path: root/lib/Kconfig.ubsan
diff options
authorAndrey Ryabinin <>2016-01-20 15:00:55 -0800
committerLinus Torvalds <>2016-01-20 17:09:18 -0800
commitc6d308534aef6c99904bf5862066360ae067abc4 (patch)
tree0c3b9cabd10101dea1c6433f76835c17c538d5fe /lib/Kconfig.ubsan
parent68920c973254c5b71a684645c5f6f82d6732c5d6 (diff)
UBSAN: run-time undefined behavior sanity checker
UBSAN uses compile-time instrumentation to catch undefined behavior (UB). Compiler inserts code that perform certain kinds of checks before operations that could cause UB. If check fails (i.e. UB detected) __ubsan_handle_* function called to print error message. So the most of the work is done by compiler. This patch just implements ubsan handlers printing errors. GCC has this capability since 4.9.x [1] (see -fsanitize=undefined option and its suboptions). However GCC 5.x has more checkers implemented [2]. Article [3] has a bit more details about UBSAN in the GCC. [1] - [2] - [3] - Issues which UBSAN has found thus far are: Found bugs: * out-of-bounds access - 97840cb67ff5 ("netfilter: nfnetlink: fix insufficient validation in nfnetlink_bind") undefined shifts: * d48458d4a768 ("jbd2: use a better hash function for the revoke table") * 10632008b9e1 ("clockevents: Prevent shift out of bounds") * 'x << -1' shift in ext4 -<> * undefined rol32(0) -<> * undefined dirty_ratelimit calculation -<> * undefined roundown_pow_of_two(0) -<> * [WONTFIX] undefined shift in __bpf_prog_run -<> WONTFIX here because it should be fixed in bpf program, not in kernel. signed overflows: * 32a8df4e0b33f ("sched: Fix odd values in effective_load() calculations") * mul overflow in ntp -<> * incorrect conversion into rtc_time in rtc_time64_to_tm() -<> * unvalidated timespec in io_getevents() -<> * [NOTABUG] signed overflow in ktime_add_safe() -<> [ fix unused local warning] [ fix __int128 build woes] Signed-off-by: Andrey Ryabinin <> Cc: Peter Zijlstra <> Cc: Sasha Levin <> Cc: Randy Dunlap <> Cc: Rasmus Villemoes <> Cc: Jonathan Corbet <> Cc: Michal Marek <> Cc: Thomas Gleixner <> Cc: Ingo Molnar <> Cc: "H. Peter Anvin" <> Cc: Yury Gribov <> Cc: Dmitry Vyukov <> Cc: Konstantin Khlebnikov <> Cc: Kostya Serebryany <> Cc: Johannes Berg <> Signed-off-by: Andrew Morton <> Signed-off-by: Linus Torvalds <>
Diffstat (limited to 'lib/Kconfig.ubsan')
1 files changed, 29 insertions, 0 deletions
diff --git a/lib/Kconfig.ubsan b/lib/Kconfig.ubsan
new file mode 100644
index 000000000000..49518fb48cab
--- /dev/null
+++ b/lib/Kconfig.ubsan
@@ -0,0 +1,29 @@
+ bool
+config UBSAN
+ bool "Undefined behaviour sanity checker"
+ help
+ This option enables undefined behaviour sanity checker
+ Compile-time instrumentation is used to detect various undefined
+ behaviours in runtime. Various types of checks may be enabled
+ via boot parameter ubsan_handle (see: Documentation/ubsan.txt).
+ bool "Enable instrumentation for the entire kernel"
+ depends on UBSAN
+ default y
+ help
+ This option activates instrumentation for the entire kernel.
+ If you don't enable this option, you have to explicitly specify
+ UBSAN_SANITIZE := y for the files/directories you want to check for UB.
+ bool "Enable checking of pointers alignment"
+ depends on UBSAN
+ help
+ This option enables detection of unaligned memory accesses.
+ Enabling this option on architectures that support unalligned
+ accesses may produce a lot of false positives.