1 # SPDX-License-Identifier: GPL-2.0-only !! 1 config ARCH_HAS_UBSAN_SANITIZE_ALL
2 config ARCH_HAS_UBSAN <<
3 bool 2 bool
4 3
5 menuconfig UBSAN !! 4 config UBSAN
6 bool "Undefined behaviour sanity check 5 bool "Undefined behaviour sanity checker"
7 depends on ARCH_HAS_UBSAN <<
8 help 6 help
9 This option enables the Undefined Be !! 7 This option enables undefined behaviour sanity checker
10 Compile-time instrumentation is used 8 Compile-time instrumentation is used to detect various undefined
11 behaviours at runtime. For more deta !! 9 behaviours in runtime. Various types of checks may be enabled
12 Documentation/dev-tools/ubsan.rst !! 10 via boot parameter ubsan_handle
13 !! 11 (see: Documentation/dev-tools/ubsan.rst).
14 if UBSAN !! 12
15 !! 13 config UBSAN_SANITIZE_ALL
16 config UBSAN_TRAP !! 14 bool "Enable instrumentation for the entire kernel"
17 bool "Abort on Sanitizer warnings (sma !! 15 depends on UBSAN
>> 16 depends on ARCH_HAS_UBSAN_SANITIZE_ALL
>> 17
>> 18 # We build with -Wno-maybe-uninitilzed, but we still want to
>> 19 # use -Wmaybe-uninitilized in allmodconfig builds.
>> 20 # So dependsy bellow used to disable this option in allmodconfig
18 depends on !COMPILE_TEST 21 depends on !COMPILE_TEST
>> 22 default y
19 help 23 help
20 Building kernels with Sanitizer feat !! 24 This option activates instrumentation for the entire kernel.
21 the kernel size by around 5%, due to !! 25 If you don't enable this option, you have to explicitly specify
22 text on failure paths. To avoid this !! 26 UBSAN_SANITIZE := y for the files/directories you want to check for UB.
23 can just issue a trap. This reduces !! 27 Enabling this option will get kernel image size increased
24 turns all warnings (including potent !! 28 significantly.
25 into full exceptions that abort the <<
26 (regardless of context, locks held, <<
27 the system. For some system builders <<
28 trade-off. <<
29 <<
30 Also note that selecting Y will caus <<
31 with an "illegal instruction" error <<
32 when a UBSAN violation occurs. (Exce <<
33 will report which Sanitizer failed.) <<
34 determine whether an Oops was caused <<
35 out the details of a UBSAN violation <<
36 output less useful for bug reports. <<
37 <<
38 config CC_HAS_UBSAN_BOUNDS_STRICT <<
39 def_bool $(cc-option,-fsanitize=bounds <<
40 help <<
41 The -fsanitize=bounds-strict option <<
42 but uses the more strict handling of <<
43 of flexible arrays, which is compara <<
44 -fsanitize=bounds. <<
45 <<
46 config CC_HAS_UBSAN_ARRAY_BOUNDS <<
47 def_bool $(cc-option,-fsanitize=array- <<
48 help <<
49 Under Clang, the -fsanitize=bounds o <<
50 of two more specific options, -fsani <<
51 -fsanitize=local-bounds. However, -f <<
52 only be used when trap mode is enabl <<
53 CONFIG_LOCAL_BOUNDS.) Explicitly che <<
54 so that we can build up the options <<
55 with or without UBSAN_TRAP. <<
56 <<
57 config UBSAN_BOUNDS <<
58 bool "Perform array index bounds check <<
59 default UBSAN <<
60 depends on CC_HAS_UBSAN_ARRAY_BOUNDS | <<
61 help <<
62 This option enables detection of dir <<
63 array accesses, where the array size <<
64 Note that this does not protect arra <<
65 to the {str,mem}*cpy() family of fun <<
66 by CONFIG_FORTIFY_SOURCE). <<
67 <<
68 config UBSAN_BOUNDS_STRICT <<
69 def_bool UBSAN_BOUNDS && CC_HAS_UBSAN_ <<
70 help <<
71 GCC's bounds sanitizer. This option <<
72 correct options in Makefile.ubsan. <<
73 <<
74 config UBSAN_ARRAY_BOUNDS <<
75 def_bool UBSAN_BOUNDS && CC_HAS_UBSAN_ <<
76 help <<
77 Clang's array bounds sanitizer. This <<
78 the correct options in Makefile.ubsa <<
79 <<
