[PATCH] mm/uaccess: Use 'unsigned long' to placate UBSAN warnings, again

[PATCH] mm/uaccess: Use 'unsigned long' to placate UBSAN warnings, again

[Josh Poimboeuf]

GCC 7 has a known bug where UBSAN ignores '-fwrapv' and generates false
signed-overflow-UB warnings.  The type mismatch between 'i' and
'nr_segs' in copy_compat_iovec_from_user() is causing such a warning,
which also happens to violate uaccess rules:

  lib/iov_iter.o: warning: objtool: iovec_from_user()+0x22d: call to __ubsan_handle_add_overflow() with UACCESS enabled

Fix it by making the variable types match.

This is similar to a previous commit:

  29da93fea3ea ("mm/uaccess: Use 'unsigned long' to placate UBSAN warnings on older GCC versions")

Reported-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
---
 lib/iov_iter.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/iov_iter.c b/lib/iov_iter.c
index 1635111c5bd2..2e6a42f5d1df 100644
--- a/lib/iov_iter.c
+++ b/lib/iov_iter.c
@@ -1656,7 +1656,8 @@ static int copy_compat_iovec_from_user(struct iovec *iov,
 {
 	const struct compat_iovec __user *uiov =
 		(const struct compat_iovec __user *)uvec;
-	int ret = -EFAULT, i;
+	int ret = -EFAULT;
+	unsigned long i;
 
 	if (!user_access_begin(uvec, nr_segs * sizeof(*uvec)))
 		return -EFAULT;
-- 
2.29.2

Re: [PATCH] mm/uaccess: Use 'unsigned long' to placate UBSAN warnings, again

[Randy Dunlap]

On 12/22/20 9:04 PM, Josh Poimboeuf wrote:
> GCC 7 has a known bug where UBSAN ignores '-fwrapv' and generates false
> signed-overflow-UB warnings.  The type mismatch between 'i' and
> 'nr_segs' in copy_compat_iovec_from_user() is causing such a warning,
> which also happens to violate uaccess rules:
> 
>   lib/iov_iter.o: warning: objtool: iovec_from_user()+0x22d: call to __ubsan_handle_add_overflow() with UACCESS enabled
> 
> Fix it by making the variable types match.
> 
> This is similar to a previous commit:
> 
>   29da93fea3ea ("mm/uaccess: Use 'unsigned long' to placate UBSAN warnings on older GCC versions")
> 
> Reported-by: Randy Dunlap <rdunlap@infradead.org>
> Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>

All good. Thanks.

Acked-by: Randy Dunlap <rdunlap@infradead.org> # build-tested


> ---
>  lib/iov_iter.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/lib/iov_iter.c b/lib/iov_iter.c
> index 1635111c5bd2..2e6a42f5d1df 100644
> --- a/lib/iov_iter.c
> +++ b/lib/iov_iter.c
> @@ -1656,7 +1656,8 @@ static int copy_compat_iovec_from_user(struct iovec *iov,
>  {
>  	const struct compat_iovec __user *uiov =
>  		(const struct compat_iovec __user *)uvec;
> -	int ret = -EFAULT, i;
> +	int ret = -EFAULT;
> +	unsigned long i;
>  
>  	if (!user_access_begin(uvec, nr_segs * sizeof(*uvec)))
>  		return -EFAULT;
> 


-- 
~Randy

Re: [PATCH] mm/uaccess: Use 'unsigned long' to placate UBSAN warnings, again

[Peter Zijlstra]

On Tue, Dec 22, 2020 at 11:04:54PM -0600, Josh Poimboeuf wrote:
> GCC 7 has a known bug where UBSAN ignores '-fwrapv' and generates false
> signed-overflow-UB warnings.  The type mismatch between 'i' and
> 'nr_segs' in copy_compat_iovec_from_user() is causing such a warning,
> which also happens to violate uaccess rules:
> 
>   lib/iov_iter.o: warning: objtool: iovec_from_user()+0x22d: call to __ubsan_handle_add_overflow() with UACCESS enabled
> 
> Fix it by making the variable types match.
> 
> This is similar to a previous commit:
> 
>   29da93fea3ea ("mm/uaccess: Use 'unsigned long' to placate UBSAN warnings on older GCC versions")

Maybe it's time we make UBSAN builds depend on GCC-8+ ?

