mirrors/linux
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2025-12-27 11:06:41 -05:00
Code Issues Packages Projects Releases Wiki Activity

ubsan/overflow: Enable pattern exclusions

Browse Source 
To make integer wrap-around mitigation actually useful, the associated
sanitizers must not instrument cases where the wrap-around is explicitly
defined (e.g. "-2UL"), being tested for (e.g. "if (a + b < a)"), or
where it has no impact on code flow (e.g. "while (var--)"). Enable
pattern exclusions for the integer wrap sanitizers.

Reviewed-by: Justin Stitt <justinstitt@google.com>
Link: https://lore.kernel.org/r/20250307041914.937329-2-kees@kernel.org
Signed-off-by: Kees Cook <kees@kernel.org>
This commit is contained in:
Kees Cook
2025-03-06 20:19:10 -08:00
parent ed2b548f10
commit 272a767063
2 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
lib/Kconfig.ubsan
View File

@@ -120,6 +120,7 @@ config UBSAN_INTEGER_WRAP
bool "Perform checking for integer arithmetic wrap-around"
default UBSAN
depends on !COMPILE_TEST
depends on $(cc-option,-fsanitize-undefined-ignore-overflow-pattern=all)
depends on $(cc-option,-fsanitize=signed-integer-overflow)
depends on $(cc-option,-fsanitize=unsigned-integer-overflow)
depends on $(cc-option,-fsanitize=implicit-signed-integer-truncation)

1
scripts/Makefile.ubsan
View File

@@ -15,6 +15,7 @@ ubsan-cflags-$(CONFIG_UBSAN_TRAP) += $(call cc-option,-fsanitize-trap=undefined
export CFLAGS_UBSAN := $(ubsan-cflags-y)
ubsan-integer-wrap-cflags-$(CONFIG_UBSAN_INTEGER_WRAP) += \
-fsanitize-undefined-ignore-overflow-pattern=all \
-fsanitize=signed-integer-overflow \
-fsanitize=unsigned-integer-overflow \
-fsanitize=implicit-signed-integer-truncation \