diff options
author | Jann Horn <jannh@google.com> | 2023-07-05 23:51:27 +0200 |
---|---|---|
committer | Kees Cook <keescook@chromium.org> | 2023-07-17 16:05:19 -0700 |
commit | ce6616724fb425d6043d0dad6af996cd7c79bcc4 (patch) | |
tree | 344595f37aec651815664c0461378a7e8d68b6d2 /lib/Kconfig.ubsan | |
parent | fdf0eaf11452d72945af31804e2a1048ee1b574c (diff) | |
download | lwn-ce6616724fb425d6043d0dad6af996cd7c79bcc4.tar.gz lwn-ce6616724fb425d6043d0dad6af996cd7c79bcc4.zip |
ubsan: Clarify Kconfig text for CONFIG_UBSAN_TRAP
Make it clearer in the one-line description and the verbose description
text that CONFIG_UBSAN_TRAP as currently implemented involves a tradeoff of
much less helpful oops messages in exchange for a smaller kernel image.
(With the additional effect of turning UBSAN warnings into crashes, which
may or may not be desired.)
Signed-off-by: Jann Horn <jannh@google.com>
Link: https://lore.kernel.org/r/20230705215128.486054-1-jannh@google.com
Signed-off-by: Kees Cook <keescook@chromium.org>
Diffstat (limited to 'lib/Kconfig.ubsan')
-rw-r--r-- | lib/Kconfig.ubsan | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/lib/Kconfig.ubsan b/lib/Kconfig.ubsan index efae7e011956..59e21bfec188 100644 --- a/lib/Kconfig.ubsan +++ b/lib/Kconfig.ubsan @@ -13,7 +13,7 @@ menuconfig UBSAN if UBSAN config UBSAN_TRAP - bool "On Sanitizer warnings, abort the running kernel code" + bool "Abort on Sanitizer warnings (smaller kernel but less verbose)" depends on !COMPILE_TEST help Building kernels with Sanitizer features enabled tends to grow @@ -26,6 +26,14 @@ config UBSAN_TRAP the system. For some system builders this is an acceptable trade-off. + Also note that selecting Y will cause your kernel to Oops + with an "illegal instruction" error with no further details + when a UBSAN violation occurs. (Except on arm64, which will + report which Sanitizer failed.) This may make it hard to + determine whether an Oops was caused by UBSAN or to figure + out the details of a UBSAN violation. It makes the kernel log + output less useful for bug reports. + config CC_HAS_UBSAN_BOUNDS_STRICT def_bool $(cc-option,-fsanitize=bounds-strict) help |