On Tue, Mar 24, 2020 at 05:24:06PM -0500, Josh Poimboeuf wrote: > On Tue, Mar 24, 2020 at 11:18:07AM -0700, Kees Cook wrote: > > As far as I could tell, this needs patches to the UBSAN support in gcc > > and clang. I have opened bugs for each: > > > > https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94307 > > https://bugs.llvm.org/show_bug.cgi?id=45295 > > So it sounds like this would replace the second UD2 with a "call > some_ubsan_function()"? > > That might be slightly better, though it would still need an objtool > change to ignore unreachable warnings for such calls. Well, there are basically two modes (actually three as I've just discovered on the clang bug): warn and fail. I hadn't found a way to get "small" warns, so I wired up the fail path which injects an "unreachable" as part of its logic. > In the meantime I can still change objtool to ignore unreachable UD2s if > there aren't any better ideas. It'll still need the objtool change for CONFIG_UBSAN_TRAP, though based on the clang bug discussion, I'll probably _also_ be adding CONFIG_UBSAN_WARN which won't have an unreachable (and won't bloat the kernel). Testing still under way... it is possible that CONFIG_UBSAN_TRAP will go away in the future, though. If that happens, should I also remove the change at that time? -- Kees Cook
