diff options
author | Stijn Tintel <stijn@linux-ipv6.be> | 2021-11-03 19:38:50 +0200 |
---|---|---|
committer | Stijn Tintel <stijn@linux-ipv6.be> | 2021-11-07 17:38:01 +0200 |
commit | c5fa7ec2a6d97597cfcac8d21657026802ff01a2 (patch) | |
tree | 556b3dfe9f85432066be88574417e6fd062c7cfd | |
parent | ec68c75c629eed149ed4416d5300328deb53a417 (diff) | |
download | upstream-c5fa7ec2a6d97597cfcac8d21657026802ff01a2.tar.gz upstream-c5fa7ec2a6d97597cfcac8d21657026802ff01a2.tar.bz2 upstream-c5fa7ec2a6d97597cfcac8d21657026802ff01a2.zip |
kernel: add missing UBSAN config symbols
Enabling KERNEL_UBSAN exposes several missing symbols. Add new kernel
build options for UBSAN_BOUNDS and UBSAN_TRAP, disable CONFIG_TEST_UBSAN
in the generic kernel configs and enable CONFIG_UBSAN_MISC in generic
5.10 config. The latter symbol was removed in later kernels, as it was
causing some issues, so just disable it in 5.10 instead of adding a
build option for it.
Fixes build failures with KERNEL_UBSAN enabled.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
-rw-r--r-- | config/Config-kernel.in | 23 | ||||
-rw-r--r-- | target/linux/generic/config-5.10 | 2 | ||||
-rw-r--r-- | target/linux/generic/config-5.4 | 1 |
3 files changed, 26 insertions, 0 deletions
diff --git a/config/Config-kernel.in b/config/Config-kernel.in index 2243e3e5bc..902e211ea1 100644 --- a/config/Config-kernel.in +++ b/config/Config-kernel.in @@ -114,6 +114,16 @@ config KERNEL_UBSAN_ALIGNMENT Enabling this option on architectures that support unaligned accesses may produce a lot of false positives. +config KERNEL_UBSAN_BOUNDS + bool "Perform array index bounds checking" + depends on KERNEL_UBSAN + help + This option enables detection of directly indexed out of bounds array + accesses, where the array size is known at compile time. Note that + this does not protect array overflows via bad calls to the + {str,mem}*cpy() family of functions (that is addressed by + FORTIFY_SOURCE). + config KERNEL_UBSAN_NULL bool "Enable checking of null pointers" depends on KERNEL_UBSAN @@ -121,6 +131,19 @@ config KERNEL_UBSAN_NULL This option enables detection of memory accesses via a null pointer. +config KERNEL_UBSAN_TRAP + bool "On Sanitizer warnings, abort the running kernel code" + depends on KERNEL_UBSAN + help + Building kernels with Sanitizer features enabled tends to grow the + kernel size by around 5%, due to adding all the debugging text on + failure paths. To avoid this, Sanitizer instrumentation can just + issue a trap. This reduces the kernel size overhead but turns all + warnings (including potentially harmless conditions) into full + exceptions that abort the running kernel code (regardless of context, + locks held, etc), which may destabilize the system. For some system + builders this is an acceptable trade-off. + config KERNEL_KASAN bool "Compile the kernel with KASan: runtime memory debugger" select KERNEL_SLUB_DEBUG diff --git a/target/linux/generic/config-5.10 b/target/linux/generic/config-5.10 index 403712d0e9..604d5e4e6c 100644 --- a/target/linux/generic/config-5.10 +++ b/target/linux/generic/config-5.10 @@ -6083,6 +6083,7 @@ CONFIG_TCP_CONG_CUBIC=y # CONFIG_TEST_STRING_HELPERS is not set # CONFIG_TEST_STRSCPY is not set # CONFIG_TEST_SYSCTL is not set +# CONFIG_TEST_UBSAN is not set # CONFIG_TEST_UDELAY is not set # CONFIG_TEST_USER_COPY is not set # CONFIG_TEST_UUID is not set @@ -6349,6 +6350,7 @@ CONFIG_UBIFS_FS_ZLIB=y CONFIG_UBIFS_FS_ZSTD=y # CONFIG_UBSAN is not set CONFIG_UBSAN_ALIGNMENT=y +# CONFIG_UBSAN_MISC is not set # CONFIG_UCB1400_CORE is not set # CONFIG_UCSI is not set # CONFIG_UDF_FS is not set diff --git a/target/linux/generic/config-5.4 b/target/linux/generic/config-5.4 index c44e9cf40b..bf2b462529 100644 --- a/target/linux/generic/config-5.4 +++ b/target/linux/generic/config-5.4 @@ -5631,6 +5631,7 @@ CONFIG_TCP_CONG_CUBIC=y # CONFIG_TEST_STRING_HELPERS is not set # CONFIG_TEST_STRSCPY is not set # CONFIG_TEST_SYSCTL is not set +# CONFIG_TEST_UBSAN is not set # CONFIG_TEST_UDELAY is not set # CONFIG_TEST_USER_COPY is not set # CONFIG_TEST_UUID is not set |