Re: [PATCH] ubsan: remove overflow checks

[Peter Zijlstra]

On Tue, Feb 09, 2021 at 04:19:03PM -0800, Kees Cook wrote:
> On Wed, Feb 10, 2021 at 02:23:48AM +0300, Andrey Ryabinin wrote:
> > Since GCC 8.0 -fsanitize=signed-integer-overflow doesn't work with -fwrapv.
> > -fwrapv makes signed overflows defines and GCC essentially disables
> > ubsan checks. On GCC < 8.0 -fwrapv doesn't have influence on
> > -fsanitize=signed-integer-overflow setting, so it kinda works
> > but generates false-positves and violates uaccess rules:
> > 
> > lib/iov_iter.o: warning: objtool: iovec_from_user()+0x22d: call to __ubsan_handle_add_overflow() with UACCESS enabled
> > 
> > Disable signed overflow checks to avoid these problems.
> > Remove unsigned overflow checks as well.
> > Unsigned overflow appeared as side effect of the commit
> >  cdf8a76fda4a ("ubsan: move cc-option tests into Kconfig"),
> > but it never worked (kernel doesn't boot). And unsigned overflows
> > are allowed by C standard, so it just pointless.
> > 
> > Signed-off-by: Andrey Ryabinin <ryabinin.a.a@xxxxxxxxx>
> 
> NAK, please don't remove the entire thing. I want this to work again
> with -fwrapv, and it's not entirely broken under Clang. But the feature
> shouldn't be removed from the kernel.
> 
> I'd prefer Peter's fix instead.

But what do you want it to do? This is UBsan, there's no UB.

If you want signed overflow warnings, call it something else. But I'll
still hate it :-)

FWIW:

Acked-by: Peter Zijlstra (Intel) <peterz@xxxxxxxxxxxxx>