From patchwork Fri Feb 2 10:16:34 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 195773 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7301:9bc1:b0:106:209c:c626 with SMTP id op1csp329021dyc; Fri, 2 Feb 2024 02:19:40 -0800 (PST) X-Google-Smtp-Source: AGHT+IGIBpuMsy/DilHHh3hKYc2p0C0ZsHdME0s3x7xDzSOjd/BoGMgZrEvwl8p9yfiGpLBwWpEx X-Received: by 2002:a25:8303:0:b0:dc6:c8ee:36f1 with SMTP id s3-20020a258303000000b00dc6c8ee36f1mr1528790ybk.65.1706869180443; Fri, 02 Feb 2024 02:19:40 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1706869180; cv=pass; d=google.com; s=arc-20160816; b=Dk8jLQ6ZtmeMk1FzPsBeF7To8TUlBEThF9Qwawhn98hDLbC9efcFI9PJ/dSduoF+xO eeHqhlvCnZGC5hHb5qvg8FqtY/mE2zv0tljK0ocFyBt/+389xM331VR0dS52HLBFBNEM r6AP5HjNHkl+/tEqD2wltQKPqZ8PwN4kqVw/cenjPDSuul0FAYqgmeHzs4RvTypdfhx1 czpevHuJKA/vxLUwW+2zOjli1uW+6ZSvUDtjvuIj2+Xg38Z60qQQY91R5Q3rxvkPtE9M Zvnu82/lcDbiSiErnL1v3EnE4gLHlCU2o9BXm/Mf8NwUAtie9JEB5CUOLXc24Tzyxw79 dUcg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=huDkFM2jKbuwvr+cQsGrJ0cboThbc1r4eSZ54RE7EeI=; fh=EYA1Wn5OZpTExI+mYVA2WrFx82QWptWFbGivglwYvPA=; b=MuIJkH5ViVUcaIHbjFbwEReBqYwsOK/60EeOUXmlmhKKW/ORs9HjMjHfxj84Q0Da3b MLIeM3jrLuZ78CZ/BV+4TRrgGQMEfROm8QrCs/dr97MdSgYs8fkMYSAY84eyrDS0wQPe gbdXIzzfsp/8X27A58eR3SGQrnldPFOPd34VhbKMP47HlD7M1vglfn3PJbX5tWp5onFL pr5QPmKdjer8V7gr7pk38Sqs7yTBp+ad6Aa3SKMKRv2hPXQUjCwlpbW2UpKgZQT3W696 XWELHeUfCFrnTuyCHPMIOtmrTxfK8MDofzQxAZF4a56qFnHoYGxtcamjGTQ4NeBsoEt+ 4QkA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=gvRP8dJ3; arc=pass (i=1 spf=pass spfdomain=chromium.org dkim=pass dkdomain=chromium.org dmarc=pass fromdomain=chromium.org); spf=pass (google.com: domain of linux-kernel+bounces-49660-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-49660-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org X-Forwarded-Encrypted: i=1; AJvYcCUWvBn3hSrc+PhO9BLpBbwnRKjlh2Gq4102NoVc1IIySr0Tp6J3btQdB0sbBGuO/9cdOrD6GSNrY6vuXsZjd6TPdUq5EA== Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223]) by mx.google.com with ESMTPS id vr21-20020a05620a55b500b0078402036e66si1585530qkn.723.2024.02.02.02.19.40 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 02 Feb 2024 02:19:40 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-49660-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=gvRP8dJ3; arc=pass (i=1 spf=pass spfdomain=chromium.org dkim=pass dkdomain=chromium.org dmarc=pass fromdomain=chromium.org); spf=pass (google.com: domain of linux-kernel+bounces-49660-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-49660-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 3013C1C26D40 for ; Fri, 2 Feb 2024 10:19:40 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 05AC88003F; Fri, 2 Feb 2024 10:16:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="gvRP8dJ3" Received: from mail-pl1-f180.google.com (mail-pl1-f180.google.com [209.85.214.180]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6F26A7C098 for ; Fri, 2 Feb 2024 10:16:45 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.180 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706869011; cv=none; b=fPbdenP7wN5bvxupbMMxarOZLMnccABPo8FDYv3En88ASnGFd5zjvRjw737R3e+g2/JGL9er7dZ17tyAlb7h2sW4lkUsLHqD3CHxPdJqcajsJTOYhkjkQ+63/kluU+jrIj9KH7yfr73dECr5ihdD+ZSKJY8r3JYKLfSrU05wqr4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706869011; c=relaxed/simple; bh=ZxwmE0nZsP1Nk3oxW4DdUpU7gFnVfTpHfJ1XVp+L1j0=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=rNjn99aSPixuaXDPF0q9prV2KECx/HHMYg7ltUQsPhuwaUbLJi7j6Yur57SK7LvDehG2xGirjLGqFyQxQYAYyYSK4PBFjIGojfxRmUo7dsi7fKfqsFL6OB63EhljhO/2bVMxt/PjKtsIBpx+AHuzuQ5ZJ5n8mrZXDWi7peptZ9s= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org; spf=pass smtp.mailfrom=chromium.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b=gvRP8dJ3; arc=none smtp.client-ip=209.85.214.180 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=chromium.org Received: by mail-pl1-f180.google.com with SMTP id d9443c01a7336-1d95d67ff45so9813145ad.2 for ; Fri, 02 Feb 2024 02:16:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1706869005; x=1707473805; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=huDkFM2jKbuwvr+cQsGrJ0cboThbc1r4eSZ54RE7EeI=; b=gvRP8dJ3KXsujD0C1Ta3pPfDymJdYPCHYsuftj1ON/YnSJA3tm2+UZn1SeXbdriLn1 lcezB3u2mUWEC2MoVexnQ1sm9UrJqy4yfJwh7+oLWPxKtWOYoExkaMWHDzWHJnTJpRrk pABBhJW4wUI8AAriCqjzK41YNwsPbDVxYwhkA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706869005; x=1707473805; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=huDkFM2jKbuwvr+cQsGrJ0cboThbc1r4eSZ54RE7EeI=; b=Aq+7lFrsMxAKLPTe0NiGBvJGmYZeFCR+J3jHv76oalwLIo56/N+/mWWuqZe7dvLEaZ 7tzkHXjD+pZxlHZYkRqefCJxdRlsjpN88eXIjjUhdhEnl2iuiRbCXFD3FW3o0aIndusD D9x4kLybglEYUhpaXLV44xjYgl2+gQOu+ChAFFwhp0wKtBIaaUup3ri0GfhJc7aaDAE+ KmIeJUm3oFI8L6r3Q747Q4BR37FjXwELCfa/RSGXVyW9JWgRi0udPdhRjZoATtKkVc6J 79Pir/F9ymQwaW6H3pwDE2ZC7iGQpG7DrHnZFQK7Fj902xqTcUTDyaTC/jDop5E1iAPw XE6w== X-Gm-Message-State: AOJu0YxRRP84F6RhEtgvzwIbZ21hG5lyukFcZ1cYJ8+UUaSyjQij8y1B mnVtB0rzUrUuJODP2a+Qf2qnTf2JuBtKh7uTvSdgFygg+wE37k0If0OWi9LLbw== X-Received: by 2002:a17:903:94d:b0:1d8:b6c8:d9e0 with SMTP id ma13-20020a170903094d00b001d8b6c8d9e0mr1942830plb.68.1706869004906; Fri, 02 Feb 2024 02:16:44 -0800 (PST) X-Forwarded-Encrypted: i=0; AJvYcCXm2ltGXSQ3/dMDFTJd44WjKZdXshEPXPWN2y6WE7E3b+jubgNaOYkuw5VnqA4S9HtLo7qrYKsGKPoYxH5O74AVwvWb9iE10rFYm3n026lPQhoITT6P5EG3S6E0ARfoiPiilFHc1P170f3L7IIRjKqdWIGevmKqtcYBEq7HSe5RdITj0U96a6pTvHsJ0MsK89PKSs0ECjcxeR0yzhKvgzBGQqSm8nHFrtSeBcJzXXMaebLLOFOmheGxxf2ic7AR58qnNPxprUyVeY6wzFzi0cNWRnRpzjgIFyrNRmmyNKPD3NRk/rVYnE+xKRRmrDd7B9gCDwG/+ve4xCBvu8plPkZxiwuj9XZhaBIbvySbpOS8aXTc+kkoQ0Qr2U1llnNgaFQ1nY7H3f/ojjTTW/r7ggMMWTwS5GebQqKR5ZQk4UXJjEiv18IkKd03pIO+QQHhwRvi75ST2re8QSg/NZZvCu22i34f/ZfVkuhFBAKeP0EdJTIi3pDLw2DCTd0qk2OzZQ3esIyeHUi4SbRQEhDRzSl/EdxhSOD37RLyKKeZsvcQw/KOdAqAawSDSPy0Zwzh0G32VHyd7skIHFuGmVRga32CpsILSaLLA4ITFo88rafydugjzXu00x+4wzcP6wX8+lbazQTj Received: from www.outflux.net ([198.0.35.241]) by smtp.gmail.com with ESMTPSA id jv5-20020a170903058500b001d8fb2591a6sm1262459plb.171.2024.02.02.02.16.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 02 Feb 2024 02:16:42 -0800 (PST) From: Kees Cook To: linux-hardening@vger.kernel.org Cc: Kees Cook , Fangrui Song , Justin Stitt , Nathan Chancellor , Masahiro Yamada , Nicolas Schier , Nick Desaulniers , Bill Wendling , linux-kbuild@vger.kernel.org, llvm@lists.linux.dev, Marco Elver , Andrey Konovalov , Jonathan Corbet , x86@kernel.org, linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, netdev@vger.kernel.org, linux-crypto@vger.kernel.org, kasan-dev@googlegroups.com, linux-acpi@vger.kernel.org Subject: [PATCH v2 1/6] ubsan: Use Clang's -fsanitize-trap=undefined option Date: Fri, 2 Feb 2024 02:16:34 -0800 Message-Id: <20240202101642.156588-1-keescook@chromium.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240202101311.it.893-kees@kernel.org> References: <20240202101311.it.893-kees@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=1455; i=keescook@chromium.org; h=from:subject; bh=ZxwmE0nZsP1Nk3oxW4DdUpU7gFnVfTpHfJ1XVp+L1j0=; b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBlvMEHvUSDUiKlA+mbRPre0Ef3vI3/FZn+MH1H0 nTpBmdXXdWJAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCZbzBBwAKCRCJcvTf3G3A JpS9D/0Q6QBoQC8jBK/SWwnCyPlA7roqa2Ww1Yr5HWnO8NGYyqLoAR/MLiePscunq9kQo7XF14S P8vBlWa3w59PmmPOE6/K+Yo4XhNmZJHNn57MFcpldH9PXBny2KEOQhIlpz0+Qq7zhOLddFXdahg miGo2qdGlfIpjGAwlRLZVr4XDKEdKus3gLReWRkeV1eaUGK+SU4BE0S9e5Ucv2MjqDKeYkX5U8P qcJlKCdupyTdD22vLQjZ4hg0UIOxJJ0JvKAgP5koezT5XzlYxQPfD+lFdixQeprPlZX44YEoD1u 2gFGFM/Q8utBzYdgJDHKWh8ZFe9OdEKUCuYvCh/uj3WvrNcdeiAwxXTFx+YFw7lp/nUQ9zNbifH i0lKwy9Brl+6w2SYcs69qdsxG5hhti2yLUQW5qr1cxQetC9HV+eqLTMxbCd+Gm8bec7x5A7gPkl z9qKNMgq9aRbauhd0kdkjl+d6TuQcysN/udCqYNxsTkdS7yBgm/IdQ7OZjnlsgDA30jgME0SH/I ACfSg1lLhSUiA5YoWC7kX0F96o0tirE4vqzxv/Puh7Cw53eqsLhs+IiSDSXdodWu7vsBW7YDlsh iWO7s+1g4L7hMvsHJrbpcnHePzJ54JOQLt5okcZPy+IE+zSi6oA38qRXNbFz3mjkKY40YEX37q4 8g1LnhWR9uKDhnA== X-Developer-Key: i=keescook@chromium.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1789782058120619113 X-GMAIL-MSGID: 1789782058120619113 Clang changed the way it enables UBSan trapping mode. Update the Makefile logic to discover it. Suggested-by: Fangrui Song Link: https://lore.kernel.org/lkml/CAFP8O3JivZh+AAV7N90Nk7U2BHRNST6MRP0zHtfQ-Vj0m4+pDA@mail.gmail.com/ Reviewed-by: Fangrui Song Reviewed-by: Justin Stitt Cc: Nathan Chancellor Cc: Masahiro Yamada Cc: Nicolas Schier Cc: Nick Desaulniers Cc: Bill Wendling Cc: linux-kbuild@vger.kernel.org Cc: llvm@lists.linux.dev Signed-off-by: Kees Cook --- scripts/Makefile.ubsan | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/Makefile.ubsan b/scripts/Makefile.ubsan index 4749865c1b2c..7cf42231042b 100644 --- a/scripts/Makefile.ubsan +++ b/scripts/Makefile.ubsan @@ -10,6 +10,6 @@ ubsan-cflags-$(CONFIG_UBSAN_DIV_ZERO) += -fsanitize=integer-divide-by-zero ubsan-cflags-$(CONFIG_UBSAN_UNREACHABLE) += -fsanitize=unreachable ubsan-cflags-$(CONFIG_UBSAN_BOOL) += -fsanitize=bool ubsan-cflags-$(CONFIG_UBSAN_ENUM) += -fsanitize=enum -ubsan-cflags-$(CONFIG_UBSAN_TRAP) += -fsanitize-undefined-trap-on-error +ubsan-cflags-$(CONFIG_UBSAN_TRAP) += $(call cc-option,-fsanitize-trap=undefined,-fsanitize-undefined-trap-on-error) export CFLAGS_UBSAN := $(ubsan-cflags-y) From patchwork Fri Feb 2 10:16:35 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 195775 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7301:9bc1:b0:106:209c:c626 with SMTP id op1csp329129dyc; Fri, 2 Feb 2024 02:19:56 -0800 (PST) X-Google-Smtp-Source: AGHT+IH/4GlX1eFrRbUtTLxPhUr/AeOJt4P6e53cD6njDSixROklnTqKblvDhC4/7xoCUiZ5Wp/h X-Received: by 2002:a05:6358:5d86:b0:176:4b1a:8364 with SMTP id s6-20020a0563585d8600b001764b1a8364mr8718488rwm.21.1706869195856; Fri, 02 Feb 2024 02:19:55 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1706869195; cv=pass; d=google.com; s=arc-20160816; b=px/MzI7taX7AwjVpwuc72HNYQ+dAqIIRMPSKk00V2XvXw5FVHKUctuAcmf1fHBneHp uq0CvJb/B9/zYjR1Vo+5OJ98sU+t+hMF06rJeeCnZ6o6CFPIJ1eW9iWRQ2ui/sgqK4dl AxK9aeJacfqOHr0zn7ZYzFYoNPAqF/xPVFGTl5IXd+phqig21J9RyjcOHI41Aq9uqNZh 4ltUSL5MeV0B3n80K/s6WEsbGdWW0lc6g8oxFQ/Ol6myS1rRjEyE+V/SN9bae4W79LUZ eXLUoxXoq0srJapAb3CDqSItt/e/Sghbe9CpfImFHSLVX96Y7fBLxM/bxcGK3jtxfOE7 zEeg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=U/S6R7/9nVoHmk9zF9Fu8HvJ6G5Gizsl3DGB5UcgoVw=; fh=gcc5oPbQtzy5VqX9ttyh7SZ6pEuYaVMLOXFbd4KA45k=; b=SKgOu0OA+nAognIFT452/IhxDBRd1Hbr3MROCgnUwF4/1K9n4zxE82UAGiI4RBkARO