubsan.rst). 14 if UBSAN !! 15 15 !! 16 config UBSAN_SANITIZE_ALL 16 config UBSAN_TRAP !! 17 bool "Enable instrumentation for the entire kernel" 17 bool "Abort on Sanitizer warnings (sma !! 18 depends on UBSAN 18 depends on !COMPILE_TEST !! 19 depends on ARCH_HAS_UBSAN_SANITIZE_ALL 19 help !! 20 20 Building kernels with Sanitizer feat !! 21 # We build with -Wno-maybe-uninitilzed, but we still want to 21 the kernel size by around 5%, due to !! 22 # use -Wmaybe-uninitilized in allmodconfig builds. 22 text on failure paths. To avoid this !! 23 # So dependsy bellow used to disable this option in allmodconfig 23 can just issue a trap. This reduces << 24 turns all warnings (including potent << 25 into full exceptions that abort the << 26 (regardless of context, locks held, << 27 the system. For some system builders << 28 trade-off. << 29 << 30 Also note that selecting Y will caus << 31 with an "illegal instruction" error << 32 when a UBSAN violation occurs. (Exce << 33 will report which Sanitizer failed.) << 34 determine whether an Oops was caused << 35 out the details of a UBSAN violation << 36 output less useful for bug reports. << 37 << 38 config CC_HAS_UBSAN_BOUNDS_STRICT << 39 def_bool $(cc-option,-fsanitize=bounds << 40 help << 41 The -fsanitize=bounds-strict option << 42 but uses the more strict handling of << 43 of flexible arrays, which is compara << 44 -fsanitize=bounds. << 45 << 46 config CC_HAS_UBSAN_ARRAY_BOUNDS << 47 def_bool $(cc-option,-fsanitize=array- << 48 help << 49 Under Clang, the -fsanitize=bounds o << 50 of two more specific options, -fsani << 51 -fsanitize=local-bounds. However, -f << 52 only be used when trap mode is enabl << 53 CONFIG_LOCAL_BOUNDS.) Explicitly che << 54 so that we can build up the options << 55 with or without UBSAN_TRAP. << 56 << 57 config UBSAN_BOUNDS << 58 bool "Perform array index bounds check << 59 default UBSAN << 60 depends on CC_HAS_UBSAN_ARRAY_BOUNDS | << 61 help << 62 This option enables detection of dir << 63 array accesses, where the array size << 64 Note that this does not protect arra << 65 to the {str,mem}*cpy() family of fun << 66 by CONFIG_FORTIFY_SOURCE). << 67 << 68 config UBSAN_BOUNDS_STRICT << 69 def_bool UBSAN_BOUNDS && CC_HAS_UBSAN_ << 70 help << 71 GCC's bounds sanitizer. This option << 72 correct options in Makefile.ubsan. << 73 << 74 config UBSAN_ARRAY_BOUNDS << 75 def_bool UBSAN_BOUNDS && CC_HAS_UBSAN_ << 76 help << 77 Clang's array bounds sanitizer. This << 78 the correct options in Makefile.ubsa << 79 << 80 config UBSAN_LOCAL_BOUNDS << 81 def_bool UBSAN_ARRAY_BOUNDS && UBSAN_T << 82 help << 83 This option enables Clang's -fsaniti << 84 when an access through a pointer tha << 85 of a statically-known size, where an << 86 be known statically) is out-of-bound << 87 trap-only, it depends on CONFIG_UBSA << 88 << 89 config UBSAN_SHIFT << 90 bool "Perform checking for bit-shift o << 91 depends on $(cc-option,-fsanitize=shif << 92 help << 93 This option enables -fsanitize=shift << 94 operations that overflow to the left << 95 for signed types. << 96 << 97 config UBSAN_DIV_ZERO << 98 bool "Perform checking for integer div << 99 depends on $(cc-option,-fsanitize=inte << 100 # https://github.com/ClangBuiltLinux/l << 101 # https://github.com/llvm/llvm-project << 102 depends on !CC_IS_CLANG << 103 help << 104 This option enables -fsanitize=integ << 105 for integer division by zero. This i << 106 kernel's existing exception handling << 107 debugging information under CONFIG_U << 108 << 109 config UBSAN_UNREACHABLE << 110 bool "Perform checking for unreachable << 111 # objtool already handles unreachable << 112 # seeing UBSan instrumentation located << 113 depends on !(OBJTOOL && (STACK_VALIDAT << 114 depends on $(cc-option,-fsanitize=unre << 115 help << 116 This option enables -fsanitize=unrea << 117 flow reaching an expected-to-be-unre << 118 << 119 config UBSAN_SIGNED_WRAP << 120 bool "Perform checking for signed arit << 121 default UBSAN << 122 depends on !COMPILE_TEST 24 depends on !COMPILE_TEST 123 # The no_sanitize attribute was introd !! 25 default y 124 depends on !CC_IS_GCC || GCC_VERSION > << 125 depends on $(cc-option,-fsanitize=sign << 126 help 26 help 127 This option enables -fsanitize=signe !! 27 This option activates instrumentation for the entire kernel. 128 for wrap-around of any arithmetic op !! 28 If you don't enable this option, you have to explicitly specify 129 This currently performs nearly no in !! 29 UBSAN_SANITIZE := y for the files/directories you want to check for UB. 130 kernel's use of -fno-strict-overflow !! 30 Enabling this option will get kernel image size increased 131 arithmetic undefined behavior into w !! 31 significantly. 132 sanitizer versions will allow for wr << 133 exclusively undefined behavior). << 134 << 135 config UBSAN_BOOL << 136 bool "Perform checking for non-boolean << 137 default UBSAN << 138 depends on $(cc-option,-fsanitize=bool << 139 help << 140 This option enables -fsanitize=bool << 141 loaded that are neither 0 nor 1. << 142 << 143 config UBSAN_ENUM << 144 bool "Perform checking for out of boun << 145 default UBSAN << 146 depends on $(cc-option,-fsanitize=enum << 147 help << 148 This option enables -fsanitize=enum << 149 into an enum that are outside the ra << 150 32 151 config UBSAN_ALIGNMENT 33 config UBSAN_ALIGNMENT 152 bool "Perform checking for misaligned !! 34 bool "Enable checking of pointers alignment" 153 default !HAVE_EFFICIENT_UNALIGNED_ACCE !! 35 depends on UBSAN 154 depends on !UBSAN_TRAP && !COMPILE_TES !! 36 default y if !HAVE_EFFICIENT_UNALIGNED_ACCESS 155 depends on $(cc-option,-fsanitize=alig << 156 help 37 help 157 This option enables the check of una !! 38 This option enables detection of unaligned memory accesses. 158 Enabling this option on architecture 39 Enabling this option on architectures that support unaligned 159 accesses may produce a lot of false 40 accesses may produce a lot of false positives. 160 41 >> 42 config UBSAN_NULL >> 43 bool "Enable checking of null pointers" >> 44 depends on UBSAN >> 45 default y if !ARCH_WANTS_UBSAN_NO_NULL >> 46 help >> 47 This option enables detection of memory accesses via a >> 48 null pointer. >> 49 161 config TEST_UBSAN 50 config TEST_UBSAN 162 tristate "Module for testing for undef 51 tristate "Module for testing for undefined behavior detection" 163 depends on m !! 52 depends on m && UBSAN 164 help 53 help 165 This is a test module for UBSAN. 54 This is a test module for UBSAN. 166 It triggers various undefined behavi 55 It triggers various undefined behavior, and detect it. 167 << 168 endif # if UBSAN <<
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.