lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:	Mon, 20 Oct 2014 14:54:58 +0400
From:	Andrey Ryabinin <>
To:	Andrew Morton <>,
	Thomas Gleixner <>,
	Ingo Molnar <>,
	"H. Peter Anvin" <>,
	Peter Zijlstra <>,
	Michal Marek <>,
	Sasha Levin <>,,,
Cc:	Andrey Ryabinin <>,
	Theodore Ts'o <>,
	Andreas Dilger <>,
	Dmitry Vyukov <>,
	Konstantin Khlebnikov <>
Subject: [RFC] UBSan: run-time undefined behavior sanity checker


This is yet another sanitizer for linux kernel.

UBSan uses copile-time instumentation to catch undefined behavior (UB).
Compiler inserts code that perform certain kinds of
checks before operations that could cause UB.
If check fails (i.e. UB detected) __ubsan_handle_* function called.
to print error message.

Patch is also available via git:
	git:// --branch ubsan/v1

GCC supports this since 4.9, however upcoming GCC 5.0 has
more checkers implemented.

Different kinds of checkers could be enabled via boot parameter:
If ubsan_handle not present in cmdline default options are used: ELNVBSLF

	O - different kinds of overflows
	E - negation overflow, division overflow, division by zero.
	A - misaligned memory access.
	I - load from/store to an object with insufficient space.
	N - null argument declared with nonnull attribute,
		returned null from function which never returns null, null ptr dereference.
	V - variable size array with non-positive length
	B - out-of-bounds memory accesses.
	S - shifting out-of-bounds.
	L - load of invalid value (value out of range for the enum type, loading other then 0/1 to bool type)
	F - call to function through pointer with incorrect function type
		(AFAIK this is not implemented in gcc yet, probably works with clang,
		though I didn't check it).

Andrey Ryabinin (1):
  UBSan: run-time undefined behavior sanity checker

 Makefile                              |  12 +-
 arch/x86/Kconfig                      |   1 +
 arch/x86/boot/Makefile                |   1 +
 arch/x86/boot/compressed/Makefile     |   1 +
 arch/x86/realmode/rm/Makefile         |   1 +
 arch/x86/vdso/Makefile                |   2 +
 drivers/firmware/efi/libstub/Makefile |   1 +
 include/linux/sched.h                 |   4 +
 kernel/printk/Makefile                |   1 +
 lib/Kconfig.debug                     |  23 ++
 lib/Makefile                          |   3 +
 lib/ubsan.c                           | 559 ++++++++++++++++++++++++++++++++++
 lib/ubsan.h                           |  84 +++++
 scripts/Makefile.lib                  |   6 +
 14 files changed, 698 insertions(+), 1 deletion(-)
 create mode 100644 lib/ubsan.c
 create mode 100644 lib/ubsan.h


To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
More majordomo info at
Please read the FAQ at

Powered by blists - more mailing lists