Received: by 2002:a05:6a10:22f:0:0:0:0 with SMTP id 15csp1360172pxk; Fri, 2 Oct 2020 07:44:53 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzW050u+2rsMq3Ou1bb25npfXenLt906FiZ6+GPmPyUvphZKzFk7rcYGJOryyWNltNngMKx X-Received: by 2002:a17:906:1157:: with SMTP id i23mr2755501eja.440.1601649893145; Fri, 02 Oct 2020 07:44:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1601649893; cv=none; d=google.com; s=arc-20160816; b=j0hU8gCI8PLJSR6Oa2VIf8wbjN/AZVUzEnB1kIAXE7JCjYAA6LmbMOih+uP+vyn2rU kGZ+/EyotG/dciSoHYEZ3CX3l5NMEkaym0NypxVnr7fY4Qo7CvWyPvtwTNFnqla/DKSm jLi/Jg6tooGi9PqgJqiN7IfoCiC8d/1DdsxZr1qyxZDE9JjJK+OItN9CxFx+scueiciu 8Xx0ef2ubCMlH9bpiH8ua1Cy9HCxbaSXCoqa+LZ9SJjOoW2RXxrQupf/LGS+9j2ksRnn /OE+rF1dsu0u4Tz6cP7pj9+6uL+0J1EUtPL1gCHcz/dwrYTQrREqUKrIspIT8bLPASfN Ck9A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=XQ8K/rKC3UZmS+HPw3fqqFhEn9BpnVrMLbEfvCkaaxQ=; b=J3ZZ7ZaET5yYmLBLBO2p51g9MEiT8I6EqXDo6t1Xl8Z4qKVlCbrrjA3UNMly9UWE5v YiMq34KxWbBw6OPUXXJ0sXYTWHLayxbdL5Q17agjrGM46ENqITbnkEYF1BVsjUFSnmvl HtV1ciIbbUMRCSdsD6guqQ3VgSrg7wW3Qg/O4g7pqDKdJ+hORfd6u7ddMrIDwmd64StP tFPNOhtdw5pGUR5GKI/ud20PTL24bDSpoajyiWDBrLqbwl1HRRx+CI18A0LZ7gB1nxCT rGc14JYlNo0hhKl3FAuu5sfhbIgQhDwiGlUVm6asXJVCHNdZLdPucyg4BuotxEH9GGcl R70Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=l82Mo41O; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id k23si1422207ejk.246.2020.10.02.07.44.29; Fri, 02 Oct 2020 07:44:53 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=l82Mo41O; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388252AbgJBOn0 (ORCPT + 99 others); Fri, 2 Oct 2020 10:43:26 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56654 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388016AbgJBOnZ (ORCPT ); Fri, 2 Oct 2020 10:43:25 -0400 Received: from mail-yb1-xb44.google.com (mail-yb1-xb44.google.com [IPv6:2607:f8b0:4864:20::b44]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C80FCC0613D0 for ; Fri, 2 Oct 2020 07:43:25 -0700 (PDT) Received: by mail-yb1-xb44.google.com with SMTP id k2so1332857ybp.7 for ; Fri, 02 Oct 2020 07:43:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=XQ8K/rKC3UZmS+HPw3fqqFhEn9BpnVrMLbEfvCkaaxQ=; b=l82Mo41OK7danCEzWkgt56N4HOyZSMpoctAVxphQ2DNsNn/JWTOXflC+wZEf+xF1B5 8Hg4cYinPO00dceLEz6lc4dhpgaMZcx4uYGF+Ge5gSlnA8It8rF0jSF8a9C+ylmlR0Th JEon+J/ZUliHnLdGrxImVikl9b2l/qJ/lv7MyN1QFk9cD80SkybjZk2Uwk811JLa6O11 r9p1O430NCWEzUxgbcUTkEdt2HpvWK26f109OCCIKCPSgMQHn67MT1VgLZ1hI5q7zfJd XI04hzcexR5PhQwXVxhy4UCWDVke6UzVCU0oIsWS1ufmplpU6ntdq76cFjpS/JsfUz96 3TNg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=XQ8K/rKC3UZmS+HPw3fqqFhEn9BpnVrMLbEfvCkaaxQ=; b=qgoizhOgy16jTV+SUXz4aFferrMwmcihmkxCaHBiIIpE/r+aZ83Pma69msVg1ILeAi hbgiCxMCYejNDuQlcpCeQ+XfBArMVOYNktC5vMtiw8VkYXIszE3zC4Wl78pPePHg4g1F y8N7QP587jw15nGq/TNCPmQbdSWZ/vvRQ3DBNXmPY1OAYDKu0QfnT+OBGrE7KsSYrfOe C1MO3xkdAU3paN75T8uO2kINDoaO2+BDT4Dx04Y/zEMuDaX8QR+5XVs7DNZ9tJG1pVYb AH4TP5UuhR49dOV0HML/FIij1S8Qef4Nsd6lGmlWUOFPOtr+erKMjfdi8/FOoKfvxxRh OatQ== X-Gm-Message-State: AOAM530Mq3DUKHQCgkPGau6hktd8rAgwhSLw8WAYYuGfw0+vvcAnA/0F pWslzOsfJPxsvx7lrRK4NGOF/O+XNi6lKbf/x0/pVg== X-Received: by 2002:a25:9c87:: with SMTP id y7mr3357608ybo.18.1601649804901; Fri, 02 Oct 2020 07:43:24 -0700 (PDT) MIME-Version: 1.0 References: <20200922074330.2549523-1-georgepope@google.com> In-Reply-To: <20200922074330.2549523-1-georgepope@google.com> From: George Popescu Date: Fri, 2 Oct 2020 17:43:14 +0300 