-fsanitize-undefined-trap-on-error has been supported since GCC 5.1 and
Clang 3.2. The minimum supported version of these according to
Documentation/process/changes.rst is 5.1 and 11.0.0 respectively. Drop
this cc-option check.
Signed-off-by: Nick Desaulniers <[email protected]>
---
Masahiro, Kees: get_maintainer.pl leaves much to be desired for this
file. Can one of you please pick this up?
lib/Kconfig.ubsan | 1 -
1 file changed, 1 deletion(-)
diff --git a/lib/Kconfig.ubsan b/lib/Kconfig.ubsan
index fd15230a703b..0e7ad0782399 100644
--- a/lib/Kconfig.ubsan
+++ b/lib/Kconfig.ubsan
@@ -15,7 +15,6 @@ if UBSAN
config UBSAN_TRAP
bool "On Sanitizer warnings, abort the running kernel code"
depends on !COMPILE_TEST
- depends on $(cc-option, -fsanitize-undefined-trap-on-error)
help
Building kernels with Sanitizer features enabled tends to grow
the kernel size by around 5%, due to adding all the debugging
--
2.40.0.577.gac1e443424-goog
On Fri, Apr 07, 2023 at 02:54:06PM -0700, Nick Desaulniers wrote:
> -fsanitize-undefined-trap-on-error has been supported since GCC 5.1 and
> Clang 3.2. The minimum supported version of these according to
> Documentation/process/changes.rst is 5.1 and 11.0.0 respectively. Drop
> this cc-option check.
>
> Signed-off-by: Nick Desaulniers <[email protected]>
Reviewed-by: Nathan Chancellor <[email protected]>
As an aside, we should really consider having some standard format of
comment around cc-option checks so that we can easily remove them when
they become stale...
> ---
> Masahiro, Kees: get_maintainer.pl leaves much to be desired for this
> file. Can one of you please pick this up?
>
> lib/Kconfig.ubsan | 1 -
> 1 file changed, 1 deletion(-)
>
> diff --git a/lib/Kconfig.ubsan b/lib/Kconfig.ubsan
> index fd15230a703b..0e7ad0782399 100644
> --- a/lib/Kconfig.ubsan
> +++ b/lib/Kconfig.ubsan
> @@ -15,7 +15,6 @@ if UBSAN
> config UBSAN_TRAP
> bool "On Sanitizer warnings, abort the running kernel code"
> depends on !COMPILE_TEST
> - depends on $(cc-option, -fsanitize-undefined-trap-on-error)
> help
> Building kernels with Sanitizer features enabled tends to grow
> the kernel size by around 5%, due to adding all the debugging
> --
> 2.40.0.577.gac1e443424-goog
>
On Fri, Apr 7, 2023 at 2:58 PM Nathan Chancellor <[email protected]> wrote:
>
> On Fri, Apr 07, 2023 at 02:54:06PM -0700, Nick Desaulniers wrote:
> > -fsanitize-undefined-trap-on-error has been supported since GCC 5.1 and
> > Clang 3.2. The minimum supported version of these according to
> > Documentation/process/changes.rst is 5.1 and 11.0.0 respectively. Drop
> > this cc-option check.
> >
> > Signed-off-by: Nick Desaulniers <[email protected]>
>
> Reviewed-by: Nathan Chancellor <[email protected]>
>
> As an aside, we should really consider having some standard format of
> comment around cc-option checks so that we can easily remove them when
> they become stale...
>
> > ---
> > Masahiro, Kees: get_maintainer.pl leaves much to be desired for this
> > file. Can one of you please pick this up?
> >
> > lib/Kconfig.ubsan | 1 -
> > 1 file changed, 1 deletion(-)
> >
> > diff --git a/lib/Kconfig.ubsan b/lib/Kconfig.ubsan
> > index fd15230a703b..0e7ad0782399 100644
> > --- a/lib/Kconfig.ubsan
> > +++ b/lib/Kconfig.ubsan
> > @@ -15,7 +15,6 @@ if UBSAN
> > config UBSAN_TRAP
> > bool "On Sanitizer warnings, abort the running kernel code"
> > depends on !COMPILE_TEST
> > - depends on $(cc-option, -fsanitize-undefined-trap-on-error)
> > help
> > Building kernels with Sanitizer features enabled tends to grow
> > the kernel size by around 5%, due to adding all the debugging
> > --
> > 2.40.0.577.gac1e443424-goog
> >
>
-fsanitize-undefined-trap-on-error is a legacy option from 2013 when
-fcatch-undefined-behavior instead of -fsanitize=undefined enabled
UBSan.
