xref: /openbmc/linux/lib/Kconfig.ubsan (revision bd4af432) 
1# SPDX-License-Identifier: GPL-2.0-only
2config ARCH_HAS_UBSAN_SANITIZE_ALL
3	bool
4
5menuconfig UBSAN
6	bool "Undefined behaviour sanity checker"
7	help
8	  This option enables the Undefined Behaviour sanity checker.
9	  Compile-time instrumentation is used to detect various undefined
10	  behaviours at runtime. For more details, see:
11	  Documentation/dev-tools/ubsan.rst
12
13if UBSAN
14
15config UBSAN_TRAP
16	bool "On Sanitizer warnings, abort the running kernel code"
17	depends on $(cc-option, -fsanitize-undefined-trap-on-error)
18	help
19	  Building kernels with Sanitizer features enabled tends to grow
20	  the kernel size by around 5%, due to adding all the debugging
21	  text on failure paths. To avoid this, Sanitizer instrumentation
22	  can just issue a trap. This reduces the kernel size overhead but
23	  turns all warnings (including potentially harmless conditions)
24	  into full exceptions that abort the running kernel code
25	  (regardless of context, locks held, etc), which may destabilize
26	  the system. For some system builders this is an acceptable
27	  trade-off.
28
29config UBSAN_BOUNDS
30	bool "Perform array index bounds checking"
31	default UBSAN
32	help
33	  This option enables detection of directly indexed out of bounds
34	  array accesses, where the array size is known at compile time.
35	  Note that this does not protect array overflows via bad calls
36	  to the {str,mem}*cpy() family of functions (that is addressed
37	  by CONFIG_FORTIFY_SOURCE).
38
39config UBSAN_MISC
40	bool "Enable all other Undefined Behavior sanity checks"
41	default UBSAN
42	help
43	  This option enables all sanity checks that don't have their
44	  own Kconfig options. Disable this if you only want to have
45	  individually selected checks.
46
47config UBSAN_SANITIZE_ALL
48	bool "Enable instrumentation for the entire kernel"
49	depends on ARCH_HAS_UBSAN_SANITIZE_ALL
50
51	# We build with -Wno-maybe-uninitilzed, but we still want to
52	# use -Wmaybe-uninitilized in allmodconfig builds.
53	# So dependsy bellow used to disable this option in allmodconfig
54	depends on !COMPILE_TEST
55	default y
56	help
57	  This option activates instrumentation for the entire kernel.
58	  If you don't enable this option, you have to explicitly specify
59	  UBSAN_SANITIZE := y for the files/directories you want to check for UB.
60	  Enabling this option will get kernel image size increased
61	  significantly.
62
63config UBSAN_NO_ALIGNMENT
64	bool "Disable checking of pointers alignment"
65	default y if HAVE_EFFICIENT_UNALIGNED_ACCESS
66	help
67	  This option disables the check of unaligned memory accesses.
68	  This option should be used when building allmodconfig.
69	  Disabling this option on architectures that support unaligned
70	  accesses may produce a lot of false positives.
71
72config UBSAN_ALIGNMENT
73	def_bool !UBSAN_NO_ALIGNMENT
74
75config TEST_UBSAN
76	tristate "Module for testing for undefined behavior detection"
77	depends on m
78	help
79	  This is a test module for UBSAN.
80	  It triggers various undefined behavior, and detect it.
81
82endif	# if UBSAN
83