[v2,6/6] ubsan: Get x86_64 booting with unsigned wrap-around sanitizer
Commit Message
In order to get x86_64 booting at all with the unsigned wrap-around
sanitizer, instrumentation needs to be disabled entirely for several
kernel areas that depend heavily on unsigned wrap-around. As we fine-tune
the sanitizer, we can revisit these and perform finer grain annotations.
The boot is still extremely noisy, but gets us to a common point where
we can continue experimenting with the sanitizer.
Cc: x86@kernel.org
Cc: netdev@vger.kernel.org
Cc: linux-crypto@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
---
arch/x86/kernel/Makefile | 1 +
arch/x86/kernel/apic/Makefile | 1 +
arch/x86/mm/Makefile | 1 +
arch/x86/mm/pat/Makefile | 1 +
crypto/Makefile | 1 +
drivers/acpi/Makefile | 1 +
kernel/Makefile | 1 +
kernel/locking/Makefile | 1 +
kernel/rcu/Makefile | 1 +
kernel/sched/Makefile | 1 +
lib/Kconfig.ubsan | 5 +++--
lib/Makefile | 1 +
lib/crypto/Makefile | 1 +
lib/crypto/mpi/Makefile | 1 +
lib/zlib_deflate/Makefile | 1 +
lib/zstd/Makefile | 2 ++
mm/Makefile | 1 +
net/core/Makefile | 1 +
net/ipv4/Makefile | 1 +
19 files changed, 22 insertions(+), 2 deletions(-)
@@ -30,6 +30,7 @@ KASAN_SANITIZE_sev.o := n
# With some compiler versions the generated code results in boot hangs, caused
# by several compilation units. To be safe, disable all instrumentation.
+UBSAN_WRAP_UNSIGNED := n
KCSAN_SANITIZE := n
KMSAN_SANITIZE_head$(BITS).o := n
KMSAN_SANITIZE_nmi.o := n
@@ -6,6 +6,7 @@
# Leads to non-deterministic coverage that is not a function of syscall inputs.
# In particular, smp_apic_timer_interrupt() is called in random places.
KCOV_INSTRUMENT := n
+UBSAN_WRAP_UNSIGNED := n
obj-$(CONFIG_X86_LOCAL_APIC) += apic.o apic_common.o apic_noop.o ipi.o vector.o init.o
