Message ID | 20200212104902.7779-1-hauke.mehrtens@intel.com |
---|---|
State | Accepted |
Delegated to: | Hauke Mehrtens |
Headers | show |
Series | [OpenWrt-Devel,1/4] build: Add option KERNEL_UBSAN | expand |
On Wed, Feb 12, 2020 at 12:49 PM Hauke Mehrtens <hauke.mehrtens@intel.com> wrote: > > The kernel Undefined Behavior Sanitizer is able to detect some memory > bugs in the kernel like out of range array accesses. > Did some basic testing for the series to see that the symbol gets enabled in the final .config of the kernel. Both 4.14 & 4.19 on x86_64 Reviewed-by: Alexandru Ardelean <ardeleanalex@gmail.com> > Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com> > --- > config/Config-kernel.in | 35 ++++++++++++++++++++++++++++++++ > target/linux/generic/config-4.14 | 4 ++++ > target/linux/generic/config-4.19 | 3 +++ > 3 files changed, 42 insertions(+) > > diff --git a/config/Config-kernel.in b/config/Config-kernel.in > index 20930326ca..bf1c1055f1 100644 > --- a/config/Config-kernel.in > +++ b/config/Config-kernel.in > @@ -85,6 +85,41 @@ config KERNEL_PROFILING > Enable the extended profiling support mechanisms used by profilers such > as OProfile. > > +config KERNEL_UBSAN > + bool "Compile the kernel with undefined behaviour sanity checker" > + help > + This option enables undefined behaviour sanity checker > + Compile-time instrumentation is used to detect various undefined > + behaviours in runtime. Various types of checks may be enabled > + via boot parameter ubsan_handle > + (see: Documentation/dev-tools/ubsan.rst). > + > +config KERNEL_UBSAN_SANITIZE_ALL > + bool "Enable instrumentation for the entire kernel" > + depends on KERNEL_UBSAN > + default y > + help > + This option activates instrumentation for the entire kernel. > + If you don't enable this option, you have to explicitly specify > + UBSAN_SANITIZE := y for the files/directories you want to check for UB. > + Enabling this option will get kernel image size increased > + significantly. > + > +config KERNEL_UBSAN_ALIGNMENT > + bool "Enable checking of pointers alignment" > + depends on KERNEL_UBSAN > + help > + This option enables detection of unaligned memory accesses. > + Enabling this option on architectures that support unaligned > + accesses may produce a lot of false positives. > + > +config KERNEL_UBSAN_NULL > + bool "Enable checking of null pointers" > + depends on KERNEL_UBSAN > + help > + This option enables detection of memory accesses via a > + null pointer. > + > config KERNEL_TASKSTATS > bool "Compile the kernel with task resource/io statistics and accounting" > default n > diff --git a/target/linux/generic/config-4.14 b/target/linux/generic/config-4.14 > index 9681d9c278..73b0d77155 100644 > --- a/target/linux/generic/config-4.14 > +++ b/target/linux/generic/config-4.14 > @@ -1516,6 +1516,10 @@ CONFIG_GACT_PROB=y > # CONFIG_GAMEPORT is not set > # CONFIG_GATEWORKS_GW16083 is not set > # CONFIG_GCC_PLUGINS is not set > +# CONFIG_GCC_PLUGIN_CYC_COMPLEXITY is not set > +# CONFIG_GCC_PLUGIN_LATENT_ENTROPY is not set > +# CONFIG_GCC_PLUGIN_RANDSTRUCT is not set > +# CONFIG_GCC_PLUGIN_STRUCTLEAK is not set > # CONFIG_GCOV is not set > # CONFIG_GCOV_KERNEL is not set > # CONFIG_GDB_SCRIPTS is not set > diff --git a/target/linux/generic/config-4.19 b/target/linux/generic/config-4.19 > index d8ea243fc7..aba7bccaf6 100644 > --- a/target/linux/generic/config-4.19 > +++ b/target/linux/generic/config-4.19 > @@ -1605,6 +1605,8 @@ CONFIG_GACT_PROB=y > # CONFIG_GAMEPORT is not set > # CONFIG_GATEWORKS_GW16083 is not set > # CONFIG_GCC_PLUGINS is not set > +# CONFIG_GCC_PLUGIN_CYC_COMPLEXITY is not set > +# CONFIG_GCC_PLUGIN_LATENT_ENTROPY is not set > # CONFIG_GCOV is not set > # CONFIG_GCOV_KERNEL is not set > # CONFIG_GDB_SCRIPTS is not set > @@ -5197,6 +5199,7 @@ CONFIG_TCP_CONG_CUBIC=y > # CONFIG_TEST_STATIC_KEYS is not set > # CONFIG_TEST_STRING_HELPERS is not set > # CONFIG_TEST_SYSCTL is not set > +# CONFIG_TEST_UBSAN is not set > # CONFIG_TEST_UDELAY is not set > # CONFIG_TEST_USER_COPY is not set > # CONFIG_TEST_UUID is not set > -- > 2.17.1 > > > _______________________________________________ > openwrt-devel mailing list > openwrt-devel@lists.openwrt.org > https://lists.openwrt.org/mailman/listinfo/openwrt-devel
