domenico/openwrt_NSS_ACW
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

kernel: add missing UBSAN config symbols

Browse Source 
Enabling KERNEL_UBSAN exposes several missing symbols. Add new kernel
build options for UBSAN_BOUNDS and UBSAN_TRAP, disable CONFIG_TEST_UBSAN
in the generic kernel configs and enable CONFIG_UBSAN_MISC in generic
5.10 config. The latter symbol was removed in later kernels, as it was
causing some issues, so just disable it in 5.10 instead of adding a
build option for it.

Fixes build failures with KERNEL_UBSAN enabled.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
This commit is contained in:
Stijn Tintel
2021-11-03 19:38:50 +02:00
parent ec68c75c62
commit c5fa7ec2a6
3 changed files with 26 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
config/Config-kernel.in
View File

@@ -114,6 +114,16 @@ config KERNEL_UBSAN_ALIGNMENT
Enabling this option on architectures that support unaligned
accesses may produce a lot of false positives.
config KERNEL_UBSAN_BOUNDS
bool "Perform array index bounds checking"
depends on KERNEL_UBSAN
help
This option enables detection of directly indexed out of bounds array
accesses, where the array size is known at compile time. Note that
this does not protect array overflows via bad calls to the
{str,mem}*cpy() family of functions (that is addressed by
FORTIFY_SOURCE).
config KERNEL_UBSAN_NULL
bool "Enable checking of null pointers"
depends on KERNEL_UBSAN
@@ -121,6 +131,19 @@ config KERNEL_UBSAN_NULL
This option enables detection of memory accesses via a
null pointer.
config KERNEL_UBSAN_TRAP
bool "On Sanitizer warnings, abort the running kernel code"
depends on KERNEL_UBSAN
help
Building kernels with Sanitizer features enabled tends to grow the
kernel size by around 5%, due to adding all the debugging text on
failure paths. To avoid this, Sanitizer instrumentation can just
issue a trap. This reduces the kernel size overhead but turns all
warnings (including potentially harmless conditions) into full
exceptions that abort the running kernel code (regardless of context,
locks held, etc), which may destabilize the system. For some system
builders this is an acceptable trade-off.
config KERNEL_KASAN
bool "Compile the kernel with KASan: runtime memory debugger"
select KERNEL_SLUB_DEBUG