1# SPDX-License-Identifier: GPL-2.0-only 2config ARCH_HAS_UBSAN_SANITIZE_ALL 3 bool 4 5menuconfig UBSAN 6 bool "Undefined behaviour sanity checker" 7 help 8 This option enables the Undefined Behaviour sanity checker. 9 Compile-time instrumentation is used to detect various undefined 10 behaviours at runtime. For more details, see: 11 Documentation/dev-tools/ubsan.rst 12 13if UBSAN 14 15config UBSAN_TRAP 16 bool "On Sanitizer warnings, abort the running kernel code" 17 depends on $(cc-option, -fsanitize-undefined-trap-on-error) 18 help 19 Building kernels with Sanitizer features enabled tends to grow 20 the kernel size by around 5%, due to adding all the debugging 21 text on failure paths. To avoid this, Sanitizer instrumentation 22 can just issue a trap. This reduces the kernel size overhead but 23 turns all warnings (including potentially harmless conditions) 24 into full exceptions that abort the running kernel code 25 (regardless of context, locks held, etc), which may destabilize 26 the system. For some system builders this is an acceptable 27 trade-off. 28 29config UBSAN_KCOV_BROKEN 30 def_bool KCOV && CC_HAS_SANCOV_TRACE_PC 31 depends on CC_IS_CLANG 32 depends on !$(cc-option,-Werror=unused-command-line-argument -fsanitize=bounds -fsanitize-coverage=trace-pc) 33 help 34 Some versions of clang support either UBSAN or KCOV but not the 35 combination of the two. 36 See https://bugs.llvm.org/show_bug.cgi?id=45831 for the status 37 in newer releases. 38 39config UBSAN_BOUNDS 40 bool "Perform array index bounds checking" 41 default UBSAN 42 depends on !UBSAN_KCOV_BROKEN 43 help 44 This option enables detection of directly indexed out of bounds 45 array accesses, where the array size is known at compile time. 46 Note that this does not protect array overflows via bad calls 47 to the {str,mem}*cpy() family of functions (that is addressed 48 by CONFIG_FORTIFY_SOURCE). 49 50config UBSAN_MISC 51 bool "Enable all other Undefined Behavior sanity checks" 52 default UBSAN 53 help 54 This option enables all sanity checks that don't have their 55 own Kconfig options. Disable this if you only want to have 56 individually selected checks. 57 58config UBSAN_SANITIZE_ALL 59 bool "Enable instrumentation for the entire kernel" 60 depends on ARCH_HAS_UBSAN_SANITIZE_ALL 61 62 # We build with -Wno-maybe-uninitilzed, but we still want to 63 # use -Wmaybe-uninitilized in allmodconfig builds. 64 # So dependsy bellow used to disable this option in allmodconfig 65 depends on !COMPILE_TEST 66 default y 67 help 68 This option activates instrumentation for the entire kernel. 69 If you don't enable this option, you have to explicitly specify 70 UBSAN_SANITIZE := y for the files/directories you want to check for UB. 71 Enabling this option will get kernel image size increased 72 significantly. 73 74config UBSAN_ALIGNMENT 75 bool "Enable checks for pointers alignment" 76 default !HAVE_EFFICIENT_UNALIGNED_ACCESS 77 depends on !UBSAN_TRAP 78 help 79 This option enables the check of unaligned memory accesses. 80 Enabling this option on architectures that support unaligned 81 accesses may produce a lot of false positives. 82 83config TEST_UBSAN 84 tristate "Module for testing for undefined behavior detection" 85 depends on m 86 help 87 This is a test module for UBSAN. 88 It triggers various undefined behavior, and detect it. 89 90endif # if UBSAN 91