1 # SPDX-License-Identifier: GPL-2.0-only
2 config ARCH_HAS_UBSAN_SANITIZE_ALL
6 bool "Undefined behaviour sanity checker"
8 This option enables the Undefined Behaviour sanity checker.
9 Compile-time instrumentation is used to detect various undefined
10 behaviours at runtime. For more details, see:
11 Documentation/dev-tools/ubsan.rst
16 bool "On Sanitizer warnings, abort the running kernel code"
17 depends on $(cc-option, -fsanitize-undefined-trap-on-error)
19 Building kernels with Sanitizer features enabled tends to grow
20 the kernel size by around 5%, due to adding all the debugging
21 text on failure paths. To avoid this, Sanitizer instrumentation
22 can just issue a trap. This reduces the kernel size overhead but
23 turns all warnings (including potentially harmless conditions)
24 into full exceptions that abort the running kernel code
25 (regardless of context, locks held, etc), which may destabilize
26 the system. For some system builders this is an acceptable
29 config UBSAN_KCOV_BROKEN
30 def_bool KCOV && CC_HAS_SANCOV_TRACE_PC
31 depends on CC_IS_CLANG
32 depends on !$(cc-option,-Werror=unused-command-line-argument -fsanitize=bounds -fsanitize-coverage=trace-pc)
34 Some versions of clang support either UBSAN or KCOV but not the
35 combination of the two.
36 See https://bugs.llvm.org/show_bug.cgi?id=45831 for the status
39 config CC_HAS_UBSAN_BOUNDS
40 def_bool $(cc-option,-fsanitize=bounds)
42 config CC_HAS_UBSAN_ARRAY_BOUNDS
43 def_bool $(cc-option,-fsanitize=array-bounds)
46 bool "Perform array index bounds checking"
48 depends on !UBSAN_KCOV_BROKEN
49 depends on CC_HAS_UBSAN_ARRAY_BOUNDS || CC_HAS_UBSAN_BOUNDS
51 This option enables detection of directly indexed out of bounds
52 array accesses, where the array size is known at compile time.
53 Note that this does not protect array overflows via bad calls
54 to the {str,mem}*cpy() family of functions (that is addressed
55 by CONFIG_FORTIFY_SOURCE).
57 config UBSAN_ONLY_BOUNDS
58 def_bool CC_HAS_UBSAN_BOUNDS && !CC_HAS_UBSAN_ARRAY_BOUNDS
59 depends on UBSAN_BOUNDS
61 This is a weird case: Clang's -fsanitize=bounds includes
62 -fsanitize=local-bounds, but it's trapping-only, so for
63 Clang, we must use -fsanitize=array-bounds when we want
64 traditional array bounds checking enabled. For GCC, we
65 want -fsanitize=bounds.
67 config UBSAN_ARRAY_BOUNDS
68 def_bool CC_HAS_UBSAN_ARRAY_BOUNDS
69 depends on UBSAN_BOUNDS
71 config UBSAN_LOCAL_BOUNDS
72 bool "Perform array local bounds checking"
74 depends on !UBSAN_KCOV_BROKEN
75 depends on $(cc-option,-fsanitize=local-bounds)
77 This option enables -fsanitize=local-bounds which traps when an
78 exception/error is detected. Therefore, it may only be enabled
79 with CONFIG_UBSAN_TRAP.
81 Enabling this option detects errors due to accesses through a
82 pointer that is derived from an object of a statically-known size,
83 where an added offset (which may not be known statically) is
87 bool "Enable all other Undefined Behavior sanity checks"
90 This option enables all sanity checks that don't have their
91 own Kconfig options. Disable this if you only want to have
92 individually selected checks.
96 depends on $(cc-option,-fsanitize=shift)
100 depends on $(cc-option,-fsanitize=integer-divide-by-zero)
102 config UBSAN_UNREACHABLE
104 depends on $(cc-option,-fsanitize=unreachable)
106 config UBSAN_SIGNED_OVERFLOW
108 depends on $(cc-option,-fsanitize=signed-integer-overflow)
110 config UBSAN_UNSIGNED_OVERFLOW
112 depends on $(cc-option,-fsanitize=unsigned-integer-overflow)
114 config UBSAN_OBJECT_SIZE
116 depends on $(cc-option,-fsanitize=object-size)
120 depends on $(cc-option,-fsanitize=bool)
124 depends on $(cc-option,-fsanitize=enum)
126 config UBSAN_SANITIZE_ALL
127 bool "Enable instrumentation for the entire kernel"
128 depends on ARCH_HAS_UBSAN_SANITIZE_ALL
129 depends on !COMPILE_TEST
132 This option activates instrumentation for the entire kernel.
133 If you don't enable this option, you have to explicitly specify
134 UBSAN_SANITIZE := y for the files/directories you want to check for UB.
135 Enabling this option will get kernel image size increased
138 config UBSAN_ALIGNMENT
139 bool "Enable checks for pointers alignment"
140 default !HAVE_EFFICIENT_UNALIGNED_ACCESS
141 depends on !UBSAN_TRAP
142 depends on $(cc-option,-fsanitize=alignment)
144 This option enables the check of unaligned memory accesses.
145 Enabling this option on architectures that support unaligned
146 accesses may produce a lot of false positives.
149 tristate "Module for testing for undefined behavior detection"
152 This is a test module for UBSAN.
153 It triggers various undefined behavior, and detect it.