On the Clang side, http://reviews.llvm.org/D10464 added
-fsanitize-trap= in June 2015.
It's best to use -fsanitize-trap=undefined and avoid uses of
-fsanitize-undefined-trap-on-error.
--
宋方睿
On Tue, Apr 11, 2023 at 05:12:24PM -0700, Fangrui Song wrote:
> On Fri, Apr 7, 2023 at 2:58 PM Nathan Chancellor <[email protected]> wrote:
> >
> > On Fri, Apr 07, 2023 at 02:54:06PM -0700, Nick Desaulniers wrote:
> > > -fsanitize-undefined-trap-on-error has been supported since GCC 5.1 and
> > > Clang 3.2. The minimum supported version of these according to
> > > Documentation/process/changes.rst is 5.1 and 11.0.0 respectively. Drop
> > > this cc-option check.
> > >
> > > Signed-off-by: Nick Desaulniers <[email protected]>
> >
> > Reviewed-by: Nathan Chancellor <[email protected]>
> >
> > As an aside, we should really consider having some standard format of
> > comment around cc-option checks so that we can easily remove them when
> > they become stale...
> >
> > > ---
> > > Masahiro, Kees: get_maintainer.pl leaves much to be desired for this
> > > file. Can one of you please pick this up?
> > >
> > > lib/Kconfig.ubsan | 1 -
> > > 1 file changed, 1 deletion(-)
> > >
> > > diff --git a/lib/Kconfig.ubsan b/lib/Kconfig.ubsan
> > > index fd15230a703b..0e7ad0782399 100644
> > > --- a/lib/Kconfig.ubsan
> > > +++ b/lib/Kconfig.ubsan
> > > @@ -15,7 +15,6 @@ if UBSAN
> > > config UBSAN_TRAP
> > > bool "On Sanitizer warnings, abort the running kernel code"
> > > depends on !COMPILE_TEST
> > > - depends on $(cc-option, -fsanitize-undefined-trap-on-error)
> > > help
> > > Building kernels with Sanitizer features enabled tends to grow
> > > the kernel size by around 5%, due to adding all the debugging
> > > --
> > > 2.40.0.577.gac1e443424-goog
> > >
> >
>
> -fsanitize-undefined-trap-on-error is a legacy option from 2013 when
> -fcatch-undefined-behavior instead of -fsanitize=undefined enabled
> UBSan.
> On the Clang side, http://reviews.llvm.org/D10464 added
> -fsanitize-trap= in June 2015.
> It's best to use -fsanitize-trap=undefined and avoid uses of
> -fsanitize-undefined-trap-on-error.
But that's Clang-only. -fsanitize-undefined-trap-on-error works for both
GCC and Clang.
--
Kees Cook
On Wed, Apr 12, 2023 at 8:12 AM Kees Cook <[email protected]> wrote:
>
> On Tue, Apr 11, 2023 at 05:12:24PM -0700, Fangrui Song wrote:
> > On Fri, Apr 7, 2023 at 2:58 PM Nathan Chancellor <[email protected]> wrote:
> > >
> > > On Fri, Apr 07, 2023 at 02:54:06PM -0700, Nick Desaulniers wrote:
> > > > -fsanitize-undefined-trap-on-error has been supported since GCC 5.1 and
> > > > Clang 3.2. The minimum supported version of these according to
> > > > Documentation/process/changes.rst is 5.1 and 11.0.0 respectively. Drop
> > > > this cc-option check.
> > > >
> > > > Signed-off-by: Nick Desaulniers <[email protected]>
> > >
> > > Reviewed-by: Nathan Chancellor <[email protected]>
> > >
> > > As an aside, we should really consider having some standard format of
> > > comment around cc-option checks so that we can easily remove them when
> > > they become stale...
