Received: by 2002:a05:6a10:22f:0:0:0:0 with SMTP id 15csp1374828pxk; Fri, 2 Oct 2020 08:05:48 -0700 (PDT) X-Google-Smtp-Source: ABdhPJy1UUg0lKpw87uLNR/925dC6WHTZG3/swih9ae5SKEzHvUr/insQwSdkpa1UEltWf38uiWk X-Received: by 2002:a17:906:bea:: with SMTP id z10mr2748665ejg.286.1601651148497; Fri, 02 Oct 2020 08:05:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1601651148; cv=none; d=google.com; s=arc-20160816; b=yM8y5Fjx23HVK3AQPbg8OuwV7Vid7F4thUqAbt/93E3vsMJUauXjVL+kSIdPE21FUb tvpeFRMioEvLB483M2MRhb2ih3/0hKywzEDl+EKaDWHzcCLmFhb+0IVmQazueeF5pssb pfUT8WO6cNuyIkhwuYx3z8SmbZStRDVRHS/BtGghvcXpHQAMlHZKxIMqPEoniULGDlfm 3cKUi6aFiVKZO3/p1Zu/yYmr8PzylEFpshjrrRWNNF2odsqJ4kKRT0GSqAe1SNLfQJ8l oZdsC+EeXoeagsApl0uKXMTpN/nY78ytSBUO1DyM9JMpf4f3IO29aOEFm1FLwCSs9CNo XCQQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=+OT/4n2wS86BoiTVC/dLrqPVRF45rG7BZbw8GfdvQDw=; b=AhaRNAMRnfNrhXNnTAXIg6mPIB8HgguPsPIYhJowexEH4Al0JCs8PBQvBYCb32DyP4 qc1SbxK9LdRmMCFR4G0D+S7OAkxS/XClSzA4lB4WbTZa0UlSuxOplVD1B8p+CYGklccQ otGOdfYl/DF6ajSZziVHvWN6tXZOABoJ9TCPi2v6D1Pvke+HdqPunRbAN4ww36TkC+OG OGGhpKX4bnO18b5Vl7nDXpkD+JQzQ++p/VZJyArbeLDYcRZnQ88Osp9OhaEBgt+RlJSg kjlbMBbRi6ZuBLn5zNjfC8sFo1ol1pHf0QnNzMB6zzV+V/odAN93haV5p40R3i5wGeVM yNwQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=iV1InCDd; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id mh25si1244593ejb.568.2020.10.02.08.05.19; Fri, 02 Oct 2020 08:05:48 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=iV1InCDd; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388078AbgJBPEG (ORCPT + 99 others); Fri, 2 Oct 2020 11:04:06 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59840 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726017AbgJBPEG (ORCPT ); Fri, 2 Oct 2020 11:04:06 -0400 Received: from mail-oi1-x242.google.com (mail-oi1-x242.google.com [IPv6:2607:f8b0:4864:20::242]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6781CC0613D0 for ; Fri, 2 Oct 2020 08:04:06 -0700 (PDT) Received: by mail-oi1-x242.google.com with SMTP id x69so1488541oia.8 for ; Fri, 02 Oct 2020 08:04:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=+OT/4n2wS86BoiTVC/dLrqPVRF45rG7BZbw8GfdvQDw=; b=iV1InCDdPT45RkQ7sZ8mc6cT/xKxfIoMyV/vowBXBMoLl2m1kAnQKjipJuYCKiS88S hBDeBCAbpAZ0fnoDZuqNhRkyfRzPW3Y//6yg3lzayB7E4YIGTQjEebwmGjyw0kyf8vX9 l73xb7h+VIbzzceJ6jNlB+i97Z0PjJWNUryfoF7sWqZRV31i1+Yr0nzDFYH5zVr7Bl54 e27PUL0USC6QXqyHS2aTmh5uIsL5njMMsLVrijQ85r+071niOiAdzonKapjz7tX2y+6Z DilHLmIUs98MdrarrkMdJ+iJKI8dMMUUFVdTANajoNpkJ10hEmzODGB/M06HcP50p1DB iaBw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=+OT/4n2wS86BoiTVC/dLrqPVRF45rG7BZbw8GfdvQDw=; b=oCVF79A+VAS9F6TgKt4C01zMSFT8pBgQ+BNe32I086QPKN248VEKJ2ZftlB++wilbU On1zWOJmFBPsE6OWJEKNRYkv/C/iKPA67tfHrBHgtGdypLwYOFzl/D81SN2GEROVdvTZ woMVlY/S1xKEi8VLM3mmzUgm3SH1MxRxD+NkxJyxEfRYZgdZk31WjASWFV4WVWBogVhN ZX8de1/Bk7WUT8+vlomTm+6cJQPoDJVdXM/y5xz5KthI44PLd1GwsQj+poSju4GmoOb/ Z22LdW2ojSjXGyMQDl3D2e0rIrryM0rvaud6C6UoG2/22dBLR0MRLrVVyQkbo+Rew4th VyhQ== X-Gm-Message-State: AOAM533uJn8Xwzw45xM+HIFsYMT//wphRVlb+G6DIIdgDi2rqZDgzNx8 FUwEP4UlYNbGpy6pogPNjfVj8Gv2SoMiNlTrqp5Bgw== X-Received: by 2002:a54:468f:: with SMTP id k15mr1518233oic.121.1601651045524; Fri, 02 Oct 2020 08:04:05 -0700 (PDT) MIME-Version: 1.0 References: <20200922074330.2549523-1-georgepope@google.com> In-Reply-To: From: Marco Elver Date: Fri, 2 Oct 2020 17:03:54 +0200 Message-ID: Subject: Re: [PATCH v3] ubsan: introducing CONFIG_UBSAN_LOCAL_BOUNDS for Clang To: George Popescu Cc: Masahiro Yamada , Michal Marek , Nathan Chancellor , Nick Desaulniers , Kees Cook , Andrew Morton , Dmitry Vyukov , Peter Zijlstra , Arnd Bergmann , LKML , clang-built-linux , David