21 May, 2019

1 commit

• ec8f24b7f   treewide: Add SPDX license identifier - Makefile/Kconfig ... Browse Code »

  Add SPDX license identifiers to all Make/Kconfig files which:

  - Have no license information of any form

  These files fall under the project license, GPL v2 only. The resulting SPDX
  license identifier is:

  GPL-2.0-only

  Signed-off-by: Thomas Gleixner
  Signed-off-by: Greg Kroah-Hartman

  Thomas Gleixner

  2019-05-21 16:50:46 +0800  

08 Mar, 2019

1 commit

• 1a6a1dbeb   lib/ubsan: default UBSAN_ALIGNMENT to not set ... Browse Code »

  When booting an allmodconfig kernel, there are a lot of false-positives.
  With a message like this 'UBSAN: Undefined behaviour in...' with a call
  trace that follows.

  UBSAN warnings are a result of enabling noisy CONFIG_UBSAN_ALIGNMENT
  which is disabled by default if HAVE_EFFICIENT_UNALIGNED_ACCESS=y.

  It's noisy even if don't have efficient unaligned access, e.g. people
  often add __cacheline_aligned_in_smp in structs, but forget to align
  allocations of such struct (kmalloc() give 8-byte alignment in worst
  case).

  Rework so that when building a allmodconfig kernel that turns everything
  into '=m' or '=y' will turn off UBSAN_ALIGNMENT.

  [aryabinin@virtuozzo.com: changelog addition]
  Link: http://lkml.kernel.org/r/20181217150326.30933-1-anders.roxell@linaro.org
  Signed-off-by: Anders Roxell
  Suggested-by: Arnd Bergmann
  Acked-by: Andrey Ryabinin
  Signed-off-by: Andrew Morton
  Signed-off-by: Linus Torvalds

  Anders Roxell

  2019-03-08 10:32:02 +0800  

11 Aug, 2018

1 commit

• 3ca17b1f3   lib/ubsan: remove null-pointer checks ... Browse Code »

  With gcc-8 fsanitize=null become very noisy. GCC started to complain
  about things like &a->b, where 'a' is NULL pointer. There is no NULL
  dereference, we just calculate address to struct member. It's
  technically undefined behavior so UBSAN is correct to report it. But as
  long as there is no real NULL-dereference, I think, we should be fine.

  -fno-delete-null-pointer-checks compiler flag should protect us from any
  consequences. So let's just no use -fsanitize=null as it's not useful
  for us. If there is a real NULL-deref we will see crash. Even if
  userspace mapped something at NULL (root can do this), with things like
  SMAP should catch the issue.

  Link: http://lkml.kernel.org/r/20180802153209.813-1-aryabinin@virtuozzo.com
  Signed-off-by: Andrey Ryabinin
  Signed-off-by: Andrew Morton
  Signed-off-by: Linus Torvalds

  Andrey Ryabinin

  2018-08-11 11:19:58 +0800  

12 Apr, 2018

1 commit

• 854686f4e   lib: add testing module for UBSAN ... Browse Code »

  This is a test module for UBSAN. It triggers all undefined behaviors
  that linux supports now, and detect them.

  All test-cases have passed by compiling with gcc-5.5.0.

  If use gcc-4.9.x, misaligned, out-of-bounds, object-size-mismatch will not
  be detected. Because gcc-4.9.x doesn't support them.

  Link: http://lkml.kernel.org/r/20180309102247.GA2944@pjb1027-Latitude-E5410
  Signed-off-by: Jinbum Park
  Cc: Andrey Ryabinin
  Cc: Dmitry Vyukov
  Cc: Kees Cook
  Signed-off-by: Andrew Morton
  Signed-off-by: Linus Torvalds

  Jinbum Park

  2018-04-12 01:28:35 +0800  

15 Dec, 2016

1 commit

• 046255470   Kconfig: lib/Kconfig.ubsan fix reference to ubsan documentation ... Browse Code »

  Documenation/ubsan.txt was moved to Documentation/dev-tools/ubsan.rst,
  this fixes the reference.

  Link: http://lkml.kernel.org/r/1476698152-29340-3-git-send-email-andreas.platschek@opentech.at
  Signed-off-by: Andreas Platschek
  Signed-off-by: Andrew Morton
  Signed-off-by: Linus Torvalds

  Andreas Platschek

  2016-12-15 08:04:08 +0800  

20 Sep, 2016

1 commit

• 725c4d22b   ubsan: allow to disable the null sanitizer ... Browse Code »

  Some architectures use a hardware defined structure at address zero.
  Checking for a null pointer will result in many ubsan reports.
  Allow users to disable the null sanitizer.

