From: Nathan Chancellor <nathan@kernel.org>
To: keescook@chromium.org
Cc: gustavoars@kernel.org, justinstitt@google.com,
linux-hardening@vger.kernel.org, patches@lists.linux.dev,
Nathan Chancellor <nathan@kernel.org>
Subject: [PATCH 2/2] configs/hardening: Disable CONFIG_UBSAN_SIGNED_WRAP
Date: Thu, 11 Apr 2024 11:11:07 -0700 [thread overview]
Message-ID: <20240411-fix-ubsan-in-hardening-config-v1-2-e0177c80ffaa@kernel.org> (raw)
In-Reply-To: <20240411-fix-ubsan-in-hardening-config-v1-0-e0177c80ffaa@kernel.org>
kernel/configs/hardening.config turns on UBSAN for the bounds sanitizer,
as that in combination with trapping can stop the exploitation of buffer
overflows within the kernel. At the same time, hardening.config turns
off every other UBSAN sanitizer because trapping means all UBSAN reports
will be fatal and the problems brought up by other sanitizers generally
do not have security implications.
The signed integer overflow sanitizer was recently added back to the
kernel and it is default on with just CONFIG_UBSAN=y, meaning that it
gets enabled when merging hardening.config into another configuration.
While this sanitizer does have security implications like the array
bounds sanitizer, work to clean up enough instances to allow this to run
in production environments is still ramping up, which means regular
users and testers may be broken by these instances with
CONFIG_UBSAN_TRAP=y. Disable CONFIG_UBSAN_SIGNED_WRAP in
hardening.config to avoid this situation.
Fixes: 557f8c582a9b ("ubsan: Reintroduce signed overflow sanitizer")
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
---
kernel/configs/hardening.config | 1 +
1 file changed, 1 insertion(+)
diff --git a/kernel/configs/hardening.config b/kernel/configs/hardening.config
index d6f6dc45628a..4b4cfcba3190 100644
--- a/kernel/configs/hardening.config
+++ b/kernel/configs/hardening.config
@@ -41,6 +41,7 @@ CONFIG_UBSAN_BOUNDS=y
# CONFIG_UBSAN_SHIFT is not set
# CONFIG_UBSAN_DIV_ZERO is not set
# CONFIG_UBSAN_UNREACHABLE is not set
+# CONFIG_UBSAN_SIGNED_WRAP is not set
# CONFIG_UBSAN_BOOL is not set
# CONFIG_UBSAN_ENUM is not set
# CONFIG_UBSAN_ALIGNMENT is not set
--
2.44.0
next prev parent reply other threads:[~2024-04-11 18:11 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-11 18:11 [PATCH 0/2] configs/hardening: Some fixes for UBSAN Nathan Chancellor
2024-04-11 18:11 ` [PATCH 1/2] configs/hardening: Fix disabling UBSAN configurations Nathan Chancellor
2024-04-11 18:11 ` Nathan Chancellor [this message]
2024-04-15 18:09 ` [PATCH 0/2] configs/hardening: Some fixes for UBSAN Kees Cook
2024-04-15 18:15 ` Kees Cook
2024-04-15 18:32 ` Nathan Chancellor
2024-04-22 22:00 ` Justin Stitt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240411-fix-ubsan-in-hardening-config-v1-2-e0177c80ffaa@kernel.org \
--to=nathan@kernel.org \
--cc=gustavoars@kernel.org \
--cc=justinstitt@google.com \
--cc=keescook@chromium.org \
--cc=linux-hardening@vger.kernel.org \
--cc=patches@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.