[OpenWrt-Devel,1/4] build: Add option KERNEL_UBSAN
diff mbox series

Message ID 20200212104902.7779-1-hauke.mehrtens@intel.com
State New
Headers show
Series
  • [OpenWrt-Devel,1/4] build: Add option KERNEL_UBSAN
Related show

Commit Message

Hauke Mehrtens Feb. 12, 2020, 10:48 a.m. UTC
The kernel Undefined Behavior Sanitizer is able to detect some memory
bugs in the kernel like out of range array accesses.

Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
---
 config/Config-kernel.in          | 35 ++++++++++++++++++++++++++++++++
 target/linux/generic/config-4.14 |  4 ++++
 target/linux/generic/config-4.19 |  3 +++
 3 files changed, 42 insertions(+)

Comments

Alexandru Ardelean Feb. 13, 2020, 9:29 a.m. UTC | #1
On Wed, Feb 12, 2020 at 12:49 PM Hauke Mehrtens
<hauke.mehrtens@intel.com> wrote:
>
> The kernel Undefined Behavior Sanitizer is able to detect some memory
> bugs in the kernel like out of range array accesses.
>

Did some basic testing for the series to see that the symbol gets
enabled in the final .config of the kernel.
Both 4.14 & 4.19 on x86_64

Reviewed-by: Alexandru Ardelean <ardeleanalex@gmail.com>

> Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
> ---
>  config/Config-kernel.in          | 35 ++++++++++++++++++++++++++++++++
>  target/linux/generic/config-4.14 |  4 ++++
>  target/linux/generic/config-4.19 |  3 +++
>  3 files changed, 42 insertions(+)
>
> diff --git a/config/Config-kernel.in b/config/Config-kernel.in
> index 20930326ca..bf1c1055f1 100644
> --- a/config/Config-kernel.in
> +++ b/config/Config-kernel.in
> @@ -85,6 +85,41 @@ config KERNEL_PROFILING
>           Enable the extended profiling support mechanisms used by profilers such
>           as OProfile.
>
> +config KERNEL_UBSAN
> +       bool "Compile the kernel with undefined behaviour sanity checker"
> +       help
> +         This option enables undefined behaviour sanity checker
> +         Compile-time instrumentation is used to detect various undefined
> +         behaviours in runtime. Various types of checks may be enabled
> +         via boot parameter ubsan_handle
> +         (see: Documentation/dev-tools/ubsan.rst).
> +
> +config KERNEL_UBSAN_SANITIZE_ALL
> +       bool "Enable instrumentation for the entire kernel"
> +       depends on KERNEL_UBSAN
> +       default y
> +       help
> +         This option activates instrumentation for the entire kernel.
> +         If you don't enable this option, you have to explicitly specify
> +         UBSAN_SANITIZE := y for the files/directories you want to check for UB.
> +         Enabling this option will get kernel image size increased
> +         significantly.
> +
> +config KERNEL_UBSAN_ALIGNMENT
> +       bool "Enable checking of pointers alignment"
> +       depends on KERNEL_UBSAN
> +       help
> +         This option enables detection of unaligned memory accesses.
> +         Enabling this option on architectures that support unaligned
> +         accesses may produce a lot of false positives.
> +
> +config KERNEL_UBSAN_NULL
> +       bool "Enable checking of null pointers"
> +       depends on KERNEL_UBSAN
> +       help
> +         This option enables detection of memory accesses via a
> +         null pointer.
> +
>  config KERNEL_TASKSTATS
>         bool "Compile the kernel with task resource/io statistics and accounting"
>         default n
> diff --git a/target/linux/generic/config-4.14 b/target/linux/generic/config-4.14
> index 9681d9c278..73b0d77155 100644
> --- a/target/linux/generic/config-4.14
> +++ b/target/linux/generic/config-4.14
> @@ -1516,6 +1516,10 @@ CONFIG_GACT_PROB=y
>  # CONFIG_GAMEPORT is not set
>  # CONFIG_GATEWORKS_GW16083 is not set
>  # CONFIG_GCC_PLUGINS is not set
> +# CONFIG_GCC_PLUGIN_CYC_COMPLEXITY is not set
> +# CONFIG_GCC_PLUGIN_LATENT_ENTROPY is not set
> +# CONFIG_GCC_PLUGIN_RANDSTRUCT is not set
> +# CONFIG_GCC_PLUGIN_STRUCTLEAK is not set
>  # CONFIG_GCOV is not set
>  # CONFIG_GCOV_KERNEL is not set
>  # CONFIG_GDB_SCRIPTS is not set
> diff --git a/target/linux/generic/config-4.19 b/target/linux/generic/config-4.19
> index d8ea243fc7..aba7bccaf6 100644
> --- a/target/linux/generic/config-4.19
> +++ b/target/linux/generic/config-4.19
> @@ -1605,6 +1605,8 @@ CONFIG_GACT_PROB=y
>  # CONFIG_GAMEPORT is not set
>  # CONFIG_GATEWORKS_GW16083 is not set
>  # CONFIG_GCC_PLUGINS is not set
> +# CONFIG_GCC_PLUGIN_CYC_COMPLEXITY is not set
> +# CONFIG_GCC_PLUGIN_LATENT_ENTROPY is not set
>  # CONFIG_GCOV is not set
>  # CONFIG_GCOV_KERNEL is not set
>  # CONFIG_GDB_SCRIPTS is not set
> @@ -5197,6 +5199,7 @@ CONFIG_TCP_CONG_CUBIC=y
>  # CONFIG_TEST_STATIC_KEYS is not set
>  # CONFIG_TEST_STRING_HELPERS is not set
>  # CONFIG_TEST_SYSCTL is not set
> +# CONFIG_TEST_UBSAN is not set
>  # CONFIG_TEST_UDELAY is not set
>  # CONFIG_TEST_USER_COPY is not set
>  # CONFIG_TEST_UUID is not set
> --
> 2.17.1
>
>
> _______________________________________________
> openwrt-devel mailing list
> openwrt-devel@lists.openwrt.org
> https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Patch
diff mbox series

