[prev in list] [next in list] [prev in thread] [next in thread]
List: linux-doc
Subject: [PATCH v3 0/2] UBSAN: run-time undefined behavior sanity checker
From: Andrey Ryabinin <aryabinin () virtuozzo ! com>
Date: 2015-11-30 15:59:41
Message-ID: 1448899183-8677-1-git-send-email-aryabinin () virtuozzo ! com
[Download RAW message or body]
UBSAN is run-time undefined behaviour checker. It uses compile-time
instrumentation to catch undefined behavior (UB). Compiler inserts code
that perform certain kinds of checks before operations that could cause UB.
If check fails (i.e. UB detected) __ubsan_handle_* function called to print error message.
Changes since V2:
- Dropped -fsanitize=nonnull-attribute. It checks whether null values
are not passed to arguments marked as requiring a non-null value by
the "nonnull" function attribute.
We don't have much functions with such attribute (early_shadow_write() in arch/blackfin
and GCC builtin functions: memcpy, memset, memmove, etc). Some kernel code deliberately
passes NULL-ptr with 0-length to mem*(). This should be fine since we compile kernel
with -fno-delete-null-pointer-checks. And NULL-ptr with != 0 length will just crash.
So this options is useless in kernel since it produces only false positives.
See also: http://thread.gmane.org/gmane.linux.kernel/1810656
- Also dropped enabling/disabling various checkers via boot cmdline.
Boot time flag only disable reports, it can't disable compile-time code instrumentation.
Thus, if we ever will need to disable some checker it would be better to
do it in compile time via Kconfig option.
- Alignment checks produce too much noise if CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS is set.
Since there is no boottime option to disable alignment checks, CONFIG_UBSAN_ALIGNMENT
was added. It's off by default if CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS is set.
- Couple other small misc changes/fixes.
Changes since v1:
- Refactoring and cleanups in lib/ubsan.c including Sasha's complains.
- Some spelling fixes from Randy
- Fixed possible memory corruption on 64 big endian machines, spotted by Rasmus.
- Links to the relevant GCC documentation added into changelog (Peter).
- Added documentation.
- Fix deadlock caused by kernel/printk/printk.c instrumentation
(patch "kernel: printk: specify alignment for struct printk_log").
- Dropped useless 'Indirect call of a function through a function pointer of the wrong type'
checker. GCC doesn't support this, and as clang manual says it's for C++ only.
- Added checker for __builtin_unreachable() calls.
- Removed redundant -fno-sanitize=float-cast-overflow from CFLAGS.
- Added lock to prevent mixing reports.
Andrey Ryabinin (2):
kernel: printk: specify alignment for struct printk_log
UBSAN: run-time undefined behavior sanity checker
Documentation/ubsan.txt | 84 +++++++
Makefile | 3 +-
arch/x86/Kconfig | 1 +
arch/x86/boot/Makefile | 1 +
arch/x86/boot/compressed/Makefile | 1 +
arch/x86/entry/vdso/Makefile | 1 +
arch/x86/realmode/rm/Makefile | 1 +
drivers/firmware/efi/libstub/Makefile | 1 +
include/linux/sched.h | 3 +
kernel/printk/printk.c | 10 +-
lib/Kconfig.debug | 1 +
lib/Kconfig.ubsan | 29 +++
lib/Makefile | 3 +
lib/ubsan.c | 452 ++++++++++++++++++++++++++++++++++
lib/ubsan.h | 84 +++++++
mm/kasan/Makefile | 1 +
scripts/Makefile.lib | 6 +
scripts/Makefile.ubsan | 18 ++
18 files changed, 694 insertions(+), 6 deletions(-)
create mode 100644 Documentation/ubsan.txt
create mode 100644 lib/Kconfig.ubsan
create mode 100644 lib/ubsan.c
create mode 100644 lib/ubsan.h
create mode 100644 scripts/Makefile.ubsan
--
2.4.10
--
To unsubscribe from this list: send the line "unsubscribe linux-doc" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic