From: Kees Cook <keescook@chromium.org>
To: Nathan Chancellor <nathan@kernel.org>
Cc: Marco Elver <elver@google.com>,
Masahiro Yamada <masahiroy@kernel.org>,
Nick Desaulniers <ndesaulniers@google.com>,
Nicolas Schier <nicolas@fjasle.eu>, Tom Rix <trix@redhat.com>,
Josh Poimboeuf <jpoimboe@kernel.org>,
Miroslav Benes <mbenes@suse.cz>,
linux-kbuild@vger.kernel.org, llvm@lists.linux.dev,
"Peter Zijlstra (Intel)" <peterz@infradead.org>,
linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org
Subject: Re: [PATCH] ubsan: Tighten UBSAN_BOUNDS on GCC
Date: Fri, 3 Mar 2023 12:29:23 -0800 [thread overview]
Message-ID: <640258a4.170a0220.a298f.8ed5@mx.google.com> (raw)
In-Reply-To: <20230303154433.GA3775@dev-arch.thelio-3990X>
On Fri, Mar 03, 2023 at 08:44:33AM -0700, Nathan Chancellor wrote:
> On Thu, Mar 02, 2023 at 02:54:45PM -0800, Kees Cook wrote:
> > [...]
> > config CC_HAS_UBSAN_ARRAY_BOUNDS
> > def_bool $(cc-option,-fsanitize=array-bounds)
> > + help
> > + The -fsanitize=array-bounds option is only available on Clang,
> > + and is actually composed of two more specific options,
> > + -fsanitize=array-bounds and -fsanitize=local-bounds. However,
> > + -fsanitize=local-bounds can only be used when trap mode is
> > + enabled. (See also the help for CONFIG_LOCAL_BOUNDS.)
>
> The first sentence does not read right to me, you have array-bounds
> twice. I think the first one wants to be just bounds?
Oops, yes. I rewrote that a few times and seem to have gotten lost. I
think it is better written as:
Under Clang, the -fsanitize=bounds option is actually composed
of two more specific options, -fsanitize=array-bounds and
-fsanitize=local-bounds. However, -fsanitize=local-bounds can
only be used when trap mode is enabled. (See also the help for
CONFIG_LOCAL_BOUNDS.) Explicitly check for -fsanitize=array-bounds
so that we can build up the options needed for UBSAN_BOUNDS
with or without UBSAN_TRAP.
--
Kees Cook
prev parent reply other threads:[~2023-03-03 20:29 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-02 22:54 [PATCH] ubsan: Tighten UBSAN_BOUNDS on GCC Kees Cook
2023-03-03 15:44 ` Nathan Chancellor
2023-03-03 20:29 ` Kees Cook [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=640258a4.170a0220.a298f.8ed5@mx.google.com \
--to=keescook@chromium.org \
--cc=elver@google.com \
--cc=jpoimboe@kernel.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kbuild@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=llvm@lists.linux.dev \
--cc=masahiroy@kernel.org \
--cc=mbenes@suse.cz \
--cc=nathan@kernel.org \
--cc=ndesaulniers@google.com \
--cc=nicolas@fjasle.eu \
--cc=peterz@infradead.org \
--cc=trix@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.