On Fri, Nov 22, 2019 at 10:07:29AM +0100, Dmitry Vyukov wrote: > On Thu, Nov 21, 2019 at 7:15 PM Kees Cook <keescook@xxxxxxxxxxxx> wrote: > > > > v2: > > - clarify Kconfig help text (aryabinin) > > - add reviewed-by > > - aim series at akpm, which seems to be where ubsan goes through? > > v1: https://lore.kernel.org/lkml/20191120010636.27368-1-keescook@xxxxxxxxxxxx > > > > This splits out the bounds checker so it can be individually used. This > > is expected to be enabled in Android and hopefully for syzbot. Includes > > LKDTM tests for behavioral corner-cases (beyond just the bounds checker). > > > > -Kees > > +syzkaller mailing list > > This is great! > > I wanted to enable UBSAN on syzbot for a long time. And it's > _probably_ not lots of work. But it was stuck on somebody actually > dedicating some time specifically for it. > Kees, or anybody else interested, could you provide relevant configs > that (1) useful for kernel, (2) we want 100% cleanliness, (3) don't > fire all the time even without fuzzing? Anything else required to > enable UBSAN? I don't see anything. syzbot uses gcc 8.something, which > I assume should be enough (but we can upgrade if necessary). Nothing external should be needed; GCC and Clang support the ubsan options. Once this series lands, it should be possible to just enable this with: CONFIG_UBSAN=y CONFIG_UBSAN_BOUNDS=y # CONFIG_UBSAN_MISC is not set Based on initial testing, the bounds checker isn't very noisy, but I haven't spun up a syzbot instance to really confirm this yet (that was on the TODO list for today to let it run over the weekend). -- Kees Cook
