1 # SPDX-License-Identifier: GPL-2.0-only
2 config ARCH_HAS_UBSAN
3 bool
4
5 menuconfig UBSAN
6 bool "Undefined behaviour sanity check
7 depends on ARCH_HAS_UBSAN
8 help
9 This option enables the Undefined Be
10 Compile-time instrumentation is used
11 behaviours at runtime. For more deta
12 Documentation/dev-tools/ubsan.rst
13
14 if UBSAN
15
16 config UBSAN_TRAP
17 bool "Abort on Sanitizer warnings (sma
18 depends on !COMPILE_TEST
19 help
20 Building kernels with Sanitizer feat
21 the kernel size by around 5%, due to
22 text on failure paths. To avoid this
23 can just issue a trap. This reduces
24 turns all warnings (including potent
25 into full exceptions that abort the
26 (regardless of context, locks held,
27 the system. For some system builders
28 trade-off.
29
30 Also note that selecting Y will caus
31 with an "illegal instruction" error
32 when a UBSAN violation occurs. (Exce
33 will report which Sanitizer failed.)
34 determine whether an Oops was caused
35 out the details of a UBSAN violation
36 output less useful for bug reports.
37
38 config CC_HAS_UBSAN_BOUNDS_STRICT
39 def_bool $(cc-option,-fsanitize=bounds
40 help
41 The -fsanitize=bounds-strict option
42 but uses the more strict handling of
43 of flexible arrays, which is compara
44 -fsanitize=bounds.
45
46 config CC_HAS_UBSAN_ARRAY_BOUNDS
47 def_bool $(cc-option,-fsanitize=array-
48 help
49 Under Clang, the -fsanitize=bounds o
50 of two more specific options, -fsani
51 -fsanitize=local-bounds. However, -f
52 only be used when trap mode is enabl
53 CONFIG_LOCAL_BOUNDS.) Explicitly che
54 so that we can build up the options
55 with or without UBSAN_TRAP.
56
57 config UBSAN_BOUNDS
58 bool "Perform array index bounds check
59 default UBSAN
60 depends on CC_HAS_UBSAN_ARRAY_BOUNDS |
61 help
62 This option enables detection of dir
63 array accesses, where the array size
64 Note that this does not protect arra
65 to the {str,mem}*cpy() family of fun
66 by CONFIG_FORTIFY_SOURCE).
67
68 config UBSAN_BOUNDS_STRICT
69 def_bool UBSAN_BOUNDS && CC_HAS_UBSAN_
70 help
71 GCC's bounds sanitizer. This option
72 correct options in Makefile.ubsan.
73
74 config UBSAN_ARRAY_BOUNDS
75 def_bool UBSAN_BOUNDS && CC_HAS_UBSAN_
76 help
77 Clang's array bounds sanitizer. This
78 the correct options in Makefile.ubsa
79
80 config UBSAN_LOCAL_BOUNDS
81 def_bool UBSAN_ARRAY_BOUNDS && UBSAN_T
82 help
83 This option enables Clang's -fsaniti
84 when an access through a pointer tha
85 of a statically-known size, where an
86 be known statically) is out-of-bound
87 trap-only, it depends on CONFIG_UBSA
88
89 config UBSAN_SHIFT
90 bool "Perform checking for bit-shift o
91 depends on $(cc-option,-fsanitize=shif
92 help
93 This option enables -fsanitize=shift
94 operations that overflow to the left
95 for signed types.
96
97 config UBSAN_DIV_ZERO
98 bool "Perform checking for integer div
99 depends on $(cc-option,-fsanitize=inte
100 # https://github.com/ClangBuiltLinux/l
101 # https://github.com/llvm/llvm-project
102 depends on !CC_IS_CLANG
103 help
104 This option enables -fsanitize=integ
105 for integer division by zero. This i
106 kernel's existing exception handling
107 debugging information under CONFIG_U
108
109 config UBSAN_UNREACHABLE
110 bool "Perform checking for unreachable
111 # objtool already handles unreachable
112 # seeing UBSan instrumentation located
113 depends on !(OBJTOOL && (STACK_VALIDAT
114 depends on $(cc-option,-fsanitize=unre
115 help
116 This option enables -fsanitize=unrea
117 flow reaching an expected-to-be-unre
118
119 config UBSAN_SIGNED_WRAP
120 bool "Perform checking for signed arit
121 default UBSAN
122 depends on !COMPILE_TEST
123 # The no_sanitize attribute was introd
124 depends on !CC_IS_GCC || GCC_VERSION >
125 depends on $(cc-option,-fsanitize=sign
126 help
127 This option enables -fsanitize=signe
128 for wrap-around of any arithmetic op
129 This currently performs nearly no in
130 kernel's use of -fno-strict-overflow
131 arithmetic undefined behavior into w
132 sanitizer versions will allow for wr
133 exclusively undefined behavior).
134
135 config UBSAN_BOOL
136 bool "Perform checking for non-boolean
137 default UBSAN
138 depends on $(cc-option,-fsanitize=bool
139 help
140 This option enables -fsanitize=bool
141 loaded that are neither 0 nor 1.
142
143 config UBSAN_ENUM
144 bool "Perform checking for out of boun
145 default UBSAN
146 depends on $(cc-option,-fsanitize=enum
147 help
148 This option enables -fsanitize=enum
149 into an enum that are outside the ra
150
151 config UBSAN_ALIGNMENT
152 bool "Perform checking for misaligned
153 default !HAVE_EFFICIENT_UNALIGNED_ACCE
154 depends on !UBSAN_TRAP && !COMPILE_TES
155 depends on $(cc-option,-fsanitize=alig
156 help
157 This option enables the check of una
158 Enabling this option on architecture
159 accesses may produce a lot of false
160
161 config TEST_UBSAN
162 tristate "Module for testing for undef
163 depends on m
164 help
165 This is a test module for UBSAN.
166 It triggers various undefined behavi
167
168 endif # if UBSAN
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.