aboutsummaryrefslogtreecommitdiffstats
path: root/config
diff options
context:
space:
mode:
authorStijn Tintel <stijn@linux-ipv6.be>2021-11-03 19:38:50 +0200
committerStijn Tintel <stijn@linux-ipv6.be>2021-11-07 17:38:01 +0200
commitc5fa7ec2a6d97597cfcac8d21657026802ff01a2 (patch)
tree556b3dfe9f85432066be88574417e6fd062c7cfd /config
parentec68c75c629eed149ed4416d5300328deb53a417 (diff)
downloadupstream-c5fa7ec2a6d97597cfcac8d21657026802ff01a2.tar.gz
upstream-c5fa7ec2a6d97597cfcac8d21657026802ff01a2.tar.bz2
upstream-c5fa7ec2a6d97597cfcac8d21657026802ff01a2.zip
kernel: add missing UBSAN config symbols
Enabling KERNEL_UBSAN exposes several missing symbols. Add new kernel build options for UBSAN_BOUNDS and UBSAN_TRAP, disable CONFIG_TEST_UBSAN in the generic kernel configs and enable CONFIG_UBSAN_MISC in generic 5.10 config. The latter symbol was removed in later kernels, as it was causing some issues, so just disable it in 5.10 instead of adding a build option for it. Fixes build failures with KERNEL_UBSAN enabled. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
Diffstat (limited to 'config')
-rw-r--r--config/Config-kernel.in23
1 files changed, 23 insertions, 0 deletions
diff --git a/config/Config-kernel.in b/config/Config-kernel.in
index 2243e3e5bc..902e211ea1 100644
--- a/config/Config-kernel.in
+++ b/config/Config-kernel.in
@@ -114,6 +114,16 @@ config KERNEL_UBSAN_ALIGNMENT
Enabling this option on architectures that support unaligned
accesses may produce a lot of false positives.
+config KERNEL_UBSAN_BOUNDS
+ bool "Perform array index bounds checking"
+ depends on KERNEL_UBSAN
+ help
+ This option enables detection of directly indexed out of bounds array
+ accesses, where the array size is known at compile time. Note that
+ this does not protect array overflows via bad calls to the
+ {str,mem}*cpy() family of functions (that is addressed by
+ FORTIFY_SOURCE).
+
config KERNEL_UBSAN_NULL
bool "Enable checking of null pointers"
depends on KERNEL_UBSAN
@@ -121,6 +131,19 @@ config KERNEL_UBSAN_NULL
This option enables detection of memory accesses via a
null pointer.
+config KERNEL_UBSAN_TRAP
+ bool "On Sanitizer warnings, abort the running kernel code"
+ depends on KERNEL_UBSAN
+ help
+ Building kernels with Sanitizer features enabled tends to grow the
+ kernel size by around 5%, due to adding all the debugging text on
+ failure paths. To avoid this, Sanitizer instrumentation can just
+ issue a trap. This reduces the kernel size overhead but turns all
+ warnings (including potentially harmless conditions) into full
+ exceptions that abort the running kernel code (regardless of context,
+ locks held, etc), which may destabilize the system. For some system
+ builders this is an acceptable trade-off.
+
config KERNEL_KASAN
bool "Compile the kernel with KASan: runtime memory debugger"
select KERNEL_SLUB_DEBUG