> > >
> > > > ---
> > > > Masahiro, Kees: get_maintainer.pl leaves much to be desired for this
> > > > file. Can one of you please pick this up?
> > > >
> > > > lib/Kconfig.ubsan | 1 -
> > > > 1 file changed, 1 deletion(-)
> > > >
> > > > diff --git a/lib/Kconfig.ubsan b/lib/Kconfig.ubsan
> > > > index fd15230a703b..0e7ad0782399 100644
> > > > --- a/lib/Kconfig.ubsan
> > > > +++ b/lib/Kconfig.ubsan
> > > > @@ -15,7 +15,6 @@ if UBSAN
> > > > config UBSAN_TRAP
> > > > bool "On Sanitizer warnings, abort the running kernel code"
> > > > depends on !COMPILE_TEST
> > > > - depends on $(cc-option, -fsanitize-undefined-trap-on-error)
> > > > help
> > > > Building kernels with Sanitizer features enabled tends to grow
> > > > the kernel size by around 5%, due to adding all the debugging
> > > > --
> > > > 2.40.0.577.gac1e443424-goog
> > > >
> > >
> >
> > -fsanitize-undefined-trap-on-error is a legacy option from 2013 when
> > -fcatch-undefined-behavior instead of -fsanitize=undefined enabled
> > UBSan.
> > On the Clang side, http://reviews.llvm.org/D10464 added
> > -fsanitize-trap= in June 2015.
> > It's best to use -fsanitize-trap=undefined and avoid uses of
> > -fsanitize-undefined-trap-on-error.
>
> But that's Clang-only. -fsanitize-undefined-trap-on-error works for both
> GCC and Clang.
>
> --
> Kees Cook
Just filed a -fsanitize-trap= feature request for GCC:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109489 :)
https://reviews.llvm.org/D10464 (2015) does mention the state of the
legacy option:
// https://clang.llvm.org/docs/UsersManual.html#cmdoption-fsanitize-undefined-trap-on-error
-fsanitize-undefined-trap-on-error
Deprecated alias for -fsanitize-trap=undefined.
--
宋方睿
On Wed, Apr 12, 2023 at 11:13 AM Fangrui Song <[email protected]> wrote:
>
> On Wed, Apr 12, 2023 at 8:12 AM Kees Cook <[email protected]> wrote:
> >
> > On Tue, Apr 11, 2023 at 05:12:24PM -0700, Fangrui Song wrote:
> > > On Fri, Apr 7, 2023 at 2:58 PM Nathan Chancellor <[email protected]> wrote:
> > > >
> > > > On Fri, Apr 07, 2023 at 02:54:06PM -0700, Nick Desaulniers wrote:
> > > > > -fsanitize-undefined-trap-on-error has been supported since GCC 5.1 and
> > > > > Clang 3.2. The minimum supported version of these according to
> > > > > Documentation/process/changes.rst is 5.1 and 11.0.0 respectively. Drop
> > > > > this cc-option check.
> > > > >
> > > > > Signed-off-by: Nick Desaulniers <[email protected]>
> > > >
> > > > Reviewed-by: Nathan Chancellor <[email protected]>
> > > >
> > > > As an aside, we should really consider having some standard format of
> > > > comment around cc-option checks so that we can easily remove them when
> > > > they become stale...
> > > >
> > > > > ---
> > > > > Masahiro, Kees: get_maintainer.pl leaves much to be desired for this
> > > > > file. Can one of you please pick this up?
> > > > >
> > > > > lib/Kconfig.ubsan | 1 -
> > > > > 1 file changed, 1 deletion(-)
> > > > >
> > > > > diff --git a/lib/Kconfig.ubsan b/lib/Kconfig.ubsan
> > > > > index fd15230a703b..0e7ad0782399 100644
> > > > > --- a/lib/Kconfig.ubsan
> > > > > +++ b/lib/Kconfig.ubsan
> > > > > @@ -15,7 +15,6 @@ if UBSAN
> > > > > config UBSAN_TRAP
> > > > > bool "On Sanitizer warnings, abort the running kernel code"
> > > > > depends on !COMPILE_TEST
> > > > > - depends on $(cc-option, -fsanitize-undefined-trap-on-error)
> > > > > help
> > > > > Building kernels with Sanitizer features enabled tends to grow
> > > > > the kernel size by around 5%, due to adding all the debugging
> > > > > --
> > > > > 2.40.0.577.gac1e443424-goog
> > > > >
> > > >
> > >
> > > -fsanitize-undefined-trap-on-error is a legacy option from 2013 when
> > > -fcatch-undefined-behavior instead of -fsanitize=undefined enabled
> > > UBSan.