Re: [PATCH] mm/uaccess: Use 'unsigned long' to placate UBSAN warnings, again

[Kees Cook]

On Mon, Jan 04, 2021 at 04:13:17PM +0100, Peter Zijlstra wrote:
> On Tue, Dec 22, 2020 at 11:04:54PM -0600, Josh Poimboeuf wrote:
> > GCC 7 has a known bug where UBSAN ignores '-fwrapv' and generates false
> > signed-overflow-UB warnings.  The type mismatch between 'i' and
> > 'nr_segs' in copy_compat_iovec_from_user() is causing such a warning,
> > which also happens to violate uaccess rules:
> > 
> >   lib/iov_iter.o: warning: objtool: iovec_from_user()+0x22d: call to __ubsan_handle_add_overflow() with UACCESS enabled
> > 
> > Fix it by making the variable types match.
> > 
> > This is similar to a previous commit:
> > 
> >   29da93fea3ea ("mm/uaccess: Use 'unsigned long' to placate UBSAN warnings on older GCC versions")
> 
> Maybe it's time we make UBSAN builds depend on GCC-8+ ?

I would be totally fine with that. The only thing I can think of that
might care is syzbot. Dmitry, does syzbot use anything older than gcc 8?

-- 
Kees Cook

Re: [PATCH] mm/uaccess: Use 'unsigned long' to placate UBSAN warnings, again

[Randy Dunlap]

On 1/6/21 3:37 PM, Kees Cook wrote:
> On Mon, Jan 04, 2021 at 04:13:17PM +0100, Peter Zijlstra wrote:
>> On Tue, Dec 22, 2020 at 11:04:54PM -0600, Josh Poimboeuf wrote:
>>> GCC 7 has a known bug where UBSAN ignores '-fwrapv' and generates false
>>> signed-overflow-UB warnings.  The type mismatch between 'i' and
>>> 'nr_segs' in copy_compat_iovec_from_user() is causing such a warning,
>>> which also happens to violate uaccess rules:
>>>
>>>   lib/iov_iter.o: warning: objtool: iovec_from_user()+0x22d: call to __ubsan_handle_add_overflow() with UACCESS enabled
>>>
>>> Fix it by making the variable types match.
>>>
>>> This is similar to a previous commit:
>>>
>>>   29da93fea3ea ("mm/uaccess: Use 'unsigned long' to placate UBSAN warnings on older GCC versions")
>>
>> Maybe it's time we make UBSAN builds depend on GCC-8+ ?
> 
> I would be totally fine with that. The only thing I can think of that
> might care is syzbot. Dmitry, does syzbot use anything older than gcc 8?

I use UBSAN successfully with GCC 7.5.0.
However, I can revert whatever future patch someone adds for this...

-- 
~Randy

RE: [PATCH] mm/uaccess: Use 'unsigned long' to placate UBSAN warnings, again

[David Laight]

From: Randy Dunlap
> Sent: 23 December 2020 07:19
> 
> On 12/22/20 9:04 PM, Josh Poimboeuf wrote:
> > GCC 7 has a known bug where UBSAN ignores '-fwrapv' and generates false
> > signed-overflow-UB warnings.  The type mismatch between 'i' and
> > 'nr_segs' in copy_compat_iovec_from_user() is causing such a warning,
> > which also happens to violate uaccess rules:
> >
> >   lib/iov_iter.o: warning: objtool: iovec_from_user()+0x22d: call to __ubsan_handle_add_overflow()
> with UACCESS enabled
> >
> > Fix it by making the variable types match.
> >
> > This is similar to a previous commit:
> >
> >   29da93fea3ea ("mm/uaccess: Use 'unsigned long' to placate UBSAN warnings on older GCC versions")
> >
> > Reported-by: Randy Dunlap <rdunlap@infradead.org>
> > Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
> 
> All good. Thanks.
> 
> Acked-by: Randy Dunlap <rdunlap@infradead.org> # build-tested

FWIW I've tested the equivalent change locally.
It generates rather better code on amd64.
(You don't want to index arrays with 'int' unless you really have to.)
So probably:

Acked-by: David Laight <david.laight@aculab.com>

	David

> 
> 
> > ---
> >  lib/iov_iter.c | 3 ++-
> >  1 file changed, 2 insertions(+), 1 deletion(-)
> >
> > diff --git a/lib/iov_iter.c b/lib/iov_iter.c
> > index 1635111c5bd2..2e6a42f5d1df 100644
> > --- a/lib/iov_iter.c
> > +++ b/lib/iov_iter.c
> > @@ -1656,7 +1656,8 @@ static int copy_compat_iovec_from_user(struct iovec *iov,
> >  {
> >  	const struct compat_iovec __user *uiov =
> >  		(const struct compat_iovec __user *)uvec;
> > -	int ret = -EFAULT, i;
> > +	int ret = -EFAULT;
> > +	unsigned long i;
> >
> >  	if (!user_access_begin(uvec, nr_segs * sizeof(*uvec)))
> >  		return -EFAULT;
> >
> 
> 
> --
> ~Randy

