To make integer wrap-around mitigation actually useful, the associated sanitizers must not instrument cases where the wrap-around is explicitly defined (e.g. "-2UL"), being tested for (e.g. "if (a + b < a)"), or where it has no impact on code flow (e.g. "while (var--)"). Enable pattern exclusions for the integer wrap sanitizers. Signed-off-by: Kees Cook <kees@xxxxxxxxxx> --- Cc: Justin Stitt <justinstitt@xxxxxxxxxx> Cc: "Gustavo A. R. Silva" <gustavoars@xxxxxxxxxx> Cc: Masahiro Yamada <masahiroy@xxxxxxxxxx> Cc: Nathan Chancellor <nathan@xxxxxxxxxx> Cc: Nicolas Schier <nicolas@xxxxxxxxx> Cc: Marco Elver <elver@xxxxxxxxxx> Cc: Andrey Konovalov <andreyknvl@xxxxxxxxx> Cc: Andrey Ryabinin <ryabinin.a.a@xxxxxxxxx> Cc: linux-kbuild@xxxxxxxxxxxxxxx Cc: kasan-dev@xxxxxxxxxxxxxxxx Cc: linux-hardening@xxxxxxxxxxxxxxx --- lib/Kconfig.ubsan | 1 + scripts/Makefile.ubsan | 1 + 2 files changed, 2 insertions(+) diff --git a/lib/Kconfig.ubsan b/lib/Kconfig.ubsan index 63e5622010e0..888c2e72c586 100644 --- a/lib/Kconfig.ubsan +++ b/lib/Kconfig.ubsan @@ -120,6 +120,7 @@ config UBSAN_INTEGER_WRAP bool "Perform checking for integer arithmetic wrap-around" default UBSAN depends on !COMPILE_TEST + depends on $(cc-option,-fsanitize-undefined-ignore-overflow-pattern=all) depends on $(cc-option,-fsanitize=signed-integer-overflow) depends on $(cc-option,-fsanitize=unsigned-integer-overflow) depends on $(cc-option,-fsanitize=implicit-signed-integer-truncation) diff --git a/scripts/Makefile.ubsan b/scripts/Makefile.ubsan index 4fad9afed24c..233379c193a7 100644 --- a/scripts/Makefile.ubsan +++ b/scripts/Makefile.ubsan @@ -15,6 +15,7 @@ ubsan-cflags-$(CONFIG_UBSAN_TRAP) += $(call cc-option,-fsanitize-trap=undefined export CFLAGS_UBSAN := $(ubsan-cflags-y) ubsan-integer-wrap-cflags-$(CONFIG_UBSAN_INTEGER_WRAP) += \ + -fsanitize-undefined-ignore-overflow-pattern=all \ -fsanitize=signed-integer-overflow \ -fsanitize=unsigned-integer-overflow \ -fsanitize=implicit-signed-integer-truncation \ -- 2.34.1
