brintos

brintos / linux-shallow public Read only

0
0
Text · 6.5 KiB · 1d4aa7a Raw
169 lines · plain
1# SPDX-License-Identifier: GPL-2.0-only2config ARCH_HAS_UBSAN3	bool4 5menuconfig UBSAN6	bool "Undefined behaviour sanity checker"7	depends on ARCH_HAS_UBSAN8	help9	  This option enables the Undefined Behaviour sanity checker.10	  Compile-time instrumentation is used to detect various undefined11	  behaviours at runtime. For more details, see:12	  Documentation/dev-tools/ubsan.rst13 14if UBSAN15 16config UBSAN_TRAP17	bool "Abort on Sanitizer warnings (smaller kernel but less verbose)"18	depends on !COMPILE_TEST19	help20	  Building kernels with Sanitizer features enabled tends to grow21	  the kernel size by around 5%, due to adding all the debugging22	  text on failure paths. To avoid this, Sanitizer instrumentation23	  can just issue a trap. This reduces the kernel size overhead but24	  turns all warnings (including potentially harmless conditions)25	  into full exceptions that abort the running kernel code26	  (regardless of context, locks held, etc), which may destabilize27	  the system. For some system builders this is an acceptable28	  trade-off.29 30	  Also note that selecting Y will cause your kernel to Oops31	  with an "illegal instruction" error with no further details32	  when a UBSAN violation occurs. (Except on arm64 and x86, which33	  will report which Sanitizer failed.) This may make it hard to34	  determine whether an Oops was caused by UBSAN or to figure35	  out the details of a UBSAN violation. It makes the kernel log36	  output less useful for bug reports.37 38config CC_HAS_UBSAN_BOUNDS_STRICT39	def_bool $(cc-option,-fsanitize=bounds-strict)40	help41	  The -fsanitize=bounds-strict option is only available on GCC,42	  but uses the more strict handling of arrays that includes knowledge43	  of flexible arrays, which is comparable to Clang's regular44	  -fsanitize=bounds.45 46config CC_HAS_UBSAN_ARRAY_BOUNDS47	def_bool $(cc-option,-fsanitize=array-bounds)48	help49	  Under Clang, the -fsanitize=bounds option is actually composed50	  of two more specific options, -fsanitize=array-bounds and51	  -fsanitize=local-bounds. However, -fsanitize=local-bounds can52	  only be used when trap mode is enabled. (See also the help for53	  CONFIG_LOCAL_BOUNDS.) Explicitly check for -fsanitize=array-bounds54	  so that we can build up the options needed for UBSAN_BOUNDS55	  with or without UBSAN_TRAP.56 57config UBSAN_BOUNDS58	bool "Perform array index bounds checking"59	default UBSAN60	depends on CC_HAS_UBSAN_ARRAY_BOUNDS || CC_HAS_UBSAN_BOUNDS_STRICT61	help62	  This option enables detection of directly indexed out of bounds63	  array accesses, where the array size is known at compile time.64	  Note that this does not protect array overflows via bad calls65	  to the {str,mem}*cpy() family of functions (that is addressed66	  by CONFIG_FORTIFY_SOURCE).67 68config UBSAN_BOUNDS_STRICT69	def_bool UBSAN_BOUNDS && CC_HAS_UBSAN_BOUNDS_STRICT70	help71	  GCC's bounds sanitizer. This option is used to select the72	  correct options in Makefile.ubsan.73 74config UBSAN_ARRAY_BOUNDS75	def_bool UBSAN_BOUNDS && CC_HAS_UBSAN_ARRAY_BOUNDS76	help77	  Clang's array bounds sanitizer. This option is used to select78	  the correct options in Makefile.ubsan.79 80config UBSAN_LOCAL_BOUNDS81	def_bool UBSAN_ARRAY_BOUNDS && UBSAN_TRAP82	help83	  This option enables Clang's -fsanitize=local-bounds which traps84	  when an access through a pointer that is derived from an object85	  of a statically-known size, where an added offset (which may not86	  be known statically) is out-of-bounds. Since this option is87	  trap-only, it depends on CONFIG_UBSAN_TRAP.88 89config UBSAN_SHIFT90	bool "Perform checking for bit-shift overflows"91	depends on $(cc-option,-fsanitize=shift)92	help93	  This option enables -fsanitize=shift which checks for bit-shift94	  operations that overflow to the left or go switch to negative95	  for signed types.96 97config UBSAN_DIV_ZERO98	bool "Perform checking for integer divide-by-zero"99	depends on $(cc-option,-fsanitize=integer-divide-by-zero)100	# https://github.com/ClangBuiltLinux/linux/issues/1657101	# https://github.com/llvm/llvm-project/issues/56289102	depends on !CC_IS_CLANG103	help104	  This option enables -fsanitize=integer-divide-by-zero which checks105	  for integer division by zero. This is effectively redundant with the106	  kernel's existing exception handling, though it can provide greater107	  debugging information under CONFIG_UBSAN_REPORT_FULL.108 109config UBSAN_UNREACHABLE110	bool "Perform checking for unreachable code"111	# objtool already handles unreachable checking and gets angry about112	# seeing UBSan instrumentation located in unreachable places.113	depends on !(OBJTOOL && (STACK_VALIDATION || UNWINDER_ORC || HAVE_UACCESS_VALIDATION))114	depends on $(cc-option,-fsanitize=unreachable)115	help116	  This option enables -fsanitize=unreachable which checks for control117	  flow reaching an expected-to-be-unreachable position.118 119config UBSAN_SIGNED_WRAP120	bool "Perform checking for signed arithmetic wrap-around"121	default UBSAN122	depends on !COMPILE_TEST123	# The no_sanitize attribute was introduced in GCC with version 8.124	depends on !CC_IS_GCC || GCC_VERSION >= 80000125	depends on $(cc-option,-fsanitize=signed-integer-overflow)126	help127	  This option enables -fsanitize=signed-integer-overflow which checks128	  for wrap-around of any arithmetic operations with signed integers.129	  This currently performs nearly no instrumentation due to the130	  kernel's use of -fno-strict-overflow which converts all would-be131	  arithmetic undefined behavior into wrap-around arithmetic. Future132	  sanitizer versions will allow for wrap-around checking (rather than133	  exclusively undefined behavior).134 135config UBSAN_BOOL136	bool "Perform checking for non-boolean values used as boolean"137	default UBSAN138	depends on $(cc-option,-fsanitize=bool)139	help140	  This option enables -fsanitize=bool which checks for boolean values being141	  loaded that are neither 0 nor 1.142 143config UBSAN_ENUM144	bool "Perform checking for out of bounds enum values"145	default UBSAN146	depends on $(cc-option,-fsanitize=enum)147	help148	  This option enables -fsanitize=enum which checks for values being loaded149	  into an enum that are outside the range of given values for the given enum.150 151config UBSAN_ALIGNMENT152	bool "Perform checking for misaligned pointer usage"153	default !HAVE_EFFICIENT_UNALIGNED_ACCESS154	depends on !UBSAN_TRAP && !COMPILE_TEST155	depends on $(cc-option,-fsanitize=alignment)156	help157	  This option enables the check of unaligned memory accesses.158	  Enabling this option on architectures that support unaligned159	  accesses may produce a lot of false positives.160 161config TEST_UBSAN162	tristate "Module for testing for undefined behavior detection"163	depends on m164	help165	  This is a test module for UBSAN.166	  It triggers various undefined behavior, and detect it.167 168endif	# if UBSAN169