diff --git a/config/Config-kernel.in b/config/Config-kernel.in index 20930326ca..bf1c1055f1 100644 --- a/config/Config-kernel.in +++ b/config/Config-kernel.in @@ -85,6 +85,41 @@ config KERNEL_PROFILING Enable the extended profiling support mechanisms used by profilers such as OProfile. +config KERNEL_UBSAN + bool "Compile the kernel with undefined behaviour sanity checker" + help + This option enables undefined behaviour sanity checker + Compile-time instrumentation is used to detect various undefined + behaviours in runtime. Various types of checks may be enabled + via boot parameter ubsan_handle + (see: Documentation/dev-tools/ubsan.rst). + +config KERNEL_UBSAN_SANITIZE_ALL + bool "Enable instrumentation for the entire kernel" + depends on KERNEL_UBSAN + default y + help + This option activates instrumentation for the entire kernel. + If you don't enable this option, you have to explicitly specify + UBSAN_SANITIZE := y for the files/directories you want to check for UB. + Enabling this option will get kernel image size increased + significantly. + +config KERNEL_UBSAN_ALIGNMENT + bool "Enable checking of pointers alignment" + depends on KERNEL_UBSAN + help + This option enables detection of unaligned memory accesses. + Enabling this option on architectures that support unaligned + accesses may produce a lot of false positives. + +config KERNEL_UBSAN_NULL + bool "Enable checking of null pointers" + depends on KERNEL_UBSAN + help + This option enables detection of memory accesses via a + null pointer. + config KERNEL_TASKSTATS bool "Compile the kernel with task resource/io statistics and accounting" default n diff --git a/target/linux/generic/config-4.14 b/target/linux/generic/config-4.14 index 9681d9c278..73b0d77155 100644 --- a/target/linux/generic/config-4.14 +++ b/target/linux/generic/config-4.14 @@ -1516,6 +1516,10 @@ CONFIG_GACT_PROB=y # CONFIG_GAMEPORT is not set # CONFIG_GATEWORKS_GW16083 is not set # CONFIG_GCC_PLUGINS is not set +# CONFIG_GCC_PLUGIN_CYC_COMPLEXITY is not set +# CONFIG_GCC_PLUGIN_LATENT_ENTROPY is not set +# CONFIG_GCC_PLUGIN_RANDSTRUCT is not set +# CONFIG_GCC_PLUGIN_STRUCTLEAK is not set # CONFIG_GCOV is not set # CONFIG_GCOV_KERNEL is not set # CONFIG_GDB_SCRIPTS is not set diff --git a/target/linux/generic/config-4.19 b/target/linux/generic/config-4.19 index d8ea243fc7..aba7bccaf6 100644 --- a/target/linux/generic/config-4.19 +++ b/target/linux/generic/config-4.19 @@ -1605,6 +1605,8 @@ CONFIG_GACT_PROB=y # CONFIG_GAMEPORT is not set # CONFIG_GATEWORKS_GW16083 is not set # CONFIG_GCC_PLUGINS is not set +# CONFIG_GCC_PLUGIN_CYC_COMPLEXITY is not set +# CONFIG_GCC_PLUGIN_LATENT_ENTROPY is not set # CONFIG_GCOV is not set # CONFIG_GCOV_KERNEL is not set # CONFIG_GDB_SCRIPTS is not set @@ -5197,6 +5199,7 @@ CONFIG_TCP_CONG_CUBIC=y # CONFIG_TEST_STATIC_KEYS is not set # CONFIG_TEST_STRING_HELPERS is not set # CONFIG_TEST_SYSCTL is not set +# CONFIG_TEST_UBSAN is not set # CONFIG_TEST_UDELAY is not set # CONFIG_TEST_USER_COPY is not set # CONFIG_TEST_UUID is not set
The kernel Undefined Behavior Sanitizer is able to detect some memory bugs in the kernel like out of range array accesses. Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com> --- config/Config-kernel.in | 35 ++++++++++++++++++++++++++++++++ target/linux/generic/config-4.14 | 4 ++++ target/linux/generic/config-4.19 | 3 +++ 3 files changed, 42 insertions(+)