1 # SPDX-License-Identifier: GPL-2.0-only !! 1 config ARCH_HAS_UBSAN_SANITIZE_ALL
2 config ARCH_HAS_UBSAN <<
3 bool 2 bool
4 3
5 menuconfig UBSAN !! 4 config ARCH_WANTS_UBSAN_NO_NULL
>> 5 def_bool n
>> 6
>> 7 config UBSAN
6 bool "Undefined behaviour sanity check 8 bool "Undefined behaviour sanity checker"
7 depends on ARCH_HAS_UBSAN <<
8 help 9 help
9 This option enables the Undefined Be !! 10 This option enables undefined behaviour sanity checker
10 Compile-time instrumentation is used 11 Compile-time instrumentation is used to detect various undefined
11 behaviours at runtime. For more deta !! 12 behaviours in runtime. Various types of checks may be enabled
12 Documentation/dev-tools/ubsan.rst !! 13 via boot parameter ubsan_handle
13 !! 14 (see: Documentation/dev-tools/ubsan.rst).
14 if UBSAN !! 15
15 !! 16 config UBSAN_SANITIZE_ALL
16 config UBSAN_TRAP !! 17 bool "Enable instrumentation for the entire kernel"
17 bool "Abort on Sanitizer warnings (sma !! 18 depends on UBSAN
18 depends on !COMPILE_TEST !! 19 depends on ARCH_HAS_UBSAN_SANITIZE_ALL
19 help !! 20
20 Building kernels with Sanitizer feat !! 21 # We build with -Wno-maybe-uninitilzed, but we still want to
21 the kernel size by around 5%, due to !! 22 # use -Wmaybe-uninitilized in allmodconfig builds.
22 text on failure paths. To avoid this !! 23 # So dependsy bellow used to disable this option in allmodconfig
23 can just issue a trap. This reduces <<
24 turns all warnings (including potent <<
25 into full exceptions that abort the <<
26 (regardless of context, locks held, <<
27 the system. For some system builders <<
28 trade-off. <<
29 <<
30 Also note that selecting Y will caus <<
31 with an "illegal instruction" error <<
32 when a UBSAN violation occurs. (Exce <<
33 will report which Sanitizer failed.) <<
34 determine whether an Oops was caused <<
35 out the details of a UBSAN violation <<
36 output less useful for bug reports. <<
37 <<
38 config CC_HAS_UBSAN_BOUNDS_STRICT <<
39 def_bool $(cc-option,-fsanitize=bounds <<
40 help <<
41 The -fsanitize=bounds-strict option <<
42 but uses the more strict handling of <<
43 of flexible arrays, which is compara <<
44 -fsanitize=bounds. <<
45 <<
46 config CC_HAS_UBSAN_ARRAY_BOUNDS <<
47 def_bool $(cc-option,-fsanitize=array- <<
48 help <<
49 Under Clang, the -fsanitize=bounds o <<
50 of two more specific options, -fsani <<
51 -fsanitize=local-bounds. However, -f <<
52 only be used when trap mode is enabl <<
53 CONFIG_LOCAL_BOUNDS.) Explicitly che <<
54 so that we can build up the options <<
55 with or without UBSAN_TRAP. <<
56 <<
57 config UBSAN_BOUNDS <<
58 bool "Perform array index bounds check <<
59 default UBSAN <<
60 depends on CC_HAS_UBSAN_ARRAY_BOUNDS | <<
61 help <<
62 This option enables detection of dir <<
63 array accesses, where the array size <<
64 Note that this does not protect arra <<
65 to the {str,mem}*cpy() family of fun <<
66 by CONFIG_FORTIFY_SOURCE). <<
67 <<
68 config UBSAN_BOUNDS_STRICT <<
69 def_bool UBSAN_BOUNDS && CC_HAS_UBSAN_ <<
70 help <<
71 GCC's bounds sanitizer. This option <<
72 correct options in Makefile.ubsan. <<
73 <<
74 config UBSAN_ARRAY_BOUNDS <<
75 def_bool UBSAN_BOUNDS && CC_HAS_UBSAN_ <<
76 help <<
77 Clang's array bounds sanitizer. This <<
78 the correct options in Makefile.ubsa <<
79 <<
80 config UBSAN_LOCAL_BOUNDS <<
81 def_bool UBSAN_ARRAY_BOUNDS && UBSAN_T <<
82 help <<
83 This option enables Clang's -fsaniti <<
84 when an access through a pointer tha <<
85 of a statically-known size, where an <<
86 be known statically) is out-of-bound <<
87 trap-only, it depends on CONFIG_UBSA <<
88 <<