80 config UBSAN_LOCAL_BOUNDS <<
81 def_bool UBSAN_ARRAY_BOUNDS && UBSAN_T <<
82 help <<
83 This option enables Clang's -fsaniti <<
84 when an access through a pointer tha <<
85 of a statically-known size, where an <<
86 be known statically) is out-of-bound <<
87 trap-only, it depends on CONFIG_UBSA <<
88 <<
89 config UBSAN_SHIFT <<
90 bool "Perform checking for bit-shift o <<
91 depends on $(cc-option,-fsanitize=shif <<
92 help <<
93 This option enables -fsanitize=shift <<
94 operations that overflow to the left <<
95 for signed types. <<
96 <<
97 config UBSAN_DIV_ZERO <<
98 bool "Perform checking for integer div <<
99 depends on $(cc-option,-fsanitize=inte <<
100 # https://github.com/ClangBuiltLinux/l <<
101 # https://github.com/llvm/llvm-project <<
102 depends on !CC_IS_CLANG <<
103 help <<
104 This option enables -fsanitize=integ <<
105 for integer division by zero. This i <<
106 kernel's existing exception handling <<
107 debugging information under CONFIG_U <<
108 <<
109 config UBSAN_UNREACHABLE <<
110 bool "Perform checking for unreachable <<
111 # objtool already handles unreachable <<
112 # seeing UBSan instrumentation located <<
113 depends on !(OBJTOOL && (STACK_VALIDAT <<
114 depends on $(cc-option,-fsanitize=unre <<
115 help <<
116 This option enables -fsanitize=unrea <<
117 flow reaching an expected-to-be-unre <<
118 <<
119 config UBSAN_SIGNED_WRAP <<
120 bool "Perform checking for signed arit <<
121 default UBSAN <<
122 depends on !COMPILE_TEST <<
123 # The no_sanitize attribute was introd <<
124 depends on !CC_IS_GCC || GCC_VERSION > <<
125 depends on $(cc-option,-fsanitize=sign <<
126 help <<
127 This option enables -fsanitize=signe <<
128 for wrap-around of any arithmetic op <<
129 This currently performs nearly no in <<
130 kernel's use of -fno-strict-overflow <<
131 arithmetic undefined behavior into w <<
132 sanitizer versions will allow for wr <<
133 exclusively undefined behavior). <<
134 <<
135 config UBSAN_BOOL <<
136 bool "Perform checking for non-boolean <<
137 default UBSAN <<
138 depends on $(cc-option,-fsanitize=bool <<
139 help <<
140 This option enables -fsanitize=bool <<
141 loaded that are neither 0 nor 1. <<
142 <<
143 config UBSAN_ENUM <<
144 bool "Perform checking for out of boun <<
145 default UBSAN <<
146 depends on $(cc-option,-fsanitize=enum <<
147 help <<
148 This option enables -fsanitize=enum <<
149 into an enum that are outside the ra <<
150 29
151 config UBSAN_ALIGNMENT 30 config UBSAN_ALIGNMENT
152 bool "Perform checking for misaligned !! 31 bool "Enable checking of pointers alignment"
153 default !HAVE_EFFICIENT_UNALIGNED_ACCE !! 32 depends on UBSAN
154 depends on !UBSAN_TRAP && !COMPILE_TES !! 33 default y if !HAVE_EFFICIENT_UNALIGNED_ACCESS
155 depends on $(cc-option,-fsanitize=alig <<
156 help 34 help
157 This option enables the check of una !! 35 This option enables detection of unaligned memory accesses.
158 Enabling this option on architecture 36 Enabling this option on architectures that support unaligned
159 accesses may produce a lot of false 37 accesses may produce a lot of false positives.
160 38
161 config TEST_UBSAN 39 config TEST_UBSAN
162 tristate "Module for testing for undef 40 tristate "Module for testing for undefined behavior detection"
163 depends on m !! 41 depends on m && UBSAN
164 help 42 help
165 This is a test module for UBSAN. 43 This is a test module for UBSAN.
166 It triggers various undefined behavi 44 It triggers various undefined behavior, and detect it.
167 <<
168 endif # if UBSAN <<
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.