Brazdil , George Popescu Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, 2 Oct 2020 at 16:43, George Popescu wrote: > > Is this patch ready to be merged? Andrew already picked this up and it's in the -mm tree: https://lore.kernel.org/mm-commits/20200922170717.qhs0j%25akpm@linux-foundation.org/ You have to wait for the next merge window, which will likely start in 1.5 weeks (or, on Monday, but unlikely: https://lwn.net/Articles/832733/). Thanks, -- Marco > Best regards, > George > > > On Tue, Sep 22, 2020 at 10:43 AM George-Aurelian Popescu > wrote: > > > > From: George Popescu > > > > When the kernel is compiled with Clang, -fsanitize=bounds expands to > > -fsanitize=array-bounds and -fsanitize=local-bounds. > > > > Enabling -fsanitize=local-bounds with Clang has the unfortunate > > side-effect of inserting traps; this goes back to its original intent, > > which was as a hardening and not a debugging feature [1]. The same feature > > made its way into -fsanitize=bounds, but the traps remained. For that > > reason, -fsanitize=bounds was split into 'array-bounds' and > > 'local-bounds' [2]. > > > > Since 'local-bounds' doesn't behave like a normal sanitizer, enable > > it with Clang only if trapping behaviour was requested by > > CONFIG_UBSAN_TRAP=y. > > > > Add the UBSAN_BOUNDS_LOCAL config to Kconfig.ubsan to enable the > > 'local-bounds' option by default when UBSAN_TRAP is enabled. > > > > [1] http://lists.llvm.org/pipermail/llvm-dev/2012-May/049972.html > > [2] http://lists.llvm.org/pipermail/cfe-commits/Week-of-Mon-20131021/091536.html > > > > Suggested-by: Marco Elver > > Reviewed-by: David Brazdil > > Reviewed-by: Marco Elver > > Signed-off-by: George Popescu > > > > --- > > v2: changed the name of the config, in Kconfig, to UBSAN_LOCAL_BOUNDS > > --- > > v3: added Reviewed-by tag > > --- > > lib/Kconfig.ubsan | 14 ++++++++++++++ > > scripts/Makefile.ubsan | 10 +++++++++- > > 2 files changed, 23 insertions(+), 1 deletion(-) > > > > diff --git a/lib/Kconfig.ubsan b/lib/Kconfig.ubsan > > index 774315de555a..58f8d03d037b 100644 > > --- a/lib/Kconfig.ubsan > > +++ b/lib/Kconfig.ubsan > > @@ -47,6 +47,20 @@ config UBSAN_BOUNDS > > to the {str,mem}*cpy() family of functions (that is addressed > > by CONFIG_FORTIFY_SOURCE). > > > > +config UBSAN_LOCAL_BOUNDS > > + bool "Perform array local bounds checking" > > + depends on UBSAN_TRAP > > + depends on CC_IS_CLANG > > + depends on !UBSAN_KCOV_BROKEN > > + help > > + This option enables -fsanitize=local-bounds which traps when an > > + exception/error is detected. Therefore, it should be enabled only > > + if trapping is expected. > > + Enabling this option detects errors due to accesses through a > > + pointer that is derived from an object of a statically-known size, > > + where an added offset (which may not be known statically) is > > + out-of-bounds. > > + > > config UBSAN_MISC > > bool "Enable all other Undefined Behavior sanity checks" > > default UBSAN > > diff --git a/scripts/Makefile.ubsan b/scripts/Makefile.ubsan > > index 27348029b2b8..4e3fff0745e8 100644 > > --- a/scripts/Makefile.ubsan > > +++ b/scripts/Makefile.ubsan > > @@ -4,7 +4,15 @@ ifdef CONFIG_UBSAN_ALIGNMENT > > endif > > > > ifdef CONFIG_UBSAN_BOUNDS > > - CFLAGS_UBSAN += $(call cc-option, -fsanitize=bounds) > > + ifdef CONFIG_CC_IS_CLANG > > + CFLAGS_UBSAN += -fsanitize=array-bounds > > + else > > + CFLAGS_UBSAN += $(call cc-option, -fsanitize=bounds) > > + endif > > +endif > > + > > +ifdef CONFIG_UBSAN_LOCAL_BOUNDS > > + CFLAGS_UBSAN += -fsanitize=local-bounds > > endif > > > > ifdef CONFIG_UBSAN_MISC > > -- > > 2.28.0.681.g6f77f65b4e-goog > >