-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)

Re: [PATCH] mm/uaccess: Use 'unsigned long' to placate UBSAN warnings, again

[Dmitry Vyukov]

On Thu, Jan 7, 2021 at 12:37 AM Kees Cook <keescook@chromium.org> wrote:
>
> On Mon, Jan 04, 2021 at 04:13:17PM +0100, Peter Zijlstra wrote:
> > On Tue, Dec 22, 2020 at 11:04:54PM -0600, Josh Poimboeuf wrote:
> > > GCC 7 has a known bug where UBSAN ignores '-fwrapv' and generates false
> > > signed-overflow-UB warnings.  The type mismatch between 'i' and
> > > 'nr_segs' in copy_compat_iovec_from_user() is causing such a warning,
> > > which also happens to violate uaccess rules:
> > >
> > >   lib/iov_iter.o: warning: objtool: iovec_from_user()+0x22d: call to __ubsan_handle_add_overflow() with UACCESS enabled
> > >
> > > Fix it by making the variable types match.
> > >
> > > This is similar to a previous commit:
> > >
> > >   29da93fea3ea ("mm/uaccess: Use 'unsigned long' to placate UBSAN warnings on older GCC versions")
> >
> > Maybe it's time we make UBSAN builds depend on GCC-8+ ?
>
> I would be totally fine with that. The only thing I can think of that
> might care is syzbot. Dmitry, does syzbot use anything older than gcc 8?

syzbot should use gcc 10 everywhere by now (and if not, we will update).
And in general I think it's a reasonable requirement today.

Re: [PATCH] mm/uaccess: Use 'unsigned long' to placate UBSAN warnings, again

[Kees Cook]

On Wed, Jan 06, 2021 at 04:06:57PM -0800, Randy Dunlap wrote:
> On 1/6/21 3:37 PM, Kees Cook wrote:
> > On Mon, Jan 04, 2021 at 04:13:17PM +0100, Peter Zijlstra wrote:
> >> On Tue, Dec 22, 2020 at 11:04:54PM -0600, Josh Poimboeuf wrote:
> >>> GCC 7 has a known bug where UBSAN ignores '-fwrapv' and generates false
> >>> signed-overflow-UB warnings.  The type mismatch between 'i' and
> >>> 'nr_segs' in copy_compat_iovec_from_user() is causing such a warning,
> >>> which also happens to violate uaccess rules:
> >>>
> >>>   lib/iov_iter.o: warning: objtool: iovec_from_user()+0x22d: call to __ubsan_handle_add_overflow() with UACCESS enabled
> >>>
> >>> Fix it by making the variable types match.
> >>>
> >>> This is similar to a previous commit:
> >>>
> >>>   29da93fea3ea ("mm/uaccess: Use 'unsigned long' to placate UBSAN warnings on older GCC versions")
> >>
> >> Maybe it's time we make UBSAN builds depend on GCC-8+ ?
> > 
> > I would be totally fine with that. The only thing I can think of that
> > might care is syzbot. Dmitry, does syzbot use anything older than gcc 8?
> 
> I use UBSAN successfully with GCC 7.5.0.
> However, I can revert whatever future patch someone adds for this...

Peter, which GCC version specifically are you seeing this on? (i.e. can
I just make in 7.5+ instead of 8+ to make Randy's life easier?)

-- 
Kees Cook

Re: [PATCH] mm/uaccess: Use 'unsigned long' to placate UBSAN warnings, again

[Josh Poimboeuf]

