mirror of
https://kernel.googlesource.com/pub/scm/linux/kernel/git/stable/linux-stable.git
synced 2025-11-04 07:44:51 +10:00
c6d308534a
UBSAN uses compile-time instrumentation to catch undefined behavior (UB). Compiler inserts code that perform certain kinds of checks before operations that could cause UB. If check fails (i.e. UB detected) __ubsan_handle_* function called to print error message. So the most of the work is done by compiler. This patch just implements ubsan handlers printing errors. GCC has this capability since 4.9.x [1] (see -fsanitize=undefined option and its suboptions). However GCC 5.x has more checkers implemented [2]. Article [3] has a bit more details about UBSAN in the GCC. [1] - https://gcc.gnu.org/onlinedocs/gcc-4.9.0/gcc/Debugging-Options.html [2] - https://gcc.gnu.org/onlinedocs/gcc/Debugging-Options.html [3] - http://developerblog.redhat.com/2014/10/16/gcc-undefined-behavior-sanitizer-ubsan/ Issues which UBSAN has found thus far are: Found bugs: * out-of-bounds access -97840cb67f("netfilter: nfnetlink: fix insufficient validation in nfnetlink_bind") undefined shifts: *d48458d4a7("jbd2: use a better hash function for the revoke table") *10632008b9("clockevents: Prevent shift out of bounds") * 'x << -1' shift in ext4 - http://lkml.kernel.org/r/<5444EF21.8020501@samsung.com> * undefined rol32(0) - http://lkml.kernel.org/r/<1449198241-20654-1-git-send-email-sasha.levin@oracle.com> * undefined dirty_ratelimit calculation - http://lkml.kernel.org/r/<566594E2.3050306@odin.com> * undefined roundown_pow_of_two(0) - http://lkml.kernel.org/r/<1449156616-11474-1-git-send-email-sasha.levin@oracle.com> * [WONTFIX] undefined shift in __bpf_prog_run - http://lkml.kernel.org/r/<CACT4Y+ZxoR3UjLgcNdUm4fECLMx2VdtfrENMtRRCdgHB2n0bJA@mail.gmail.com> WONTFIX here because it should be fixed in bpf program, not in kernel. signed overflows: *32a8df4e0b("sched: Fix odd values in effective_load() calculations") * mul overflow in ntp - http://lkml.kernel.org/r/<1449175608-1146-1-git-send-email-sasha.levin@oracle.com> * incorrect conversion into rtc_time in rtc_time64_to_tm() - http://lkml.kernel.org/r/<1449187944-11730-1-git-send-email-sasha.levin@oracle.com> * unvalidated timespec in io_getevents() - http://lkml.kernel.org/r/<CACT4Y+bBxVYLQ6LtOKrKtnLthqLHcw-BMp3aqP3mjdAvr9FULQ@mail.gmail.com> * [NOTABUG] signed overflow in ktime_add_safe() - http://lkml.kernel.org/r/<CACT4Y+aJ4muRnWxsUe1CMnA6P8nooO33kwG-c8YZg=0Xc8rJqw@mail.gmail.com> [akpm@linux-foundation.org: fix unused local warning] [akpm@linux-foundation.org: fix __int128 build woes] Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Sasha Levin <sasha.levin@oracle.com> Cc: Randy Dunlap <rdunlap@infradead.org> Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk> Cc: Jonathan Corbet <corbet@lwn.net> Cc: Michal Marek <mmarek@suse.cz> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Ingo Molnar <mingo@redhat.com> Cc: "H. Peter Anvin" <hpa@zytor.com> Cc: Yury Gribov <y.gribov@samsung.com> Cc: Dmitry Vyukov <dvyukov@google.com> Cc: Konstantin Khlebnikov <koct9i@gmail.com> Cc: Kostya Serebryany <kcc@google.com> Cc: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
85 lines
1.5 KiB
C
85 lines
1.5 KiB
C
#ifndef _LIB_UBSAN_H
|
|
#define _LIB_UBSAN_H
|
|
|
|
enum {
|
|
type_kind_int = 0,
|
|
type_kind_float = 1,
|
|
type_unknown = 0xffff
|
|
};
|
|
|
|
struct type_descriptor {
|
|
u16 type_kind;
|
|
u16 type_info;
|
|
char type_name[1];
|
|
};
|
|
|
|
struct source_location {
|
|
const char *file_name;
|
|
union {
|
|
unsigned long reported;
|
|
struct {
|
|
u32 line;
|
|
u32 column;
|
|
};
|
|
};
|
|
};
|
|
|
|
struct overflow_data {
|
|
struct source_location location;
|
|
struct type_descriptor *type;
|
|
};
|
|
|
|
struct type_mismatch_data {
|
|
struct source_location location;
|
|
struct type_descriptor *type;
|
|
unsigned long alignment;
|
|
unsigned char type_check_kind;
|
|
};
|
|
|
|
struct nonnull_arg_data {
|
|
struct source_location location;
|
|
struct source_location attr_location;
|
|
int arg_index;
|
|
};
|
|
|
|
struct nonnull_return_data {
|
|
struct source_location location;
|
|
struct source_location attr_location;
|
|
};
|
|
|
|
struct vla_bound_data {
|
|
struct source_location location;
|
|
struct type_descriptor *type;
|
|
};
|
|
|
|
struct out_of_bounds_data {
|
|
struct source_location location;
|
|
struct type_descriptor *array_type;
|
|
struct type_descriptor *index_type;
|
|
};
|
|
|
|
struct shift_out_of_bounds_data {
|
|
struct source_location location;
|
|
struct type_descriptor *lhs_type;
|
|
struct type_descriptor *rhs_type;
|
|
};
|
|
|
|
struct unreachable_data {
|
|
struct source_location location;
|
|
};
|
|
|
|
struct invalid_value_data {
|
|
struct source_location location;
|
|
struct type_descriptor *type;
|
|
};
|
|
|
|
#if defined(CONFIG_ARCH_SUPPORTS_INT128) && defined(__SIZEOF_INT128__)
|
|
typedef __int128 s_max;
|
|
typedef unsigned __int128 u_max;
|
|
#else
|
|
typedef s64 s_max;
|
|
typedef u64 u_max;
|
|
#endif
|
|
|
|
#endif
|