1# SPDX-License-Identifier: GPL-2.0-only 2config ARCH_HAS_UBSAN_SANITIZE_ALL 3 bool 4 5menuconfig UBSAN 6 bool "Undefined behaviour sanity checker" 7 help 8 This option enables the Undefined Behaviour sanity checker. 9 Compile-time instrumentation is used to detect various undefined 10 behaviours at runtime. For more details, see: 11 Documentation/dev-tools/ubsan.rst 12 13if UBSAN 14 15config UBSAN_TRAP 16 bool "On Sanitizer warnings, abort the running kernel code" 17 depends on $(cc-option, -fsanitize-undefined-trap-on-error) 18 help 19 Building kernels with Sanitizer features enabled tends to grow 20 the kernel size by around 5%, due to adding all the debugging 21 text on failure paths. To avoid this, Sanitizer instrumentation 22 can just issue a trap. This reduces the kernel size overhead but 23 turns all warnings (including potentially harmless conditions) 24 into full exceptions that abort the running kernel code 25 (regardless of context, locks held, etc), which may destabilize 26 the system. For some system builders this is an acceptable 27 trade-off. 28 29config UBSAN_KCOV_BROKEN 30 def_bool KCOV && CC_HAS_SANCOV_TRACE_PC 31 depends on CC_IS_CLANG 32 depends on !$(cc-option,-Werror=unused-command-line-argument -fsanitize=bounds -fsanitize-coverage=trace-pc) 33 help 34 Some versions of clang support either UBSAN or KCOV but not the 35 combination of the two. 36 See https://bugs.llvm.org/show_bug.cgi?id=45831 for the status 37 in newer releases. 38 39config UBSAN_BOUNDS 40 bool "Perform array index bounds checking" 41 default UBSAN 42 depends on !UBSAN_KCOV_BROKEN 43 help 44 This option enables detection of directly indexed out of bounds 45 array accesses, where the array size is known at compile time. 46 Note that this does not protect array overflows via bad calls 47 to the {str,mem}*cpy() family of functions (that is addressed 48 by CONFIG_FORTIFY_SOURCE). 49 50config UBSAN_LOCAL_BOUNDS 51 bool "Perform array local bounds checking" 52 depends on UBSAN_TRAP 53 depends on CC_IS_CLANG 54 depends on !UBSAN_KCOV_BROKEN 55 help 56 This option enables -fsanitize=local-bounds which traps when an 57 exception/error is detected. Therefore, it should be enabled only 58 if trapping is expected. 59 Enabling this option detects errors due to accesses through a 60 pointer that is derived from an object of a statically-known size, 61 where an added offset (which may not be known statically) is 62 out-of-bounds. 63 64config UBSAN_MISC 65 bool "Enable all other Undefined Behavior sanity checks" 66 default UBSAN 67 help 68 This option enables all sanity checks that don't have their 69 own Kconfig options. Disable this if you only want to have 70 individually selected checks. 71 72config UBSAN_SANITIZE_ALL 73 bool "Enable instrumentation for the entire kernel" 74 depends on ARCH_HAS_UBSAN_SANITIZE_ALL 75 76 # We build with -Wno-maybe-uninitilzed, but we still want to 77 # use -Wmaybe-uninitilized in allmodconfig builds. 78 # So dependsy bellow used to disable this option in allmodconfig 79 depends on !COMPILE_TEST 80 default y 81 help 82 This option activates instrumentation for the entire kernel. 83 If you don't enable this option, you have to explicitly specify 84 UBSAN_SANITIZE := y for the files/directories you want to check for UB. 85 Enabling this option will get kernel image size increased 86 significantly. 87 88config UBSAN_ALIGNMENT 89 bool "Enable checks for pointers alignment" 90 default !HAVE_EFFICIENT_UNALIGNED_ACCESS 91 depends on !UBSAN_TRAP 92 help 93 This option enables the check of unaligned memory accesses. 94 Enabling this option on architectures that support unaligned 95 accesses may produce a lot of false positives. 96 97config TEST_UBSAN 98 tristate "Module for testing for undefined behavior detection" 99 depends on m 100 help 101 This is a test module for UBSAN. 102 It triggers various undefined behavior, and detect it. 103 104endif # if UBSAN 105