Message ID | 20211103180823.132040-1-stijn@linux-ipv6.be |
---|---|
State | Accepted |
Delegated to: | Stijn Tintel |
Headers | show |
Series | [1/2] kernel: add missing UBSAN config symbols | expand |
On 11/3/21 7:08 PM, Stijn Tintel wrote: > Enabling KERNEL_UBSAN exposes several missing symbols. Add new kernel > build options for UBSAN_BOUNDS and UBSAN_TRAP, disable CONFIG_TEST_UBSAN > in the generic kernel configs and enable CONFIG_UBSAN_MISC in generic > 5.10 config. The latter symbol was removed in later kernels, so just set > it to the default value in 5.10 instead of adding a build option for it. > > Fixes build failures with KERNEL_UBSAN enabled. Does your system still boot with CONFIG_UBSAN_MISC set? I haven't tried this myself and used this only on an older kernel before, but this commit message which removes it does not sound good: https://git.kernel.org/linus/c637693b20da8706b7f48d96882c9c80ae935151 I would prefer to deactivate CONFIG_UBSAN_MISC. Hauke > > Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> > --- > config/Config-kernel.in | 23 +++++++++++++++++++++++ > target/linux/generic/config-5.10 | 2 ++ > target/linux/generic/config-5.4 | 1 + > 3 files changed, 26 insertions(+) > > diff --git a/config/Config-kernel.in b/config/Config-kernel.in > index dc249a6031..6758d278e7 100644 > --- a/config/Config-kernel.in > +++ b/config/Config-kernel.in > @@ -114,6 +114,16 @@ config KERNEL_UBSAN_ALIGNMENT > Enabling this option on architectures that support unaligned > accesses may produce a lot of false positives. > > +config KERNEL_UBSAN_BOUNDS > + bool "Perform array index bounds checking" > + depends on KERNEL_UBSAN > + help > + This option enables detection of directly indexed out of bounds array > + accesses, where the array size is known at compile time. Note that > + this does not protect array overflows via bad calls to the > + {str,mem}*cpy() family of functions (that is addressed by > + FORTIFY_SOURCE). > + > config KERNEL_UBSAN_NULL > bool "Enable checking of null pointers" > depends on KERNEL_UBSAN > @@ -121,6 +131,19 @@ config KERNEL_UBSAN_NULL > This option enables detection of memory accesses via a > null pointer. > > +config KERNEL_UBSAN_TRAP > + bool "On Sanitizer warnings, abort the running kernel code" > + depends on KERNEL_UBSAN > + help > + Building kernels with Sanitizer features enabled tends to grow the > + kernel size by around 5%, due to adding all the debugging text on > + failure paths. To avoid this, Sanitizer instrumentation can just > + issue a trap. This reduces the kernel size overhead but turns all > + warnings (including potentially harmless conditions) into full > + exceptions that abort the running kernel code (regardless of context, > + locks held, etc), which may destabilize the system. For some system > + builders this is an acceptable trade-off. > + > config KERNEL_KASAN > bool "Compile the kernel with KASan: runtime memory debugger" > select KERNEL_SLUB_DEBUG > diff --git a/target/linux/generic/config-5.10 b/target/linux/generic/config-5.10 > index 7b952e8ca8..83004d0879 100644 > --- a/target/linux/generic/config-5.10 > +++ b/target/linux/generic/config-5.10 > @@ -6082,6 +6082,7 @@ CONFIG_TCP_CONG_CUBIC=y > # CONFIG_TEST_STRING_HELPERS is not set > # CONFIG_TEST_STRSCPY is not set > # CONFIG_TEST_SYSCTL is not set > +# CONFIG_TEST_UBSAN is not set > # CONFIG_TEST_UDELAY is not set > # CONFIG_TEST_USER_COPY is not set > # CONFIG_TEST_UUID is not set > @@ -6348,6 +6349,7 @@ CONFIG_UBIFS_FS_ZLIB=y > CONFIG_UBIFS_FS_ZSTD=y > # CONFIG_UBSAN is not set > CONFIG_UBSAN_ALIGNMENT=y > +CONFIG_UBSAN_MISC=y > # CONFIG_UCB1400_CORE is not set > # CONFIG_UCSI is not set > # CONFIG_UDF_FS is not set > diff --git a/target/linux/generic/config-5.4 b/target/linux/generic/config-5.4 > index c44e9cf40b..bf2b462529 100644 > --- a/target/linux/generic/config-5.4 > +++ b/target/linux/generic/config-5.4 > @@ -5631,6 +5631,7 @@ CONFIG_TCP_CONG_CUBIC=y > # CONFIG_TEST_STRING_HELPERS is not set > # CONFIG_TEST_STRSCPY is not set > # CONFIG_TEST_SYSCTL is not set > +# CONFIG_TEST_UBSAN is not set > # CONFIG_TEST_UDELAY is not set > # CONFIG_TEST_USER_COPY is not set > # CONFIG_TEST_UUID is not set >
diff --git a/config/Config-kernel.in b/config/Config-kernel.in index dc249a6031..6758d278e7 100644 --- a/config/Config-kernel.in +++ b/config/Config-kernel.in @@ -114,6 +114,16 @@ config KERNEL_UBSAN_ALIGNMENT Enabling this option on architectures that support unaligned accesses may produce a lot of false positives. +config KERNEL_UBSAN_BOUNDS + bool "Perform array index bounds checking" + depends on KERNEL_UBSAN + help + This option enables detection of directly indexed out of bounds array + accesses, where the array size is known at compile time. Note that + this does not protect array overflows via bad calls to the + {str,mem}*cpy() family of functions (that is addressed by + FORTIFY_SOURCE). + config KERNEL_UBSAN_NULL bool "Enable checking of null pointers" depends on KERNEL_UBSAN @@ -121,6 +131,19 @@ config KERNEL_UBSAN_NULL This option enables detection of memory accesses via a null pointer. +config KERNEL_UBSAN_TRAP + bool "On Sanitizer warnings, abort the running kernel code" + depends on KERNEL_UBSAN + help + Building kernels with Sanitizer features enabled tends to grow the + kernel size by around 5%, due to adding all the debugging text on + failure paths. To avoid this, Sanitizer instrumentation can just + issue a trap. This reduces the kernel size overhead but turns all + warnings (including potentially harmless conditions) into full + exceptions that abort the running kernel code (regardless of context, + locks held, etc), which may destabilize the system. For some system + builders this is an acceptable trade-off. + config KERNEL_KASAN bool "Compile the kernel with KASan: runtime memory debugger" select KERNEL_SLUB_DEBUG diff --git a/target/linux/generic/config-5.10 b/target/linux/generic/config-5.10 index 7b952e8ca8..83004d0879 100644 --- a/target/linux/generic/config-5.10 +++ b/target/linux/generic/config-5.10 @@ -6082,6 +6082,7 @@ CONFIG_TCP_CONG_CUBIC=y # CONFIG_TEST_STRING_HELPERS is not set # CONFIG_TEST_STRSCPY is not set # CONFIG_TEST_SYSCTL is not set +# CONFIG_TEST_UBSAN is not set # CONFIG_TEST_UDELAY is not set # CONFIG_TEST_USER_COPY is not set # CONFIG_TEST_UUID is not set @@ -6348,6 +6349,7 @@ CONFIG_UBIFS_FS_ZLIB=y CONFIG_UBIFS_FS_ZSTD=y # CONFIG_UBSAN is not set CONFIG_UBSAN_ALIGNMENT=y +CONFIG_UBSAN_MISC=y # CONFIG_UCB1400_CORE is not set # CONFIG_UCSI is not set # CONFIG_UDF_FS is not set diff --git a/target/linux/generic/config-5.4 b/target/linux/generic/config-5.4 index c44e9cf40b..bf2b462529 100644 --- a/target/linux/generic/config-5.4 +++ b/target/linux/generic/config-5.4 @@ -5631,6 +5631,7 @@ CONFIG_TCP_CONG_CUBIC=y # CONFIG_TEST_STRING_HELPERS is not set # CONFIG_TEST_STRSCPY is not set # CONFIG_TEST_SYSCTL is not set +# CONFIG_TEST_UBSAN is not set # CONFIG_TEST_UDELAY is not set # CONFIG_TEST_USER_COPY is not set # CONFIG_TEST_UUID is not set
Enabling KERNEL_UBSAN exposes several missing symbols. Add new kernel build options for UBSAN_BOUNDS and UBSAN_TRAP, disable CONFIG_TEST_UBSAN in the generic kernel configs and enable CONFIG_UBSAN_MISC in generic 5.10 config. The latter symbol was removed in later kernels, so just set it to the default value in 5.10 instead of adding a build option for it. Fixes build failures with KERNEL_UBSAN enabled. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> --- config/Config-kernel.in | 23 +++++++++++++++++++++++ target/linux/generic/config-5.10 | 2 ++ target/linux/generic/config-5.4 | 1 + 3 files changed, 26 insertions(+)