Message-ID: Subject: Re: [PATCH v3] ubsan: introducing CONFIG_UBSAN_LOCAL_BOUNDS for Clang To: Masahiro Yamada , Michal Marek , Nathan Chancellor , Nick Desaulniers , Kees Cook , Andrew Morton , Marco Elver , Dmitry Vyukov Cc: peterz@infradead.org, Arnd Bergmann , LKML , clang-built-linux , David Brazdil , George Popescu Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Is this patch ready to be merged? Best regards, George On Tue, Sep 22, 2020 at 10:43 AM George-Aurelian Popescu wrote: > > From: George Popescu > > When the kernel is compiled with Clang, -fsanitize=bounds expands to > -fsanitize=array-bounds and -fsanitize=local-bounds. > > Enabling -fsanitize=local-bounds with Clang has the unfortunate > side-effect of inserting traps; this goes back to its original intent, > which was as a hardening and not a debugging feature [1]. The same feature > made its way into -fsanitize=bounds, but the traps remained. For that > reason, -fsanitize=bounds was split into 'array-bounds' and > 'local-bounds' [2]. > > Since 'local-bounds' doesn't behave like a normal sanitizer, enable > it with Clang only if trapping behaviour was requested by > CONFIG_UBSAN_TRAP=y. > > Add the UBSAN_BOUNDS_LOCAL config to Kconfig.ubsan to enable the > 'local-bounds' option by default when UBSAN_TRAP is enabled. > > [1] http://lists.llvm.org/pipermail/llvm-dev/2012-May/049972.html > [2] http://lists.llvm.org/pipermail/cfe-commits/Week-of-Mon-20131021/091536.html > > Suggested-by: Marco Elver > Reviewed-by: David Brazdil > Reviewed-by: Marco Elver > Signed-off-by: George Popescu > > --- > v2: changed the name of the config, in Kconfig, to UBSAN_LOCAL_BOUNDS > --- > v3: added Reviewed-by tag > --- > lib/Kconfig.ubsan | 14 ++++++++++++++ > scripts/Makefile.ubsan | 10 +++++++++- > 2 files changed, 23 insertions(+), 1 deletion(-) > > diff --git a/lib/Kconfig.ubsan b/lib/Kconfig.ubsan > index 774315de555a..58f8d03d037b 100644 > --- a/lib/Kconfig.ubsan > +++ b/lib/Kconfig.ubsan > @@ -47,6 +47,20 @@ config UBSAN_BOUNDS > to the {str,mem}*cpy() family of functions (that is addressed > by CONFIG_FORTIFY_SOURCE). > > +config UBSAN_LOCAL_BOUNDS > + bool "Perform array local bounds checking" > + depends on UBSAN_TRAP > + depends on CC_IS_CLANG > + depends on !UBSAN_KCOV_BROKEN > + help > + This option enables -fsanitize=local-bounds which traps when an > + exception/error is detected. Therefore, it should be enabled only > + if trapping is expected. > + Enabling this option detects errors due to accesses through a > + pointer that is derived from an object of a statically-known size, > + where an added offset (which may not be known statically) is > + out-of-bounds. > + > config UBSAN_MISC > bool "Enable all other Undefined Behavior sanity checks" > default UBSAN > diff --git a/scripts/Makefile.ubsan b/scripts/Makefile.ubsan > index 27348029b2b8..4e3fff0745e8 100644 > --- a/scripts/Makefile.ubsan > +++ b/scripts/Makefile.ubsan > @@ -4,7 +4,15 @@ ifdef CONFIG_UBSAN_ALIGNMENT > endif > > ifdef CONFIG_UBSAN_BOUNDS > - CFLAGS_UBSAN += $(call cc-option, -fsanitize=bounds) > + ifdef CONFIG_CC_IS_CLANG > + CFLAGS_UBSAN += -fsanitize=array-bounds > + else > + CFLAGS_UBSAN += $(call cc-option, -fsanitize=bounds) > + endif > +endif > + > +ifdef CONFIG_UBSAN_LOCAL_BOUNDS > + CFLAGS_UBSAN += -fsanitize=local-bounds > endif > > ifdef CONFIG_UBSAN_MISC > -- > 2.28.0.681.g6f77f65b4e-goog >