qctSyonaGlJxKr64VYvx5PK0Q9bzIi7CE2DEfarTlXx0ZETPx6e5YI7QGR0XjjVRI5tq CnlJwyTf5xgieSVzOK8viGIbLXXxE62FxnSLJ6KUoPfbW4Ef9J//tzgqDQzB2nHVlFpL o7uzvpjeZJA6f/kG9zrW+X6ur9tW8LiKnzHr8pjxSs34pU0v8jOERP7raueiWG6wKf5o rg+W8a+z1Kef1NHz1pIRd7fxV4w0WH+4LPqc4ID5ExBbajLMrdaFrotgELEK2zYEUl3/ EqnA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b="mHi/5CCO"; arc=pass (i=1 spf=pass spfdomain=chromium.org dkim=pass dkdomain=chromium.org dmarc=pass fromdomain=chromium.org); spf=pass (google.com: domain of linux-kernel+bounces-49657-ouuuleilei=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-49657-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org X-Forwarded-Encrypted: i=1; AJvYcCUzarnaGN35dwqYYPMpNMz/LL+wbjlMo6RXPAYF6yF9U8QqWFMG5V9EeKoSU43co8YpKL2FlKUMGlQBnzPfg8KpKWuNtg== Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id o3-20020a656a43000000b005dbf103f1dasi1433297pgu.104.2024.02.02.02.19.55 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 02 Feb 2024 02:19:55 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-49657-ouuuleilei=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b="mHi/5CCO"; arc=pass (i=1 spf=pass spfdomain=chromium.org dkim=pass dkdomain=chromium.org dmarc=pass fromdomain=chromium.org); spf=pass (google.com: domain of linux-kernel+bounces-49657-ouuuleilei=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-49657-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 5A3DB286598 for ; Fri, 2 Feb 2024 10:19:35 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id AA84680032; Fri, 2 Feb 2024 10:16:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="mHi/5CCO" Received: from mail-pg1-f179.google.com (mail-pg1-f179.google.com [209.85.215.179]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D62287A70A for ; Fri, 2 Feb 2024 10:16:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.179 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706869006; cv=none; b=mAn2Q/w7xZT3D0hQKBJp7VEwLShbhn+Dk23fgtEJdmf29NRB36CGZ+qBG9laaFUXN1eoZO3NS4FjbQHR4Q28WpUQt6ma1Pv8PzAUQF9KHA0eEAU7praPSo67EtfydH0lRuD254HPm+jJ6nqafxkuaYKFlotLqceUZCFYb7NMwyw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706869006; c=relaxed/simple; bh=81LcZge0w4D9Z3eA6B+rApaqgdau7DNMJpUzowyrc8U=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=hncJlWiLSDbPVAiww/Ue+jXhAmybOU3KdicMWXxR7owui96Z467mJpEYwhECRI946hREjS7nNB1xokTuPyhdqrltfayzZNvypfxuGhUiNBZmpoghZKgl9ng6/RvopSThCe8JGk45UE6HYIrY0yas/RpTfIeo6AobUdh7Sutol4E= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org; spf=pass smtp.mailfrom=chromium.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b=mHi/5CCO; arc=none smtp.client-ip=209.85.215.179 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=chromium.org Received: by mail-pg1-f179.google.com with SMTP id 41be03b00d2f7-5d8b276979aso1467522a12.2 for ; Fri, 02 Feb 2024 02:16:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1706869003; x=1707473803; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=U/S6R7/9nVoHmk9zF9Fu8HvJ6G5Gizsl3DGB5UcgoVw=; b=mHi/5CCOfEEX+BVr5JH611wBTjzwUdeMLsA0B37hxbNepGFdeJrNabgl0JIjCLaPTZ Y8lgWt59Y5wSU6+Vwpqldk5t9xRULnl+xBWJM0Cjq7vcLY/Cm0jvfN1Rns8IoayGSahH 4aeTqHvnv0o/DzdeoPF2euqvvx/kMtaUHHOnE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706869003; x=1707473803; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=U/S6R7/9nVoHmk9zF9Fu8HvJ6G5Gizsl3DGB5UcgoVw=; b=jwh1rFLe2Kz5TK6yDlDXDT3Tbzf/H+tHSHLu413/u6L2WF5Snvp/7LEofuLQOmiY8g /udTEpSETyxayfMFuH+hXADxHE+o+YoeLYyxZ1Le71QKkvtT8uSHSMkgo0lBPoRgsmGD VqaaPlxicIr9t0vXae2y+W7bFz4MlOL/ddPf2Hr+QIqWRAHQ0ju6KarmZrNjyZgC/cI1 fz1d/I+1eu42ogs/ArHnFaLqkuZ2KJ7YyLqIwtprTzIDpwDw3Rz5cy/ELp+eCYu1BZYk 9odaOEYppyMsC8oZBILxXsOL6jY+Iwm9CUL/lucE9Z+E7gryWbZ5CKHeklzykNj9X1bP 0VRA== X-Gm-Message-State: AOJu0YzC4JDYtRE7TIW+XKJUWa7+25gBCIQm49JEJ6Ty9DNhNdlHele0 AUocHLAIvziI4aZsRKVdqmS0Nke8Vq0FqjMtAv8ofu4fB4xp+8tsGrNX9FSKHA== X-Received: by 2002:a05:6a20:d80a:b0:19e:3172:b8ac with SMTP id iv10-20020a056a20d80a00b0019e3172b8acmr8509849pzb.22.1706869003182; Fri, 02 Feb 2024 02:16:43 -0800 (PST) X-Forwarded-Encrypted: i=0; AJvYcCWoz46bwT+tJO8xy56NbLr1KS+igx2daYsByMo02TKngsVRwUuFg7rM8d2fC9gniw/eE1Q+M8gYLGV0R77HWl5kkLuEJZYFcd3ZpZKGRtahgInsMSopUwFERg7zuZHYNtJ5cJY9S2MraM2AOdZTTsl6P817jdn3+0hoVV2s43CNN5/nYeQK3ywIAd7TM2tMMv736L+PU5oEIuAwAF6QxY7hk6ZUYTxy0dptEOM02zqUvp11bDVVbi6S3n6ojbgp4xa9zL5Pl1AK7tfwa9hB2HWWUqQJAG1beGvKFdo7Mom3kiQCGh3TESzslYvSA98vnLsC4EJqMD9Uz8azrFX1Ex75q3xcLnhW2kZqdFqM+4BashtXkOJBquFxMijWLtVQMr4ZE2M1tUiRNGANdexlJ96uetelZ97X/PY/9FFiBdNHkgVQSScQTlNDriahUrbVN3f1x2A5SrEDHUYfRek4LjMjYi3p5UMVzy3MM2AYFHjg6ci4bdjFS8hPv4iQCGoeEYZuQp88sa54C908gCbMdO7a77djfDP9t5GC659+wIXuW5inYCBGQotSrYlfFNKhSKwT7bfBvkZuJCPGJTWGXk0+KPs/zoTpSkJ430g2C9DO1V/7d3r5Q6mZ8bhuHeko5NNBwMH5NODDFj2P6245q/GN+6UxZLLmpRUazUMVySJWK+qZCmIgUtRAeYTjxOxNK6dirVDW6ImDqWqJGDVldIDW+I7jV/5M5VWcgIUx4uDclV4lMY6o/UR8yI1NO/c= Received: from www.outflux.net ([198.0.35.241]) by smtp.gmail.com with ESMTPSA id j24-20020a62b618000000b006dd850bbd21sm1236764pff.36.2024.02.02.02.16.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 02 Feb 2024 02:16:42 -0800 (PST) From: Kees Cook To: linux-hardening@vger.kernel.org Cc: Kees Cook , Justin Stitt , Miguel Ojeda , Nathan Chancellor , Nick Desaulniers , Peter Zijlstra , Marco Elver , Hao Luo , Przemek Kitszel , Fangrui Song , Masahiro Yamada , Nicolas Schier , Bill Wendling , Andrey Konovalov , Jonathan Corbet , x86@kernel.org, linux-kernel@vger.kernel.org, linux-kbuild@vger.kernel.org, llvm@lists.linux.dev, linux-doc@vger.kernel.org, netdev@vger.kernel.org, linux-crypto@vger.kernel.org, kasan-dev@googlegroups.com, linux-acpi@vger.kernel.org Subject: [PATCH v2 2/6] ubsan: Reintroduce signed and unsigned overflow sanitizers Date: Fri, 2 Feb 2024 02:16:35 -0800 Message-Id: <20240202101642.156588-2-keescook@chromium.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240202101311.it.893-kees@kernel.org> References: <20240202101311.it.893-kees@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=10079; i=keescook@chromium.org; h=from:subject; bh=81LcZge0w4D9Z3eA6B+rApaqgdau7DNMJpUzowyrc8U=; b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBlvMEHIaVk0RDXV5BS8oDSW+Q7mjUG3v2lN2MSh eQs8Xe4ZXyJAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCZbzBBwAKCRCJcvTf3G3A JlV3EACFj6qzRW/Dmz2j427eAnNRW/hFiqg76oZtLKt19NBhwQSxqIEDMXQp9hgoLImHy3cIsTz /3Rn02fPcHAlgbHbphdnoxIxF9d3JIMOflSJOWUtksgIa2hMlnS7dKbdvmr6YMMT9DzhneaK/ah m8bVM9Mgc+Fzxr+ruzOV0BX8GlCxuFOL12H1D3nZvF82gmkuNPMCYslbh8l0P1WdKLSV4yEaD08 RWG3VMBfMNhEMTzybJOFwIVklb0tu91BdUOI2awvdIBY0hXH+0T8ZI/JIgN0J39lmVCxQ2TuCZo JXBXbL0GsukvIx/3oo5JDt9pGOql4COz2gyh82QHnis0ssIlLtiNNgL23O0EDJOU00/BF81oVyA d58a5k99+BTYT48jsn1iwhsoIQaNvM2SQJcoE8FF6JeOqbElxHIUlp7L7ptRp6hNg2DFKQye4TZ DnJ1KTK0D9Se94Y/mmh2I1UBV/V6e+gaUPjzlq0ZVxwnNKlRtycg3Mjhv/0lTzGBlp+Bl+eE7g/ 7brRWwsZKFQ5Qgqu9kddHySyRFw4vwh55F6AqwHkg1EtoQWExp32wuEYmFa1j3Ap2p8TTTTlwVK dban4NYVGvUX/JjOynleWT2vjJ1Sz7/q5MFDcRNYcOuyP9b+jZPKfdD9BJHpPVkdE/OfPQV27r1 FhYPbS9aNfwli2Q== X-Developer-Key: i=keescook@chromium.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1789782074154383374 X-GMAIL-MSGID: 1789782074154383374 Effectively revert commit 6aaa31aeb9cf ("ubsan: remove overflow checks"), to allow the kernel to be built with the "overflow" sanitizers again. This gives developers a chance to experiment[1][2][3] with the instrumentation again, while compilers adjust their sanitizers to deal with the impact of -fno-strict-oveflow (i.e. moving from "overflow" checking to "wrap-around" checking). Notably, the naming of the options is adjusted to use the name "WRAP" instead of "OVERFLOW". In the strictest sense, arithmetic "overflow" happens when a result exceeds the storage of the type, and is considered by the C standard and compilers to be undefined behavior for signed and pointer types (without -fno-strict-overflow). Unsigned arithmetic overflow is defined as always wrapping around. Because the kernel is built with -fno-strict-overflow, signed and pointer arithmetic is defined to always wrap around instead of "overflowing" (which could either be elided due to being undefined behavior or would wrap around, which led to very weird bugs in the kernel). So, the config options are added back as CONFIG_UBSAN_SIGNED_WRAP and CONFIG_UBSAN_UNSIGNED_WRAP. Since the kernel has several places that explicitly depend on wrap-around behavior (e.g. counters, atomics, crypto, etc), also introduce the __signed_wrap and __unsigned_wrap function attributes for annotating functions where wrapping is expected and should not be instrumented. This will allow us to distinguish in the kernel between intentional and unintentional cases of arithmetic wrap-around. Additionally keep these disabled under CONFIG_COMPILE_TEST for now. Link: https://github.com/KSPP/linux/issues/26 [1] Link: https://github.com/KSPP/linux/issues/27 [2] Link: https://github.com/KSPP/linux/issues/344 [3] Cc: Justin Stitt Cc: Miguel Ojeda Cc: Nathan Chancellor Cc: Nick Desaulniers Cc: Peter Zijlstra Cc: Marco Elver Cc: Hao Luo Cc: Przemek Kitszel Signed-off-by: Kees Cook --- include/linux/compiler_types.h | 14 ++++++- lib/Kconfig.ubsan | 19 ++++++++++ lib/test_ubsan.c | 49 ++++++++++++++++++++++++ lib/ubsan.c | 68 ++++++++++++++++++++++++++++++++++ lib/ubsan.h | 4 ++ scripts/Makefile.ubsan | 2 + 6 files changed, 155 insertions(+), 1 deletion(-) diff --git a/include/linux/compiler_types.h b/include/linux/compiler_types.h index 6f1ca49306d2..e585614f3152 100644 --- a/include/linux/compiler_types.h +++ b/include/linux/compiler_types.h @@ -282,11 +282,23 @@ struct ftrace_likely_data { #define __no_sanitize_or_inline __always_inline #endif +/* Allow wrapping arithmetic within an annotated function. */ +#ifdef CONFIG_UBSAN_SIGNED_WRAP +# define __signed_wrap __attribute__((no_sanitize("signed-integer-overflow"))) +#else +# define __signed_wrap +#endif +#ifdef CONFIG_UBSAN_UNSIGNED_WRAP +# define __unsigned_wrap __attribute__((no_sanitize("unsigned-integer-overflow"))) +#else +# define __unsigned_wrap +#endif + /* Section for code which can't be instrumented at all */ #define __noinstr_section(section) \ noinline notrace __attribute((__section__(section))) \ __no_kcsan __no_sanitize_address __no_profile __no_sanitize_coverage \ - __no_sanitize_memory + __no_sanitize_memory __signed_wrap __unsigned_wrap #define noinstr __noinstr_section(".noinstr.text") diff --git a/lib/Kconfig.ubsan b/lib/Kconfig.ubsan index 59e21bfec188..a7003e5bd2a1 100644 --- a/lib/Kconfig.ubsan +++ b/lib/Kconfig.ubsan @@ -116,6 +116,25 @@ config UBSAN_UNREACHABLE This option enables -fsanitize=unreachable which checks for control flow reaching an expected-to-be-unreachable position. +config UBSAN_SIGNED_WRAP + bool "Perform checking for signed arithmetic wrap-around" + default UBSAN + depends on !COMPILE_TEST + depends on $(cc-option,-fsanitize=signed-integer-overflow) + help + This option enables -fsanitize=signed-integer-overflow which checks + for wrap-around of any arithmetic operations with signed integers. + +config UBSAN_UNSIGNED_WRAP + bool "Perform checking for unsigned arithmetic wrap-around" + depends on $(cc-option,-fsanitize=unsigned-integer-overflow) + depends on !X86_32 # avoid excessive stack usage on x86-32/clang + depends on !COMPILE_TEST + help + This option enables -fsanitize=unsigned-integer-overflow which checks + for wrap-around of any arithmetic operations with unsigned integers. This + currently causes x86 to fail to boot. + config UBSAN_BOOL bool "Perform checking for non-boolean values used as boolean" default UBSAN diff --git a/lib/test_ubsan.c b/lib/test_ubsan.c index 2062be1f2e80..84d8092d6c32 100644 --- a/lib/test_ubsan.c +++ b/lib/test_ubsan.c @@ -11,6 +11,51 @@ typedef void(*test_ubsan_fp)(void); #config, IS_ENABLED(config) ? "y" : "n"); \ } while (0) +static void test_ubsan_add_overflow(void) +{ + volatile int val = INT_MAX; + volatile unsigned int uval = UINT_MAX; + + UBSAN_TEST(CONFIG_UBSAN_SIGNED_WRAP); + val += 2; + + UBSAN_TEST(CONFIG_UBSAN_UNSIGNED_WRAP); + uval += 2; +} + +static void test_ubsan_sub_overflow(void) +{ + volatile int val = INT_MIN; + volatile unsigned int uval = 0; + volatile int val2 = 2; + + UBSAN_TEST(CONFIG_UBSAN_SIGNED_WRAP); + val -= val2; + + UBSAN_TEST(CONFIG_UBSAN_UNSIGNED_WRAP); + uval -= val2; +} + +static void test_ubsan_mul_overflow(void) +{ + volatile int val = INT_MAX / 2; + volatile unsigned int uval = UINT_MAX / 2; + + UBSAN_TEST(CONFIG_UBSAN_SIGNED_WRAP); + val *= 3; + + UBSAN_TEST(CONFIG_UBSAN_UNSIGNED_WRAP); + uval *= 3; +} + +static void test_ubsan_negate_overflow(void) +{ + volatile int val = INT_MIN; + + UBSAN_TEST(CONFIG_UBSAN_SIGNED_WRAP); + val = -val; +} + static void test_ubsan_divrem_overflow(void) { volatile int val = 16; @@ -90,6 +135,10 @@ static void test_ubsan_misaligned_access(void) } static const test_ubsan_fp test_ubsan_array[] = { + test_ubsan_add_overflow, + test_ubsan_sub_overflow, + test_ubsan_mul_overflow, + test_ubsan_negate_overflow, test_ubsan_shift_out_of_bounds, test_ubsan_out_of_bounds, test_ubsan_load_invalid_value, diff --git a/lib/ubsan.c b/lib/ubsan.c index df4f8d1354bb..5fc107f61934 100644 --- a/lib/ubsan.c +++ b/lib/ubsan.c @@ -222,6 +222,74 @@ static void ubsan_epilogue(void) check_panic_on_warn("UBSAN"); } +static void handle_overflow(struct overflow_data *data, void *lhs, + void *rhs, char op) +{ + + struct type_descriptor *type = data->type; + char lhs_val_str[VALUE_LENGTH]; + char rhs_val_str[VALUE_LENGTH]; + + if (suppress_report(&data->location)) + return; + + ubsan_prologue(&data->location, type_is_signed(type) ? + "signed-integer-overflow" : + "unsigned-integer-overflow"); + + val_to_string(lhs_val_str, sizeof(lhs_val_str), type, lhs); + val_to_string(rhs_val_str, sizeof(rhs_val_str), type, rhs); + pr_err("%s %c %s cannot be represented in type %s\n", + lhs_val_str, + op, + rhs_val_str, + type->type_name); + + ubsan_epilogue(); +} + +void __ubsan_handle_add_overflow(void *data, + void *lhs, void *rhs) +{ + + handle_overflow(data, lhs, rhs, '+'); +} +EXPORT_SYMBOL(__ubsan_handle_add_overflow); + +void __ubsan_handle_sub_overflow(void *data, + void *lhs, void *rhs) +{ + handle_overflow(data, lhs, rhs, '-'); +} +EXPORT_SYMBOL(__ubsan_handle_sub_overflow); + +void __ubsan_handle_mul_overflow(void *data, + void *lhs, void *rhs) +{ + handle_overflow(data, lhs, rhs, '*'); +} +EXPORT_SYMBOL(__ubsan_handle_mul_overflow); + +void __ubsan_handle_negate_overflow(void *_data, void *old_val) +{ + struct overflow_data *data = _data; + char old_val_str[VALUE_LENGTH]; + + if (suppress_report(&data->location)) + return; + + ubsan_prologue(&data->location, "negation-overflow"); + + val_to_string(old_val_str, sizeof(old_val_str), data->type, old_val); + + pr_err("negation of %s cannot be represented in type %s:\n", + old_val_str, data->type->type_name); + + ubsan_epilogue(); +} +EXPORT_SYMBOL(__ubsan_handle_negate_overflow); + + void __ubsan_handle_divrem_overflow(void *_data, void *lhs, void *rhs) { struct overflow_data *data = _data; diff --git a/lib/ubsan.h b/lib/ubsan.h index 5d99ab81913b..0abbbac8700d 100644 --- a/lib/ubsan.h +++ b/lib/ubsan.h @@ -124,6 +124,10 @@ typedef s64 s_max; typedef u64 u_max; #endif +void __ubsan_handle_add_overflow(void *data, void *lhs, void *rhs); +void __ubsan_handle_sub_overflow(void *data, void *lhs, void *rhs); +void __ubsan_handle_mul_overflow(void *data, void *lhs, void *rhs); +void __ubsan_handle_negate_overflow(void *_data, void *old_val); void __ubsan_handle_divrem_overflow(void *_data, void *lhs, void *rhs); void __ubsan_handle_type_mismatch(struct type_mismatch_data *data, void *ptr); void __ubsan_handle_type_mismatch_v1(void *_data, void *ptr); diff --git a/scripts/Makefile.ubsan b/scripts/Makefile.ubsan index 7cf42231042b..7b2f3d554c59 100644 --- a/scripts/Makefile.ubsan +++ b/scripts/Makefile.ubsan @@ -8,6 +8,8 @@ ubsan-cflags-$(CONFIG_UBSAN_LOCAL_BOUNDS) += -fsanitize=local-bounds ubsan-cflags-$(CONFIG_UBSAN_SHIFT) += -fsanitize=shift ubsan-cflags-$(CONFIG_UBSAN_DIV_ZERO) += -fsanitize=integer-divide-by-zero ubsan-cflags-$(CONFIG_UBSAN_UNREACHABLE) += -fsanitize=unreachable +ubsan-cflags-$(CONFIG_UBSAN_SIGNED_WRAP) += -fsanitize=signed-integer-overflow +ubsan-cflags-$(CONFIG_UBSAN_UNSIGNED_WRAP) += -fsanitize=unsigned-integer-overflow ubsan-cflags-$(CONFIG_UBSAN_BOOL) += -fsanitize=bool ubsan-cflags-$(CONFIG_UBSAN_ENUM) += -fsanitize=enum ubsan-cflags-$(CONFIG_UBSAN_TRAP) += $(call cc-option,-fsanitize-trap=undefined,-fsanitize-undefined-trap-on-error) From patchwork Fri Feb 2 10:16:36 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 195774 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7301:9bc1:b0:106:209c:c626 with SMTP id op1csp329090dyc; Fri, 2 Feb 2024 02:19:52 -0800 (PST) X-Google-Smtp-Source: AGHT+IHrRO0rZrdzyzgkWB1aiZ4IQL8PV8/6R/fYk5LabXC9lAxDu8PyCNCSeT6XuWc8QiAlx1p5 X-Received: by 2002:a17:906:a90:b0:a36:7c3b:8489 with SMTP id y16-20020a1709060a9000b00a367c3b8489mr1245303ejf.42.1706869192346; Fri, 02 Feb 2024 02:19:52 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1706869192; cv=pass; d=google.com; s=arc-20160816; b=boooJ8PeINDpdT4Eapd1u0V6skWPlQEY/2Y+8WX6ZFRYxJOaTb7YH9nvoDF/HkX4Ui FFC71/cAreVrr61frNUvIhc0xEbaRGy4fRLvmrTEDr0rhMI5iHi2If6CIedYR7lrt6o+ 0thkhap9A4N4LeMDy+9P/OZ5T0kwhHuiBbr3nm+IBYSAPS5A71S2HfqaYM8K/6loYSkl AszRnhBtA1xfgJ/sWxZGAnii9g38RGJH+IU9ZWrCliXMkR2ZyLAwnONRJ78SwplcukX0 0BHEIsrrmCweugVN5XdsDSbd//Fh21dOY4OB9UYfBvN+ZdqmH0WFLQXy0Hojq7r8Q1OO NhuA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=VqHYD682nla/ZHS426F2Ic30I1reUytKpu6/CiCUuio=; fh=Phuz64QW6xmT0XgryC8OzdxYwi51n0z0BxZyX/bzGa4=; b=sYfdQyKKaMWuVX9YEXXQc3RKQo3+0I5HRnVm/vD0uBIAA+8mXHgZdDE5EMBgygKzF8 uesu3LP2l8Qur45sBfxwEkHGfr/UPir4xca/95ohnHmO1ySERhIozZjKCO2A3XU4EsWP NnYE2enz01bJzR5ppqsXjNReceSd3fU4GrZxi9hVu2FIVSjA8tXsyHkAodqiNd08Z6lp 0CWbATXy/Zyr2w9TuP9fDyIM7YsUKo61NXDWIi/Xq/KAJoHMLZr+BcDPWiUuCHn1Q94i Bu/8FUFSfmqXJw5gdxNUDHo0eNaqmkpTF9Wd2jE1xEEReWraItTe0agTJ0BokKyUxtnM Q+BQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b="hI1Mcv/I"; arc=pass (i=1 spf=pass spfdomain=chromium.org dkim=pass dkdomain=chromium.org dmarc=pass fromdomain=chromium.org); spf=pass (google.com: domain of linux-kernel+bounces-49659-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-49659-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org X-Forwarded-Encrypted: i=1; AJvYcCW0liihC41ivfrh3uXCF2MP2TV9jgHmoV6i9a5Ddkn5S6ZZ50qYZqfvHPWXOOksK8qq3Ipaizf07M4UySNgXmh8H00VaA== Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id y13-20020a1709060a8d00b00a36fb4d2d5asi569767ejf.595.2024.02.02.02.19.52 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 02 Feb 2024 02:19:52 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-49659-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b="hI1Mcv/I"; arc=pass (i=1 spf=pass spfdomain=chromium.org dkim=pass dkdomain=chromium.org dmarc=pass fromdomain=chromium.org); spf=pass (google.com: domain of linux-kernel+bounces-49659-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-49659-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id C171D1F278B9 for ; Fri, 2 Feb 2024 10:19:51 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 7323880053; Fri, 2 Feb 2024 10:16:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="hI1Mcv/I" Received: from mail-pf1-f181.google.com (mail-pf1-f181.google.com [209.85.210.181]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AF2067C0AC for ; Fri, 2 Feb 2024 10:16:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.181 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706869010; cv=none; b=JFa6f9NtAXbWbfj55I2ePYN1iD9yeoHc9EHuTscnru8kEE4EJvhoXKI1J4w8/nc4+TRsRRk6hOxSgd0seVPJ1AiFRpJ49ntG/0j7RC1Dszh63HNZ/x2pBSN17mfnfbiz0J0o6saazuuWBISZ+/ByoH+9tTyrVxTeVm+Oc6TefVg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706869010; c=relaxed/simple; bh=NkiEcsGlCZJdDWvQkJb/8yMO5oe0d2E5DUKWEGSWQdQ=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=JKYQqz5gQdb2c3Jr/MYwxEncyhMwRCHO39M30Eh2saqYd7R6hK/2zYAwdifLi9UwvLRXDGbB/9m5cSF46hwY/wH+TiZpxyE4xLiVXdddsvz8H18Y6w5BIIQWVjPtwJqiAJA0DxFqFfReHNRJaa0EXgqKUROxc97YIiNpQsdDki0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org; spf=pass smtp.mailfrom=chromium.