xref: /openbmc/linux/lib/Kconfig.ubsan (revision 78bb17f7)
1# SPDX-License-Identifier: GPL-2.0-only
2config ARCH_HAS_UBSAN_SANITIZE_ALL
3	bool
4
5menuconfig UBSAN
6	bool "Undefined behaviour sanity checker"
7	help
8	  This option enables the Undefined Behaviour sanity checker.
9	  Compile-time instrumentation is used to detect various undefined
10	  behaviours at runtime. For more details, see:
11	  Documentation/dev-tools/ubsan.rst
12
13if UBSAN
14
15config UBSAN_TRAP
16	bool "On Sanitizer warnings, abort the running kernel code"
17	depends on $(cc-option, -fsanitize-undefined-trap-on-error)
18	help
19	  Building kernels with Sanitizer features enabled tends to grow
20	  the kernel size by around 5%, due to adding all the debugging
21	  text on failure paths. To avoid this, Sanitizer instrumentation
22	  can just issue a trap. This reduces the kernel size overhead but
23	  turns all warnings (including potentially harmless conditions)
24	  into full exceptions that abort the running kernel code
25	  (regardless of context, locks held, etc), which may destabilize
26	  the system. For some system builders this is an acceptable
27	  trade-off.
28
29config UBSAN_BOUNDS
30	bool "Perform array index bounds checking"
31	default UBSAN
32	help
33	  This option enables detection of directly indexed out of bounds
34	  array accesses, where the array size is known at compile time.
35	  Note that this does not protect array overflows via bad calls
36	  to the {str,mem}*cpy() family of functions (that is addressed
37	  by CONFIG_FORTIFY_SOURCE).
38
39config UBSAN_MISC
40	bool "Enable all other Undefined Behavior sanity checks"
41	default UBSAN
42	help
43	  This option enables all sanity checks that don't have their
44	  own Kconfig options. Disable this if you only want to have
45	  individually selected checks.
46
47config UBSAN_SANITIZE_ALL
48	bool "Enable instrumentation for the entire kernel"
49	depends on ARCH_HAS_UBSAN_SANITIZE_ALL
50
51	# We build with -Wno-maybe-uninitilzed, but we still want to
52	# use -Wmaybe-uninitilized in allmodconfig builds.
53	# So dependsy bellow used to disable this option in allmodconfig
54	depends on !COMPILE_TEST
55	default y
56	help
57	  This option activates instrumentation for the entire kernel.
58	  If you don't enable this option, you have to explicitly specify
59	  UBSAN_SANITIZE := y for the files/directories you want to check for UB.
60	  Enabling this option will get kernel image size increased
61	  significantly.
62
63config UBSAN_ALIGNMENT
64	bool "Enable checks for pointers alignment"
65	default !HAVE_EFFICIENT_UNALIGNED_ACCESS
66	depends on !X86 || !COMPILE_TEST
67	help
68	  This option enables the check of unaligned memory accesses.
69	  Enabling this option on architectures that support unaligned
70	  accesses may produce a lot of false positives.
71
72config TEST_UBSAN
73	tristate "Module for testing for undefined behavior detection"
74	depends on m
75	help
76	  This is a test module for UBSAN.
77	  It triggers various undefined behavior, and detect it.
78
79endif	# if UBSAN
80