lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAFP8O3LhmXqqKKf1fOw1_0zGYOyN7ivm2yYSQJqSQr_megOq8Q@mail.gmail.com>
Date: Mon, 29 Jan 2024 10:59:55 -0800
From: Fangrui Song <maskray@...gle.com>
To: Kees Cook <keescook@...omium.org>
Cc: Marco Elver <elver@...gle.com>, Nathan Chancellor <nathan@...nel.org>, 
	Masahiro Yamada <masahiroy@...nel.org>, Nicolas Schier <nicolas@...sle.eu>, 
	Nick Desaulniers <ndesaulniers@...gle.com>, Bill Wendling <morbo@...gle.com>, 
	Justin Stitt <justinstitt@...gle.com>, linux-kbuild@...r.kernel.org, llvm@...ts.linux.dev, 
	Andrey Konovalov <andreyknvl@...il.com>, linux-kernel@...r.kernel.org, 
	linux-hardening@...r.kernel.org
Subject: Re: [PATCH 1/6] ubsan: Use Clang's -fsanitize-trap=undefined option

On Mon, Jan 29, 2024 at 10:00 AM Kees Cook <keescook@...omium.org> wrote:
>
> Clang changed the way it enables UBSan trapping mode. Update the Makefile
> logic to discover it.
>
> Suggested-by: Fangrui Song <maskray@...gle.com>
> Link: https://lore.kernel.org/lkml/CAFP8O3JivZh+AAV7N90Nk7U2BHRNST6MRP0zHtfQ-Vj0m4+pDA@mail.gmail.com/
> Cc: Nathan Chancellor <nathan@...nel.org>
> Cc: Masahiro Yamada <masahiroy@...nel.org>
> Cc: Nicolas Schier <nicolas@...sle.eu>
> Cc: Nick Desaulniers <ndesaulniers@...gle.com>
> Cc: Bill Wendling <morbo@...gle.com>
> Cc: Justin Stitt <justinstitt@...gle.com>
> Cc: linux-kbuild@...r.kernel.org
> Cc: llvm@...ts.linux.dev
> Signed-off-by: Kees Cook <keescook@...omium.org>
> ---
>  scripts/Makefile.ubsan | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/scripts/Makefile.ubsan b/scripts/Makefile.ubsan
> index 4749865c1b2c..7cf42231042b 100644
> --- a/scripts/Makefile.ubsan
> +++ b/scripts/Makefile.ubsan
> @@ -10,6 +10,6 @@ ubsan-cflags-$(CONFIG_UBSAN_DIV_ZERO)         += -fsanitize=integer-divide-by-zero
>  ubsan-cflags-$(CONFIG_UBSAN_UNREACHABLE)       += -fsanitize=unreachable
>  ubsan-cflags-$(CONFIG_UBSAN_BOOL)              += -fsanitize=bool
>  ubsan-cflags-$(CONFIG_UBSAN_ENUM)              += -fsanitize=enum
> -ubsan-cflags-$(CONFIG_UBSAN_TRAP)              += -fsanitize-undefined-trap-on-error
> +ubsan-cflags-$(CONFIG_UBSAN_TRAP)              += $(call cc-option,-fsanitize-trap=undefined,-fsanitize-undefined-trap-on-error)
>
>  export CFLAGS_UBSAN := $(ubsan-cflags-y)
> --
> 2.34.1

Thanks for the patch. Clang has had -fsanitize-trap= since 2015.
GCC added -fsanitize-trap=undefined in 2022
(https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=2c7cfc7b418564 ;
milestone: 13.1), so we cannot use -fsanitize-trap=undefined
unconditionally.

Reviewed-by: Fangrui Song <maskray@...gle.com>




--
宋方睿

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