On Thu, Jan 07, 2021 at 01:07:21PM -0800, Kees Cook wrote:
> On Wed, Jan 06, 2021 at 04:06:57PM -0800, Randy Dunlap wrote:
> > On 1/6/21 3:37 PM, Kees Cook wrote:
> > > On Mon, Jan 04, 2021 at 04:13:17PM +0100, Peter Zijlstra wrote:
> > >> On Tue, Dec 22, 2020 at 11:04:54PM -0600, Josh Poimboeuf wrote:
> > >>> GCC 7 has a known bug where UBSAN ignores '-fwrapv' and generates false
> > >>> signed-overflow-UB warnings.  The type mismatch between 'i' and
> > >>> 'nr_segs' in copy_compat_iovec_from_user() is causing such a warning,
> > >>> which also happens to violate uaccess rules:
> > >>>
> > >>>   lib/iov_iter.o: warning: objtool: iovec_from_user()+0x22d: call to __ubsan_handle_add_overflow() with UACCESS enabled
> > >>>
> > >>> Fix it by making the variable types match.
> > >>>
> > >>> This is similar to a previous commit:
> > >>>
> > >>>   29da93fea3ea ("mm/uaccess: Use 'unsigned long' to placate UBSAN warnings on older GCC versions")
> > >>
> > >> Maybe it's time we make UBSAN builds depend on GCC-8+ ?
> > > 
> > > I would be totally fine with that. The only thing I can think of that
> > > might care is syzbot. Dmitry, does syzbot use anything older than gcc 8?
> > 
> > I use UBSAN successfully with GCC 7.5.0.
> > However, I can revert whatever future patch someone adds for this...
> 
> Peter, which GCC version specifically are you seeing this on? (i.e. can
> I just make in 7.5+ instead of 8+ to make Randy's life easier?)

I don't think that would help, we saw this bug on GCC 7.5.

-- 
Josh

[PATCH] ubsan: Require GCC-8+ or Clang to use UBSAN

[Peter Zijlstra]

On Mon, Jan 04, 2021 at 04:13:17PM +0100, Peter Zijlstra wrote:
> On Tue, Dec 22, 2020 at 11:04:54PM -0600, Josh Poimboeuf wrote:
> > GCC 7 has a known bug where UBSAN ignores '-fwrapv' and generates false
> > signed-overflow-UB warnings.  The type mismatch between 'i' and
> > 'nr_segs' in copy_compat_iovec_from_user() is causing such a warning,
> > which also happens to violate uaccess rules:
> > 
> >   lib/iov_iter.o: warning: objtool: iovec_from_user()+0x22d: call to __ubsan_handle_add_overflow() with UACCESS enabled
> > 
> > Fix it by making the variable types match.
> > 
> > This is similar to a previous commit:
> > 
> >   29da93fea3ea ("mm/uaccess: Use 'unsigned long' to placate UBSAN warnings on older GCC versions")
> 
> Maybe it's time we make UBSAN builds depend on GCC-8+ ?

---
Subject: ubsan: Require GCC-8+ or Clang to use UBSAN

Just like how we require GCC-8.2 for KASAN due to compiler bugs, require
a sane version of GCC for UBSAN.

Specifically, before GCC-8 UBSAN doesn't respect -fwrapv and thinks
signed arithmetic is buggered.

Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
---
 lib/Kconfig.ubsan | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/lib/Kconfig.ubsan b/lib/Kconfig.ubsan
index 8b635fd75fe4..acc3df62460e 100644
--- a/lib/Kconfig.ubsan
+++ b/lib/Kconfig.ubsan
@@ -2,8 +2,13 @@
 config ARCH_HAS_UBSAN_SANITIZE_ALL
 	bool
 
+# UBSAN prior to GCC-8 gets -fwrapv wrong, we rely on that
+config UBSAN_SANE
+	def_bool !CC_IS_GCC || GCC_VERSION >= 80000
+
 menuconfig UBSAN
 	bool "Undefined behaviour sanity checker"
+	depends on UBSAN_SANE
 	help
 	  This option enables the Undefined Behaviour sanity checker.
 	  Compile-time instrumentation is used to detect various undefined

Re: [PATCH] ubsan: Require GCC-8+ or Clang to use UBSAN

[Andrey Ryabinin]

