From d9b043c03c18e5a0e9ff5502880174ba2320a1bb Mon Sep 17 00:00:00 2001 From: Hauke Mehrtens Date: Wed, 12 Feb 2020 11:48:59 +0100 Subject: [PATCH] build: Add option KERNEL_UBSAN The kernel Undefined Behavior Sanitizer is able to detect some memory bugs in the kernel like out of range array accesses. Signed-off-by: Hauke Mehrtens Reviewed-by: Alexandru Ardelean --- config/Config-kernel.in | 35 ++++++++++++++++++++++++++++++++ target/linux/generic/config-4.14 | 4 ++++ target/linux/generic/config-4.19 | 3 +++ 3 files changed, 42 insertions(+) diff --git a/config/Config-kernel.in b/config/Config-kernel.in index db17f6a9dd..e8bcf1970f 100644 --- a/config/Config-kernel.in +++ b/config/Config-kernel.in @@ -85,6 +85,41 @@ config KERNEL_PROFILING Enable the extended profiling support mechanisms used by profilers such as OProfile. +config KERNEL_UBSAN + bool "Compile the kernel with undefined behaviour sanity checker" + help + This option enables undefined behaviour sanity checker + Compile-time instrumentation is used to detect various undefined + behaviours in runtime. Various types of checks may be enabled + via boot parameter ubsan_handle + (see: Documentation/dev-tools/ubsan.rst). + +config KERNEL_UBSAN_SANITIZE_ALL + bool "Enable instrumentation for the entire kernel" + depends on KERNEL_UBSAN + default y + help + This option activates instrumentation for the entire kernel. + If you don't enable this option, you have to explicitly specify + UBSAN_SANITIZE := y for the files/directories you want to check for UB. + Enabling this option will get kernel image size increased + significantly. + +config KERNEL_UBSAN_ALIGNMENT + bool "Enable checking of pointers alignment" + depends on KERNEL_UBSAN + help + This option enables detection of unaligned memory accesses. + Enabling this option on architectures that support unaligned + accesses may produce a lot of false positives. + +config KERNEL_UBSAN_NULL + bool "Enable checking of null pointers" + depends on KERNEL_UBSAN + help + This option enables detection of memory accesses via a + null pointer. + config KERNEL_TASKSTATS bool "Compile the kernel with task resource/io statistics and accounting" default n diff --git a/target/linux/generic/config-4.14 b/target/linux/generic/config-4.14 index 9681d9c278..73b0d77155 100644 --- a/target/linux/generic/config-4.14 +++ b/target/linux/generic/config-4.14 @@ -1516,6 +1516,10 @@ CONFIG_GACT_PROB=y # CONFIG_GAMEPORT is not set # CONFIG_GATEWORKS_GW16083 is not set # CONFIG_GCC_PLUGINS is not set +# CONFIG_GCC_PLUGIN_CYC_COMPLEXITY is not set +# CONFIG_GCC_PLUGIN_LATENT_ENTROPY is not set +# CONFIG_GCC_PLUGIN_RANDSTRUCT is not set +# CONFIG_GCC_PLUGIN_STRUCTLEAK is not set # CONFIG_GCOV is not set # CONFIG_GCOV_KERNEL is not set # CONFIG_GDB_SCRIPTS is not set diff --git a/target/linux/generic/config-4.19 b/target/linux/generic/config-4.19 index d8ea243fc7..aba7bccaf6 100644 --- a/target/linux/generic/config-4.19 +++ b/target/linux/generic/config-4.19 @@ -1605,6 +1605,8 @@ CONFIG_GACT_PROB=y # CONFIG_GAMEPORT is not set # CONFIG_GATEWORKS_GW16083 is not set # CONFIG_GCC_PLUGINS is not set +# CONFIG_GCC_PLUGIN_CYC_COMPLEXITY is not set +# CONFIG_GCC_PLUGIN_LATENT_ENTROPY is not set # CONFIG_GCOV is not set # CONFIG_GCOV_KERNEL is not set # CONFIG_GDB_SCRIPTS is not set @@ -5197,6 +5199,7 @@ CONFIG_TCP_CONG_CUBIC=y # CONFIG_TEST_STATIC_KEYS is not set # CONFIG_TEST_STRING_HELPERS is not set # CONFIG_TEST_SYSCTL is not set +# CONFIG_TEST_UBSAN is not set # CONFIG_TEST_UDELAY is not set # CONFIG_TEST_USER_COPY is not set # CONFIG_TEST_UUID is not set