obj-y += hw_nmi.o
@@ -1,5 +1,6 @@
# SPDX-License-Identifier: GPL-2.0
# Kernel does not boot with instrumentation of tlb.c and mem_encrypt*.c
+UBSAN_WRAP_UNSIGNED := n
KCOV_INSTRUMENT_tlb.o := n
KCOV_INSTRUMENT_mem_encrypt.o := n
KCOV_INSTRUMENT_mem_encrypt_amd.o := n
@@ -1,4 +1,5 @@
# SPDX-License-Identifier: GPL-2.0
+UBSAN_WRAP_UNSIGNED := n
obj-y := set_memory.o memtype.o
@@ -2,6 +2,7 @@
#
# Cryptographic API
#
+UBSAN_WRAP_UNSIGNED := n
obj-$(CONFIG_CRYPTO) += crypto.o
crypto-y := api.o cipher.o compress.o
@@ -2,6 +2,7 @@
#
# Makefile for the Linux ACPI interpreter
#
+UBSAN_WRAP_UNSIGNED := n
ccflags-$(CONFIG_ACPI_DEBUG) += -DACPI_DEBUG_OUTPUT
@@ -2,6 +2,7 @@
#
# Makefile for the linux kernel.
#
+UBSAN_WRAP_UNSIGNED := n
obj-y = fork.o exec_domain.o panic.o \
cpu.o exit.o softirq.o resource.o \
@@ -2,6 +2,7 @@
# Any varying coverage in these files is non-deterministic
# and is generally not a function of system call inputs.
KCOV_INSTRUMENT := n
+UBSAN_WRAP_UNSIGNED := n
obj-y += mutex.o semaphore.o rwsem.o percpu-rwsem.o
@@ -2,6 +2,7 @@
# Any varying coverage in these files is non-deterministic
# and is generally not a function of system call inputs.
KCOV_INSTRUMENT := n
+UBSAN_WRAP_UNSIGNED := n
ifeq ($(CONFIG_KCSAN),y)
KBUILD_CFLAGS += -g -fno-omit-frame-pointer
@@ -7,6 +7,7 @@ ccflags-y += $(call cc-disable-warning, unused-but-set-variable)
# These files are disabled because they produce non-interesting flaky coverage
# that is not a function of syscall inputs. E.g. involuntary context switches.
KCOV_INSTRUMENT := n
+UBSAN_WRAP_UNSIGNED := n
# Disable KCSAN to avoid excessive noise and performance degradation. To avoid
# false positives ensure barriers implied by sched functions are instrumented.
@@ -132,8 +132,9 @@ config UBSAN_UNSIGNED_WRAP
depends on !COMPILE_TEST
help
This option enables -fsanitize=unsigned-integer-overflow which checks
- for wrap-around of any arithmetic operations with unsigned integers. This
- currently causes x86 to fail to boot.
+ for wrap-around of any arithmetic operations with unsigned integers.
+ Given the history of C and the many common code patterns involving
+ unsigned wrap-around, this is a very noisy option right now.
config UBSAN_POINTER_WRAP
bool "Perform checking for pointer arithmetic wrap-around"
@@ -2,6 +2,7 @@
#
# Makefile for some libs needed in the kernel.
#
+UBSAN_WRAP_UNSIGNED := n
ccflags-remove-$(CONFIG_FUNCTION_TRACER) += $(CC_FLAGS_FTRACE)
@@ -1,4 +1,5 @@
# SPDX-License-Identifier: GPL-2.0
+UBSAN_WRAP_UNSIGNED := n
obj-$(CONFIG_CRYPTO_LIB_UTILS) += libcryptoutils.o
libcryptoutils-y := memneq.o utils.o
@@ -2,6 +2,7 @@
#
# MPI multiprecision maths library (from gpg)
#
+UBSAN_WRAP_UNSIGNED := n
obj-$(CONFIG_MPILIB) = mpi.o
@@ -6,6 +6,7 @@
# This is the compression code, see zlib_inflate for the
# decompression code.
#
+UBSAN_WRAP_UNSIGNED := n
obj-$(CONFIG_ZLIB_DEFLATE) += zlib_deflate.o
@@ -8,6 +8,8 @@
# in the COPYING file in the root directory of this source tree).
# You may select, at your option, one of the above-listed licenses.
# ################################################################
+UBSAN_WRAP_UNSIGNED := n
+
obj-$(CONFIG_ZSTD_COMPRESS) += zstd_compress.o
obj-$(CONFIG_ZSTD_DECOMPRESS) += zstd_decompress.o
obj-$(CONFIG_ZSTD_COMMON) += zstd_common.o
@@ -2,6 +2,7 @@
#
# Makefile for the linux memory manager.
#
+UBSAN_WRAP_UNSIGNED := n
KASAN_SANITIZE_slab_common.o := n
KASAN_SANITIZE_slub.o := n
@@ -2,6 +2,7 @@
#
# Makefile for the Linux networking core.
#
+UBSAN_WRAP_UNSIGNED := n
obj-y := sock.o request_sock.o skbuff.o datagram.o stream.o scm.o \
gen_stats.o gen_estimator.o net_namespace.o secure_seq.o \
@@ -2,6 +2,7 @@
#
# Makefile for the Linux TCP/IP (INET) layer.
#
+UBSAN_WRAP_UNSIGNED := n
obj-y := route.o inetpeer.o protocol.o \
ip_input.o ip_fragment.o ip_forward.o ip_options.o \