[PATCH 0/2] ubsan for s390

[PATCH 0/2] ubsan for s390

[Christian Borntraeger]

This patch set enables ubsan for s390.

We have to fence some files and can then enable
ARCH_HAS_UBSAN_SANITIZE_ALL. (patch 2)

We have to disable the null pointer sanitizer as
we use the S390_lowcore macro to access several 
memory location after address 0  (patch 1)

If patch 1 is ok, is the s390 tree the right place
also for patch1?

Christian Borntraeger (2):
  ubsan: allow to disable the null sanitizer
  s390/ubsan: enable UBSAN for s390

 arch/s390/Kconfig                  |  2 ++
 arch/s390/boot/compressed/Makefile |  1 +
 arch/s390/kernel/Makefile          |  3 +++
 arch/s390/kernel/vdso32/Makefile   |  3 ++-
 arch/s390/kernel/vdso64/Makefile   |  3 ++-
 lib/Kconfig.ubsan                  | 11 +++++++++++
 scripts/Makefile.ubsan             |  5 ++++-
 7 files changed, 25 insertions(+), 3 deletions(-)

-- 
2.5.5

[PATCH 1/2] ubsan: allow to disable the null sanitizer

[Christian Borntraeger]

Some architectures use a hardware defined struct at address zero.
Checking for a null pointer will result in many ubsan reports.
Let users disable the null sanitizer.

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
---
 lib/Kconfig.ubsan      | 11 +++++++++++
 scripts/Makefile.ubsan |  5 ++++-
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/lib/Kconfig.ubsan b/lib/Kconfig.ubsan
index 39494af..851c3f2 100644
--- a/lib/Kconfig.ubsan
+++ b/lib/Kconfig.ubsan
@@ -1,6 +1,9 @@
 config ARCH_HAS_UBSAN_SANITIZE_ALL
 	bool
 
+config ARCH_WANTS_UBSAN_NO_NULL
+	def_bool n
+
 config UBSAN
 	bool "Undefined behaviour sanity checker"
 	help
@@ -34,3 +37,11 @@ config UBSAN_ALIGNMENT
 	  This option enables detection of unaligned memory accesses.
 	  Enabling this option on architectures that support unaligned
 	  accesses may produce a lot of false positives.
+
+config UBSAN_NULL
+	bool "Enable checking of null pointers"
+	depends on UBSAN
+	default y if UBSAN && !ARCH_WANTS_UBSAN_NO_NULL
+	help
+	  This option enables detection of memory accesses via a
+	  null pointer.
diff --git a/scripts/Makefile.ubsan b/scripts/Makefile.ubsan
index 77ce538..3b1b138 100644
--- a/scripts/Makefile.ubsan
+++ b/scripts/Makefile.ubsan
@@ -3,7 +3,6 @@ ifdef CONFIG_UBSAN
       CFLAGS_UBSAN += $(call cc-option, -fsanitize=integer-divide-by-zero)
       CFLAGS_UBSAN += $(call cc-option, -fsanitize=unreachable)
       CFLAGS_UBSAN += $(call cc-option, -fsanitize=vla-bound)
-      CFLAGS_UBSAN += $(call cc-option, -fsanitize=null)
       CFLAGS_UBSAN += $(call cc-option, -fsanitize=signed-integer-overflow)
       CFLAGS_UBSAN += $(call cc-option, -fsanitize=bounds)
       CFLAGS_UBSAN += $(call cc-option, -fsanitize=object-size)
@@ -15,6 +14,10 @@ ifdef CONFIG_UBSAN_ALIGNMENT
       CFLAGS_UBSAN += $(call cc-option, -fsanitize=alignment)
 endif
 
+ifdef CONFIG_UBSAN_NULL
+      CFLAGS_UBSAN += $(call cc-option, -fsanitize=null)
+endif
+
       # -fsanitize=* options makes GCC less smart than usual and
       # increase number of 'maybe-uninitialized false-positives
       CFLAGS_UBSAN += $(call cc-option, -Wno-maybe-uninitialized)
-- 
2.5.5

[PATCH 2/2] s390/ubsan: enable UBSAN for s390

[Christian Borntraeger]

This enables UBSAN for s390. We have to disable the null sanitizer
as s390 code does access memory via a null pointer (the prefix page).