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b=hI1Mcv/I; arc=none smtp.client-ip=209.85.210.181 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=chromium.org Received: by mail-pf1-f181.google.com with SMTP id d2e1a72fcca58-6daf694b439so1501117b3a.1 for ; Fri, 02 Feb 2024 02:16:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1706869006; x=1707473806; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=VqHYD682nla/ZHS426F2Ic30I1reUytKpu6/CiCUuio=; b=hI1Mcv/IbBCok/xGoBlq2aVi5gPc5dAlnt1imsJ9GekAOGZxxyetULaAZ1bvFI0j0T 5y5ORQsC2goP6b+JnciNTWWSvspSlWLR4rzvtRZYAXmnT4tnU2/GsHd0k5qc+FpeKb9b +zPzke3hHPX/i3xdT0opygvlPZbdWSkPVaoUk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706869006; x=1707473806; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=VqHYD682nla/ZHS426F2Ic30I1reUytKpu6/CiCUuio=; b=A9Ne+8rvBMfeUXTdj4q7gn3qGF83xRJ1q7ELvWeZ1G2texz8h/l+lH+qqL4zU8mkfP FRDIAaCG5zNPfGiNp3S23pgVOqrVxh0WR09njJ8sdvLXalVh/uk3emU7zuQPAqxo9f6M IYJj9u7hkDkckfugNpcB7GGa93qr2gtXeuhUZnuuOSH1Q2gRa9qlf1TuCD1koD5sLHel wwfqqYlVqKCxb6q0wyxcn5jqYLrYYNZ/8e/q9kDzRAEDW+D0docmdoJGANG78cOUIHjd CQAVm+64wdctb3wC+ee2luua1+Exn5JedL+fBY2khsckrmWBl6PBSCNlZYs1miYCPK1F qlvA== X-Gm-Message-State: AOJu0YyJvuCXEGuUBKiSXHlWohJrosRbX7bCn8i0OYmmNB79+n3PXnBS YG0iIaOPkpkQcB7jFD5oJkK66yMo7H4nR6V0wRKL7mxSzPgZ90XiRCWD5AO26A== X-Received: by 2002:a05:6a20:c70e:b0:19e:4eb9:ef71 with SMTP id hi14-20020a056a20c70e00b0019e4eb9ef71mr1120171pzb.30.1706869005816; Fri, 02 Feb 2024 02:16:45 -0800 (PST) X-Forwarded-Encrypted: i=0; AJvYcCUCIEC55517ryfx43oBGCFPd8+5dFYouZiV+CV5D+1pxdT6zQmvhdO5M7/v+v/0+oZ2ZKP7VrQbUgL/+VtcBvzZ9rochjM8ars8Ug9esO0kT5v54cAWR0SHeW4ire1WrcpFdFbQ7SfADox8Xxuh1jWS9wKjvP1bnnGlurfrPhqFs9QRBElWuWefb3AEu1hNKBjI2XxtHG4piQidM2SA6fjrWTt7uKR80kZSYBnGt/pWqyBNpyMmyOT/5d2v62lhhMyJrS7pUdeoQynMwhnOc8nOrPbqdyl4MRtTlrrtDCTufoYgPLWVMS0QmnBG2k+X/GobQNKpih7jbb/I55VHYapZPs3oS7wqBoFtthOQggR6Wr+lxoN4x8xKKwIGyfs3JdsCis24f9SYLTTCP9azwT4ogrQdvnFzfa8+iy3SPzY4RDWbCAFghuVydn2Y33c4hZl+THJ9JDrTaEd4ANQWc6gqumPJ3fQKU/fSJH9aykK/aQ+AenQA63NHiGImFoI9oWyPnzAjr7y7kXVTN7aDJ0nQMth/WEFtVDO7RMZUzMoA982f8aJ0qXSavU4KPEQx75+c+RK1oy3Z8IF94lIN9ED1UJszMvSRYvzaryIPixZ9wmONfyzrZVVHYE39Ac8Zq5CfYfgk8Pg= Received: from www.outflux.net ([198.0.35.241]) by smtp.gmail.com with ESMTPSA id g18-20020aa78192000000b006d9a7a48bbesm1233974pfi.116.2024.02.02.02.16.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 02 Feb 2024 02:16:42 -0800 (PST) From: Kees Cook To: linux-hardening@vger.kernel.org Cc: Kees Cook , Andrew Morton , Masahiro Yamada , Nathan Chancellor , Nicolas Schier , linux-kbuild@vger.kernel.org, Fangrui Song , Justin Stitt , Bill Wendling , Marco Elver , Andrey Konovalov , Jonathan Corbet , x86@kernel.org, linux-kernel@vger.kernel.org, llvm@lists.linux.dev, linux-doc@vger.kernel.org, netdev@vger.kernel.org, linux-crypto@vger.kernel.org, kasan-dev@googlegroups.com, linux-acpi@vger.kernel.org Subject: [PATCH v2 3/6] ubsan: Introduce CONFIG_UBSAN_POINTER_WRAP Date: Fri, 2 Feb 2024 02:16:36 -0800 Message-Id: <20240202101642.156588-3-keescook@chromium.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240202101311.it.893-kees@kernel.org> References: <20240202101311.it.893-kees@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=6190; i=keescook@chromium.org; h=from:subject; bh=NkiEcsGlCZJdDWvQkJb/8yMO5oe0d2E5DUKWEGSWQdQ=; b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBlvMEH83ic3PPh75cmRopeu/CT8AfoDx9L/zyas Z3T4rMEfOyJAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCZbzBBwAKCRCJcvTf3G3A JoHiD/wK4/yqji7UFxhFl81jgo6lzacdRREgM+v/EzDzSlWEk4v/ikFRWbpa91WiN0Qak9XbAnz t+Iy1CRNEXFaG0DC2B+fN12n5kGnacf0wuU3362+aaDsSeb7D31lpNZevbRP23nPQs7nce8hyuT YNNkhojvoHIcOgH7cK/PtEch2tgM/Rc9uzc/DqE+gcTJY3DgLHfU+T+0O1fh2/Y5t3ZKd10kNZi 8RfnqVuqRo9MCZ+F0lz/AksQ4rZ0O6GunQ3g1dVnvurEwqGqbhEpH1xL/kfrpQdXcSkB6bWeQ4d kaFqttOn7Yxorvdm9nGSsCJTfzsxpS7t0eIxnYmgGyNkTN/pqqGTGM8+1IRjOaDJ1669sBKPq9W /VqiRbRr40Yx0b31xtNjMMrbyEL8VjOBBHFwN+gV3PV1uKwk2HBthmmRfpXCn2FU2xjlPWF0+xb MP9Rrv3tHCr1rv7aAeUao8KooIiVoWkxUgQC0616IP7k9Hm3LUDvdS5VTxzyXoymxcT9xrkNp8D kADO5HIwv09ScgEvVsI++iIGf3x4n/QQO9sY85utNvEGE9KAb5yta4SHxnYjcmYE/7c+YbOp3q3 nl+gU8NALxVPOeuFNxZeCdqRg2Hc/0QGVjbuQCXLG3yWgDVonUKve5mSxOsioydG3jiIsFLRJFi uVGyAk/WJ7pksww== X-Developer-Key: i=keescook@chromium.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1789782070565007269 X-GMAIL-MSGID: 1789782070565007269 Gain coverage for pointer wrap-around checking. Adds support for -fsanitize=pointer-overflow, and introduces the __pointer_wrap function attribute to match the signed and unsigned attributes. Also like the others, it is currently disabled under CONFIG_COMPILE_TEST. Cc: Andrew Morton Cc: Masahiro Yamada Cc: Nathan Chancellor Cc: Nicolas Schier Cc: linux-kbuild@vger.kernel.org Signed-off-by: Kees Cook --- include/linux/compiler_types.h | 7 ++++++- lib/Kconfig.ubsan | 8 ++++++++ lib/test_ubsan.c | 33 +++++++++++++++++++++++++++++++++ lib/ubsan.c | 21 +++++++++++++++++++++ lib/ubsan.h | 1 + scripts/Makefile.ubsan | 1 + 6 files changed, 70 insertions(+), 1 deletion(-) diff --git a/include/linux/compiler_types.h b/include/linux/compiler_types.h index e585614f3152..e65ce55046fd 100644 --- a/include/linux/compiler_types.h +++ b/include/linux/compiler_types.h @@ -293,12 +293,17 @@ struct ftrace_likely_data { #else # define __unsigned_wrap #endif +#ifdef CONFIG_UBSAN_POINTER_WRAP +# define __pointer_wrap __attribute__((no_sanitize("pointer-overflow"))) +#else +# define __pointer_wrap +#endif /* Section for code which can't be instrumented at all */ #define __noinstr_section(section) \ noinline notrace __attribute((__section__(section))) \ __no_kcsan __no_sanitize_address __no_profile __no_sanitize_coverage \ - __no_sanitize_memory __signed_wrap __unsigned_wrap + __no_sanitize_memory __signed_wrap __unsigned_wrap __pointer_wrap #define noinstr __noinstr_section(".noinstr.text") diff --git a/lib/Kconfig.ubsan b/lib/Kconfig.ubsan index a7003e5bd2a1..04222a6d7fd9 100644 --- a/lib/Kconfig.ubsan +++ b/lib/Kconfig.ubsan @@ -135,6 +135,14 @@ config UBSAN_UNSIGNED_WRAP for wrap-around of any arithmetic operations with unsigned integers. This currently causes x86 to fail to boot. +config UBSAN_POINTER_WRAP + bool "Perform checking for pointer arithmetic wrap-around" + depends on !COMPILE_TEST + depends on $(cc-option,-fsanitize=pointer-overflow) + help + This option enables -fsanitize=pointer-overflow which checks + for wrap-around of any arithmetic operations with pointers. + config UBSAN_BOOL bool "Perform checking for non-boolean values used as boolean" default UBSAN diff --git a/lib/test_ubsan.c b/lib/test_ubsan.c index 84d8092d6c32..1cc049b3ef34 100644 --- a/lib/test_ubsan.c +++ b/lib/test_ubsan.c @@ -56,6 +56,36 @@ static void test_ubsan_negate_overflow(void) val = -val; } +static void test_ubsan_pointer_overflow_add(void) +{ + volatile void *top = (void *)ULONG_MAX; + + UBSAN_TEST(CONFIG_UBSAN_POINTER_WRAP); + top += 2; +} + +static void test_ubsan_pointer_overflow_sub(void) +{ + volatile void *bottom = (void *)1; + + UBSAN_TEST(CONFIG_UBSAN_POINTER_WRAP); + bottom -= 3; +} + +struct ptr_wrap { + int a; + int b; +}; + +static void test_ubsan_pointer_overflow_mul(void) +{ + volatile struct ptr_wrap *half = (void *)(ULONG_MAX - 128); + volatile int bump = 128; + + UBSAN_TEST(CONFIG_UBSAN_POINTER_WRAP); + half += bump; +} + static void test_ubsan_divrem_overflow(void) { volatile int val = 16; @@ -139,6 +169,9 @@ static const test_ubsan_fp test_ubsan_array[] = { test_ubsan_sub_overflow, test_ubsan_mul_overflow, test_ubsan_negate_overflow, + test_ubsan_pointer_overflow_add, + test_ubsan_pointer_overflow_sub, + test_ubsan_pointer_overflow_mul, test_ubsan_shift_out_of_bounds, test_ubsan_out_of_bounds, test_ubsan_load_invalid_value, diff --git a/lib/ubsan.c b/lib/ubsan.c index 5fc107f61934..d49580ff6aea 100644 --- a/lib/ubsan.c +++ b/lib/ubsan.c @@ -289,6 +289,27 @@ void __ubsan_handle_negate_overflow(void *_data, void *old_val) } EXPORT_SYMBOL(__ubsan_handle_negate_overflow); +void __ubsan_handle_pointer_overflow(void *_data, void *lhs, void *rhs) +{ + struct overflow_data *data = _data; + unsigned long before = (unsigned long)lhs; + unsigned long after = (unsigned long)rhs; + + if (suppress_report(&data->location)) + return; + + ubsan_prologue(&data->location, "pointer-overflow"); + + if (after == 0) + pr_err("overflow wrapped to NULL\n"); + else if (after < before) + pr_err("overflow wrap-around\n"); + else + pr_err("underflow wrap-around\n"); + + ubsan_epilogue(); +} +EXPORT_SYMBOL(__ubsan_handle_pointer_overflow); void __ubsan_handle_divrem_overflow(void *_data, void *lhs, void *rhs) { diff --git a/lib/ubsan.h b/lib/ubsan.h index 0abbbac8700d..5dd27923b78b 100644 --- a/lib/ubsan.h +++ b/lib/ubsan.h @@ -128,6 +128,7 @@ void __ubsan_handle_add_overflow(void *data, void *lhs, void *rhs); void __ubsan_handle_sub_overflow(void *data, void *lhs, void *rhs); void __ubsan_handle_mul_overflow(void *data, void *lhs, void *rhs); void __ubsan_handle_negate_overflow(void *_data, void *old_val); +void __ubsan_handle_pointer_overflow(void *_data, void *lhs, void *rhs); void __ubsan_handle_divrem_overflow(void *_data, void *lhs, void *rhs); void __ubsan_handle_type_mismatch(struct type_mismatch_data *data, void *ptr); void __ubsan_handle_type_mismatch_v1(void *_data, void *ptr); diff --git a/scripts/Makefile.ubsan b/scripts/Makefile.ubsan index 7b2f3d554c59..df4ccf063f67 100644 --- a/scripts/Makefile.ubsan +++ b/scripts/Makefile.ubsan @@ -10,6 +10,7 @@ ubsan-cflags-$(CONFIG_UBSAN_DIV_ZERO) += -fsanitize=integer-divide-by-zero ubsan-cflags-$(CONFIG_UBSAN_UNREACHABLE) += -fsanitize=unreachable ubsan-cflags-$(CONFIG_UBSAN_SIGNED_WRAP) += -fsanitize=signed-integer-overflow ubsan-cflags-$(CONFIG_UBSAN_UNSIGNED_WRAP) += -fsanitize=unsigned-integer-overflow +ubsan-cflags-$(CONFIG_UBSAN_POINTER_WRAP) += -fsanitize=pointer-overflow ubsan-cflags-$(CONFIG_UBSAN_BOOL) += -fsanitize=bool ubsan-cflags-$(CONFIG_UBSAN_ENUM) += -fsanitize=enum ubsan-cflags-$(CONFIG_UBSAN_TRAP) += $(call cc-option,-fsanitize-trap=undefined,-fsanitize-undefined-trap-on-error) From patchwork Fri Feb 2 10:16:37 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 195776 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7301:9bc1:b0:106:209c:c626 with SMTP id op1csp329221dyc; Fri, 2 Feb 2024 02:20:04 -0800 (PST) X-Google-Smtp-Source: AGHT+IFgIwn0/8Y27Czu/kvFiqc0PBgJq5dcwYgddOQYHtk/S/PiN3wIKGTxURI6Dxlxcs/6YdwJ X-Received: by 2002:a17:906:3bd1:b0:a36:4cc3:1138 with SMTP id v17-20020a1709063bd100b00a364cc31138mr4408191ejf.75.1706869204374; Fri, 02 Feb 2024 02:20:04 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1706869204; cv=pass; d=google.com; s=arc-20160816; b=ji0Qmvfm9G5aqONFI8iVI7PTPJUfbeMaOxWmxZphwy0zNNClaDinWppyiJA6CLUdmT PG+AO0FCvYbOY83zGs4CgcpbqssVpaPp0mTG52VP4bJs+er5DEvLBulgWDc0AmqT6OxW PAa3OFAaM+NyINk26GknpsHJjyVZZ8sJrwk79p6CU4pHRGYy3KuQwdHd6ux6Zg+0aO67 