  Signed-off-by: Christian Borntraeger
  Acked-by: Andrey Ryabinin
  Signed-off-by: Heiko Carstens
  Signed-off-by: Martin Schwidefsky

  Christian Borntraeger

  2016-09-20 20:26:08 +0800  

23 Mar, 2016

1 commit

• dde5cf39d   ubsan: fix tree-wide -Wmaybe-uninitialized false positives ... Browse Code »

  -fsanitize=* options makes GCC less smart than usual and increase number
  of 'maybe-uninitialized' false-positives. So this patch does two things:

  * Add -Wno-maybe-uninitialized to CFLAGS_UBSAN which will disable all
  such warnings for instrumented files.

  * Remove CONFIG_UBSAN_SANITIZE_ALL from all[yes|mod]config builds. So
  the all[yes|mod]config build goes without -fsanitize=* and still with
  -Wmaybe-uninitialized.

  Signed-off-by: Andrey Ryabinin
  Reported-by: Fengguang Wu
  Signed-off-by: Andrew Morton
  Signed-off-by: Linus Torvalds

  Andrey Ryabinin

  2016-03-23 06:36:02 +0800  

12 Feb, 2016

1 commit

• 7707535ab   ubsan: cosmetic fix to Kconfig text ... Browse Code »

  When enabling UBSAN_SANITIZE_ALL, the kernel image size gets increased
  significantly (~3x). So, it sounds better to have some note in Kconfig.

  And, fixed a typo.

  Signed-off-by: Yang Shi
  Acked-by: Andrey Ryabinin
  Signed-off-by: Andrew Morton
  Signed-off-by: Linus Torvalds

  Yang Shi

  2016-02-12 10:35:48 +0800  

21 Jan, 2016

1 commit

• c6d308534   UBSAN: run-time undefined behavior sanity checker ... Browse Code »

  UBSAN uses compile-time instrumentation to catch undefined behavior
  (UB). Compiler inserts code that perform certain kinds of checks before
  operations that could cause UB. If check fails (i.e. UB detected)
  __ubsan_handle_* function called to print error message.

  So the most of the work is done by compiler. This patch just implements
  ubsan handlers printing errors.

  GCC has this capability since 4.9.x [1] (see -fsanitize=undefined
  option and its suboptions).
  However GCC 5.x has more checkers implemented [2].
  Article [3] has a bit more details about UBSAN in the GCC.

  [1] - https://gcc.gnu.org/onlinedocs/gcc-4.9.0/gcc/Debugging-Options.html
  [2] - https://gcc.gnu.org/onlinedocs/gcc/Debugging-Options.html
  [3] - http://developerblog.redhat.com/2014/10/16/gcc-undefined-behavior-sanitizer-ubsan/

  Issues which UBSAN has found thus far are:

  Found bugs:

  * out-of-bounds access - 97840cb67ff5 ("netfilter: nfnetlink: fix
  insufficient validation in nfnetlink_bind")

  undefined shifts:

  * d48458d4a768 ("jbd2: use a better hash function for the revoke
  table")

  * 10632008b9e1 ("clockevents: Prevent shift out of bounds")

  * 'x << -1' shift in ext4 -
  http://lkml.kernel.org/r/

  * undefined rol32(0) -
  http://lkml.kernel.org/r/

  * undefined dirty_ratelimit calculation -
  http://lkml.kernel.org/r/

  * undefined roundown_pow_of_two(0) -
  http://lkml.kernel.org/r/

  * [WONTFIX] undefined shift in __bpf_prog_run -
  http://lkml.kernel.org/r/

  WONTFIX here because it should be fixed in bpf program, not in kernel.

  signed overflows:

  * 32a8df4e0b33f ("sched: Fix odd values in effective_load()
  calculations")

  * mul overflow in ntp -
  http://lkml.kernel.org/r/

  * incorrect conversion into rtc_time in rtc_time64_to_tm() -
  http://lkml.kernel.org/r/

  * unvalidated timespec in io_getevents() -
  http://lkml.kernel.org/r/

  * [NOTABUG] signed overflow in ktime_add_safe() -
  http://lkml.kernel.org/r/

  [akpm@linux-foundation.org: fix unused local warning]
  [akpm@linux-foundation.org: fix __int128 build woes]
  Signed-off-by: Andrey Ryabinin
  Cc: Peter Zijlstra
  Cc: Sasha Levin
  Cc: Randy Dunlap
  Cc: Rasmus Villemoes
  Cc: Jonathan Corbet
  Cc: Michal Marek
  Cc: Thomas Gleixner
  Cc: Ingo Molnar
  Cc: "H. Peter Anvin"
  Cc: Yury Gribov
  Cc: Dmitry Vyukov
  Cc: Konstantin Khlebnikov
  Cc: Kostya Serebryany
  Cc: Johannes Berg
  Signed-off-by: Andrew Morton
  Signed-off-by: Linus Torvalds

  Andrey Ryabinin

  2016-01-21 09:09:18 +0800