89 config UBSAN_SHIFT <<
90 bool "Perform checking for bit-shift o <<
91 depends on $(cc-option,-fsanitize=shif <<
92 help <<
93 This option enables -fsanitize=shift <<
94 operations that overflow to the left <<
95 for signed types. <<
96 <<
97 config UBSAN_DIV_ZERO <<
98 bool "Perform checking for integer div <<
99 depends on $(cc-option,-fsanitize=inte <<
100 # https://github.com/ClangBuiltLinux/l <<
101 # https://github.com/llvm/llvm-project <<
102 depends on !CC_IS_CLANG <<
103 help <<
104 This option enables -fsanitize=integ <<
105 for integer division by zero. This i <<
106 kernel's existing exception handling <<
107 debugging information under CONFIG_U <<
108 <<
109 config UBSAN_UNREACHABLE <<
110 bool "Perform checking for unreachable <<
111 # objtool already handles unreachable <<
112 # seeing UBSan instrumentation located <<
113 depends on !(OBJTOOL && (STACK_VALIDAT <<
114 depends on $(cc-option,-fsanitize=unre <<
115 help <<
116 This option enables -fsanitize=unrea <<
117 flow reaching an expected-to-be-unre <<
118 <<
119 config UBSAN_SIGNED_WRAP <<
120 bool "Perform checking for signed arit <<
121 default UBSAN <<
122 depends on !COMPILE_TEST 24 depends on !COMPILE_TEST
123 # The no_sanitize attribute was introd !! 25 default y
124 depends on !CC_IS_GCC || GCC_VERSION > <<
125 depends on $(cc-option,-fsanitize=sign <<
126 help <<
127 This option enables -fsanitize=signe <<
128 for wrap-around of any arithmetic op <<
129 This currently performs nearly no in <<
130 kernel's use of -fno-strict-overflow <<
131 arithmetic undefined behavior into w <<
132 sanitizer versions will allow for wr <<
133 exclusively undefined behavior). <<
134 <<
135 config UBSAN_BOOL <<
136 bool "Perform checking for non-boolean <<
137 default UBSAN <<
138 depends on $(cc-option,-fsanitize=bool <<
139 help 26 help
140 This option enables -fsanitize=bool !! 27 This option activates instrumentation for the entire kernel.
141 loaded that are neither 0 nor 1. !! 28 If you don't enable this option, you have to explicitly specify
142 !! 29 UBSAN_SANITIZE := y for the files/directories you want to check for UB.
143 config UBSAN_ENUM !! 30 Enabling this option will get kernel image size increased
144 bool "Perform checking for out of boun !! 31 significantly.
145 default UBSAN <<
146 depends on $(cc-option,-fsanitize=enum <<
147 help <<
148 This option enables -fsanitize=enum <<
149 into an enum that are outside the ra <<
150 32
151 config UBSAN_ALIGNMENT 33 config UBSAN_ALIGNMENT
152 bool "Perform checking for misaligned !! 34 bool "Enable checking of pointers alignment"
153 default !HAVE_EFFICIENT_UNALIGNED_ACCE !! 35 depends on UBSAN
154 depends on !UBSAN_TRAP && !COMPILE_TES !! 36 default y if !HAVE_EFFICIENT_UNALIGNED_ACCESS
155 depends on $(cc-option,-fsanitize=alig <<
156 help 37 help
157 This option enables the check of una !! 38 This option enables detection of unaligned memory accesses.
158 Enabling this option on architecture 39 Enabling this option on architectures that support unaligned
159 accesses may produce a lot of false 40 accesses may produce a lot of false positives.
160 41
161 config TEST_UBSAN !! 42 config UBSAN_NULL
162 tristate "Module for testing for undef !! 43 bool "Enable checking of null pointers"
163 depends on m !! 44 depends on UBSAN
>> 45 default y if !ARCH_WANTS_UBSAN_NO_NULL
164 help 46 help
165 This is a test module for UBSAN. !! 47 This option enables detection of memory accesses via a
166 It triggers various undefined behavi !! 48 null pointer.
167 <<
168 endif # if UBSAN <<
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.