fBuowESHKHxeO1dCQT2MJ1FprhUjpa8zf4sz2db1qhdYyqgCla6/ot8kvyQNyPzea0ud csxIYcAkEe63a4ciNWvUprZJ1w7AkEV12LipZg1rvMcxG7IeE7M8h18rvSt3eh6FMbb/ BstA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=MZoPcgm2ExbWiklFnpgC7jG0zZ989QvpgVdI0GYP0N0=; fh=dcKk3ss2TOCVjvW7ugDa8xw4lKv/CQqpr69YxGSsUAU=; b=Zc/qFi1+YL9TBx/97cfwqn0yZve3qu5MA6o7BCturPdNvaWmiD4Z7bHip/AFEBy69w Far4w+pH7fv+kj1EbxA961HUkuz2Z31g18C9bUWtNLGDRdGz6s6JorG3WeaYUO/O9uko Q+WSsVbJG2y+8uox6RSB3zYQ5ta0dqMqQdqZhYOkBj9JhXGB1YCaPMl1M3uLPNAQ1Z4a EHvB6qh2oS3JG/T1gyNL679FCz/qVGZUk+YQZYipPfxxuuPdXBx6nfNdjvXrGytYxowq t0FE97lZ68b18f4RSEF4p5Ti29Am5owL4SlefvGFp0GYG84pzqnpSBV7TTem76Umfvki cMBw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=AWEoLNam; arc=pass (i=1 spf=pass spfdomain=chromium.org dkim=pass dkdomain=chromium.org dmarc=pass fromdomain=chromium.org); spf=pass (google.com: domain of linux-kernel+bounces-49661-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-49661-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org X-Forwarded-Encrypted: i=1; AJvYcCXC9irbnzkZmrZMRnx0qstUZs0Ja7DX0udO1HtOUzfU7vbGDmodqRoS5DluOTm/6vnVAj0kwn2UiUL8v2YPSyqtOWD6fg== Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id y3-20020a170906558300b00a3670d3e1dasi678602ejp.166.2024.02.02.02.20.04 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 02 Feb 2024 02:20:04 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-49661-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=AWEoLNam; arc=pass (i=1 spf=pass spfdomain=chromium.org dkim=pass dkdomain=chromium.org dmarc=pass fromdomain=chromium.org); spf=pass (google.com: domain of linux-kernel+bounces-49661-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-49661-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id CD6EB1F2763F for ; Fri, 2 Feb 2024 10:20:03 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 2C3B780BEA; Fri, 2 Feb 2024 10:16:57 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="AWEoLNam" Received: from mail-pl1-f179.google.com (mail-pl1-f179.google.com [209.85.214.179]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C3CF77A70F for ; Fri, 2 Feb 2024 10:16:47 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.179 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706869011; cv=none; b=uayDhnGffXtPuLy7L8VI3MXRRknR/2Oe4TUUXmKfbeEihR9Nnn7f3OFi7dwsaG8i6JThdM98TZd5XDaXU1poprO8EKy9ovhFdeQIrtjYNl/fK9hsE3dDS4mNtPDdDkau++tTykTcIXsqsezlkv0LNCRJM6SC/s8NSeONglFuU1s= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706869011; c=relaxed/simple; bh=ChqR4pwLOMRrvI2mwMAhvrmBk7bFBrYJU+84/NDgMjc=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=PbIKz/YQ89jblR3bHCv1n9lIFLEIA9jEQ+N0hM/fzWUPE/nJQKwS47P7j6fE+cW++qaNlYq9oYTXQEAeGRYNw5Obs8tf/s9XEX2LAg4zlSCmU96FOLn6V/6tCbuBgs5VRmgUulkeyC+yoJSMGxjC0kg3kmPaQCO9SnSj5eMvayM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org; spf=pass smtp.mailfrom=chromium.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b=AWEoLNam; arc=none smtp.client-ip=209.85.214.179 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=chromium.org Received: by mail-pl1-f179.google.com with SMTP id d9443c01a7336-1d780a392fdso16102625ad.3 for ; Fri, 02 Feb 2024 02:16:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1706869006; x=1707473806; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=MZoPcgm2ExbWiklFnpgC7jG0zZ989QvpgVdI0GYP0N0=; b=AWEoLNamHVOEhjRQA4YUhhy0Lz+hUkM/DOfssa1dOzcVR2fjw9kX6J6+8U3C7IzLnT l0y01pcgR9eNIKvkdkMQNamoKRtFiPYDtvz06KinRc/lCHUs/tDIy6DkY6MaLdnTaOaw m7MfTFkOMfPsAJtViKfegOoFEWyCa8Hn8pHOU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706869006; x=1707473806; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=MZoPcgm2ExbWiklFnpgC7jG0zZ989QvpgVdI0GYP0N0=; b=nnRU5xU6OL+qB7oFton+WyodRkuwPEZ+9lJ3FkmaJOmh4Xr2XHdAqYZDS6OQmNTFr/ AmyPDV1Qd+tIsm2sO7lj1hxEIyx2YaJc0GeS+36rNwGDWpQaTRYZqs1h5/v3b3uH04c8 GttrV0Z1IJcLs1qvd6uZGZyH/31C3+X7j8sHqHeipN7liJwWGHLPQT1A2e5KFLUwic32 YEbvCX2MUMxr1WG0ii3smWU9tWvQRpp71Qz9s9QG94XjF9z193sckc8z7/WkRLlQlNJX YOmdcfcfjI+M+pHziPOC4ZG6CXkjptjEuMtAQtwBkzZnuCV9tnuJ4TLyOez0WxNrZLjW esmg== X-Gm-Message-State: AOJu0YxnD35nrb7rgDDz2Mv1qoqKBs43/lBpWcxYsr177/1ARaHdcjl6 TCbbwjkbiOpErGxRieI7ZigyoFBseQa4D0/e/gG8wwYPRw+Dkn+/MnFD2jMIww== X-Received: by 2002:a17:903:11cc:b0:1d9:4c1c:1982 with SMTP id q12-20020a17090311cc00b001d94c1c1982mr5628058plh.50.1706869006293; Fri, 02 Feb 2024 02:16:46 -0800 (PST) X-Forwarded-Encrypted: i=0; AJvYcCXOeMEwTCrwVTk9AQndfLYbmDNRylcw0o2ibKbDnMznrN7x11BigeKNplTpQlrOOpph7WEjjuxpE37XcuRQfl/0SHfol6HMQr+MqIRtGDONtHO6dAl1jMs/Tl6W9r24YET09T7hCL/DO0FDFGjcrC72rvm4mB/vmqOvh1vxDsJyuLRWvJWw3/w4z5rtvEuZRPkMbGoipZgtg8rcJ41sXsdo3angUjuj0G8ec7QYPFYuwWy+m68cyEe81OcaIe8sLbj/3O4jmRH3AzegBGuGr90yL+ibNtmBIeC/OVpGpHJm2gVK0NWlmoly6bhTYXr6L9BOCB0Kg0OH0RhAQsjB8f7xNDxL3As4UhLZ0YCWsC0g+VHBc9hDuym9JMTH9yaR/XOKFsvfd43CsTc7PwSMu3sdUPXjMz+pCj9jczZeX5BQcIdGiFX5YT8STUPN3jjkdQkl2FR2og8L8USVcSWVqrGvoZz86uYU6tZqLZFUyIvexgzNZUgHwgBhfGx3SWl2sTnvtJiFkQqwa+BsspRXuZQwFGIPxhj3qP6TvyotG6foKdxoC+FcQSYbhRLIL6CX/nulbU7pIr8Ch9Utkr2d3zpj+PXBtF8WdCCWg1Y= Received: from www.outflux.net ([198.0.35.241]) by smtp.gmail.com with ESMTPSA id ks14-20020a170903084e00b001d963d963aasm1247928plb.308.2024.02.02.02.16.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 02 Feb 2024 02:16:42 -0800 (PST) From: Kees Cook To: linux-hardening@vger.kernel.org Cc: Kees Cook , Andrey Konovalov , Marco Elver , linux-doc@vger.kernel.org, linux-kbuild@vger.kernel.org, Fangrui Song , Justin Stitt , Nathan Chancellor , Masahiro Yamada , Nicolas Schier , Bill Wendling , Jonathan Corbet , x86@kernel.org, linux-kernel@vger.kernel.org, llvm@lists.linux.dev, netdev@vger.kernel.org, linux-crypto@vger.kernel.org, kasan-dev@googlegroups.com, linux-acpi@vger.kernel.org Subject: [PATCH v2 4/6] ubsan: Remove CONFIG_UBSAN_SANITIZE_ALL Date: Fri, 2 Feb 2024 02:16:37 -0800 Message-Id: <20240202101642.156588-4-keescook@chromium.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240202101311.it.893-kees@kernel.org> References: <20240202101311.it.893-kees@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=7713; i=keescook@chromium.org; h=from:subject; bh=ChqR4pwLOMRrvI2mwMAhvrmBk7bFBrYJU+84/NDgMjc=; b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBlvMEHFqznRoc47f8x3QBqsx9X6BtCiDiZKmRIR 0EaK8ZbstmJAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCZbzBBwAKCRCJcvTf3G3A JongD/4vXj5YeywVHimPvNTkjtoy7sRY1cQ7zCQ+0Hictm2B0DGz5Xk+fYxqkuRfc151mQ9m4RW hP/Nu0vNsr27XyXjaTp9nQ6ahzuF10bljtgK2IkLDZcNMmOIIyYoeEiQP77LDx8eSdT8g4BAsMh RWVq9uL+azlAB7GshQN1aC48YvnG3+ilmBoUryzPZq44ElHQ3imdRFx0QIB9uvCOHalfj0OEFzm LFFkPuCcG03ZQliO3kdl1J1rKlnJ2NScx4Rv6golBOfRozWCYjp1R5BTLDAotn+wLbFOshsHTir VSRCVP+LlRDHI0x7gdG8KFNrj8lcD4TLoTjz7pAlDq1AYVyQ1d2Nrob2lnKfNA8uzLgs8SoP8yo YkCJj1Gt9TvyIZZKqnqd6JgPANTPlc/uyAdyafJYYew8mAa2ts04DSpqWxna1uiTLUj3PCd8u5k RO2KY6Z2qcIsyanyIH3xHV5ivXuf1VL6vd2O568ewYuMOrPgrY0dGATL9aKYAHsVDlr0Y1iWh60 WzYRH7kF4CJmKRh3Jmz19lehP4zo61sK83NIUBMxauh91KIEpurKTn9z8sRc82twKvcKOPv2IRD DMVj718hh+eiK507UGiwiIBqJY8/lm3ljxl+5UzgkmZhmTAPeq4I1i056gYcFjcE4J5ij4SVemG geww1McF0NisgJA== X-Developer-Key: i=keescook@chromium.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1789782082793971297 X-GMAIL-MSGID: 1789782082793971297 For simplicity in splitting out UBSan options into separate rules, remove CONFIG_UBSAN_SANITIZE_ALL, effectively defaulting to "y", which is how it is generally used anyway. (There are no ":= y" cases beyond where a specific file is enabled when a top-level ":= n" is in effect.) Cc: Andrey Konovalov Cc: Marco Elver Cc: linux-doc@vger.kernel.org Cc: linux-kbuild@vger.kernel.org Signed-off-by: Kees Cook --- Documentation/dev-tools/ubsan.rst | 28 ++++++++-------------------- arch/arm/Kconfig | 2 +- arch/arm64/Kconfig | 2 +- arch/mips/Kconfig | 2 +- arch/parisc/Kconfig | 2 +- arch/powerpc/Kconfig | 2 +- arch/riscv/Kconfig | 2 +- arch/s390/Kconfig | 2 +- arch/x86/Kconfig | 2 +- lib/Kconfig.ubsan | 13 +------------ scripts/Makefile.lib | 2 +- 11 files changed, 18 insertions(+), 41 deletions(-) diff --git a/Documentation/dev-tools/ubsan.rst b/Documentation/dev-tools/ubsan.rst index 2de7c63415da..e3591f8e9d5b 100644 --- a/Documentation/dev-tools/ubsan.rst +++ b/Documentation/dev-tools/ubsan.rst @@ -49,34 +49,22 @@ Report example Usage ----- -To enable UBSAN configure kernel with:: +To enable UBSAN, configure the kernel with:: - CONFIG_UBSAN=y + CONFIG_UBSAN=y -and to check the entire kernel:: - - CONFIG_UBSAN_SANITIZE_ALL=y - -To enable instrumentation for specific files or directories, add a line -similar to the following to the respective kernel Makefile: - -- For a single file (e.g. main.o):: - - UBSAN_SANITIZE_main.o := y - -- For all files in one directory:: - - UBSAN_SANITIZE := y - -To exclude files from being instrumented even if -``CONFIG_UBSAN_SANITIZE_ALL=y``, use:: +To exclude files from being instrumented use:: UBSAN_SANITIZE_main.o := n -and:: +and to exclude all targets in one directory use:: UBSAN_SANITIZE := n +When disabled for all targets, specific files can be enabled using:: + + UBSAN_SANITIZE_main.o := y + Detection of unaligned accesses controlled through the separate option - CONFIG_UBSAN_ALIGNMENT. It's off by default on architectures that support unaligned accesses (CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS=y). One could diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig index 0af6709570d1..287e62522064 100644 --- a/arch/arm/Kconfig +++ b/arch/arm/Kconfig @@ -29,7 +29,7 @@ config ARM select ARCH_HAVE_NMI_SAFE_CMPXCHG if CPU_V7 || CPU_V7M || CPU_V6K select ARCH_HAS_GCOV_PROFILE_ALL select ARCH_KEEP_MEMBLOCK - select ARCH_HAS_UBSAN_SANITIZE_ALL + select ARCH_HAS_UBSAN select ARCH_MIGHT_HAVE_PC_PARPORT select ARCH_OPTIONAL_KERNEL_RWX if ARCH_HAS_STRICT_KERNEL_RWX select ARCH_OPTIONAL_KERNEL_RWX_DEFAULT if CPU_V7 diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index aa7c1d435139..78533d1b7f35 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -107,7 +107,7 @@ config ARM64 select ARCH_WANT_LD_ORPHAN_WARN select ARCH_WANTS_NO_INSTR select ARCH_WANTS_THP_SWAP if ARM64_4K_PAGES - select ARCH_HAS_UBSAN_SANITIZE_ALL + select ARCH_HAS_UBSAN select ARM_AMBA select ARM_ARCH_TIMER select ARM_GIC diff --git a/arch/mips/Kconfig b/arch/mips/Kconfig index 797ae590ebdb..9750ce3e40d5 100644 --- a/arch/mips/Kconfig +++ b/arch/mips/Kconfig @@ -14,7 +14,7 @@ config MIPS select