build: Add option KERNEL_UBSAN

The kernel Undefined Behavior Sanitizer is able to detect some memory
bugs in the kernel like out of range array accesses.

Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
Reviewed-by: Alexandru Ardelean <ardeleanalex@gmail.com>

diff --git a/config/Config-kernel.in b/config/Config-kernel.in
index db17f6a9dd14eeb9d6912002cd1634a6c5656a70..e8bcf1970fd31cb375f370651918acaca66bc30d 100644 (file)
--- a/config/Config-kernel.in
+++ b/config/Config-kernel.in
@@ -85,6 +85,41 @@ config KERNEL_PROFILING
          Enable the extended profiling support mechanisms used by profilers such
          as OProfile.
 
+config KERNEL_UBSAN
+       bool "Compile the kernel with undefined behaviour sanity checker"
+       help
+         This option enables undefined behaviour sanity checker
+         Compile-time instrumentation is used to detect various undefined
+         behaviours in runtime. Various types of checks may be enabled
+         via boot parameter ubsan_handle
+         (see: Documentation/dev-tools/ubsan.rst).
+
+config KERNEL_UBSAN_SANITIZE_ALL
+       bool "Enable instrumentation for the entire kernel"
+       depends on KERNEL_UBSAN
+       default y
+       help
+         This option activates instrumentation for the entire kernel.
+         If you don't enable this option, you have to explicitly specify
+         UBSAN_SANITIZE := y for the files/directories you want to check for UB.
+         Enabling this option will get kernel image size increased
+         significantly.
+
+config KERNEL_UBSAN_ALIGNMENT
+       bool "Enable checking of pointers alignment"
+       depends on KERNEL_UBSAN
+       help
+         This option enables detection of unaligned memory accesses.
+         Enabling this option on architectures that support unaligned
+         accesses may produce a lot of false positives.
+
+config KERNEL_UBSAN_NULL
+       bool "Enable checking of null pointers"
+       depends on KERNEL_UBSAN
+       help
+         This option enables detection of memory accesses via a
+         null pointer.
+
 config KERNEL_TASKSTATS
        bool "Compile the kernel with task resource/io statistics and accounting"
        default n

diff --git a/target/linux/generic/config-4.14 b/target/linux/generic/config-4.14
index 9681d9c27801e1388f0ae1699edb2c1154b859e8..73b0d77155e958d8beccc46c9c36ef8a26b4808c 100644 (file)
--- a/target/linux/generic/config-4.14
+++ b/target/linux/generic/config-4.14
@@ -1516,6 +1516,10 @@ CONFIG_GACT_PROB=y
 # CONFIG_GAMEPORT is not set
 # CONFIG_GATEWORKS_GW16083 is not set
 # CONFIG_GCC_PLUGINS is not set
+# CONFIG_GCC_PLUGIN_CYC_COMPLEXITY is not set
+# CONFIG_GCC_PLUGIN_LATENT_ENTROPY is not set
+# CONFIG_GCC_PLUGIN_RANDSTRUCT is not set
+# CONFIG_GCC_PLUGIN_STRUCTLEAK is not set
 # CONFIG_GCOV is not set
 # CONFIG_GCOV_KERNEL is not set
 # CONFIG_GDB_SCRIPTS is not set

diff --git a/target/linux/generic/config-4.19 b/target/linux/generic/config-4.19
index d8ea243fc761485fe5611eb6aa446a38ac574681..aba7bccaf62baecf7d4c47d3ca52510b51295369 100644 (file)
--- a/target/linux/generic/config-4.19
+++ b/target/linux/generic/config-4.19
@@ -1605,6 +1605,8 @@ CONFIG_GACT_PROB=y
 # CONFIG_GAMEPORT is not set
 # CONFIG_GATEWORKS_GW16083 is not set
 # CONFIG_GCC_PLUGINS is not set
+# CONFIG_GCC_PLUGIN_CYC_COMPLEXITY is not set
+# CONFIG_GCC_PLUGIN_LATENT_ENTROPY is not set
 # CONFIG_GCOV is not set
 # CONFIG_GCOV_KERNEL is not set
 # CONFIG_GDB_SCRIPTS is not set
@@ -5197,6 +5199,7 @@ CONFIG_TCP_CONG_CUBIC=y
 # CONFIG_TEST_STATIC_KEYS is not set
 # CONFIG_TEST_STRING_HELPERS is not set
 # CONFIG_TEST_SYSCTL is not set
+# CONFIG_TEST_UBSAN is not set
 # CONFIG_TEST_UDELAY is not set
 # CONFIG_TEST_USER_COPY is not set
 # CONFIG_TEST_UUID is not set