Commit | Line | Data |
---|---|---|
ec8f24b7 | 1 | # SPDX-License-Identifier: GPL-2.0-only |
c6d30853 AR |
2 | config ARCH_HAS_UBSAN_SANITIZE_ALL |
3 | bool | |
4 | ||
277a1085 | 5 | menuconfig UBSAN |
c6d30853 AR |
6 | bool "Undefined behaviour sanity checker" |
7 | help | |
0887a7eb | 8 | This option enables the Undefined Behaviour sanity checker. |
c6d30853 | 9 | Compile-time instrumentation is used to detect various undefined |
0887a7eb KC |
10 | behaviours at runtime. For more details, see: |
11 | Documentation/dev-tools/ubsan.rst | |
12 | ||
277a1085 KC |
13 | if UBSAN |
14 | ||
0887a7eb KC |
15 | config UBSAN_TRAP |
16 | bool "On Sanitizer warnings, abort the running kernel code" | |
0887a7eb KC |
17 | depends on $(cc-option, -fsanitize-undefined-trap-on-error) |
18 | help | |
19 | Building kernels with Sanitizer features enabled tends to grow | |
20 | the kernel size by around 5%, due to adding all the debugging | |
21 | text on failure paths. To avoid this, Sanitizer instrumentation | |
22 | can just issue a trap. This reduces the kernel size overhead but | |
23 | turns all warnings (including potentially harmless conditions) | |
24 | into full exceptions that abort the running kernel code | |
25 | (regardless of context, locks held, etc), which may destabilize | |
26 | the system. For some system builders this is an acceptable | |
27 | trade-off. | |
c6d30853 | 28 | |
277a1085 KC |
29 | config UBSAN_BOUNDS |
30 | bool "Perform array index bounds checking" | |
31 | default UBSAN | |
32 | help | |
33 | This option enables detection of directly indexed out of bounds | |
34 | array accesses, where the array size is known at compile time. | |
35 | Note that this does not protect array overflows via bad calls | |
36 | to the {str,mem}*cpy() family of functions (that is addressed | |
37 | by CONFIG_FORTIFY_SOURCE). | |
38 | ||
39 | config UBSAN_MISC | |
40 | bool "Enable all other Undefined Behavior sanity checks" | |
41 | default UBSAN | |
42 | help | |
43 | This option enables all sanity checks that don't have their | |
44 | own Kconfig options. Disable this if you only want to have | |
45 | individually selected checks. | |
46 | ||
c6d30853 AR |
47 | config UBSAN_SANITIZE_ALL |
48 | bool "Enable instrumentation for the entire kernel" | |
c6d30853 | 49 | depends on ARCH_HAS_UBSAN_SANITIZE_ALL |
dde5cf39 AR |
50 | |
51 | # We build with -Wno-maybe-uninitilzed, but we still want to | |
52 | # use -Wmaybe-uninitilized in allmodconfig builds. | |
53 | # So dependsy bellow used to disable this option in allmodconfig | |
54 | depends on !COMPILE_TEST | |
c6d30853 AR |
55 | default y |
56 | help | |
57 | This option activates instrumentation for the entire kernel. | |
58 | If you don't enable this option, you have to explicitly specify | |
59 | UBSAN_SANITIZE := y for the files/directories you want to check for UB. | |
7707535a YS |
60 | Enabling this option will get kernel image size increased |
61 | significantly. | |
c6d30853 | 62 | |
8d58f222 KC |
63 | config UBSAN_ALIGNMENT |
64 | bool "Enable checks for pointers alignment" | |
65 | default !HAVE_EFFICIENT_UNALIGNED_ACCESS | |
66 | depends on !X86 || !COMPILE_TEST | |
c6d30853 | 67 | help |
8d58f222 KC |
68 | This option enables the check of unaligned memory accesses. |
69 | Enabling this option on architectures that support unaligned | |
c6d30853 | 70 | accesses may produce a lot of false positives. |
725c4d22 | 71 | |
854686f4 JP |
72 | config TEST_UBSAN |
73 | tristate "Module for testing for undefined behavior detection" | |
277a1085 | 74 | depends on m |
854686f4 JP |
75 | help |
76 | This is a test module for UBSAN. | |
77 | It triggers various undefined behavior, and detect it. | |
277a1085 KC |
78 | |
79 | endif # if UBSAN |