ARCH_HAS_STRNCPY_FROM_USER select ARCH_HAS_STRNLEN_USER select ARCH_HAS_TICK_BROADCAST if GENERIC_CLOCKEVENTS_BROADCAST - select ARCH_HAS_UBSAN_SANITIZE_ALL + select ARCH_HAS_UBSAN select ARCH_HAS_GCOV_PROFILE_ALL select ARCH_KEEP_MEMBLOCK select ARCH_USE_BUILTIN_BSWAP diff --git a/arch/parisc/Kconfig b/arch/parisc/Kconfig index d14ccc948a29..dbc9027ea2f4 100644 --- a/arch/parisc/Kconfig +++ b/arch/parisc/Kconfig @@ -12,7 +12,7 @@ config PARISC select ARCH_HAS_ELF_RANDOMIZE select ARCH_HAS_STRICT_KERNEL_RWX select ARCH_HAS_STRICT_MODULE_RWX - select ARCH_HAS_UBSAN_SANITIZE_ALL + select ARCH_HAS_UBSAN select ARCH_HAS_PTE_SPECIAL select ARCH_NO_SG_CHAIN select ARCH_SUPPORTS_HUGETLBFS if PA20 diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig index b9fc064d38d2..2065973e09d2 100644 --- a/arch/powerpc/Kconfig +++ b/arch/powerpc/Kconfig @@ -154,7 +154,7 @@ config PPC select ARCH_HAS_SYSCALL_WRAPPER if !SPU_BASE && !COMPAT select ARCH_HAS_TICK_BROADCAST if GENERIC_CLOCKEVENTS_BROADCAST select ARCH_HAS_UACCESS_FLUSHCACHE - select ARCH_HAS_UBSAN_SANITIZE_ALL + select ARCH_HAS_UBSAN select ARCH_HAVE_NMI_SAFE_CMPXCHG select ARCH_KEEP_MEMBLOCK select ARCH_MHP_MEMMAP_ON_MEMORY_ENABLE if PPC_RADIX_MMU diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig index bffbd869a068..d824d113a02d 100644 --- a/arch/riscv/Kconfig +++ b/arch/riscv/Kconfig @@ -37,7 +37,7 @@ config RISCV select ARCH_HAS_STRICT_MODULE_RWX if MMU && !XIP_KERNEL select ARCH_HAS_SYSCALL_WRAPPER select ARCH_HAS_TICK_BROADCAST if GENERIC_CLOCKEVENTS_BROADCAST - select ARCH_HAS_UBSAN_SANITIZE_ALL + select ARCH_HAS_UBSAN select ARCH_HAS_VDSO_DATA select ARCH_KEEP_MEMBLOCK if ACPI select ARCH_OPTIONAL_KERNEL_RWX if ARCH_HAS_STRICT_KERNEL_RWX diff --git a/arch/s390/Kconfig b/arch/s390/Kconfig index fe565f3a3a91..97dd25521617 100644 --- a/arch/s390/Kconfig +++ b/arch/s390/Kconfig @@ -82,7 +82,7 @@ config S390 select ARCH_HAS_STRICT_KERNEL_RWX select ARCH_HAS_STRICT_MODULE_RWX select ARCH_HAS_SYSCALL_WRAPPER - select ARCH_HAS_UBSAN_SANITIZE_ALL + select ARCH_HAS_UBSAN select ARCH_HAS_VDSO_DATA select ARCH_HAVE_NMI_SAFE_CMPXCHG select ARCH_INLINE_READ_LOCK diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 5edec175b9bf..1c4c326a3640 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -100,7 +100,7 @@ config X86 select ARCH_HAS_STRICT_MODULE_RWX select ARCH_HAS_SYNC_CORE_BEFORE_USERMODE select ARCH_HAS_SYSCALL_WRAPPER - select ARCH_HAS_UBSAN_SANITIZE_ALL + select ARCH_HAS_UBSAN select ARCH_HAS_DEBUG_WX select ARCH_HAS_ZONE_DMA_SET if EXPERT select ARCH_HAVE_NMI_SAFE_CMPXCHG diff --git a/lib/Kconfig.ubsan b/lib/Kconfig.ubsan index 04222a6d7fd9..0611120036eb 100644 --- a/lib/Kconfig.ubsan +++ b/lib/Kconfig.ubsan @@ -1,5 +1,5 @@ # SPDX-License-Identifier: GPL-2.0-only -config ARCH_HAS_UBSAN_SANITIZE_ALL +config ARCH_HAS_UBSAN bool menuconfig UBSAN @@ -169,17 +169,6 @@ config UBSAN_ALIGNMENT Enabling this option on architectures that support unaligned accesses may produce a lot of false positives. -config UBSAN_SANITIZE_ALL - bool "Enable instrumentation for the entire kernel" - depends on ARCH_HAS_UBSAN_SANITIZE_ALL - default y - help - This option activates instrumentation for the entire kernel. - If you don't enable this option, you have to explicitly specify - UBSAN_SANITIZE := y for the files/directories you want to check for UB. - Enabling this option will get kernel image size increased - significantly. - config TEST_UBSAN tristate "Module for testing for undefined behavior detection" depends on m diff --git a/scripts/Makefile.lib b/scripts/Makefile.lib index cd5b181060f1..52efc520ae4f 100644 --- a/scripts/Makefile.lib +++ b/scripts/Makefile.lib @@ -175,7 +175,7 @@ endif ifeq ($(CONFIG_UBSAN),y) _c_flags += $(if $(patsubst n%,, \ - $(UBSAN_SANITIZE_$(basetarget).o)$(UBSAN_SANITIZE)$(CONFIG_UBSAN_SANITIZE_ALL)), \ + $(UBSAN_SANITIZE_$(basetarget).o)$(UBSAN_SANITIZE)y), \ $(CFLAGS_UBSAN)) endif From patchwork Fri Feb 2 10:16:38 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 195792 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7301:9bc1:b0:106:209c:c626 with SMTP id op1csp339393dyc; Fri, 2 Feb 2024 02:45:52 -0800 (PST) X-Google-Smtp-Source: AGHT+IHLWmcwk5RZMUBMp5qXubn0r4E182+7iHHTzaP6J91NC4TDoMwwyXxVyphExTd2eIVNO3Qj X-Received: by 2002:a05:6871:3a1f:b0:219:18ea:562 with SMTP id pu31-20020a0568713a1f00b0021918ea0562mr1306564oac.35.1706870752606; Fri, 02 Feb 2024 02:45:52 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1706870752; cv=pass; d=google.com; s=arc-20160816; b=TCCAQfWGZ3Vh/wADV4GegUbNj6BVXUCl+xnQ2/MG4u04L9w+6yuuYFfBtB10cFrteK gPE7b0sk4TeQtiRjCA0mDAlHpxbh7CbmN2ccs3vyAbn0tEmfegUZGmhQfrBd2xp0CZgD Bf+JJ/3K57V36hz8OI+BVMQQiQ1qeg3shfWAJ5P2iSzRWoEMZB6DgfoF/tQHoQK6MERE Kwe+iR2qWIP3rvQNcYYWq2DoKtRqsUPvqMcHzr2ubZRYngtTIGKhvG9+lBaLQ1rWJEMK Xk2e1qKOIcIgk28DVuOVmLxNKh0FHdph00JJxZISneAWUFxrnnRBk9GIFz6Hbg5cb3SY Ef8Q== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=q2i1VCkuXMuVXp4gDavRJYrrSt5NKbgy/NVoBDThh0M=; fh=qGHcNV1zHdsWuOnDUVHypq4u1AwximzpkLOv1qPr7ic=; b=ZMBOUcl8gNkSFd0dPskmH1w6BHk7ExYM0uOCHDVyki8uyWvHsnHkZANRWy8iHE6be4 LwmOjpgmZd6k9J4QBd450yb/EaP9pBEyc0GbkNs91UiEvXHzfiKZnluuyqc3EYfkkEug Nz53GingjOBBQiYFhZVp4iKBOLM9juorHIw7q1VZoiNUFUUaPRum2myFZTzSoYUdTcu5 8N/WQjt50JM9bdYofqhHIe1h0Jtxg54H2DKo/P0yn1mbGZnC3c6AdnPsick43btezFWQ w3SHDnVlA1luuA7RZGQhFK6oVIaG24vQt7DL0L/j70MvwW8PPIa2fPMziccW8e6DoV/e oxRw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=DToJVy9J; arc=pass (i=1 spf=pass spfdomain=chromium.org dkim=pass dkdomain=chromium.org dmarc=pass fromdomain=chromium.org); spf=pass (google.com: domain of linux-kernel+bounces-49663-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-49663-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org X-Forwarded-Encrypted: i=1; AJvYcCVb5ps1klQ3I7QTt6yQ3sb8v+vLYPLxR18xk1xbQ55ez4XlG9DQjdo1SJBFJR6lzOKPBGi5PttRVpnuQHSc1OP103ThXA== Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [147.75.48.161]) by mx.google.com with ESMTPS id o19-20020a63fb13000000b005cee039f233si1395884pgh.425.2024.02.02.02.45.52 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 02 Feb 2024 02:45:52 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-49663-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) client-ip=147.75.48.161; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=DToJVy9J; arc=pass (i=1 spf=pass spfdomain=chromium.org dkim=pass dkdomain=chromium.org dmarc=pass fromdomain=chromium.org); spf=pass (google.com: domain of linux-kernel+bounces-49663-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-49663-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id 3DF61B2CA3D for ; Fri, 2 Feb 2024 10:19:59 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id DB79F80BE1; Fri, 2 Feb 2024 10:16:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="DToJVy9J" Received: from mail-pf1-f175.google.com (mail-pf1-f175.google.com [209.85.210.175]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BA6A97D414 for ; Fri, 2 Feb 2024 10:16:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.175 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706869013; cv=none; b=SBHyJFALdSHKr0Blc8uqqLvj9UMX+n5ymp5/dwHvVlj/tluhBSJNb9HtigD5uVykVt7aPflmtFRvllPZdS27CQRxKBDREV6gR93uozGYmVQRef0L6I233OMOSIg8MnCuIqrAWS019Cu8PsPMiVTip4Nsx6cAGk2iHpxyy6+pOec= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706869013; c=relaxed/simple; bh=jK+D77ByRXO1IX7WwU8qUvR5ixL79v+nVqcsnlmg2d4=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=YyDpE0YvSZXzrWkUKe67XM/MQcRC6JsxGIUaPa16aeEsD02RyBw+h85vWbhxmoHe1l1MnycQVWnBU1ibLwSAalEMkbGIaLL07mRs2mLCsMIwh34/MO5++ZlzDLYVs58LYB9X2jostsYetojwYB1GVT9DSFUCMz9qTHPjZzWK2WI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org; spf=pass smtp.mailfrom=chromium.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b=DToJVy9J; arc=none smtp.client-ip=209.85.210.175 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=chromium.org Received: by mail-pf1-f175.google.com with SMTP id d2e1a72fcca58-6de2f8d6fb9so1451897b3a.1 for ; Fri, 02 Feb 2024 02:16:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1706869008; x=1707473808; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=q2i1VCkuXMuVXp4gDavRJYrrSt5NKbgy/NVoBDThh0M=; b=DToJVy9JYCtrCC96zDO/XFXd+2XZ7vTOU/D22H0eUEQMVwUUigSuiBgNsV8c3L4Ala FOKeN895NiWPA2MU80K+f480mpVj+oTP7IZVTCftaG7ZLVAFBcfr94HfgeJbI3c2XgvS TVMtupYT4BU2zas5pSLm2W7+LbZPw3eWq2+uA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706869008; x=1707473808; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=q2i1VCkuXMuVXp4gDavRJYrrSt5NKbgy/NVoBDThh0M=; b=bw7OkDpoU1l5S2789/EorfHW3Hvyjh4w/QPLguOKRud0mDtpR6w98uyB6TTmG28/ow Vl/Xb+6La+xsLWBBaxoQY5eUjF5QNKuAoA9px9Izbas1h8WnqhSuohrSbt0NUMkEaxhY hl9QDNzvmTZMDD21KhYerBRQ5ZLRXWN5HFfd0xvaHoeMjxUG7e2VdRyMb9bIdG3rVciH xVOLytgm5B3Cq+L3wF4YzpM02swZQ8f5kYMYz2oqf9up3+fTSMO/UrPF49IL4OdcVJUD 4NdfzZq/650Zi+w0KABeJnjksgKuKNMH1LMTlZNiIKCQ1+lY3gS1bbeBNn3bDseR42PR rFcw== X-Gm-Message-State: AOJu0YzMrDS/RMGUPH3VGjczXo0onem6dtwtKw2goNMVaO4vfYU8cuDd 0MXbUYTknN1kTb/bDUamDMgYpE+PJSIFvovSccRLkBJmRe9qE3bw2MTcKYD72g== X-Received: by 2002:aa7:91ce:0:b0:6dd:dc11:8dc2 with SMTP id z14-20020aa791ce000000b006dddc118dc2mr4100538pfa.31.1706869007910; Fri, 02 Feb 2024 02:16:47 -0800 (PST) X-Forwarded-Encrypted: i=0; AJvYcCUDF/5dB62m/sOjIqROZhnkW89FEkANVVRCSsiN/ECr+FkD/dgzhBxf+QOf9Bopcsha5T9PxAHFUDi3QZWoMBiC/pX77aRBJUfzZxheSKG9/0eOmFQCqXOQUzCEEdEhwbSw+zKV6uLqk3vdhPxP14K3DR9aELUUi6rQjbiBopkV4FYXxJEH8tuRgBjiPdjsYHIdSCXFLFdm8bItwabPBnLxcyhozafogQgFWE2oKxWm/bO97nDtoIdk8pJSEn5H5shYVIMLAw2Lo7psd/ru+eRDTxXxyJZOBMzd6eFuhmLEXFYJqFip7UWZt8IX9IKmnLy+s5GgNwfO6ixvMFckrJfpN2sTdxxiaHdMZQ5chuVmbyIVB9Ymkq/owWzUq9AvlOlI/lP7F7ONWYRCRYAIsGLehIvhVXP2kFvJhdDcOLxCq4KAXZxmu7WmJNDbW/lHEuHnhzHdgW80lkvnNGxDxduqiHvIWrq8VdIx+zae64TdojhtWt74NvdU/jiAutJBSj9XfXrzslGQ6hcf8iwp29Gp32w3/ZWL4bRSviEJaJ2boN/RxgS9W5wsHGvgWF4Iipq46c2DXvwUxpJyDHgV6lYB/RAQa4TRCTYLE0E= Received: from www.outflux.net ([198.0.35.241]) by smtp.gmail.com with ESMTPSA id e13-20020aa7824d000000b006dff3ca9e26sm1239888pfn.102.2024.02.02.02.16.