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
---
 arch/s390/Kconfig                  | 2 ++
 arch/s390/boot/compressed/Makefile | 1 +
 arch/s390/kernel/Makefile          | 3 +++
 arch/s390/kernel/vdso32/Makefile   | 3 ++-
 arch/s390/kernel/vdso64/Makefile   | 3 ++-
 5 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/arch/s390/Kconfig b/arch/s390/Kconfig
index e49ca114..5862a93 100644
--- a/arch/s390/Kconfig
+++ b/arch/s390/Kconfig
@@ -74,6 +74,7 @@ config S390
 	select ARCH_HAS_GCOV_PROFILE_ALL
 	select ARCH_HAS_KCOV
 	select ARCH_HAS_SG_CHAIN
+	select ARCH_HAS_UBSAN_SANITIZE_ALL
 	select ARCH_HAVE_NMI_SAFE_CMPXCHG
 	select ARCH_INLINE_READ_LOCK
 	select ARCH_INLINE_READ_LOCK_BH
@@ -110,6 +111,7 @@ config S390
 	select ARCH_USE_CMPXCHG_LOCKREF
 	select ARCH_WANTS_DYNAMIC_TASK_STRUCT
 	select ARCH_WANTS_PROT_NUMA_PROT_NONE
+	select ARCH_WANTS_UBSAN_NO_NULL
 	select ARCH_WANT_IPC_PARSE_VERSION
 	select BUILDTIME_EXTABLE_SORT
 	select CLONE_BACKWARDS2
diff --git a/arch/s390/boot/compressed/Makefile b/arch/s390/boot/compressed/Makefile
index 13723c3..66f42bb 100644
--- a/arch/s390/boot/compressed/Makefile
+++ b/arch/s390/boot/compressed/Makefile
@@ -17,6 +17,7 @@ KBUILD_CFLAGS += $(call cc-option,-mpacked-stack)
 KBUILD_CFLAGS += $(call cc-option,-ffreestanding)
 
 GCOV_PROFILE := n
+UBSAN_SANITIZE := n
 
 OBJECTS := $(addprefix $(objtree)/arch/s390/kernel/, head.o sclp.o ebcdic.o als.o)
 OBJECTS += $(obj)/head.o $(obj)/misc.o $(obj)/piggy.o
diff --git a/arch/s390/kernel/Makefile b/arch/s390/kernel/Makefile
index 8bc18eb..30407e6 100644
--- a/arch/s390/kernel/Makefile
+++ b/arch/s390/kernel/Makefile
@@ -48,6 +48,9 @@ AFLAGS_head.o		+= -march=z900
 endif
 GCOV_PROFILE_sclp.o := n
 GCOV_PROFILE_als.o := n
+UBSAN_SANITIZE_als.o := n
+UBSAN_SANITIZE_early.o := n
+UBSAN_SANITIZE_sclp.o := n
 
 obj-y	:= traps.o time.o process.o base.o early.o setup.o idle.o vtime.o
 obj-y	+= processor.o sys_s390.o ptrace.o signal.o cpcmd.o ebcdic.o nmi.o
diff --git a/arch/s390/kernel/vdso32/Makefile b/arch/s390/kernel/vdso32/Makefile
index 6814545..6cc9478 100644
--- a/arch/s390/kernel/vdso32/Makefile
+++ b/arch/s390/kernel/vdso32/Makefile
@@ -24,8 +24,9 @@ obj-y += vdso32_wrapper.o
 extra-y += vdso32.lds
 CPPFLAGS_vdso32.lds += -P -C -U$(ARCH)
 
-# Disable gcov profiling for VDSO code
+# Disable gcov profiling and ubsan for VDSO code
 GCOV_PROFILE := n
+UBSAN_SANITIZE := n
 
 # Force dependency (incbin is bad)
 $(obj)/vdso32_wrapper.o : $(obj)/vdso32.so
diff --git a/arch/s390/kernel/vdso64/Makefile b/arch/s390/kernel/vdso64/Makefile
index 0b0fd22..2d54c18 100644
--- a/arch/s390/kernel/vdso64/Makefile
+++ b/arch/s390/kernel/vdso64/Makefile
@@ -24,8 +24,9 @@ obj-y += vdso64_wrapper.o
 extra-y += vdso64.lds
 CPPFLAGS_vdso64.lds += -P -C -U$(ARCH)
 
-# Disable gcov profiling for VDSO code
+# Disable gcov profiling and ubsan for VDSO code
 GCOV_PROFILE := n
+UBSAN_SANITIZE := n
 
