2023-07-05 21:59:36

by Jann Horn

[permalink] [raw]
Subject: [PATCH] ubsan: Clarify Kconfig text for CONFIG_UBSAN_TRAP

Make it clearer in the one-line description and the verbose description
text that CONFIG_UBSAN_TRAP as currently implemented involves a tradeoff of
much less helpful oops messages in exchange for a smaller kernel image.
(With the additional effect of turning UBSAN warnings into crashes, which
may or may not be desired.)

Signed-off-by: Jann Horn <[email protected]>
---
lib/Kconfig.ubsan | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/lib/Kconfig.ubsan b/lib/Kconfig.ubsan
index efae7e011956..e4f19ba9a029 100644
--- a/lib/Kconfig.ubsan
+++ b/lib/Kconfig.ubsan
@@ -13,7 +13,7 @@ menuconfig UBSAN
if UBSAN

config UBSAN_TRAP
- bool "On Sanitizer warnings, abort the running kernel code"
+ bool "Abort on Sanitizer warnings (smaller kernel but less verbose)"
depends on !COMPILE_TEST
help
Building kernels with Sanitizer features enabled tends to grow
@@ -26,6 +26,14 @@ config UBSAN_TRAP
the system. For some system builders this is an acceptable
trade-off.

+ CAUTION: Selecting Y will (depending on architecture) cause your
+ kernel to oops with an undefined instruction error with no further
+ details when a UBSAN violation occurs.
+ (arm64 can show some basic information.)
+ This may make it hard to determine whether an oops was caused by
+ UBSAN or to figure out the details of a UBSAN violation.
+ It makes the kernel log output less useful for bug reports.
+
config CC_HAS_UBSAN_BOUNDS_STRICT
def_bool $(cc-option,-fsanitize=bounds-strict)
help

base-commit: d528014517f2b0531862c02865b9d4c908019dc4
--
2.41.0.255.g8b1d071c50-goog



2023-07-05 22:42:32

by Kees Cook

[permalink] [raw]
Subject: Re: [PATCH] ubsan: Clarify Kconfig text for CONFIG_UBSAN_TRAP


On Wed, 05 Jul 2023 23:51:27 +0200, Jann Horn wrote:
> Make it clearer in the one-line description and the verbose description
> text that CONFIG_UBSAN_TRAP as currently implemented involves a tradeoff of
> much less helpful oops messages in exchange for a smaller kernel image.
> (With the additional effect of turning UBSAN warnings into crashes, which
> may or may not be desired.)
>
>
> [...]

Applied with some tweaks to wording, thanks!

[1/1] ubsan: Clarify Kconfig text for CONFIG_UBSAN_TRAP
https://git.kernel.org/kees/c/a2dbac607873

--
Kees Cook