On 1/14/21 1:59 PM, Peter Zijlstra wrote:
> On Mon, Jan 04, 2021 at 04:13:17PM +0100, Peter Zijlstra wrote:
>> On Tue, Dec 22, 2020 at 11:04:54PM -0600, Josh Poimboeuf wrote:
>>> GCC 7 has a known bug where UBSAN ignores '-fwrapv' and generates false
>>> signed-overflow-UB warnings.  The type mismatch between 'i' and
>>> 'nr_segs' in copy_compat_iovec_from_user() is causing such a warning,
>>> which also happens to violate uaccess rules:
>>>
>>>   lib/iov_iter.o: warning: objtool: iovec_from_user()+0x22d: call to __ubsan_handle_add_overflow() with UACCESS enabled
>>>
>>> Fix it by making the variable types match.
>>>
>>> This is similar to a previous commit:
>>>
>>>   29da93fea3ea ("mm/uaccess: Use 'unsigned long' to placate UBSAN warnings on older GCC versions")
>>
>> Maybe it's time we make UBSAN builds depend on GCC-8+ ?
> 
> ---
> Subject: ubsan: Require GCC-8+ or Clang to use UBSAN
> 
> Just like how we require GCC-8.2 for KASAN due to compiler bugs, require
> a sane version of GCC for UBSAN.
> 
> Specifically, before GCC-8 UBSAN doesn't respect -fwrapv and thinks
> signed arithmetic is buggered.
> 

Actually removing CONFIG_UBSAN_SIGNED_OVERFLOW would give us the same effect without restricting GCC versions.

Re: [PATCH] ubsan: Require GCC-8+ or Clang to use UBSAN

[Josh Poimboeuf]

On Thu, Jan 14, 2021 at 02:09:28PM +0300, Andrey Ryabinin wrote:
> 
> 
> On 1/14/21 1:59 PM, Peter Zijlstra wrote:
> > On Mon, Jan 04, 2021 at 04:13:17PM +0100, Peter Zijlstra wrote:
> >> On Tue, Dec 22, 2020 at 11:04:54PM -0600, Josh Poimboeuf wrote:
> >>> GCC 7 has a known bug where UBSAN ignores '-fwrapv' and generates false
> >>> signed-overflow-UB warnings.  The type mismatch between 'i' and
> >>> 'nr_segs' in copy_compat_iovec_from_user() is causing such a warning,
> >>> which also happens to violate uaccess rules:
> >>>
> >>>   lib/iov_iter.o: warning: objtool: iovec_from_user()+0x22d: call to __ubsan_handle_add_overflow() with UACCESS enabled
> >>>
> >>> Fix it by making the variable types match.
> >>>
> >>> This is similar to a previous commit:
> >>>
> >>>   29da93fea3ea ("mm/uaccess: Use 'unsigned long' to placate UBSAN warnings on older GCC versions")
> >>
> >> Maybe it's time we make UBSAN builds depend on GCC-8+ ?
> > 
> > ---
> > Subject: ubsan: Require GCC-8+ or Clang to use UBSAN
> > 
> > Just like how we require GCC-8.2 for KASAN due to compiler bugs, require
> > a sane version of GCC for UBSAN.
> > 
> > Specifically, before GCC-8 UBSAN doesn't respect -fwrapv and thinks
> > signed arithmetic is buggered.
> > 
> 
> Actually removing CONFIG_UBSAN_SIGNED_OVERFLOW would give us the same
> effect without restricting GCC versions.

Is that preferable?  Always happy to remove code, just need some
justification behind it.

-- 
Josh

Re: [PATCH] ubsan: Require GCC-8+ or Clang to use UBSAN

[Josh Poimboeuf]

On Mon, Jan 18, 2021 at 11:53:37AM -0600, Josh Poimboeuf wrote:
> On Thu, Jan 14, 2021 at 02:09:28PM +0300, Andrey Ryabinin wrote:
> > 
> > 
> > On 1/14/21 1:59 PM, Peter Zijlstra wrote:
> > > On Mon, Jan 04, 2021 at 04:13:17PM +0100, Peter Zijlstra wrote:
> > >> On Tue, Dec 22, 2020 at 11:04:54PM -0600, Josh Poimboeuf wrote:
> > >>> GCC 7 has a known bug where UBSAN ignores '-fwrapv' and generates false
> > >>> signed-overflow-UB warnings.  The type mismatch between 'i' and
> > >>> 'nr_segs' in copy_compat_iovec_from_user() is causing such a warning,
> > >>> which also happens to violate uaccess rules:
> > >>>
> > >>>   lib/iov_iter.o: warning: objtool: iovec_from_user()+0x22d: call to __ubsan_handle_add_overflow() with UACCESS enabled
> > >>>
> > >>> Fix it by making the variable types match.
> > >>>
> > >>> This is similar to a previous commit:
> > >>>
> > >>>   29da93fea3ea ("mm/uaccess: Use 'unsigned long' to placate UBSAN warnings on older GCC versions")
> > >>
> > >> Maybe it's time we make UBSAN builds depend on GCC-8+ ?
> > > 
> > > ---
> > > Subject: ubsan: Require GCC-8+ or Clang to use UBSAN
> > > 
> > > Just like how we require GCC-8.2 for KASAN due to compiler bugs, require
> > > a sane version of GCC for UBSAN.
> > > 
> > > Specifically, before GCC-8 UBSAN doesn't respect -fwrapv and thinks
> > > signed arithmetic is buggered.
> > > 
> > 
> > Actually removing CONFIG_UBSAN_SIGNED_OVERFLOW would give us the same
> > effect without restricting GCC versions.
> 
> Is that preferable?  Always happy to remove code, just need some
> justification behind it.

