On 2/10/21 3:19 AM, Kees Cook wrote: > On Wed, Feb 10, 2021 at 02:23:48AM +0300, Andrey Ryabinin wrote: >> Since GCC 8.0 -fsanitize=signed-integer-overflow doesn't work with -fwrapv. >> -fwrapv makes signed overflows defines and GCC essentially disables >> ubsan checks. On GCC < 8.0 -fwrapv doesn't have influence on >> -fsanitize=signed-integer-overflow setting, so it kinda works >> but generates false-positves and violates uaccess rules: >> >> lib/iov_iter.o: warning: objtool: iovec_from_user()+0x22d: call to __ubsan_handle_add_overflow() with UACCESS enabled >> >> Disable signed overflow checks to avoid these problems. >> Remove unsigned overflow checks as well. >> Unsigned overflow appeared as side effect of the commit >> cdf8a76fda4a ("ubsan: move cc-option tests into Kconfig"), >> but it never worked (kernel doesn't boot). And unsigned overflows >> are allowed by C standard, so it just pointless. >> >> Signed-off-by: Andrey Ryabinin <ryabinin.a.a@xxxxxxxxx> > > NAK, please don't remove the entire thing. I want this to work again > with -fwrapv, and it's not entirely broken under Clang. But the feature > shouldn't be removed from the kernel. > This is dead code. How exactly it's useful to keep it? You can always resurrect it later when you'll need it. Clang has the same behavior as GCC > 8, signed-integer-overflow does nothing when compiled -fwrapv or -fno-strict-overflow