From: Andrey Ryabinin <ryabinin.a.a@gmail.com>
To: Kees Cook <keescook@chromium.org>, Justin Stitt <justinstitt@google.com>
Cc: Marco Elver <elver@google.com>, Miguel Ojeda <ojeda@kernel.org>,
Nathan Chancellor <nathan@kernel.org>,
Peter Zijlstra <peterz@infradead.org>,
Hao Luo <haoluo@google.com>,
Andrey Konovalov <andreyknvl@gmail.com>,
Andrew Morton <akpm@linux-foundation.org>,
Masahiro Yamada <masahiroy@kernel.org>,
Nicolas Schier <nicolas@fjasle.eu>,
Nick Desaulniers <ndesaulniers@google.com>,
Przemek Kitszel <przemyslaw.kitszel@intel.com>,
linux-kernel@vger.kernel.org, kasan-dev@googlegroups.com,
linux-hardening@vger.kernel.org, linux-kbuild@vger.kernel.org
Subject: Re: [PATCH v3] ubsan: Reintroduce signed overflow sanitizer
Date: Mon, 5 Feb 2024 13:54:24 +0100 [thread overview]
Message-ID: <67a842ad-b900-4c63-afcb-63455934f727@gmail.com> (raw)
In-Reply-To: <20240205093725.make.582-kees@kernel.org>
On 2/5/24 10:37, Kees Cook wrote:
> ---
> include/linux/compiler_types.h | 9 ++++-
> lib/Kconfig.ubsan | 14 +++++++
> lib/test_ubsan.c | 37 ++++++++++++++++++
> lib/ubsan.c | 68 ++++++++++++++++++++++++++++++++++
> lib/ubsan.h | 4 ++
> scripts/Makefile.lib | 3 ++
> scripts/Makefile.ubsan | 3 ++
> 7 files changed, 137 insertions(+), 1 deletion(-)
>
> diff --git a/include/linux/compiler_types.h b/include/linux/compiler_types.h
> index 6f1ca49306d2..ee9d272008a5 100644
> --- a/include/linux/compiler_types.h
> +++ b/include/linux/compiler_types.h
> @@ -282,11 +282,18 @@ struct ftrace_likely_data {
> #define __no_sanitize_or_inline __always_inline
> #endif
>
> +/* Do not trap wrapping arithmetic within an annotated function. */
> +#ifdef CONFIG_UBSAN_SIGNED_WRAP
> +# define __signed_wrap __attribute__((no_sanitize("signed-integer-overflow")))
> +#else
> +# define __signed_wrap
> +#endif
> +
> /* Section for code which can't be instrumented at all */
> #define __noinstr_section(section) \
> noinline notrace __attribute((__section__(section))) \
> __no_kcsan __no_sanitize_address __no_profile __no_sanitize_coverage \
> - __no_sanitize_memory
> + __no_sanitize_memory __signed_wrap
>
Given this disables all kinds of code instrumentations,
shouldn't we just add __no_sanitize_undefined here?
I suspect that ubsan's instrumentation usually doesn't cause problems
because it calls __ubsan_* functions with all heavy stuff (printk, locks etc)
only if code has an UB. So the answer to the question above depends on
whether we want to ignore UBs in "noinstr" code or to get some weird side effect,
possibly without proper UBSAN report in dmesg.
next prev parent reply other threads:[~2024-02-05 12:54 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-05 9:37 [PATCH v3] ubsan: Reintroduce signed overflow sanitizer Kees Cook
2024-02-05 11:29 ` Marco Elver
2024-02-05 12:51 ` Kees Cook
2024-02-05 12:54 ` Andrey Ryabinin [this message]
2024-02-05 12:59 ` Kees Cook
2024-02-05 13:10 ` Marco Elver
2024-02-06 11:09 ` Kees Cook
2024-02-07 1:45 ` Justin Stitt
2024-02-07 11:04 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=67a842ad-b900-4c63-afcb-63455934f727@gmail.com \
--to=ryabinin.a.a@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=andreyknvl@gmail.com \
--cc=elver@google.com \
--cc=haoluo@google.com \
--cc=justinstitt@google.com \
--cc=kasan-dev@googlegroups.com \
--cc=keescook@chromium.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kbuild@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=masahiroy@kernel.org \
--cc=nathan@kernel.org \
--cc=ndesaulniers@google.com \
--cc=nicolas@fjasle.eu \
--cc=ojeda@kernel.org \
--cc=peterz@infradead.org \
--cc=przemyslaw.kitszel@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox