forked from Minki/linux
6a6155f664
When the kernel is compiled with Clang, -fsanitize=bounds expands to -fsanitize=array-bounds and -fsanitize=local-bounds. Enabling -fsanitize=local-bounds with Clang has the unfortunate side-effect of inserting traps; this goes back to its original intent, which was as a hardening and not a debugging feature [1]. The same feature made its way into -fsanitize=bounds, but the traps remained. For that reason, -fsanitize=bounds was split into 'array-bounds' and 'local-bounds' [2]. Since 'local-bounds' doesn't behave like a normal sanitizer, enable it with Clang only if trapping behaviour was requested by CONFIG_UBSAN_TRAP=y. Add the UBSAN_BOUNDS_LOCAL config to Kconfig.ubsan to enable the 'local-bounds' option by default when UBSAN_TRAP is enabled. [1] http://lists.llvm.org/pipermail/llvm-dev/2012-May/049972.html [2] http://lists.llvm.org/pipermail/cfe-commits/Week-of-Mon-20131021/091536.html Suggested-by: Marco Elver <elver@google.com> Signed-off-by: George Popescu <georgepope@android.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Reviewed-by: David Brazdil <dbrazdil@google.com> Reviewed-by: Marco Elver <elver@google.com> Cc: Masahiro Yamada <masahiroy@kernel.org> Cc: Michal Marek <michal.lkml@markovi.net> Cc: Nathan Chancellor <natechancellor@gmail.com> Cc: Nick Desaulniers <ndesaulniers@google.com> Cc: Kees Cook <keescook@chromium.org> Cc: Dmitry Vyukov <dvyukov@google.com> Cc: Arnd Bergmann <arnd@arndb.de> Cc: Peter Zijlstra <a.p.zijlstra@chello.nl> Link: https://lkml.kernel.org/r/20200922074330.2549523-1-georgepope@google.com Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
35 lines
1.2 KiB
Makefile
35 lines
1.2 KiB
Makefile
# SPDX-License-Identifier: GPL-2.0
|
|
ifdef CONFIG_UBSAN_ALIGNMENT
|
|
CFLAGS_UBSAN += $(call cc-option, -fsanitize=alignment)
|
|
endif
|
|
|
|
ifdef CONFIG_UBSAN_BOUNDS
|
|
ifdef CONFIG_CC_IS_CLANG
|
|
CFLAGS_UBSAN += -fsanitize=array-bounds
|
|
else
|
|
CFLAGS_UBSAN += $(call cc-option, -fsanitize=bounds)
|
|
endif
|
|
endif
|
|
|
|
ifdef CONFIG_UBSAN_LOCAL_BOUNDS
|
|
CFLAGS_UBSAN += -fsanitize=local-bounds
|
|
endif
|
|
|
|
ifdef CONFIG_UBSAN_MISC
|
|
CFLAGS_UBSAN += $(call cc-option, -fsanitize=shift)
|
|
CFLAGS_UBSAN += $(call cc-option, -fsanitize=integer-divide-by-zero)
|
|
CFLAGS_UBSAN += $(call cc-option, -fsanitize=unreachable)
|
|
CFLAGS_UBSAN += $(call cc-option, -fsanitize=signed-integer-overflow)
|
|
CFLAGS_UBSAN += $(call cc-option, -fsanitize=object-size)
|
|
CFLAGS_UBSAN += $(call cc-option, -fsanitize=bool)
|
|
CFLAGS_UBSAN += $(call cc-option, -fsanitize=enum)
|
|
endif
|
|
|
|
ifdef CONFIG_UBSAN_TRAP
|
|
CFLAGS_UBSAN += $(call cc-option, -fsanitize-undefined-trap-on-error)
|
|
endif
|
|
|
|
# -fsanitize=* options makes GCC less smart than usual and
|
|
# increase number of 'maybe-uninitialized false-positives
|
|
CFLAGS_UBSAN += $(call cc-option, -Wno-maybe-uninitialized)
|