From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1760713AbbLCPuH (ORCPT ); Thu, 3 Dec 2015 10:50:07 -0500 Received: from relay.parallels.com ([195.214.232.42]:44543 "EHLO relay.parallels.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1757189AbbLCPuE (ORCPT ); Thu, 3 Dec 2015 10:50:04 -0500 From: Andrey Ryabinin To: CC: Andrey Ryabinin , Andrew Morton , Peter Zijlstra , Sasha Levin , Randy Dunlap , Rasmus Villemoes , Jonathan Corbet , Michal Marek , Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Yury Gribov , Dmitry Vyukov , Konstantin Khlebnikov , Kostya Serebryany , , , Subject: [PATCH v4 0/3] UBSAN: run-time undefined behavior sanity checker Date: Thu, 3 Dec 2015 18:50:04 +0300 Message-ID: <1449157807-20298-1-git-send-email-aryabinin@virtuozzo.com> X-Mailer: git-send-email 2.4.10 MIME-Version: 1.0 Content-Type: text/plain X-ClientProxiedBy: US-EXCH.sw.swsoft.com (10.255.249.47) To MSK-EXCH1.sw.swsoft.com (10.67.48.55) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org UBSAN is run-time undefined behaviour checker. It uses compile-time instrumentation to catch undefined behavior (UB). Compiler inserts code that perform certain kinds of checks before operations that could cause UB. If check fails (i.e. UB detected) __ubsan_handle_* function called to print error message. Changes since v3: - Fixed build failure/warnings reported by kbuild robot. - Fixed typo per Sasha. Changes since V2: - Dropped -fsanitize=nonnull-attribute. It checks whether null values are not passed to arguments marked as requiring a non-null value by the "nonnull" function attribute. We don't have much functions with such attribute (early_shadow_write() in arch/blackfin and GCC builtin functions: memcpy, memset, memmove, etc). Some kernel code deliberately passes NULL-ptr with 0-length to mem*(). This should be fine since we compile kernel with -fno-delete-null-pointer-checks. And NULL-ptr with != 0 length will just crash. So this options is useless in kernel since it produces only false positives. See also: http://thread.gmane.org/gmane.linux.kernel/1810656 - Also dropped enabling/disabling various checkers via boot cmdline. Boot time flag only disable reports, it can't disable compile-time code instrumentation. Thus, if we ever will need to disable some checker it would be better to do it in compile time via Kconfig option. - Alignment checks produce too much noise if CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS is set. Since there is no boottime option to disable alignment checks, CONFIG_UBSAN_ALIGNMENT was added. It's off by default if CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS is set. - Couple other small misc changes/fixes. Changes since v1: - Refactoring and cleanups in lib/ubsan.c including Sasha's complains. - Some spelling fixes from Randy - Fixed possible memory corruption on 64 big endian machines, spotted by Rasmus. - Links to the relevant GCC documentation added into changelog (Peter). - Added documentation. - Fix deadlock caused by kernel/printk/printk.c instrumentation (patch "kernel: printk: specify alignment for struct printk_log"). - Dropped useless 'Indirect call of a function through a function pointer of the wrong type' checker. GCC doesn't support this, and as clang manual says it's for C++ only. - Added checker for __builtin_unreachable() calls. - Removed redundant -fno-sanitize=float-cast-overflow from CFLAGS. - Added lock to prevent mixing reports. Andrey Ryabinin (3): kernel: printk: specify alignment for struct printk_log mac80211: Prevent build failure with CONFIG_UBSAN=y UBSAN: run-time undefined behavior sanity checker Documentation/ubsan.txt | 84 +++++++ Makefile | 3 +- arch/x86/Kconfig | 1 + arch/x86/boot/Makefile | 1 + arch/x86/boot/compressed/Makefile | 1 + arch/x86/entry/vdso/Makefile | 1 + arch/x86/realmode/rm/Makefile | 1 + drivers/firmware/efi/libstub/Makefile | 1 + include/linux/sched.h | 3 + kernel/printk/printk.c | 10 +- lib/Kconfig.debug | 1 + lib/Kconfig.ubsan | 29 +++ lib/Makefile | 3 + lib/ubsan.c | 456 ++++++++++++++++++++++++++++++++++ lib/ubsan.h | 84 +++++++ mm/kasan/Makefile | 1 + net/mac80211/debugfs.c | 7 +- scripts/Makefile.lib | 6 + scripts/Makefile.ubsan | 18 ++ 19 files changed, 700 insertions(+), 11 deletions(-) create mode 100644 Documentation/ubsan.txt create mode 100644 lib/Kconfig.ubsan create mode 100644 lib/ubsan.c create mode 100644 lib/ubsan.h create mode 100644 scripts/Makefile.ubsan -- 2.4.10 From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from relay.parallels.com ([195.214.232.42]:44543 "EHLO relay.parallels.