> > > On the Clang side, http://reviews.llvm.org/D10464 added
> > > -fsanitize-trap= in June 2015.
> > > It's best to use -fsanitize-trap=undefined and avoid uses of
> > > -fsanitize-undefined-trap-on-error.
> >
> > But that's Clang-only. -fsanitize-undefined-trap-on-error works for both
> > GCC and Clang.
> >
> > --
> > Kees Cook
>
> Just filed a -fsanitize-trap= feature request for GCC:
> https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109489 :)
>
> https://reviews.llvm.org/D10464 (2015) does mention the state of the
> legacy option:
>
> // https://clang.llvm.org/docs/UsersManual.html#cmdoption-fsanitize-undefined-trap-on-error
> -fsanitize-undefined-trap-on-error
> Deprecated alias for -fsanitize-trap=undefined.
Circling back. it seems that GCC 13 will have
-fsanitize-trap=undefined (a commit from 2022-06).
The current https://gcc.gnu.org/onlinedocs/gcc/Instrumentation-Options.html
says "The -fsanitize-undefined-trap-on-error option is deprecated
equivalent of -fsanitize-trap=all."
We need to discourage further uses of the deprecated
-fsanitize-undefined-trap-on-error.
On Wed, May 17, 2023 at 12:09:35PM -0700, Fangrui Song wrote:
> On Wed, May 17, 2023 at 12:08 PM Fangrui Song <[email protected]> wrote:
> >
> > On Wed, May 17, 2023 at 12:02 PM Kees Cook <[email protected]> wrote:
> > >
> > > On Fri, 7 Apr 2023 14:54:06 -0700, Nick Desaulniers wrote:
> > > > -fsanitize-undefined-trap-on-error has been supported since GCC 5.1 and
> > > > Clang 3.2. The minimum supported version of these according to
> > > > Documentation/process/changes.rst is 5.1 and 11.0.0 respectively. Drop
> > > > this cc-option check.
> > > >
> > > >
> > >
> > > Applied to for-next/hardening, thanks!
> > >
> > > [1/1] ubsan: remove cc-option test for UBSAN_TRAP
> > > https://git.kernel.org/kees/c/08e4044243a6
> > >
> > > --
> > > Kees Cook
> > >
> > >
> >
> > For this -fsanitize-undefined-trap-on-error, I think we need a v2 patch that
> > tries -fsanitize-trap=all as well.
>
> Correction: -fsanitize-trap=undefined
>
> > -fsanitize-undefined-trap-on-error has been deprecated in Clang for 8
> > years, and at some point we will remove the option.
> >
> > GCC implements -fsanitize-trap=all later, but
> > -fsanitize-undefined-trap-on-error is documented as deprecated as
> > well.
Right now all the compilers support the old way, and I'd rather remove a
cc-option call than add two. :)
--
Kees Cook
On Wed, May 17, 2023 at 12:02 PM Kees Cook <[email protected]> wrote:
>
> On Fri, 7 Apr 2023 14:54:06 -0700, Nick Desaulniers wrote:
> > -fsanitize-undefined-trap-on-error has been supported since GCC 5.1 and
> > Clang 3.2. The minimum supported version of these according to
> > Documentation/process/changes.rst is 5.1 and 11.0.0 respectively. Drop
> > this cc-option check.
> >
> >
>
> Applied to for-next/hardening, thanks!
>
> [1/1] ubsan: remove cc-option test for UBSAN_TRAP
> https://git.kernel.org/kees/c/08e4044243a6
>
> --
> Kees Cook
>
>
For this -fsanitize-undefined-trap-on-error, I think we need a v2 patch that
tries -fsanitize-trap=all as well.