diff --git a/config/Config-kernel.in b/config/Config-kernel.in
index 20930326ca..bf1c1055f1 100644
--- a/config/Config-kernel.in
+++ b/config/Config-kernel.in
@@ -85,6 +85,41 @@  config KERNEL_PROFILING
 	  Enable the extended profiling support mechanisms used by profilers such
 	  as OProfile.
 
+config KERNEL_UBSAN
+	bool "Compile the kernel with undefined behaviour sanity checker"
+	help
+	  This option enables undefined behaviour sanity checker
+	  Compile-time instrumentation is used to detect various undefined
+	  behaviours in runtime. Various types of checks may be enabled
+	  via boot parameter ubsan_handle
+	  (see: Documentation/dev-tools/ubsan.rst).
+
+config KERNEL_UBSAN_SANITIZE_ALL
+	bool "Enable instrumentation for the entire kernel"
+	depends on KERNEL_UBSAN
+	default y
+	help
+	  This option activates instrumentation for the entire kernel.
+	  If you don't enable this option, you have to explicitly specify
+	  UBSAN_SANITIZE := y for the files/directories you want to check for UB.
+	  Enabling this option will get kernel image size increased
+	  significantly.
+
+config KERNEL_UBSAN_ALIGNMENT
+	bool "Enable checking of pointers alignment"
+	depends on KERNEL_UBSAN
+	help
+	  This option enables detection of unaligned memory accesses.
+	  Enabling this option on architectures that support unaligned
+	  accesses may produce a lot of false positives.
+
+config KERNEL_UBSAN_NULL
+	bool "Enable checking of null pointers"
+	depends on KERNEL_UBSAN
+	help
+	  This option enables detection of memory accesses via a
+	  null pointer.
+
 config KERNEL_TASKSTATS
 	bool "Compile the kernel with task resource/io statistics and accounting"
 	default n
diff --git a/target/linux/generic/config-4.14 b/target/linux/generic/config-4.14
index 9681d9c278..73b0d77155 100644
--- a/target/linux/generic/config-4.14
+++ b/target/linux/generic/config-4.14
@@ -1516,6 +1516,10 @@  CONFIG_GACT_PROB=y
 # CONFIG_GAMEPORT is not set
 # CONFIG_GATEWORKS_GW16083 is not set
 # CONFIG_GCC_PLUGINS is not set
+# CONFIG_GCC_PLUGIN_CYC_COMPLEXITY is not set
+# CONFIG_GCC_PLUGIN_LATENT_ENTROPY is not set
+# CONFIG_GCC_PLUGIN_RANDSTRUCT is not set
+# CONFIG_GCC_PLUGIN_STRUCTLEAK is not set
 # CONFIG_GCOV is not set
 # CONFIG_GCOV_KERNEL is not set
 # CONFIG_GDB_SCRIPTS is not set
diff --git a/target/linux/generic/config-4.19 b/target/linux/generic/config-4.19
index d8ea243fc7..aba7bccaf6 100644
--- a/target/linux/generic/config-4.19
+++ b/target/linux/generic/config-4.19
@@ -1605,6 +1605,8 @@  CONFIG_GACT_PROB=y
 # CONFIG_GAMEPORT is not set
 # CONFIG_GATEWORKS_GW16083 is not set
 # CONFIG_GCC_PLUGINS is not set
+# CONFIG_GCC_PLUGIN_CYC_COMPLEXITY is not set
+# CONFIG_GCC_PLUGIN_LATENT_ENTROPY is not set
 # CONFIG_GCOV is not set
 # CONFIG_GCOV_KERNEL is not set
 # CONFIG_GDB_SCRIPTS is not set
@@ -5197,6 +5199,7 @@  CONFIG_TCP_CONG_CUBIC=y
 # CONFIG_TEST_STATIC_KEYS is not set
 # CONFIG_TEST_STRING_HELPERS is not set
 # CONFIG_TEST_SYSCTL is not set
+# CONFIG_TEST_UBSAN is not set
 # CONFIG_TEST_UDELAY is not set
 # CONFIG_TEST_USER_COPY is not set
 # CONFIG_TEST_UUID is not set