Re: [PATCH] ubsan: Disable signed integer overflow sanitizer on GCC < 8
From: Marco Elver
Date: Wed Mar 13 2024 - 15:07:30 EST
On Wed, 13 Mar 2024 at 19:12, Kees Cook <keescook@xxxxxxxxxxxx> wrote:
>
> For opting functions out of sanitizer coverage, the "no_sanitize"
> attribute is used, but in GCC this wasn't introduced until GCC 8.
> Disable the sanitizer unless we're not using GCC, or it is GCC
> version 8 or higher.
>
> Reported-by: kernel test robot <lkp@xxxxxxxxx>
> Closes: https://lore.kernel.org/oe-kbuild-all/202403110643.27JXEVCI-lkp@xxxxxxxxx/
> Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx>
Looks reasonable:
Reviewed-by: Marco Elver <elver@xxxxxxxxxx>
Thanks,
-- Marco
> ---
> Cc: Marco Elver <elver@xxxxxxxxxx>
> Cc: Andrey Konovalov <andreyknvl@xxxxxxxxx>
> Cc: Andrey Ryabinin <ryabinin.a.a@xxxxxxxxx>
> Cc: kasan-dev@xxxxxxxxxxxxxxxx
> Cc: linux-hardening@xxxxxxxxxxxxxxx
> ---
> lib/Kconfig.ubsan | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/lib/Kconfig.ubsan b/lib/Kconfig.ubsan
> index 48a67058f84e..e81e1ac4a919 100644
> --- a/lib/Kconfig.ubsan
> +++ b/lib/Kconfig.ubsan
> @@ -119,6 +119,8 @@ config UBSAN_SIGNED_WRAP
> bool "Perform checking for signed arithmetic wrap-around"
> default UBSAN
> depends on !COMPILE_TEST
> + # The no_sanitize attribute was introduced in GCC with version 8.
> + depends on !CC_IS_GCC || GCC_VERSION >= 80000
> depends on $(cc-option,-fsanitize=signed-integer-overflow)
> help
> This option enables -fsanitize=signed-integer-overflow which checks
> --
> 2.34.1
>
> --
> You received this message because you are subscribed to the Google Groups "kasan-dev" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to kasan-dev+unsubscribe@xxxxxxxxxxxxxxxx.
> To view this discussion on the web visit https://groups.google.com/d/msgid/kasan-dev/20240313181217.work.263-kees%40kernel.org.