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 02 Feb 2024 02:16:46 -0800 (PST) From: Kees Cook To: linux-hardening@vger.kernel.org Cc: Kees Cook , Masahiro Yamada , Nathan Chancellor , Nicolas Schier , linux-kbuild@vger.kernel.org, Fangrui Song , Justin Stitt , Bill Wendling , Marco Elver , Andrey Konovalov , Jonathan Corbet , x86@kernel.org, linux-kernel@vger.kernel.org, llvm@lists.linux.dev, linux-doc@vger.kernel.org, netdev@vger.kernel.org, linux-crypto@vger.kernel.org, kasan-dev@googlegroups.com, linux-acpi@vger.kernel.org Subject: [PATCH v2 5/6] ubsan: Split wrapping sanitizer Makefile rules Date: Fri, 2 Feb 2024 02:16:38 -0800 Message-Id: <20240202101642.156588-5-keescook@chromium.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240202101311.it.893-kees@kernel.org> References: <20240202101311.it.893-kees@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=2922; i=keescook@chromium.org; h=from:subject; bh=jK+D77ByRXO1IX7WwU8qUvR5ixL79v+nVqcsnlmg2d4=; b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBlvMEHcstMJILdukRJsh4gmujuHAUYtz++GFAVQ hi5nayK60OJAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCZbzBBwAKCRCJcvTf3G3A JowaEACziZiRMYcrf/X9h0kVApciR6BUA2ipAJztgKdBqXSmqSmN+Y6Mb6YdFdkhaeZXUGVuYtt 6JibThi3e5zQSYGkwCG90aHZ/eoDTqApfT1HU538snWRN2mcmXHdCpXmZdVluThECFpOcYvyZyQ tWw6/AN9BsGeXsis0CO4wEdlk/n6BjoiRyi4g9X6IpD1Y4q0nJI+Cq2BlzpIBWdL2jOZ5JpQ9Nk DpgnFT3xUV/0Povx7yOkoC+ZEGCAOzJUfZ99G0kBxs0H3FwS90IH6U4hXYyN+ZANHRI/O4bsRjH VYaBIzURtbJdVzaK5UDpLoKaY+J8NtdBQWfldHf2YABl0wzsJjAL9Q3Fbg0Oom40WoNUVwa8QNF oL86NjJxmkhWR+j6NMy25VPdYgu9UHUWjB8VQ8+1kk0QZZbJioYe8aWYCyGbbq8KIwGKbaQ8f7R /GldqBleFNBG5HmKyGW4pfxBBInKcQb+SkFoavF5uzC3W+0U7f0xfPP3uJ/J6UTPAMORvuVoW8v XBgHMkiZm1kHFRDBB4HVC/ABM5/Hu3zHQOhOd3rMX5vJFZHEHWcjxC5viK/WZ/20O60lfOi7M5M hHYncOQDEHnVl92cC50LrnbUP29vgrq7u5RwdpAjzX2Wy1u8NGYLAIeGVG9B5QeiKKJtK1q1QGU tbcygIg9nEmuM8w== X-Developer-Key: i=keescook@chromium.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1789783706052453528 X-GMAIL-MSGID: 1789783706052453528 To allow for fine-grained control of where the wrapping sanitizers can be disabled, split them from the main UBSAN CFLAGS into their own set of rules. Cc: Masahiro Yamada Cc: Nathan Chancellor Cc: Nicolas Schier Cc: linux-kbuild@vger.kernel.org Signed-off-by: Kees Cook --- scripts/Makefile.lib | 9 +++++++++ scripts/Makefile.ubsan | 12 +++++++++--- 2 files changed, 18 insertions(+), 3 deletions(-) diff --git a/scripts/Makefile.lib b/scripts/Makefile.lib index 52efc520ae4f..5ce4f4e0bc61 100644 --- a/scripts/Makefile.lib +++ b/scripts/Makefile.lib @@ -177,6 +177,15 @@ ifeq ($(CONFIG_UBSAN),y) _c_flags += $(if $(patsubst n%,, \ $(UBSAN_SANITIZE_$(basetarget).o)$(UBSAN_SANITIZE)y), \ $(CFLAGS_UBSAN)) +_c_flags += $(if $(patsubst n%,, \ + $(UBSAN_WRAP_SIGNED_$(basetarget).o)$(UBSAN_SANITIZE_$(basetarget).o)$(UBSAN_WRAP_SIGNED)$(UBSAN_SANITIZE)y), \ + $(CFLAGS_UBSAN_WRAP_SIGNED)) +_c_flags += $(if $(patsubst n%,, \ + $(UBSAN_WRAP_UNSIGNED_$(basetarget).o)$(UBSAN_SANITIZE_$(basetarget).o)$(UBSAN_WRAP_UNSIGNED)$(UBSAN_SANITIZE)y), \ + $(CFLAGS_UBSAN_WRAP_UNSIGNED)) +_c_flags += $(if $(patsubst n%,, \ + $(UBSAN_WRAP_POINTER_$(basetarget).o)$(UBSAN_SANITIZE_$(basetarget).o)$(UBSAN_WRAP_POINTER)$(UBSAN_SANITIZE)y), \ + $(CFLAGS_UBSAN_WRAP_POINTER)) endif ifeq ($(CONFIG_KCOV),y) diff --git a/scripts/Makefile.ubsan b/scripts/Makefile.ubsan index df4ccf063f67..6b1e65583d6f 100644 --- a/scripts/Makefile.ubsan +++ b/scripts/Makefile.ubsan @@ -8,11 +8,17 @@ ubsan-cflags-$(CONFIG_UBSAN_LOCAL_BOUNDS) += -fsanitize=local-bounds ubsan-cflags-$(CONFIG_UBSAN_SHIFT) += -fsanitize=shift ubsan-cflags-$(CONFIG_UBSAN_DIV_ZERO) += -fsanitize=integer-divide-by-zero ubsan-cflags-$(CONFIG_UBSAN_UNREACHABLE) += -fsanitize=unreachable -ubsan-cflags-$(CONFIG_UBSAN_SIGNED_WRAP) += -fsanitize=signed-integer-overflow -ubsan-cflags-$(CONFIG_UBSAN_UNSIGNED_WRAP) += -fsanitize=unsigned-integer-overflow -ubsan-cflags-$(CONFIG_UBSAN_POINTER_WRAP) += -fsanitize=pointer-overflow ubsan-cflags-$(CONFIG_UBSAN_BOOL) += -fsanitize=bool ubsan-cflags-$(CONFIG_UBSAN_ENUM) += -fsanitize=enum ubsan-cflags-$(CONFIG_UBSAN_TRAP) += $(call cc-option,-fsanitize-trap=undefined,-fsanitize-undefined-trap-on-error) export CFLAGS_UBSAN := $(ubsan-cflags-y) + +ubsan-wrap-signed-cflags-$(CONFIG_UBSAN_SIGNED_WRAP) += -fsanitize=signed-integer-overflow +export CFLAGS_UBSAN_WRAP_SIGNED := $(ubsan-wrap-signed-cflags-y) + +ubsan-wrap-unsigned-cflags-$(CONFIG_UBSAN_UNSIGNED_WRAP) += -fsanitize=unsigned-integer-overflow +export CFLAGS_UBSAN_WRAP_UNSIGNED := $(ubsan-wrap-unsigned-cflags-y) + +ubsan-wrap-pointer-cflags-$(CONFIG_UBSAN_POINTER_WRAP) += -fsanitize=pointer-overflow +export CFLAGS_UBSAN_WRAP_POINTER := $(ubsan-wrap-pointer-cflags-y) From patchwork Fri Feb 2 10:16:39 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 195777 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7301:9bc1:b0:106:209c:c626 with SMTP id op1csp329289dyc; Fri, 2 Feb 2024 02:20:10 -0800 (PST) X-Google-Smtp-Source: AGHT+IGmDs3xEEniHoPWCj4ICV6Hz7LGfhk4W4uEjU8DOKnGYN2h0iqJ1JLmNpt0ksBWk7G6p1+P X-Received: by 2002:a9d:664d:0:b0:6e1:3bb2:c027 with SMTP id q13-20020a9d664d000000b006e13bb2c027mr8179872otm.10.1706869210686; Fri, 02 Feb 2024 02:20:10 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1706869210; cv=pass; d=google.com; s=arc-20160816; b=W7TS2RlpXLm81UTW7ZN3f7NwyNbXPmYMYJyEp4GfDb5goKHH2+MTahiqO3tiFRTgIg x6HVmnMxOiyoKZ89fv5EF/UNV1LRkf9TYHG/IEEPvQugvd4AKaAE/qgliEifZ8tOU9D5 tqm86M2ohiNaSvicFUyI2s9uR8x6R7purEXQKvLdNWHRHiDNGSrd+oyyDCi3zUmhrT3J 1DQ8GHCD5nwFaU+Cc1hykJkHI62KkM496T9eARtaFd6UDRVz0cOqmMZCB6Ek2qBsxRCj 2c3ILayr0X+1uodmbGs32akyCqsrgHfUm90nvkqrAMuwD9uliJHR/SMYOeIxjdC7MVJb lo2A== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=9lpkhLqd7OEtlpbaedS5vxnqsFfxpeZmJYnh9HQNf48=; fh=jDYCUsNGuKEJsCB3IXBJPdTvgQUK4HdE7kA9lUwNOaE=; b=AkfSs/JpQN5osAPZQXjyxfhjVYc82Wyxmoae6vq/soPCC2888VwDkhk9f3+sue46zn FFmxeu1rzeAiinGXGZegYPJgRWVG+O/SoQzltscWkACIck4VVDxQcdbSWOaUHALvK0Al sVrR8l5HvYoIqe/eWCNAlt79rrvSTyMGpkddbaTc/DnhJJK4iw07SktiM9AwtZeRSp0A P2LveAwXKlqitcb0mnpBk5HMKQGl/6PdkgS0a/wh1LUWWF2fiNJdhu/7TYpwUaILwhpg N3SfeWvFxMuK07LIZRpOdrn6Zc8e6NYLlh88T3MQUUXM9szBQqbwinvMAz/KcKXOYaVL 3gmw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b="djL/8cFR"; arc=pass (i=1 spf=pass spfdomain=chromium.org dkim=pass dkdomain=chromium.org dmarc=pass fromdomain=chromium.org); spf=pass (google.com: domain of linux-kernel+bounces-49662-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-49662-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org X-Forwarded-Encrypted: i=1; AJvYcCUtuB9XDt2YzrLNt7dstncRGvhKxmXKx2VK4zkAFxQ+TWfc8jdIISmL9JLxrOn3ocO2MhQ8W2m64GgH05flwXB6dF7lpg== Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id e24-20020a631e18000000b005cf64c90ecbsi1330788pge.215.2024.02.02.02.20.10 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 02 Feb 2024 02:20:10 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-49662-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b="djL/8cFR"; arc=pass (i=1 spf=pass spfdomain=chromium.org dkim=pass dkdomain=chromium.org dmarc=pass fromdomain=chromium.org); spf=pass (google.com: domain of linux-kernel+bounces-49662-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-49662-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 6B585281AB5 for ; Fri, 2 Feb 2024 10:20:10 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 124B0811F1; Fri, 2 Feb 2024 10:16:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="djL/8cFR" Received: from mail-pl1-f177.google.com (mail-pl1-f177.google.com [209.85.214.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E90747E56A for ; Fri, 2 Feb 2024 10:16:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.177 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706869012; cv=none; b=P6tHVWzfGO4Y/1iz9PxT+yTxLUjjne3uq8/hDXh7y0dep/yjLR48oRJ5daiKnXWas+oBUONtIVNtlXWuhhC+SpwaDeaBDfrPFdr1TWO1TPLpJWwxJFX5bU4qkZvKHTIdSI52YLiYRLs0JwiezKQJZjb3xEfTA5Fhw2RzHK5OKG8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706869012; c=relaxed/simple; bh=TzLGN/wZFrYl4sz0T0jyTqFgT2Lvj1xSfjBLlzj7afo=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=qT/kYlp2EolWzW6dtg1yGnKhouM8xHV46slrNwtGGRL4jhOwrnHrL5wjvet2gr+jebuQChW3CI9E9rjrdYymjLrDlSSp81nwFdqXL9fuhZnEpfVKfUIs96BL5ICoMBcd/0eOl2s8hYxCpgkPUD7s8Xsdoo7sFbKUUlvnN7DDzVk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org; spf=pass smtp.mailfrom=chromium.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b=djL/8cFR; arc=none smtp.client-ip=209.85.214.177 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=chromium.org Received: by mail-pl1-f177.google.com with SMTP id d9443c01a7336-1d93ddd76adso14813215ad.2 for ; Fri, 02 Feb 2024 02:16:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1706869007; x=1707473807; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=9lpkhLqd7OEtlpbaedS5vxnqsFfxpeZmJYnh9HQNf48=; b=djL/8cFRC9zO6rWMD2YznvUp1nDRYdrcTU583ltjz/WTBfo0jbZDSDpUl351SckjO6 qVr56IyBW0bYbRyCv1fiUfSYAkDs9m6wEAn88jx6cGrkKCXe/9tIsnQuT1FYgZQM6/9S f7uVssqshwnJGRyl3alz+AxL3qeLYgCF0H7D0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706869007; x=1707473807; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=9lpkhLqd7OEtlpbaedS5vxnqsFfxpeZmJYnh9HQNf48=; b=JcldJ2LRWkHnhUGenOpavT07RhfUhvoGqC22Q9WPQPGJQshW1xPVesHyq5FkZvgN5S 8pi+3+zZe0U+Q7OPAvr8S44HZO06DwPuQCE1jYQRBl4RSelb8QYuqO04sutDl3l7/9v0 4dTjLYGyiJJmz95XAaKL6ui1F99k/J/WKL2K8E9k3qyXUaeJUWE4M6+NdYI0qFQSUygr f8yuWihfPKXXTeTntH7nuyZs3MmOX/dsHHbji4/ynOvNA79owqN5ypGlyglSm4RjJsad ds1xkAIMI6LAYHlv6zT4LP/DPITryFSCxoSrjkiW9ak0Hnuyfo5mDsGm8JxZCkgLUoTA NjGQ== X-Gm-Message-State: AOJu0Yys1zIJ1/q+msxG4shozTkU5jHKCT3F2WByh9V5DP2IpoBg18ZZ bCBzcPlbIx6D/YTuF8Ui0syCBIkarNUkFjRolVuCEwyzE81uyhoXNdU2n48BNA== X-Received: by 2002:a17:902:ec8f:b0:1d9:7ebe:431f with SMTP id x15-20020a170902ec8f00b001d97ebe431fmr75634plg.25.1706869007422; Fri, 02 Feb 2024 02:16:47 -0800 (PST) X-Forwarded-Encrypted: i=0; AJvYcCXs4G8MUacPDVffkkW3YIupLvo7fOKngXgP+Sk6+29gQMVKJs08J0+3IxTwtNEEkiZ8eGAIttWEaHeXH6T6+fNfWQ+QDHgR8QFndX1YkdshPqcHnC8ZhMEw8Y205GGD/hXZeKG9lZA4KiQhE6/y0ZGb14IngWwfwvlekaGRRjUjWt0j5zMxr8icCHSkAzObwyJrh/jcvniTLARTNzCtWdffpO6cA+p9dquKTDehLQT1ImPrwzjg6dOQIOgvEOrnwmSgHcXAhPPG9s3ww8WwNDHHhWbYEbihBm1UxI5VGCz8gxJG/LPhjIEbOa50AtDgdzpicwFKl+d/veprf2CxavchMKcf1ZFpZMPnpeQdl7uabrqw/JibLaG0sc11Qk3+f1aw2VTEFjODk3/Auveeqk+wydW8nC0nhD/Yf0OmhO3pWVWzu8PP4+241P4he/xwQLRUGB3XgKIMTvlu1GPBSADeZq15+ug6D0fQt+Rd9xziIqyoAcned2NH8sAF9kIoBbad4ycXB8VLaDO4+Flm53lBdv1eUkmjzOR9OnaWoBqBFI5sNi2Q0JvocsOdwnb+1cJGO+I34RT7e4Uv35WZCcQjH4km59aPOS+QQP0= Received: from www.outflux.net ([198.0.35.241]) by smtp.gmail.com with ESMTPSA id 4-20020a170902e9c400b001d94e6a7685sm1242824plk.234.2024.02.02.02.16.