summaryrefslogblamecommitdiff
path: root/lib/Kconfig.ubsan
blob: 9deb655838b0ae5a0ab058c07127f507fda42fe1 (plain) (tree)
1
2
3
4
5
6
7
8
9
                                       





                                                 
                                                                     
                                                                          
















                                                                          




                                                           




                                                                        




                                                                                 

                                                                   
 

                                                     
                        
                                                    
            


                                                                       
                                                        
 


                                    





                                                                      
# SPDX-License-Identifier: GPL-2.0-only
config ARCH_HAS_UBSAN_SANITIZE_ALL
	bool

config UBSAN
	bool "Undefined behaviour sanity checker"
	help
	  This option enables the Undefined Behaviour sanity checker.
	  Compile-time instrumentation is used to detect various undefined
	  behaviours at runtime. For more details, see:
	  Documentation/dev-tools/ubsan.rst

config UBSAN_TRAP
	bool "On Sanitizer warnings, abort the running kernel code"
	depends on UBSAN
	depends on $(cc-option, -fsanitize-undefined-trap-on-error)
	help
	  Building kernels with Sanitizer features enabled tends to grow
	  the kernel size by around 5%, due to adding all the debugging
	  text on failure paths. To avoid this, Sanitizer instrumentation
	  can just issue a trap. This reduces the kernel size overhead but
	  turns all warnings (including potentially harmless conditions)
	  into full exceptions that abort the running kernel code
	  (regardless of context, locks held, etc), which may destabilize
	  the system. For some system builders this is an acceptable
	  trade-off.

config UBSAN_SANITIZE_ALL
	bool "Enable instrumentation for the entire kernel"
	depends on UBSAN
	depends on ARCH_HAS_UBSAN_SANITIZE_ALL

	# We build with -Wno-maybe-uninitilzed, but we still want to
	# use -Wmaybe-uninitilized in allmodconfig builds.
	# So dependsy bellow used to disable this option in allmodconfig
	depends on !COMPILE_TEST
	default y
	help
	  This option activates instrumentation for the entire kernel.
	  If you don't enable this option, you have to explicitly specify
	  UBSAN_SANITIZE := y for the files/directories you want to check for UB.
	  Enabling this option will get kernel image size increased
	  significantly.

config UBSAN_NO_ALIGNMENT
	bool "Disable checking of pointers alignment"
	depends on UBSAN
	default y if HAVE_EFFICIENT_UNALIGNED_ACCESS
	help
	  This option disables the check of unaligned memory accesses.
	  This option should be used when building allmodconfig.
	  Disabling this option on architectures that support unaligned
	  accesses may produce a lot of false positives.

config UBSAN_ALIGNMENT
	def_bool !UBSAN_NO_ALIGNMENT

config TEST_UBSAN
	tristate "Module for testing for undefined behavior detection"
	depends on m && UBSAN
	help
	  This is a test module for UBSAN.
	  It triggers various undefined behavior, and detect it.