Clang handles 'maybe-uninitialized' better in the face of using UBSAN,
so do not make this universally disabled for UBSAN builds.
Signed-off-by: Kees Cook <[email protected]>
---
lib/Kconfig.ubsan | 6 ++++++
scripts/Makefile.ubsan | 6 +++---
2 files changed, 9 insertions(+), 3 deletions(-)
diff --git a/lib/Kconfig.ubsan b/lib/Kconfig.ubsan
index aeb2cdea0b94..1fc07f936e06 100644
--- a/lib/Kconfig.ubsan
+++ b/lib/Kconfig.ubsan
@@ -36,6 +36,12 @@ config UBSAN_KCOV_BROKEN
See https://bugs.llvm.org/show_bug.cgi?id=45831 for the status
in newer releases.
+config UBSAN_DISABLE_MAYBE_UNINITIALIZED
+ def_bool CC_IS_GCC
+ help
+ -fsanitize=* options makes GCC less smart than usual and
+ increases the number of 'maybe-uninitialized' false-positives.
+
config CC_HAS_UBSAN_BOUNDS
def_bool $(cc-option,-fsanitize=bounds)
diff --git a/scripts/Makefile.ubsan b/scripts/Makefile.ubsan
index 72862da47baf..c5ef6bac09d4 100644
--- a/scripts/Makefile.ubsan
+++ b/scripts/Makefile.ubsan
@@ -1,8 +1,8 @@
# SPDX-License-Identifier: GPL-2.0
-# -fsanitize=* options makes GCC less smart than usual and
-# increases the number of 'maybe-uninitialized' false-positives.
-ubsan-cflags-$(CONFIG_UBSAN) += $(call cc-disable-warning, maybe-uninitialized)
+# The "maybe-uninitialized" warning can be very noisy.
+ubsan-cflags-$(CONFIG_UBSAN_DISABLE_MAYBE_UNINITIALIZED) += \
+ $(call cc-disable-warning, maybe-uninitialized)
# Enable available and selected UBSAN features.
ubsan-cflags-$(CONFIG_UBSAN_ALIGNMENT) += -fsanitize=alignment
--
2.25.1
On Fri, Oct 02, 2020 at 03:15:26PM -0700, Kees Cook wrote:
> Clang handles 'maybe-uninitialized' better in the face of using UBSAN,
> so do not make this universally disabled for UBSAN builds.
>
> Signed-off-by: Kees Cook <[email protected]>
Well this patch is not strictly necessary because Clang does not support
-Wmaybe-uninitialized anyways :) its flags are -Wuninitialized and
-Wsometimes-uninitialized so the warning stays enabled for UBSAN as it
stands.
However, something like this could still worthwhile because it would
save us one call to cc-disable-warning (yay micro optimizations).
Maybe it just does not need to have a whole new symbol, just make it
ubsan-cflags-$(CONFIG_CC_IS_GCC)
instead of
ubsan-cflags-$(CONFIG_UBSAN)
No strong opinions either way though.
> ---
> lib/Kconfig.ubsan | 6 ++++++
> scripts/Makefile.ubsan | 6 +++---
> 2 files changed, 9 insertions(+), 3 deletions(-)
>
> diff --git a/lib/Kconfig.ubsan b/lib/Kconfig.ubsan
> index aeb2cdea0b94..1fc07f936e06 100644
> --- a/lib/Kconfig.ubsan
> +++ b/lib/Kconfig.ubsan
> @@ -36,6 +36,12 @@ config UBSAN_KCOV_BROKEN
> See https://bugs.llvm.org/show_bug.cgi?id=45831 for the status
> in newer releases.
>
> +config UBSAN_DISABLE_MAYBE_UNINITIALIZED
> + def_bool CC_IS_GCC
> + help
> + -fsanitize=* options makes GCC less smart than usual and
> + increases the number of 'maybe-uninitialized' false-positives.
> +
> config CC_HAS_UBSAN_BOUNDS
> def_bool $(cc-option,-fsanitize=bounds)
>
> diff --git a/scripts/Makefile.ubsan b/scripts/Makefile.ubsan
> index 72862da47baf..c5ef6bac09d4 100644
> --- a/scripts/Makefile.ubsan
> +++ b/scripts/Makefile.ubsan
> @@ -1,8 +1,8 @@
> # SPDX-License-Identifier: GPL-2.0
>
> -# -fsanitize=* options makes GCC less smart than usual and
> -# increases the number of 'maybe-uninitialized' false-positives.
> -ubsan-cflags-$(CONFIG_UBSAN) += $(call cc-disable-warning, maybe-uninitialized)
> +# The "maybe-uninitialized" warning can be very noisy.
> +ubsan-cflags-$(CONFIG_UBSAN_DISABLE_MAYBE_UNINITIALIZED) += \
> + $(call cc-disable-warning, maybe-uninitialized)
>
> # Enable available and selected UBSAN features.
> ubsan-cflags-$(CONFIG_UBSAN_ALIGNMENT) += -fsanitize=alignment
> --
> 2.25.1
On Sun, Oct 04, 2020 at 12:16:14AM -0700, Nathan Chancellor wrote:
> On Fri, Oct 02, 2020 at 03:15:26PM -0700, Kees Cook wrote:
> > Clang handles 'maybe-uninitialized' better in the face of using UBSAN,
> > so do not make this universally disabled for UBSAN builds.
> >
> > Signed-off-by: Kees Cook <[email protected]>
>
> Well this patch is not strictly necessary because Clang does not support
> -Wmaybe-uninitialized anyways :) its flags are -Wuninitialized and
> -Wsometimes-uninitialized so the warning stays enabled for UBSAN as it
> stands.
Ah, yes. Heh. Well... perhaps I can just drop this patch.
> However, something like this could still worthwhile because it would
> save us one call to cc-disable-warning (yay micro optimizations).
>
> Maybe it just does not need to have a whole new symbol, just make it
>
> ubsan-cflags-$(CONFIG_CC_IS_GCC)
>
> instead of
>
> ubsan-cflags-$(CONFIG_UBSAN)
If it gets kept, I'd still like it gated on CONFIG_UBSAN in some way
(e.g. the patch has an implicit depends due to the "if UBSAN" section).
But yes, this patch is rather a no-op.
--
Kees Cook