Re: [PATCH] ubsan: Tighten UBSAN_BOUNDS on GCC

From: Kees Cook
Date: Fri Mar 03 2023 - 15:29:37 EST

Next message: Shuah Khan: "Re: [PATCH 1/2] selftests/kmod: increase the kmod timeout from 45 to 165"
Previous message: Shuah Khan: "Re: [PATCH] selftests: amd-pstate: fix TEST_FILES"
In reply to: Nathan Chancellor: "Re: [PATCH] ubsan: Tighten UBSAN_BOUNDS on GCC"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Mar 03, 2023 at 08:44:33AM -0700, Nathan Chancellor wrote:
> On Thu, Mar 02, 2023 at 02:54:45PM -0800, Kees Cook wrote:
> > [...]
> > config CC_HAS_UBSAN_ARRAY_BOUNDS
> > def_bool $(cc-option,-fsanitize=array-bounds)
> > + help
> > + The -fsanitize=array-bounds option is only available on Clang,
> > + and is actually composed of two more specific options,
> > + -fsanitize=array-bounds and -fsanitize=local-bounds. However,
> > + -fsanitize=local-bounds can only be used when trap mode is
> > + enabled. (See also the help for CONFIG_LOCAL_BOUNDS.)
>
> The first sentence does not read right to me, you have array-bounds
> twice. I think the first one wants to be just bounds?

Oops, yes. I rewrote that a few times and seem to have gotten lost. I
think it is better written as:

Under Clang, the -fsanitize=bounds option is actually composed
of two more specific options, -fsanitize=array-bounds and
-fsanitize=local-bounds. However, -fsanitize=local-bounds can
only be used when trap mode is enabled. (See also the help for
CONFIG_LOCAL_BOUNDS.) Explicitly check for -fsanitize=array-bounds
so that we can build up the options needed for UBSAN_BOUNDS
with or without UBSAN_TRAP.

--
Kees Cook

Next message: Shuah Khan: "Re: [PATCH 1/2] selftests/kmod: increase the kmod timeout from 45 to 165"
Previous message: Shuah Khan: "Re: [PATCH] selftests: amd-pstate: fix TEST_FILES"
In reply to: Nathan Chancellor: "Re: [PATCH] ubsan: Tighten UBSAN_BOUNDS on GCC"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]