2020-10-02 22:17:06

by Kees Cook

[permalink] [raw]
Subject: [PATCH 3/4] ubsan: Force -Wno-maybe-uninitialized only for GCC

Clang handles 'maybe-uninitialized' better in the face of using UBSAN,
so do not make this universally disabled for UBSAN builds.

Signed-off-by: Kees Cook <[email protected]>
---
lib/Kconfig.ubsan | 6 ++++++
scripts/Makefile.ubsan | 6 +++---
2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/lib/Kconfig.ubsan b/lib/Kconfig.ubsan
index aeb2cdea0b94..1fc07f936e06 100644
--- a/lib/Kconfig.ubsan
+++ b/lib/Kconfig.ubsan
@@ -36,6 +36,12 @@ config UBSAN_KCOV_BROKEN
See https://bugs.llvm.org/show_bug.cgi?id=45831 for the status
in newer releases.

+config UBSAN_DISABLE_MAYBE_UNINITIALIZED
+ def_bool CC_IS_GCC
+ help
+ -fsanitize=* options makes GCC less smart than usual and
+ increases the number of 'maybe-uninitialized' false-positives.
+
config CC_HAS_UBSAN_BOUNDS
def_bool $(cc-option,-fsanitize=bounds)

diff --git a/scripts/Makefile.ubsan b/scripts/Makefile.ubsan
index 72862da47baf..c5ef6bac09d4 100644
--- a/scripts/Makefile.ubsan
+++ b/scripts/Makefile.ubsan
@@ -1,8 +1,8 @@
# SPDX-License-Identifier: GPL-2.0

-# -fsanitize=* options makes GCC less smart than usual and
-# increases the number of 'maybe-uninitialized' false-positives.
-ubsan-cflags-$(CONFIG_UBSAN) += $(call cc-disable-warning, maybe-uninitialized)
+# The "maybe-uninitialized" warning can be very noisy.
+ubsan-cflags-$(CONFIG_UBSAN_DISABLE_MAYBE_UNINITIALIZED) += \
+ $(call cc-disable-warning, maybe-uninitialized)

# Enable available and selected UBSAN features.
ubsan-cflags-$(CONFIG_UBSAN_ALIGNMENT) += -fsanitize=alignment
--
2.25.1


2020-10-04 07:18:14

by Nathan Chancellor

[permalink] [raw]
Subject: Re: [PATCH 3/4] ubsan: Force -Wno-maybe-uninitialized only for GCC

On Fri, Oct 02, 2020 at 03:15:26PM -0700, Kees Cook wrote:
> Clang handles 'maybe-uninitialized' better in the face of using UBSAN,
> so do not make this universally disabled for UBSAN builds.
>
> Signed-off-by: Kees Cook <[email protected]>

Well this patch is not strictly necessary because Clang does not support
-Wmaybe-uninitialized anyways :) its flags are -Wuninitialized and
-Wsometimes-uninitialized so the warning stays enabled for UBSAN as it
stands.

However, something like this could still worthwhile because it would
save us one call to cc-disable-warning (yay micro optimizations).

Maybe it just does not need to have a whole new symbol, just make it

ubsan-cflags-$(CONFIG_CC_IS_GCC)

instead of

ubsan-cflags-$(CONFIG_UBSAN)

No strong opinions either way though.

> ---
> lib/Kconfig.ubsan | 6 ++++++
> scripts/Makefile.ubsan | 6 +++---
> 2 files changed, 9 insertions(+), 3 deletions(-)
>
> diff --git a/lib/Kconfig.ubsan b/lib/Kconfig.ubsan
> index aeb2cdea0b94..1fc07f936e06 100644
> --- a/lib/Kconfig.ubsan
> +++ b/lib/Kconfig.ubsan
> @@ -36,6 +36,12 @@ config UBSAN_KCOV_BROKEN
> See https://bugs.llvm.org/show_bug.cgi?id=45831 for the status
> in newer releases.
>
> +config UBSAN_DISABLE_MAYBE_UNINITIALIZED
> + def_bool CC_IS_GCC
> + help
> + -fsanitize=* options makes GCC less smart than usual and
> + increases the number of 'maybe-uninitialized' false-positives.
> +
> config CC_HAS_UBSAN_BOUNDS
> def_bool $(cc-option,-fsanitize=bounds)
>
> diff --git a/scripts/Makefile.ubsan b/scripts/Makefile.ubsan
> index 72862da47baf..c5ef6bac09d4 100644
> --- a/scripts/Makefile.ubsan
> +++ b/scripts/Makefile.ubsan
> @@ -1,8 +1,8 @@
> # SPDX-License-Identifier: GPL-2.0
>
> -# -fsanitize=* options makes GCC less smart than usual and
> -# increases the number of 'maybe-uninitialized' false-positives.
> -ubsan-cflags-$(CONFIG_UBSAN) += $(call cc-disable-warning, maybe-uninitialized)
> +# The "maybe-uninitialized" warning can be very noisy.
> +ubsan-cflags-$(CONFIG_UBSAN_DISABLE_MAYBE_UNINITIALIZED) += \
> + $(call cc-disable-warning, maybe-uninitialized)
>
> # Enable available and selected UBSAN features.
> ubsan-cflags-$(CONFIG_UBSAN_ALIGNMENT) += -fsanitize=alignment
> --
> 2.25.1

2020-10-06 06:06:09

by Kees Cook

[permalink] [raw]
Subject: Re: [PATCH 3/4] ubsan: Force -Wno-maybe-uninitialized only for GCC

On Sun, Oct 04, 2020 at 12:16:14AM -0700, Nathan Chancellor wrote:
> On Fri, Oct 02, 2020 at 03:15:26PM -0700, Kees Cook wrote:
> > Clang handles 'maybe-uninitialized' better in the face of using UBSAN,
> > so do not make this universally disabled for UBSAN builds.
> >
> > Signed-off-by: Kees Cook <[email protected]>
>
> Well this patch is not strictly necessary because Clang does not support
> -Wmaybe-uninitialized anyways :) its flags are -Wuninitialized and
> -Wsometimes-uninitialized so the warning stays enabled for UBSAN as it
> stands.

Ah, yes. Heh. Well... perhaps I can just drop this patch.

> However, something like this could still worthwhile because it would
> save us one call to cc-disable-warning (yay micro optimizations).
>
> Maybe it just does not need to have a whole new symbol, just make it
>
> ubsan-cflags-$(CONFIG_CC_IS_GCC)
>
> instead of
>
> ubsan-cflags-$(CONFIG_UBSAN)

If it gets kept, I'd still like it gated on CONFIG_UBSAN in some way
(e.g. the patch has an implicit depends due to the "if UBSAN" section).

But yes, this patch is rather a no-op.

--
Kees Cook