Loading...
# SPDX-License-Identifier: GPL-2.0-only config ARCH_HAS_UBSAN_SANITIZE_ALL bool menuconfig UBSAN bool "Undefined behaviour sanity checker" help This option enables the Undefined Behaviour sanity checker. Compile-time instrumentation is used to detect various undefined behaviours at runtime. For more details, see: Documentation/dev-tools/ubsan.rst if UBSAN config UBSAN_TRAP bool "On Sanitizer warnings, abort the running kernel code" depends on $(cc-option, -fsanitize-undefined-trap-on-error) help Building kernels with Sanitizer features enabled tends to grow the kernel size by around 5%, due to adding all the debugging text on failure paths. To avoid this, Sanitizer instrumentation can just issue a trap. This reduces the kernel size overhead but turns all warnings (including potentially harmless conditions) into full exceptions that abort the running kernel code (regardless of context, locks held, etc), which may destabilize the system. For some system builders this is an acceptable trade-off. config UBSAN_BOUNDS bool "Perform array index bounds checking" default UBSAN help This option enables detection of directly indexed out of bounds array accesses, where the array size is known at compile time. Note that this does not protect array overflows via bad calls to the {str,mem}*cpy() family of functions (that is addressed by CONFIG_FORTIFY_SOURCE). config UBSAN_MISC bool "Enable all other Undefined Behavior sanity checks" default UBSAN help This option enables all sanity checks that don't have their own Kconfig options. Disable this if you only want to have individually selected checks. config UBSAN_SANITIZE_ALL bool "Enable instrumentation for the entire kernel" depends on ARCH_HAS_UBSAN_SANITIZE_ALL # We build with -Wno-maybe-uninitilzed, but we still want to # use -Wmaybe-uninitilized in allmodconfig builds. # So dependsy bellow used to disable this option in allmodconfig depends on !COMPILE_TEST default y help This option activates instrumentation for the entire kernel. If you don't enable this option, you have to explicitly specify UBSAN_SANITIZE := y for the files/directories you want to check for UB. Enabling this option will get kernel image size increased significantly. config UBSAN_ALIGNMENT bool "Enable checks for pointers alignment" default !HAVE_EFFICIENT_UNALIGNED_ACCESS depends on !UBSAN_TRAP help This option enables the check of unaligned memory accesses. Enabling this option on architectures that support unaligned accesses may produce a lot of false positives. config TEST_UBSAN tristate "Module for testing for undefined behavior detection" depends on m help This is a test module for UBSAN. It triggers various undefined behavior, and detect it. endif # if UBSAN |