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 02 Feb 2024 02:16:46 -0800 (PST) From: Kees Cook To: linux-hardening@vger.kernel.org Cc: Kees Cook , x86@kernel.org, netdev@vger.kernel.org, linux-crypto@vger.kernel.org, Fangrui Song , Justin Stitt , Nathan Chancellor , Masahiro Yamada , Nicolas Schier , Bill Wendling , Marco Elver , Andrey Konovalov , Jonathan Corbet , linux-kernel@vger.kernel.org, linux-kbuild@vger.kernel.org, llvm@lists.linux.dev, linux-doc@vger.kernel.org, kasan-dev@googlegroups.com, linux-acpi@vger.kernel.org Subject: [PATCH v2 6/6] ubsan: Get x86_64 booting with unsigned wrap-around sanitizer Date: Fri, 2 Feb 2024 02:16:39 -0800 Message-Id: <20240202101642.156588-6-keescook@chromium.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240202101311.it.893-kees@kernel.org> References: <20240202101311.it.893-kees@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=9025; i=keescook@chromium.org; h=from:subject; bh=TzLGN/wZFrYl4sz0T0jyTqFgT2Lvj1xSfjBLlzj7afo=; b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBlvMEHyPK5ViviPn9azIBFUIYrlBFvd0kw+bqbP wVlizzw8PGJAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCZbzBBwAKCRCJcvTf3G3A Jj10EACxZp8csm9ZCk+xJiU3zMmobNiVh75p7eiqjwSp/+F5YknBmFn1AlM7gImi5vPAMhF+uJK S7tEGvBu0z8HJAYyprAsz8MTPA3XkwZaBvDh9ooyUaCGG4dQYhzZEamHqjAeDnajhy5ZftZymg1 B+ufjH0oJ0ni6WwN8v+6NA2qQLUNSrjnKtiribhsUUvNU+RIbBsci8ifkfB+R/+u+pEbCf6P88A 7+XDsZKTZQdFahZfTiTeUE/SXyL4N3tj6bSoRpsihC/55AJZVXSoatefKR16VpdBCKZKwTNweW6 S0vj+nz1PDLZHYxiOQVF9JH1HUjMv4EXIi6sJ1rayPbtQpTapfFyPHsS/42+1og+ZkbBjhrPtgx V22ba3CXArD1r3+innlUCwo1gznduzvlxVifjuGsBnPTOKM9JeBPNWu75tm1vMoR65PHo4qxOG+ O/tg1yEg6gja2mNPYPKJXZUW2S29A0iPG+8XuUSExGdu9BudGeVw18IasDUmfthZyPLWNROQGpN 9JyUUkTnApR92NAMUzHLj3ne7upYSQJ31Ab+MogRw6at1STgZvaWFIE5e5a/XQYbuNQmITc7hVq 6o5PuItNU7vlLrYD2InHp+9VTFqpLrw3s1toSBj+qbAQByyz+QyYIdE324S1o0WW6EeKf4cuLVm DqWvp1fbl88HqTQ== X-Developer-Key: i=keescook@chromium.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1789782089861338313 X-GMAIL-MSGID: 1789782089861338313 In order to get x86_64 booting at all with the unsigned wrap-around sanitizer, instrumentation needs to be disabled entirely for several kernel areas that depend heavily on unsigned wrap-around. As we fine-tune the sanitizer, we can revisit these and perform finer grain annotations. The boot is still extremely noisy, but gets us to a common point where we can continue experimenting with the sanitizer. Cc: x86@kernel.org Cc: netdev@vger.kernel.org Cc: linux-crypto@vger.kernel.org Signed-off-by: Kees Cook --- arch/x86/kernel/Makefile | 1 + arch/x86/kernel/apic/Makefile | 1 + arch/x86/mm/Makefile | 1 + arch/x86/mm/pat/Makefile | 1 + crypto/Makefile | 1 + drivers/acpi/Makefile | 1 + kernel/Makefile | 1 + kernel/locking/Makefile | 1 + kernel/rcu/Makefile | 1 + kernel/sched/Makefile | 1 + lib/Kconfig.ubsan | 5 +++-- lib/Makefile | 1 + lib/crypto/Makefile | 1 + lib/crypto/mpi/Makefile | 1 + lib/zlib_deflate/Makefile | 1 + lib/zstd/Makefile | 2 ++ mm/Makefile | 1 + net/core/Makefile | 1 + net/ipv4/Makefile | 1 + 19 files changed, 22 insertions(+), 2 deletions(-) diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile index 0000325ab98f..de93f8b8a149 100644 --- a/arch/x86/kernel/Makefile +++ b/arch/x86/kernel/Makefile @@ -30,6 +30,7 @@ KASAN_SANITIZE_sev.o := n # With some compiler versions the generated code results in boot hangs, caused # by several compilation units. To be safe, disable all instrumentation. +UBSAN_WRAP_UNSIGNED := n KCSAN_SANITIZE := n KMSAN_SANITIZE_head$(BITS).o := n KMSAN_SANITIZE_nmi.o := n diff --git a/arch/x86/kernel/apic/Makefile b/arch/x86/kernel/apic/Makefile index 3bf0487cf3b7..aa97b5830b64 100644 --- a/arch/x86/kernel/apic/Makefile +++ b/arch/x86/kernel/apic/Makefile @@ -6,6 +6,7 @@ # Leads to non-deterministic coverage that is not a function of syscall inputs. # In particular, smp_apic_timer_interrupt() is called in random places. KCOV_INSTRUMENT := n +UBSAN_WRAP_UNSIGNED := n obj-$(CONFIG_X86_LOCAL_APIC) += apic.o apic_common.o apic_noop.o ipi.o vector.o init.o obj-y += hw_nmi.o diff --git a/arch/x86/mm/Makefile b/arch/x86/mm/Makefile index c80febc44cd2..7a43466d4581 100644 --- a/arch/x86/mm/Makefile +++ b/arch/x86/mm/Makefile @@ -1,5 +1,6 @@ # SPDX-License-Identifier: GPL-2.0 # Kernel does not boot with instrumentation of tlb.c and mem_encrypt*.c +UBSAN_WRAP_UNSIGNED := n KCOV_INSTRUMENT_tlb.o := n KCOV_INSTRUMENT_mem_encrypt.o := n KCOV_INSTRUMENT_mem_encrypt_amd.o := n diff --git a/arch/x86/mm/pat/Makefile b/arch/x86/mm/pat/Makefile index ea464c995161..281a5786c5ea 100644 --- a/arch/x86/mm/pat/Makefile +++ b/arch/x86/mm/pat/Makefile @@ -1,4 +1,5 @@ # SPDX-License-Identifier: GPL-2.0 +UBSAN_WRAP_UNSIGNED := n obj-y := set_memory.o memtype.o diff --git a/crypto/Makefile b/crypto/Makefile index 408f0a1f9ab9..c7b23d99e715 100644 --- a/crypto/Makefile +++ b/crypto/Makefile @@ -2,6 +2,7 @@ # # Cryptographic API # +UBSAN_WRAP_UNSIGNED := n obj-$(CONFIG_CRYPTO) += crypto.o crypto-y := api.o cipher.o compress.o diff --git a/drivers/acpi/Makefile b/drivers/acpi/Makefile index 12ef8180d272..92a8e8563b1b 100644 --- a/drivers/acpi/Makefile +++ b/drivers/acpi/Makefile @@ -2,6 +2,7 @@ # # Makefile for the Linux ACPI interpreter # +UBSAN_WRAP_UNSIGNED := n ccflags-$(CONFIG_ACPI_DEBUG) += -DACPI_DEBUG_OUTPUT diff --git a/kernel/Makefile b/kernel/Makefile index ce105a5558fc..1b31aa19b4fb 100644 --- a/kernel/Makefile +++ b/kernel/Makefile @@ -2,6 +2,7 @@ # # Makefile for the linux kernel. # +UBSAN_WRAP_UNSIGNED := n obj-y = fork.o exec_domain.o panic.o \ cpu.o exit.o softirq.o resource.o \ diff --git a/kernel/locking/Makefile b/kernel/locking/Makefile index 0db4093d17b8..dd6492509596 100644 --- a/kernel/locking/Makefile +++ b/kernel/locking/Makefile @@ -2,6 +2,7 @@ # Any varying coverage in these files is non-deterministic # and is generally not a function of system call inputs. KCOV_INSTRUMENT := n +UBSAN_WRAP_UNSIGNED := n obj-y += mutex.o semaphore.o rwsem.o percpu-rwsem.o diff --git a/kernel/rcu/Makefile b/kernel/rcu/Makefile index 0cfb009a99b9..305c13042633 100644 --- a/kernel/rcu/Makefile +++ b/kernel/rcu/Makefile @@ -2,6 +2,7 @@ # Any varying coverage in these files is non-deterministic # and is generally not a function of system call inputs. KCOV_INSTRUMENT := n +UBSAN_WRAP_UNSIGNED := n ifeq ($(CONFIG_KCSAN),y) KBUILD_CFLAGS += -g -fno-omit-frame-pointer diff --git a/kernel/sched/Makefile b/kernel/sched/Makefile index 976092b7bd45..e487b0e86c2e 100644 --- a/kernel/sched/Makefile +++ b/kernel/sched/Makefile @@ -7,6 +7,7 @@ ccflags-y += $(call cc-disable-warning, unused-but-set-variable) # These files are disabled because they produce non-interesting flaky coverage # that is not a function of syscall inputs. E.g. involuntary context switches. KCOV_INSTRUMENT := n +UBSAN_WRAP_UNSIGNED := n # Disable KCSAN to avoid excessive noise and performance degradation. To avoid # false positives ensure barriers implied by sched functions are instrumented. diff --git a/lib/Kconfig.ubsan b/lib/Kconfig.ubsan index 0611120036eb..54981e717355 100644 --- a/lib/Kconfig.ubsan +++ b/lib/Kconfig.ubsan @@ -132,8 +132,9 @@ config UBSAN_UNSIGNED_WRAP depends on !COMPILE_TEST help This option enables -fsanitize=unsigned-integer-overflow which checks - for wrap-around of any arithmetic operations with unsigned integers. This - currently causes x86 to fail to boot. + for wrap-around of any arithmetic operations with unsigned integers. + Given the history of C and the many common code patterns involving + unsigned wrap-around, this is a very noisy option right now. config UBSAN_POINTER_WRAP bool "Perform checking for pointer arithmetic wrap-around" diff --git a/lib/Makefile b/lib/Makefile index bc36a5c167db..f68385b69247 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -2,6 +2,7 @@ # # Makefile for some libs needed in the kernel. # +UBSAN_WRAP_UNSIGNED := n ccflags-remove-$(CONFIG_FUNCTION_TRACER) += $(CC_FLAGS_FTRACE) diff --git a/lib/crypto/Makefile b/lib/crypto/Makefile index 8d1446c2be71..fce88a337a53 100644 --- a/lib/crypto/Makefile +++ b/lib/crypto/Makefile @@ -1,4 +1,5 @@ # SPDX-License-Identifier: GPL-2.0 +UBSAN_WRAP_UNSIGNED := n obj-$(CONFIG_CRYPTO_LIB_UTILS) += libcryptoutils.o libcryptoutils-y := memneq.o utils.o diff --git a/lib/crypto/mpi/Makefile b/lib/crypto/mpi/Makefile index 6e6ef9a34fe1..ce95653915b1 100644 --- a/lib/crypto/mpi/Makefile +++ b/lib/crypto/mpi/Makefile @@ -2,6 +2,7 @@ # # MPI multiprecision maths library (from gpg) # +UBSAN_WRAP_UNSIGNED := n obj-$(CONFIG_MPILIB) = mpi.o diff --git a/lib/zlib_deflate/Makefile b/lib/zlib_deflate/Makefile index 2622e03c0b94..5d71690554bb 100644 --- a/lib/zlib_deflate/Makefile +++ b/lib/zlib_deflate/Makefile @@ -6,6 +6,7 @@ # This is the compression code, see zlib_inflate for the # decompression code. # +UBSAN_WRAP_UNSIGNED := n obj-$(CONFIG_ZLIB_DEFLATE) += zlib_deflate.o diff --git a/lib/zstd/Makefile b/lib/zstd/Makefile index 20f08c644b71..7a187cb08c1f 100644 --- a/lib/zstd/Makefile +++ b/lib/zstd/Makefile @@ -8,6 +8,8 @@ # in the COPYING file in the root directory of this source tree). # You may select, at your option, one of the above-listed licenses. # ################################################################ +UBSAN_WRAP_UNSIGNED := n + obj-$(CONFIG_ZSTD_COMPRESS) += zstd_compress.o obj-$(CONFIG_ZSTD_DECOMPRESS) += zstd_decompress.o obj-$(CONFIG_ZSTD_COMMON) += zstd_common.o diff --git a/mm/Makefile b/mm/Makefile index e4b5b75aaec9..cacbdd1a2d40 100644 --- a/mm/Makefile +++ b/mm/Makefile @@ -2,6 +2,7 @@ # # Makefile for the linux memory manager. # +UBSAN_WRAP_UNSIGNED := n KASAN_SANITIZE_slab_common.o := n KASAN_SANITIZE_slub.o := n diff --git a/net/core/Makefile b/net/core/Makefile index 821aec06abf1..501d7300da83 100644 --- a/net/core/Makefile +++ b/net/core/Makefile @@ -2,6 +2,7 @@ # # Makefile for the Linux networking core. # +UBSAN_WRAP_UNSIGNED := n obj-y := sock.o request_sock.o skbuff.o datagram.o stream.o scm.o \ gen_stats.o gen_estimator.o net_namespace.o secure_seq.o \ diff --git a/net/ipv4/Makefile b/net/ipv4/Makefile index ec36d2ec059e..c738d463bb7e 100644 --- a/net/ipv4/Makefile +++ b/net/ipv4/Makefile @@ -2,6 +2,7 @@ # # Makefile for the Linux TCP/IP (INET) layer. # +UBSAN_WRAP_UNSIGNED := n obj-y := route.o inetpeer.o protocol.o \ ip_input.o ip_fragment.o ip_forward.o ip_options.o \