ubsan: Clarify Kconfig text for CONFIG_UBSAN_TRAP

Make it clearer in the one-line description and the verbose description
text that CONFIG_UBSAN_TRAP as currently implemented involves a tradeoff of
much less helpful oops messages in exchange for a smaller kernel image.
(With the additional effect of turning UBSAN warnings into crashes, which
may or may not be desired.)

Signed-off-by: Jann Horn <jannh@google.com>
Link: https://lore.kernel.org/r/20230705215128.486054-1-jannh@google.com
Signed-off-by: Kees Cook <keescook@chromium.org>

diff --git a/lib/Kconfig.ubsan b/lib/Kconfig.ubsan
index efae7e0..59e21bf 100644 (file)
--- a/lib/Kconfig.ubsan
+++ b/lib/Kconfig.ubsan
@@ -13,7 +13,7 @@ menuconfig UBSAN
 if UBSAN
 
 config UBSAN_TRAP
-       bool "On Sanitizer warnings, abort the running kernel code"
+       bool "Abort on Sanitizer warnings (smaller kernel but less verbose)"
        depends on !COMPILE_TEST
        help
          Building kernels with Sanitizer features enabled tends to grow
@@ -26,6 +26,14 @@ config UBSAN_TRAP
          the system. For some system builders this is an acceptable
          trade-off.
 
+         Also note that selecting Y will cause your kernel to Oops
+         with an "illegal instruction" error with no further details
+         when a UBSAN violation occurs. (Except on arm64, which will
+         report which Sanitizer failed.) This may make it hard to
+         determine whether an Oops was caused by UBSAN or to figure
+         out the details of a UBSAN violation. It makes the kernel log
+         output less useful for bug reports.
+
 config CC_HAS_UBSAN_BOUNDS_STRICT
        def_bool $(cc-option,-fsanitize=bounds-strict)
        help