The patch titled Subject: ubsan: introduce CONFIG_UBSAN_BOUNDS_LOCAL for Clang has been added to the -mm tree. Its filename is ubsan-introducing-config_ubsan_bounds_local-for-clang.patch This patch should soon appear at https://ozlabs.org/~akpm/mmots/broken-out/ubsan-introducing-config_ubsan_bounds_local-for-clang.patch and later at https://ozlabs.org/~akpm/mmotm/broken-out/ubsan-introducing-config_ubsan_bounds_local-for-clang.patch Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: George Popescu <georgepope@xxxxxxxxxx> Subject: ubsan: introduce CONFIG_UBSAN_BOUNDS_LOCAL for Clang When the kernel is compiled with Clang, -fsanitize=bounds expands to -fsanitize=array-bounds and -fsanitize=local-bounds. Enabling -fsanitize=local-bounds with Clang has the unfortunate side-effect of inserting traps; this goes back to its original intent, which was as a hardening and not a debugging feature [1]. The same feature made its way into -fsanitize=bounds, but the traps remained. For that reason, -fsanitize=bounds was split into 'array-bounds' and 'local-bounds' [2]. Since 'local-bounds' doesn't behave like a normal sanitizer, enable it with Clang only if trapping behaviour was requested by CONFIG_UBSAN_TRAP=y. Add the UBSAN_BOUNDS_LOCAL config to Kconfig.ubsan to enable the 'local-bounds' option by default when UBSAN_TRAP is enabled. [1] http://lists.llvm.org/pipermail/llvm-dev/2012-May/049972.html [2] http://lists.llvm.org/pipermail/cfe-commits/Week-of-Mon-20131021/091536.html Link: https://lkml.kernel.org/r/20200918133632.4038538-1-georgepope@xxxxxxxxxx Signed-off-by: George Popescu <georgepope@xxxxxxxxxxx> Suggested-by: Marco Elver <elver@xxxxxxxxxx> Reviewed-by: David Brazdil <dbrazdil@xxxxxxxxxx> Cc: Masahiro Yamada <masahiroy@xxxxxxxxxx> Cc: Michal Marek <michal.lkml@xxxxxxxxxxx> Cc: Nathan Chancellor <natechancellor@xxxxxxxxx> Cc: Nick Desaulniers <ndesaulniers@xxxxxxxxxx> Cc: Kees Cook <keescook@xxxxxxxxxxxx> Cc: Dmitry Vyukov <dvyukov@xxxxxxxxxx> Cc: Arnd Bergmann <arnd@xxxxxxxx> Cc: David Brazdil <dbrazdil@xxxxxxxxxx> Cc: Peter Zijlstra <a.p.zijlstra@xxxxxxxxx> Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> --- lib/Kconfig.ubsan | 14 ++++++++++++++ scripts/Makefile.ubsan | 10 +++++++++- 2 files changed, 23 insertions(+), 1 deletion(-) --- a/lib/Kconfig.ubsan~ubsan-introducing-config_ubsan_bounds_local-for-clang +++ a/lib/Kconfig.ubsan @@ -47,6 +47,20 @@ config UBSAN_BOUNDS to the {str,mem}*cpy() family of functions (that is addressed by CONFIG_FORTIFY_SOURCE). +config UBSAN_BOUNDS_LOCAL + bool "Perform array local bounds checking" + depends on UBSAN_TRAP + depends on CC_IS_CLANG + depends on !UBSAN_KCOV_BROKEN + help + This option enables -fsanitize=local-bounds which traps when an + exception/error is detected. Therefore, it should be enabled only + if trapping is expected. + Enabling this option detects errors due to accesses through a + pointer that is derived from an object of a statically-known size, + where an added offset (which may not be known statically) is + out-of-bounds. + config UBSAN_MISC bool "Enable all other Undefined Behavior sanity checks" default UBSAN --- a/scripts/Makefile.ubsan~ubsan-introducing-config_ubsan_bounds_local-for-clang +++ a/scripts/Makefile.ubsan @@ -4,7 +4,15 @@ ifdef CONFIG_UBSAN_ALIGNMENT endif ifdef CONFIG_UBSAN_BOUNDS - CFLAGS_UBSAN += $(call cc-option, -fsanitize=bounds) + ifdef CONFIG_CC_IS_CLANG + CFLAGS_UBSAN += -fsanitize=array-bounds + else + CFLAGS_UBSAN += $(call cc-option, -fsanitize=bounds) + endif +endif + +ifdef CONFIG_UBSAN_LOCAL_BOUNDS + CFLAGS_UBSAN += -fsanitize=local-bounds endif ifdef CONFIG_UBSAN_MISC _ Patches currently in -mm which might be from georgepope@xxxxxxxxxx are ubsan-introducing-config_ubsan_bounds_local-for-clang.patch