ubsan: remove CONFIG_UBSAN_OBJECT_SIZE
authorKees Cook <keescook@chromium.org>
Thu, 20 Jan 2022 02:10:35 +0000 (18:10 -0800)
committerLinus Torvalds <torvalds@linux-foundation.org>
Thu, 20 Jan 2022 06:52:55 +0000 (08:52 +0200)
The object-size sanitizer is redundant to -Warray-bounds, and
inappropriately performs its checks at run-time when all information
needed for the evaluation is available at compile-time, making it quite
difficult to use:

  https://bugzilla.kernel.org/show_bug.cgi?id=214861

With -Warray-bounds almost enabled globally, it doesn't make sense to
keep this around.

Link: https://lkml.kernel.org/r/20211203235346.110809-1-keescook@chromium.org
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Marco Elver <elver@google.com>
Cc: Masahiro Yamada <masahiroy@kernel.org>
Cc: Michal Marek <michal.lkml@markovi.net>
Cc: Nick Desaulniers <ndesaulniers@google.com>
Cc: Nathan Chancellor <nathan@kernel.org>
Cc: Andrey Ryabinin <ryabinin.a.a@gmail.com>
Cc: "Peter Zijlstra (Intel)" <peterz@infradead.org>
Cc: Stephen Rothwell <sfr@canb.auug.org.au>
Cc: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
lib/Kconfig.ubsan
lib/test_ubsan.c
scripts/Makefile.ubsan

index e5372a13511df17fa8790469c053dfad116196e1..236c5cefc4cc50b98c064c9261056a08e7bbc9d6 100644 (file)
@@ -112,19 +112,6 @@ config UBSAN_UNREACHABLE
          This option enables -fsanitize=unreachable which checks for control
          flow reaching an expected-to-be-unreachable position.
 
-config UBSAN_OBJECT_SIZE
-       bool "Perform checking for accesses beyond the end of objects"
-       default UBSAN
-       # gcc hugely expands stack usage with -fsanitize=object-size
-       # https://lore.kernel.org/lkml/CAHk-=wjPasyJrDuwDnpHJS2TuQfExwe=px-SzLeN8GFMAQJPmQ@mail.gmail.com/
-       depends on !CC_IS_GCC
-       depends on $(cc-option,-fsanitize=object-size)
-       help
-         This option enables -fsanitize=object-size which checks for accesses
-         beyond the end of objects where the optimizer can determine both the
-         object being operated on and its size, usually seen with bad downcasts,
-         or access to struct members from NULL pointers.
-
 config UBSAN_BOOL
        bool "Perform checking for non-boolean values used as boolean"
        default UBSAN
index 7e7bbd0f3fd27d336dfcc166fe2eaa2421e8ef48..2062be1f2e80f61122e801819be9b3a26e3cb3e7 100644 (file)
@@ -79,15 +79,6 @@ static void test_ubsan_load_invalid_value(void)
        eval2 = eval;
 }
 
-static void test_ubsan_null_ptr_deref(void)
-{
-       volatile int *ptr = NULL;
-       int val;
-
-       UBSAN_TEST(CONFIG_UBSAN_OBJECT_SIZE);
-       val = *ptr;
-}
-
 static void test_ubsan_misaligned_access(void)
 {
        volatile char arr[5] __aligned(4) = {1, 2, 3, 4, 5};
@@ -98,29 +89,16 @@ static void test_ubsan_misaligned_access(void)
        *ptr = val;
 }
 
-static void test_ubsan_object_size_mismatch(void)
-{
-       /* "((aligned(8)))" helps this not into be misaligned for ptr-access. */
-       volatile int val __aligned(8) = 4;
-       volatile long long *ptr, val2;
-
-       UBSAN_TEST(CONFIG_UBSAN_OBJECT_SIZE);
-       ptr = (long long *)&val;
-       val2 = *ptr;
-}
-
 static const test_ubsan_fp test_ubsan_array[] = {
        test_ubsan_shift_out_of_bounds,
        test_ubsan_out_of_bounds,
        test_ubsan_load_invalid_value,
        test_ubsan_misaligned_access,
-       test_ubsan_object_size_mismatch,
 };
 
 /* Excluded because they Oops the module. */
 static const test_ubsan_fp skip_ubsan_array[] = {
        test_ubsan_divrem_overflow,
-       test_ubsan_null_ptr_deref,
 };
 
 static int __init test_ubsan_init(void)
index 9e2092fd5206c7968c91915768ea4766493c9f05..7099c603ff0ad3e35c91b96c00bbe9eb2a85a375 100644 (file)
@@ -8,7 +8,6 @@ ubsan-cflags-$(CONFIG_UBSAN_LOCAL_BOUNDS)       += -fsanitize=local-bounds
 ubsan-cflags-$(CONFIG_UBSAN_SHIFT)             += -fsanitize=shift
 ubsan-cflags-$(CONFIG_UBSAN_DIV_ZERO)          += -fsanitize=integer-divide-by-zero
 ubsan-cflags-$(CONFIG_UBSAN_UNREACHABLE)       += -fsanitize=unreachable
-ubsan-cflags-$(CONFIG_UBSAN_OBJECT_SIZE)       += -fsanitize=object-size
 ubsan-cflags-$(CONFIG_UBSAN_BOOL)              += -fsanitize=bool
 ubsan-cflags-$(CONFIG_UBSAN_ENUM)              += -fsanitize=enum
 ubsan-cflags-$(CONFIG_UBSAN_TRAP)              += -fsanitize-undefined-trap-on-error