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1757189AbbLCPuE (ORCPT ); Thu, 3 Dec 2015 10:50:04 -0500 From: Andrey Ryabinin Subject: [PATCH v4 0/3] UBSAN: run-time undefined behavior sanity checker Date: Thu, 3 Dec 2015 18:50:04 +0300 Message-ID: <1449157807-20298-1-git-send-email-aryabinin@virtuozzo.com> MIME-Version: 1.0 Content-Type: text/plain Sender: linux-kbuild-owner@vger.kernel.org List-ID: To: linux-kernel@vger.kernel.org Cc: Andrey Ryabinin , Andrew Morton , Peter Zijlstra , Sasha Levin , Randy Dunlap , Rasmus Villemoes , Jonathan Corbet , Michal Marek , Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Yury Gribov , Dmitry Vyukov , Konstantin Khlebnikov , Kostya Serebryany , x86@kernel.org, linux-doc@vger.kernel.org, linux-kbuild@vger.kernel.org UBSAN is run-time undefined behaviour checker. It uses compile-time instrumentation to catch undefined behavior (UB). Compiler inserts code that perform certain kinds of checks before operations that could cause UB. If check fails (i.e. UB detected) __ubsan_handle_* function called to print error message. Changes since v3: - Fixed build failure/warnings reported by kbuild robot. - Fixed typo per Sasha. Changes since V2: - Dropped -fsanitize=nonnull-attribute. It checks whether null values are not passed to arguments marked as requiring a non-null value by the "nonnull" function attribute. We don't have much functions with such attribute (early_shadow_write() in arch/blackfin and GCC builtin functions: memcpy, memset, memmove, etc). Some kernel code deliberately passes NULL-ptr with 0-length to mem*(). This should be fine since we compile kernel with -fno-delete-null-pointer-checks. And NULL-ptr with != 0 length will just crash. So this options is useless in kernel since it produces only false positives. See also: http://thread.gmane.org/gmane.linux.kernel/1810656 - Also dropped enabling/disabling various checkers via boot cmdline. Boot time flag only disable reports, it can't disable compile-time code instrumentation. Thus, if we ever will need to disable some checker it would be better to do it in compile time via Kconfig option. - Alignment checks produce too much noise if CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS is set. Since there is no boottime option to disable alignment checks, CONFIG_UBSAN_ALIGNMENT was added. It's off by default if CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS is set. - Couple other small misc changes/fixes. Changes since v1: - Refactoring and cleanups in lib/ubsan.c including Sasha's complains. - Some spelling fixes from Randy - Fixed possible memory corruption on 64 big endian machines, spotted by Rasmus. - Links to the relevant GCC documentation added into changelog (Peter). - Added documentation. - Fix deadlock caused by kernel/printk/printk.c instrumentation (patch "kernel: printk: specify alignment for struct printk_log"). - Dropped useless 'Indirect call of a function through a function pointer of the wrong type' checker. GCC doesn't support this, and as clang manual says it's for C++ only. - Added checker for __builtin_unreachable() calls. - Removed redundant -fno-sanitize=float-cast-overflow from CFLAGS. - Added lock to prevent mixing reports. Andrey Ryabinin (3): kernel: printk: specify alignment for struct printk_log mac80211: Prevent build failure with CONFIG_UBSAN=y UBSAN: run-time undefined behavior sanity checker Documentation/ubsan.txt | 84 +++++++ Makefile | 3 +- arch/x86/Kconfig | 1 + arch/x86/boot/Makefile | 1 + arch/x86/boot/compressed/Makefile | 1 + arch/x86/entry/vdso/Makefile | 1 + arch/x86/realmode/rm/Makefile | 1 + drivers/firmware/efi/libstub/Makefile | 1 + include/linux/sched.h | 3 + kernel/printk/printk.c | 10 +- lib/Kconfig.debug | 1 + lib/Kconfig.ubsan | 29 +++ lib/Makefile | 3 + lib/ubsan.c | 456 ++++++++++++++++++++++++++++++++++ lib/ubsan.h | 84 +++++++ mm/kasan/Makefile | 1 + net/mac80211/debugfs.c | 7 +- scripts/Makefile.lib | 6 + scripts/Makefile.ubsan | 18 ++ 19 files changed, 700 insertions(+), 11 deletions(-) create mode 100644 Documentation/ubsan.txt create mode 100644 lib/Kconfig.ubsan create mode 100644 lib/ubsan.c create mode 100644 lib/ubsan.h create mode 100644 scripts/Makefile.ubsan -- 2.4.10