 # Force dependency (incbin is bad)
 $(obj)/vdso64_wrapper.o : $(obj)/vdso64.so
-- 
2.5.5

Re: [PATCH 0/2] ubsan for s390

[Andrey Ryabinin]

On 09/12/2016 03:37 PM, Christian Borntraeger wrote:
> This patch set enables ubsan for s390.
> 
> We have to fence some files and can then enable
> ARCH_HAS_UBSAN_SANITIZE_ALL. (patch 2)
> 
> We have to disable the null pointer sanitizer as
> we use the S390_lowcore macro to access several 
> memory location after address 0  (patch 1)
> 
> If patch 1 is ok, is the s390 tree the right place
> also for patch1?
> 

Fine by me
	Acked-by: Andrey Ryabinin <aryabinin@virtuozzo.com>

> Christian Borntraeger (2):
>   ubsan: allow to disable the null sanitizer
>   s390/ubsan: enable UBSAN for s390
> 
>  arch/s390/Kconfig                  |  2 ++
>  arch/s390/boot/compressed/Makefile |  1 +
>  arch/s390/kernel/Makefile          |  3 +++
>  arch/s390/kernel/vdso32/Makefile   |  3 ++-
>  arch/s390/kernel/vdso64/Makefile   |  3 ++-
>  lib/Kconfig.ubsan                  | 11 +++++++++++
>  scripts/Makefile.ubsan             |  5 ++++-
>  7 files changed, 25 insertions(+), 3 deletions(-)
> 

Re: [PATCH 0/2] ubsan for s390

[Andrey Ryabinin]

On 09/12/2016 03:37 PM, Christian Borntraeger wrote:
> This patch set enables ubsan for s390.
> 
> We have to fence some files and can then enable
> ARCH_HAS_UBSAN_SANITIZE_ALL. (patch 2)
> 
> We have to disable the null pointer sanitizer as
> we use the S390_lowcore macro to access several 
> memory location after address 0  (patch 1)
> 
> If patch 1 is ok, is the s390 tree the right place
> also for patch1?
> 

Fine by me
	Acked-by: Andrey Ryabinin <aryabinin@virtuozzo.com>

> Christian Borntraeger (2):
>   ubsan: allow to disable the null sanitizer
>   s390/ubsan: enable UBSAN for s390
> 
>  arch/s390/Kconfig                  |  2 ++
>  arch/s390/boot/compressed/Makefile |  1 +
>  arch/s390/kernel/Makefile          |  3 +++
>  arch/s390/kernel/vdso32/Makefile   |  3 ++-
>  arch/s390/kernel/vdso64/Makefile   |  3 ++-
>  lib/Kconfig.ubsan                  | 11 +++++++++++
>  scripts/Makefile.ubsan             |  5 ++++-
>  7 files changed, 25 insertions(+), 3 deletions(-)
> 

Re: [PATCH 1/2] ubsan: allow to disable the null sanitizer

[Heiko Carstens]

On Mon, Sep 12, 2016 at 02:37:19PM +0200, Christian Borntraeger wrote:
> Some architectures use a hardware defined struct at address zero.
> Checking for a null pointer will result in many ubsan reports.
> Let users disable the null sanitizer.
> 
> Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
> ---
>  lib/Kconfig.ubsan      | 11 +++++++++++
>  scripts/Makefile.ubsan |  5 ++++-
>  2 files changed, 15 insertions(+), 1 deletion(-)
> 
> diff --git a/lib/Kconfig.ubsan b/lib/Kconfig.ubsan
> index 39494af..851c3f2 100644
> --- a/lib/Kconfig.ubsan
> +++ b/lib/Kconfig.ubsan
> @@ -1,6 +1,9 @@
>  config ARCH_HAS_UBSAN_SANITIZE_ALL
>  	bool
> 
> +config ARCH_WANTS_UBSAN_NO_NULL
> +	def_bool n
> +
>  config UBSAN
>  	bool "Undefined behaviour sanity checker"
>  	help
> @@ -34,3 +37,11 @@ config UBSAN_ALIGNMENT
>  	  This option enables detection of unaligned memory accesses.
>  	  Enabling this option on architectures that support unaligned
>  	  accesses may produce a lot of false positives.
> +
> +config UBSAN_NULL
> +	bool "Enable checking of null pointers"
> +	depends on UBSAN
> +	default y if UBSAN && !ARCH_WANTS_UBSAN_NO_NULL

I removed the not needed UBSAN from the "default y" and applied both
patches to the s390 tree.

Thanks!