On Thu, Aug 27, 2020 at 10:55:32AM -0700, Linus Torvalds wrote: > On Thu, Aug 27, 2020 at 10:34 AM Linus Torvalds > <torvalds@xxxxxxxxxxxxxxxxxxxx> wrote: > > > > How are you guys testing? I have UBSAN and GCOV on, and don't see > > crazy frames on either i386 or x86-64. > > Oh, never mind. I also have COMPILE_TEST on, so it ends up disabling > GCOV_PROFILE_ALL and UBSAN_SANITIZE_ALL. > > And yeah, this seems to be a gcc bug. It generates a ton of stack > slots for temporaries. It's -fsanitize=object-size that seems to do > it. > > And "-fstack-reuse=all" doesn't seem to make any difference. > > So I think > > (a) our stack size check is good to catch this > > (b) gcc and -fsanitize=object-size is basically an unusable combination > > and it's not a bug in the kernel. Do you mean you checked both gcc and clang and it was only a problem with gcc? (If so, I can tweak the "depends" below...) This should let us avoid it, I'm currently testing: diff --git a/lib/Kconfig.ubsan b/lib/Kconfig.ubsan index 774315de555a..24091315c251 100644 --- a/lib/Kconfig.ubsan +++ b/lib/Kconfig.ubsan @@ -47,6 +47,19 @@ config UBSAN_BOUNDS to the {str,mem}*cpy() family of functions (that is addressed by CONFIG_FORTIFY_SOURCE). +config UBSAN_OBJECT_SIZE + bool "Check for accesses beyond known object sizes" + default UBSAN + depends on !COMPILE_TEST + help + This option enables detection of cases where accesses may + happen beyond the end of an object's size, which happens in + places like invalid downcasts, or calling function pointers + through invalid pointers. + + This uses much more stack space, and isn't recommended for + cases were stack utilization depth is a concern. + config UBSAN_MISC bool "Enable all other Undefined Behavior sanity checks" default UBSAN diff --git a/scripts/Makefile.ubsan b/scripts/Makefile.ubsan index 27348029b2b8..3ff67e9b17fd 100644 --- a/scripts/Makefile.ubsan +++ b/scripts/Makefile.ubsan @@ -7,12 +7,15 @@ ifdef CONFIG_UBSAN_BOUNDS CFLAGS_UBSAN += $(call cc-option, -fsanitize=bounds) endif +ifdef CONFIG_UBSAN_OBJECT_SIZE + CFLAGS_UBSAN += $(call cc-option, -fsanitize=object-size) +endif + ifdef CONFIG_UBSAN_MISC CFLAGS_UBSAN += $(call cc-option, -fsanitize=shift) CFLAGS_UBSAN += $(call cc-option, -fsanitize=integer-divide-by-zero) CFLAGS_UBSAN += $(call cc-option, -fsanitize=unreachable) CFLAGS_UBSAN += $(call cc-option, -fsanitize=signed-integer-overflow) - CFLAGS_UBSAN += $(call cc-option, -fsanitize=object-size) CFLAGS_UBSAN += $(call cc-option, -fsanitize=bool) CFLAGS_UBSAN += $(call cc-option, -fsanitize=enum) endif -- Kees Cook