Andrey,

Is Peter's patch acceptable or do you want to do something else?

-- 
Josh

Re: [PATCH] ubsan: Require GCC-8+ or Clang to use UBSAN

[Andrey Rybainin]

On 2/9/21 9:24 PM, Josh Poimboeuf wrote:
> On Mon, Jan 18, 2021 at 11:53:37AM -0600, Josh Poimboeuf wrote:
>> On Thu, Jan 14, 2021 at 02:09:28PM +0300, Andrey Ryabinin wrote:
>>>
>>>
>>> On 1/14/21 1:59 PM, Peter Zijlstra wrote:
>>>> On Mon, Jan 04, 2021 at 04:13:17PM +0100, Peter Zijlstra wrote:
>>>>> On Tue, Dec 22, 2020 at 11:04:54PM -0600, Josh Poimboeuf wrote:
>>>>>> GCC 7 has a known bug where UBSAN ignores '-fwrapv' and generates false
>>>>>> signed-overflow-UB warnings.  The type mismatch between 'i' and
>>>>>> 'nr_segs' in copy_compat_iovec_from_user() is causing such a warning,
>>>>>> which also happens to violate uaccess rules:
>>>>>>
>>>>>>   lib/iov_iter.o: warning: objtool: iovec_from_user()+0x22d: call to __ubsan_handle_add_overflow() with UACCESS enabled
>>>>>>
>>>>>> Fix it by making the variable types match.
>>>>>>
>>>>>> This is similar to a previous commit:
>>>>>>
>>>>>>   29da93fea3ea ("mm/uaccess: Use 'unsigned long' to placate UBSAN warnings on older GCC versions")
>>>>>
>>>>> Maybe it's time we make UBSAN builds depend on GCC-8+ ?
>>>>
>>>> ---
>>>> Subject: ubsan: Require GCC-8+ or Clang to use UBSAN
>>>>
>>>> Just like how we require GCC-8.2 for KASAN due to compiler bugs, require
>>>> a sane version of GCC for UBSAN.
>>>>
>>>> Specifically, before GCC-8 UBSAN doesn't respect -fwrapv and thinks
>>>> signed arithmetic is buggered.
>>>>
>>>
>>> Actually removing CONFIG_UBSAN_SIGNED_OVERFLOW would give us the same
>>> effect without restricting GCC versions.
>>
>> Is that preferable?  Always happy to remove code, just need some
>> justification behind it.
> 
> Andrey,
> 
> Is Peter's patch acceptable or do you want to do something else?
> 

I do prefer to just remove the code, I'll send the patch shortly.

Re: [PATCH] ubsan: Require GCC-8+ or Clang to use UBSAN

[Kees Cook]

On Wed, Feb 10, 2021 at 02:17:57AM +0300, Andrey Rybainin wrote:
> >>>> Subject: ubsan: Require GCC-8+ or Clang to use UBSAN
> >>>>
> >>>> Just like how we require GCC-8.2 for KASAN due to compiler bugs, require
> >>>> a sane version of GCC for UBSAN.
> >>>>
> >>>> Specifically, before GCC-8 UBSAN doesn't respect -fwrapv and thinks
> >>>> signed arithmetic is buggered.
> >>>
> >>> Actually removing CONFIG_UBSAN_SIGNED_OVERFLOW would give us the same
> >>> effect without restricting GCC versions.
> >>
> >> Is that preferable?  Always happy to remove code, just need some
> >> justification behind it.
> > 
> > Is Peter's patch acceptable or do you want to do something else?
> 
> I do prefer to just remove the code, I'll send the patch shortly.

I have a specific goal of getting both signed and unsigned overflow
detection working sanely, so removing this entirely from the kernel
really makes working on that difficult. :)

I view the primary problem as compiler-specific. I'd much rather we
correctly mask against versions (or better yet, behaviors).

-- 
Kees Cook