mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
synced 2025-12-27 12:21:22 -05:00
272a767063
To make integer wrap-around mitigation actually useful, the associated sanitizers must not instrument cases where the wrap-around is explicitly defined (e.g. "-2UL"), being tested for (e.g. "if (a + b < a)"), or where it has no impact on code flow (e.g. "while (var--)"). Enable pattern exclusions for the integer wrap sanitizers. Reviewed-by: Justin Stitt <justinstitt@google.com> Link: https://lore.kernel.org/r/20250307041914.937329-2-kees@kernel.org Signed-off-by: Kees Cook <kees@kernel.org>
24 lines
1.2 KiB
Makefile
24 lines
1.2 KiB
Makefile
# SPDX-License-Identifier: GPL-2.0
|
|
|
|
# Enable available and selected UBSAN features.
|
|
ubsan-cflags-$(CONFIG_UBSAN_ALIGNMENT) += -fsanitize=alignment
|
|
ubsan-cflags-$(CONFIG_UBSAN_BOUNDS_STRICT) += -fsanitize=bounds-strict
|
|
ubsan-cflags-$(CONFIG_UBSAN_ARRAY_BOUNDS) += -fsanitize=array-bounds
|
|
ubsan-cflags-$(CONFIG_UBSAN_LOCAL_BOUNDS) += -fsanitize=local-bounds
|
|
ubsan-cflags-$(CONFIG_UBSAN_SHIFT) += -fsanitize=shift
|
|
ubsan-cflags-$(CONFIG_UBSAN_DIV_ZERO) += -fsanitize=integer-divide-by-zero
|
|
ubsan-cflags-$(CONFIG_UBSAN_UNREACHABLE) += -fsanitize=unreachable
|
|
ubsan-cflags-$(CONFIG_UBSAN_BOOL) += -fsanitize=bool
|
|
ubsan-cflags-$(CONFIG_UBSAN_ENUM) += -fsanitize=enum
|
|
ubsan-cflags-$(CONFIG_UBSAN_TRAP) += $(call cc-option,-fsanitize-trap=undefined,-fsanitize-undefined-trap-on-error)
|
|
|
|
export CFLAGS_UBSAN := $(ubsan-cflags-y)
|
|
|
|
ubsan-integer-wrap-cflags-$(CONFIG_UBSAN_INTEGER_WRAP) += \
|
|
-fsanitize-undefined-ignore-overflow-pattern=all \
|
|
-fsanitize=signed-integer-overflow \
|
|
-fsanitize=unsigned-integer-overflow \
|
|
-fsanitize=implicit-signed-integer-truncation \
|
|
-fsanitize=implicit-unsigned-integer-truncation
|
|
export CFLAGS_UBSAN_INTEGER_WRAP := $(ubsan-integer-wrap-cflags-y)
|