mirror of
https://github.com/torvalds/linux.git
synced 2024-12-05 02:23:16 +00:00
cf77bf6988
The lkdtm selftest config fragment enables CONFIG_UBSAN_TRAP to make the
ARRAY_BOUNDS test kill the calling process when an out-of-bound access
is detected by UBSAN. However, after this [1] commit, UBSAN is triggered
under many new scenarios that weren't detected before, such as in struct
definitions with fixed-size trailing arrays used as flexible arrays. As
a result, CONFIG_UBSAN_TRAP=y has become a very aggressive option to
enable except for specific situations.
`make kselftest-merge` applies CONFIG_UBSAN_TRAP=y to the kernel config
for all selftests, which makes many of them fail because of system hangs
during boot.
This change removes the config option from the lkdtm kselftest and
configures the ARRAY_BOUNDS test to look for UBSAN reports rather than
relying on the calling process being killed.
[1] commit 2d47c6956a
("ubsan: Tighten UBSAN_BOUNDS on GCC")'
Signed-off-by: Ricardo Cañuelo <ricardo.canuelo@collabora.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20230802063252.1917997-1-ricardo.canuelo@collabora.com
Signed-off-by: Kees Cook <keescook@chromium.org>
85 lines
2.6 KiB
Plaintext
85 lines
2.6 KiB
Plaintext
#PANIC
|
|
#PANIC_STOP_IRQOFF Crashes entire system
|
|
BUG kernel BUG at
|
|
WARNING WARNING:
|
|
WARNING_MESSAGE message trigger
|
|
EXCEPTION
|
|
#LOOP Hangs the system
|
|
#EXHAUST_STACK Corrupts memory on failure
|
|
#CORRUPT_STACK Crashes entire system on success
|
|
#CORRUPT_STACK_STRONG Crashes entire system on success
|
|
ARRAY_BOUNDS call trace:|UBSAN: array-index-out-of-bounds
|
|
CORRUPT_LIST_ADD list_add corruption
|
|
CORRUPT_LIST_DEL list_del corruption
|
|
STACK_GUARD_PAGE_LEADING
|
|
STACK_GUARD_PAGE_TRAILING
|
|
REPORT_STACK_CANARY repeat:2 ok: stack canaries differ
|
|
UNSET_SMEP pinned CR4 bits changed:
|
|
DOUBLE_FAULT
|
|
CORRUPT_PAC
|
|
UNALIGNED_LOAD_STORE_WRITE
|
|
SLAB_LINEAR_OVERFLOW
|
|
VMALLOC_LINEAR_OVERFLOW
|
|
#WRITE_AFTER_FREE Corrupts memory on failure
|
|
READ_AFTER_FREE call trace:|Memory correctly poisoned
|
|
#WRITE_BUDDY_AFTER_FREE Corrupts memory on failure
|
|
READ_BUDDY_AFTER_FREE call trace:|Memory correctly poisoned
|
|
SLAB_INIT_ON_ALLOC Memory appears initialized
|
|
BUDDY_INIT_ON_ALLOC Memory appears initialized
|
|
SLAB_FREE_DOUBLE
|
|
SLAB_FREE_CROSS
|
|
SLAB_FREE_PAGE
|
|
#SOFTLOCKUP Hangs the system
|
|
#HARDLOCKUP Hangs the system
|
|
#SPINLOCKUP Hangs the system
|
|
#HUNG_TASK Hangs the system
|
|
EXEC_DATA
|
|
EXEC_STACK
|
|
EXEC_KMALLOC
|
|
EXEC_VMALLOC
|
|
EXEC_RODATA
|
|
EXEC_USERSPACE
|
|
EXEC_NULL
|
|
ACCESS_USERSPACE
|
|
ACCESS_NULL
|
|
WRITE_RO
|
|
WRITE_RO_AFTER_INIT
|
|
WRITE_KERN
|
|
WRITE_OPD
|
|
REFCOUNT_INC_OVERFLOW
|
|
REFCOUNT_ADD_OVERFLOW
|
|
REFCOUNT_INC_NOT_ZERO_OVERFLOW
|
|
REFCOUNT_ADD_NOT_ZERO_OVERFLOW
|
|
REFCOUNT_DEC_ZERO
|
|
REFCOUNT_DEC_NEGATIVE Negative detected: saturated
|
|
REFCOUNT_DEC_AND_TEST_NEGATIVE Negative detected: saturated
|
|
REFCOUNT_SUB_AND_TEST_NEGATIVE Negative detected: saturated
|
|
REFCOUNT_INC_ZERO
|
|
REFCOUNT_ADD_ZERO
|
|
REFCOUNT_INC_SATURATED Saturation detected: still saturated
|
|
REFCOUNT_DEC_SATURATED Saturation detected: still saturated
|
|
REFCOUNT_ADD_SATURATED Saturation detected: still saturated
|
|
REFCOUNT_INC_NOT_ZERO_SATURATED
|
|
REFCOUNT_ADD_NOT_ZERO_SATURATED
|
|
REFCOUNT_DEC_AND_TEST_SATURATED Saturation detected: still saturated
|
|
REFCOUNT_SUB_AND_TEST_SATURATED Saturation detected: still saturated
|
|
#REFCOUNT_TIMING timing only
|
|
#ATOMIC_TIMING timing only
|
|
USERCOPY_SLAB_SIZE_TO
|
|
USERCOPY_SLAB_SIZE_FROM
|
|
USERCOPY_SLAB_WHITELIST_TO
|
|
USERCOPY_SLAB_WHITELIST_FROM
|
|
USERCOPY_STACK_FRAME_TO
|
|
USERCOPY_STACK_FRAME_FROM
|
|
USERCOPY_STACK_BEYOND
|
|
USERCOPY_KERNEL
|
|
STACKLEAK_ERASING OK: the rest of the thread stack is properly erased
|
|
CFI_FORWARD_PROTO
|
|
CFI_BACKWARD call trace:|ok: control flow unchanged
|
|
FORTIFY_STRSCPY detected buffer overflow
|
|
FORTIFY_STR_OBJECT detected buffer overflow
|
|
FORTIFY_STR_MEMBER detected buffer overflow
|
|
FORTIFY_MEM_OBJECT detected buffer overflow
|
|
FORTIFY_MEM_MEMBER detected field-spanning write
|
|
PPC_SLB_MULTIHIT Recovered
|