path: root/lib
diff options
authorGeorge Popescu <>2020-10-15 20:13:38 -0700
committerLinus Torvalds <>2020-10-16 11:11:22 -0700
commit6a6155f664e31c9be43cd690541a9a682ba3dc22 (patch)
treeaefade86b74d129bd319a46ddc9241dd56d61cf3 /lib
parent5cf53f3ce3b9ff5321b56f9ed9d90d59307be7d0 (diff)
ubsan: introduce CONFIG_UBSAN_LOCAL_BOUNDS for Clang
When the kernel is compiled with Clang, -fsanitize=bounds expands to -fsanitize=array-bounds and -fsanitize=local-bounds. Enabling -fsanitize=local-bounds with Clang has the unfortunate side-effect of inserting traps; this goes back to its original intent, which was as a hardening and not a debugging feature [1]. The same feature made its way into -fsanitize=bounds, but the traps remained. For that reason, -fsanitize=bounds was split into 'array-bounds' and 'local-bounds' [2]. Since 'local-bounds' doesn't behave like a normal sanitizer, enable it with Clang only if trapping behaviour was requested by CONFIG_UBSAN_TRAP=y. Add the UBSAN_BOUNDS_LOCAL config to Kconfig.ubsan to enable the 'local-bounds' option by default when UBSAN_TRAP is enabled. [1] [2] Suggested-by: Marco Elver <> Signed-off-by: George Popescu <> Signed-off-by: Andrew Morton <> Reviewed-by: David Brazdil <> Reviewed-by: Marco Elver <> Cc: Masahiro Yamada <> Cc: Michal Marek <> Cc: Nathan Chancellor <> Cc: Nick Desaulniers <> Cc: Kees Cook <> Cc: Dmitry Vyukov <> Cc: Arnd Bergmann <> Cc: Peter Zijlstra <> Link: Signed-off-by: Linus Torvalds <>
Diffstat (limited to 'lib')
1 files changed, 14 insertions, 0 deletions
diff --git a/lib/Kconfig.ubsan b/lib/Kconfig.ubsan
index 774315de555a..58f8d03d037b 100644
--- a/lib/Kconfig.ubsan
+++ b/lib/Kconfig.ubsan
@@ -47,6 +47,20 @@ config UBSAN_BOUNDS
to the {str,mem}*cpy() family of functions (that is addressed
+ bool "Perform array local bounds checking"
+ depends on UBSAN_TRAP
+ depends on CC_IS_CLANG
+ depends on !UBSAN_KCOV_BROKEN
+ help
+ This option enables -fsanitize=local-bounds which traps when an
+ exception/error is detected. Therefore, it should be enabled only
+ if trapping is expected.
+ Enabling this option detects errors due to accesses through a
+ pointer that is derived from an object of a statically-known size,
+ where an added offset (which may not be known statically) is
+ out-of-bounds.
bool "Enable all other Undefined Behavior sanity checks"
default UBSAN