From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from desiato.infradead.org (desiato.infradead.org [90.155.92.199]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8054022FAFD for ; Sun, 1 Feb 2026 11:47:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=90.155.92.199 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1769946471; cv=none; b=pf3BUm4sQpcBnr7XvUtiHzR9IokDpCm7qC/x2FIUvxibzDja3OQ/YxLJnsc8+DxQEfmm4ZNNIwnDTWC4F8kAoXK8BErEs3oCdTMamRs7OaS7fIAlwKSIhqMK8PNn5rqVFNHdcPO4uMQ68ctA5LNmJM+VFFW+KQBQCeczv0QgB/E= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1769946471; c=relaxed/simple; bh=kQSDhZdCRajk1EQ1ZAlufg8ydu3TBWCpT//eoncpRUU=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=gNXL6RJBahKp/speRKlH8fWmNosf+k2MGL935e5UsEyzabbS0Ns/OYUG1iHSMmWSzV7TsCJiLjdvrwJFxOQ070R5vgwpXBRTW4L4BnGlNQQT9m+S4+X6NI1WqWjgc6Ja8K5HuLukIJanyk0sT/lOxuhG/OSh3UcydfC/NVUzhG8= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=infradead.org; spf=none smtp.mailfrom=infradead.org; dkim=pass (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b=qw9FPEfx; arc=none smtp.client-ip=90.155.92.199 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=infradead.org Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=infradead.org Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b="qw9FPEfx" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=desiato.20200630; h=In-Reply-To:Content-Type:MIME-Version: References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=dEmvwciI0rOUf4qJw3iwOrYPPtWbaVoXwX0E/FyAsrE=; b=qw9FPEfxHVYTz9SaB0aF4VpIkI XAuYhnOkQSfxgtIf4M6r8mfXgpp62+I4JK3qegJ1fJF7sqp6GHA8iDneDJsTBOXIl2ymG3FIaF2m/ mujqXPrsOTbrsuwJkVzf9Jn6R2Ey7t0dE/volfGz21alu8fmijBH4J4YSDToIBNoQi6xInNOuUUv3 mlZdazUVLdVwS1mMHiKLdMOxU2NKAkyCBZaGbmy6KIMEBZ3Ld3g9hJMTV++zU4PEhnmkx6YC151HM qWzQreL93yjezPRI+g+oMfjH602+CzDuoWFJflfg23ok3Ax3W0dluoVu4LZFBtqT7xaBg4ZTJWpUN GC6lEOqw==; Received: from 77-249-17-252.cable.dynamic.v4.ziggo.nl ([77.249.17.252] helo=noisy.programming.kicks-ass.net) by desiato.infradead.org with esmtpsa (Exim 4.98.2 #2 (Red Hat Linux)) id 1vmVva-0000000DSNm-1ikP; Sun, 01 Feb 2026 11:47:42 +0000 Received: by noisy.programming.kicks-ass.net (Postfix, from userid 1000) id DC85D300E8B; Sun, 01 Feb 2026 12:47:41 +0100 (CET) Date: Sun, 1 Feb 2026 12:47:41 +0100 From: Peter Zijlstra To: Kees Cook Cc: mingo@kernel.org, oleg@redhat.com, linux-kernel@vger.kernel.org, debian-kernel@lists.debian.org, kees@kernel.org Subject: Re: [PATCH] seqlock: Allow UBSAN to fail optimizing Message-ID: <20260201114741.GA3016024@noisy.programming.kicks-ass.net> References: <20260129110733.GA166857@noisy.programming.kicks-ass.net> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: On Sat, Jan 31, 2026 at 10:42:35AM -0800, Kees Cook wrote: > On Sat, Jan 31, 2026 at 10:39:42AM +0100, Salvatore Bonaccorso wrote: > > Kees, Peter approached the Debian kernel list above to drop > > CONFIG_UBSAN again, which, so I think we need to revert your > > 6cfadabfe015 ("Enable UBSAN_BOUNDS and UBSAN_SHIFT"): > > https://salsa.debian.org/kernel-team/linux/-/commit/6cfadabfe015fa0d659fc8e3efd495cbcae3e44e > > > > I have make a MR for our packaging for the change in > > https://salsa.debian.org/kernel-team/linux/-/merge_requests/1804 > > I am strongly opposed -- this undoes years of security flaw mitigation > work and leaves Debian (and only Debian!) exposed to trivial array index > overflows. The bounds sanitizer is the corner stone of memory safety > for C, and is not some "experimental" feature. GCC has a long history > of trouble with inlining, so this is not something unique to enabling > this feature. > > I replied similarly to the PR. This would be a major mistake to disable. Why the heck is bounds checking part of UBSAN? The simple fix here is to get it out from CONFIG_UBSAN, so that CONFIG_UBSAN is debug only crap. Notably, none of the UBSAN configs that tripped the optimization fail even had bounds checking enabled.