From: Sam Ravnborg <sam@ravnborg.org>
To: Kees Cook <keescook@chromium.org>
Cc: "David S. Miller" <davem@davemloft.net>,
Andreas Larsson <andreas@gaisler.com>,
Masahiro Yamada <masahiroy@kernel.org>,
Helge Deller <deller@gmx.de>, Guo Ren <guoren@kernel.org>,
sparclinux@vger.kernel.org,
Catalin Marinas <catalin.marinas@arm.com>,
"Russell King (Oracle)" <rmk+kernel@armlinux.org.uk>,
linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org
Subject: Re: [PATCH] sparc: vdso: Disable UBSAN instrumentation
Date: Sat, 24 Feb 2024 08:36:17 +0100 [thread overview]
Message-ID: <20240224073617.GA2959352@ravnborg.org> (raw)
In-Reply-To: <202402231523.F9E3740EB@keescook>
Hi Kees,
On Fri, Feb 23, 2024 at 03:32:37PM -0800, Kees Cook wrote:
> On Fri, Feb 23, 2024 at 07:26:46PM +0100, Sam Ravnborg wrote:
> > Hi Kees,
> >
> > On Fri, Feb 23, 2024 at 08:59:45AM -0800, Kees Cook wrote:
> > > The UBSAN instrumentation cannot work in the vDSO since it is executing
> > > in userspace, so disable it in the Makefile. Fixes the build failures
> > > such as:
> > >
> > > arch/sparc/vdso/vclock_gettime.c:217: undefined reference to `__ubsan_handle_shift_out_of_bounds'
> > >
> > > Signed-off-by: Kees Cook <keescook@chromium.org>
> > > ---
> > > Cc: "David S. Miller" <davem@davemloft.net>
> > > Cc: Andreas Larsson <andreas@gaisler.com>
> > > Cc: Masahiro Yamada <masahiroy@kernel.org>
> > > Cc: Sam Ravnborg <sam@ravnborg.org>
> > > Cc: Helge Deller <deller@gmx.de>
> > > Cc: Guo Ren <guoren@kernel.org>
> > > Cc: sparclinux@vger.kernel.org
> > > ---
> > > arch/sparc/vdso/Makefile | 1 +
> > > 1 file changed, 1 insertion(+)
> > >
> > > diff --git a/arch/sparc/vdso/Makefile b/arch/sparc/vdso/Makefile
> > > index 7f5eedf1f5e0..e8aef2c8ae99 100644
> > > --- a/arch/sparc/vdso/Makefile
> > > +++ b/arch/sparc/vdso/Makefile
> > > @@ -2,6 +2,7 @@
> > > #
> > > # Building vDSO images for sparc.
> > > #
> > > +UBSAN_SANITIZE := n
> >
> > When I read:
> >
> > config UBSAN_SANITIZE_ALL
> > bool "Enable instrumentation for the entire kernel"
> > depends on ARCH_HAS_UBSAN_SANITIZE_ALL
> > default y
> > help
> > This option activates instrumentation for the entire kernel.
> > If you don't enable this option, you have to explicitly specify
> > UBSAN_SANITIZE := y for the files/directories you want to check for UB.
> > Enabling this option will get kernel image size increased
> > significantly.
> >
> >
> > I am left with the understanding that only arch's that
> > selects ARCH_HAS_UBSAN_SANITIZE_ALL would need to turn off
> > UBSAN_SANITIZE.
>
> Ah, right. So, I removed[1] UBSAN_SANITIZE_ALL in -next (it was the only
> sanitizer using this logic) and this appears to be one of the impacts. :)
> I sent similar fixes for sh[2] and LoongArch[3].
>
> > Are this fix papering over some other bug where we enable
> > UBSAN_SANITIZE_ALL for arch's that should not have it,
> > or something else that enable it?
>
> It's possible we should implement HAVE_ARCH_UBSAN, but in my testing
> everything built fine with it, so I didn't opt to do that (it looked
> like just additional configs for no real benefit). What do you think?
Coffee has not yet kicked in, but...
> [1] https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git/commit/?h=for-next/kspp&id=918327e9b7ffb45321cbb4b9b86b58ec555fe6b3
OK, I did not have this patch in my tree so it explain the need for the
patch in this mail. Looking at the linked patch the ARCH_HAS_UBSAN symbol
is selected by some architecture but I see no use of it. Maybe that is a
later patch and then all is good.
In general I am not fan of naked config symbols (no help / comment) like this:
config ARCH_HAS_UBSAN
bool
The reader is left only with the symbol name trying to understand the
purpose of a symbol that is selected by some architectures.
But that is a different matter for another day.
As you now put the patch in this mail in context it makes sense and it has my:
Acked-by: Sam Ravnborg <sam@ravnborg.org>
Sam
next prev parent reply other threads:[~2024-02-24 7:36 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-23 16:59 [PATCH] sparc: vdso: Disable UBSAN instrumentation Kees Cook
2024-02-23 18:26 ` Sam Ravnborg
2024-02-23 23:32 ` Kees Cook
2024-02-24 7:36 ` Sam Ravnborg [this message]
2024-02-29 20:00 ` Andy Shevchenko
2024-02-29 21:32 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240224073617.GA2959352@ravnborg.org \
--to=sam@ravnborg.org \
--cc=andreas@gaisler.com \
--cc=catalin.marinas@arm.com \
--cc=davem@davemloft.net \
--cc=deller@gmx.de \
--cc=guoren@kernel.org \
--cc=keescook@chromium.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=masahiroy@kernel.org \
--cc=rmk+kernel@armlinux.org.uk \
--cc=sparclinux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.