-fsanitize-undefined-trap-on-error has been deprecated in Clang for 8
years, and at some point we will remove the option.
GCC implements -fsanitize-trap=all later, but
-fsanitize-undefined-trap-on-error is documented as deprecated as
well.
--
宋方睿
On Wed, May 17, 2023 at 12:08 PM Fangrui Song <[email protected]> wrote:
>
> On Wed, May 17, 2023 at 12:02 PM Kees Cook <[email protected]> wrote:
> >
> > On Fri, 7 Apr 2023 14:54:06 -0700, Nick Desaulniers wrote:
> > > -fsanitize-undefined-trap-on-error has been supported since GCC 5.1 and
> > > Clang 3.2. The minimum supported version of these according to
> > > Documentation/process/changes.rst is 5.1 and 11.0.0 respectively. Drop
> > > this cc-option check.
> > >
> > >
> >
> > Applied to for-next/hardening, thanks!
> >
> > [1/1] ubsan: remove cc-option test for UBSAN_TRAP
> > https://git.kernel.org/kees/c/08e4044243a6
> >
> > --
> > Kees Cook
> >
> >
>
> For this -fsanitize-undefined-trap-on-error, I think we need a v2 patch that
> tries -fsanitize-trap=all as well.
Correction: -fsanitize-trap=undefined
> -fsanitize-undefined-trap-on-error has been deprecated in Clang for 8
> years, and at some point we will remove the option.
>
> GCC implements -fsanitize-trap=all later, but
> -fsanitize-undefined-trap-on-error is documented as deprecated as
> well.
On Fri, 7 Apr 2023 14:54:06 -0700, Nick Desaulniers wrote:
> -fsanitize-undefined-trap-on-error has been supported since GCC 5.1 and
> Clang 3.2. The minimum supported version of these according to
> Documentation/process/changes.rst is 5.1 and 11.0.0 respectively. Drop
> this cc-option check.
>
>
Applied to for-next/hardening, thanks!
[1/1] ubsan: remove cc-option test for UBSAN_TRAP
https://git.kernel.org/kees/c/08e4044243a6
--
Kees Cook
On Wed, May 17, 2023 at 12:16 PM Kees Cook <[email protected]> wrote:
>
> On Wed, May 17, 2023 at 12:09:35PM -0700, Fangrui Song wrote:
> > On Wed, May 17, 2023 at 12:08 PM Fangrui Song <[email protected]> wrote:
> > >
> > > On Wed, May 17, 2023 at 12:02 PM Kees Cook <[email protected]> wrote:
> > > >
> > > > On Fri, 7 Apr 2023 14:54:06 -0700, Nick Desaulniers wrote:
> > > > > -fsanitize-undefined-trap-on-error has been supported since GCC 5.1 and
> > > > > Clang 3.2. The minimum supported version of these according to
> > > > > Documentation/process/changes.rst is 5.1 and 11.0.0 respectively. Drop
> > > > > this cc-option check.
> > > > >
> > > > >
> > > >
> > > > Applied to for-next/hardening, thanks!
> > > >
> > > > [1/1] ubsan: remove cc-option test for UBSAN_TRAP
> > > > https://git.kernel.org/kees/c/08e4044243a6
> > > >
> > > > --
> > > > Kees Cook
> > > >
> > > >
> > >
> > > For this -fsanitize-undefined-trap-on-error, I think we need a v2 patch that
> > > tries -fsanitize-trap=all as well.
> >
> > Correction: -fsanitize-trap=undefined
> >
> > > -fsanitize-undefined-trap-on-error has been deprecated in Clang for 8
> > > years, and at some point we will remove the option.
> > >
> > > GCC implements -fsanitize-trap=all later, but
> > > -fsanitize-undefined-trap-on-error is documented as deprecated as
> > > well.
>
> Right now all the compilers support the old way, and I'd rather remove a
> cc-option call than add two. :)
>
> --
> Kees Cook
Hmm, this gives Clang developers a disadvantage... Anyone who removes
Clang's -fsanitize-undefined-trap-on-error (or give it a warning
before removal) will probably face complaints from kernel
developers...
--
宋方睿