~hc/RK356X_SDK_RELEASE.git

..	..	@@ -1,24 +1,159 @@
	1	+# SPDX-License-Identifier: GPL-2.0-only
1	2	config ARCH_HAS_UBSAN_SANITIZE_ALL
2	3	bool
3	4
4		-config UBSAN
	5	+menuconfig UBSAN
5	6	bool "Undefined behaviour sanity checker"
6	7	help
7		- This option enables undefined behaviour sanity checker
	8	+ This option enables the Undefined Behaviour sanity checker.
8	9	Compile-time instrumentation is used to detect various undefined
9		- behaviours in runtime. Various types of checks may be enabled
10		- via boot parameter ubsan_handle
11		- (see: Documentation/dev-tools/ubsan.rst).
	10	+ behaviours at runtime. For more details, see:
	11	+ Documentation/dev-tools/ubsan.rst
	12	+
	13	+if UBSAN
	14	+
	15	+config UBSAN_TRAP
	16	+ bool "On Sanitizer warnings, abort the running kernel code"
	17	+ depends on !COMPILE_TEST
	18	+ depends on $(cc-option, -fsanitize-undefined-trap-on-error)
	19	+ help
	20	+ Building kernels with Sanitizer features enabled tends to grow
	21	+ the kernel size by around 5%, due to adding all the debugging
	22	+ text on failure paths. To avoid this, Sanitizer instrumentation
	23	+ can just issue a trap. This reduces the kernel size overhead but
	24	+ turns all warnings (including potentially harmless conditions)
	25	+ into full exceptions that abort the running kernel code
	26	+ (regardless of context, locks held, etc), which may destabilize
	27	+ the system. For some system builders this is an acceptable
	28	+ trade-off.
	29	+
	30	+config UBSAN_KCOV_BROKEN
	31	+ def_bool KCOV && CC_HAS_SANCOV_TRACE_PC
	32	+ depends on CC_IS_CLANG
	33	+ depends on !$(cc-option,-Werror=unused-command-line-argument -fsanitize=bounds -fsanitize-coverage=trace-pc)
	34	+ help
	35	+ Some versions of clang support either UBSAN or KCOV but not the
	36	+ combination of the two.
	37	+ See https://bugs.llvm.org/show_bug.cgi?id=45831 for the status
	38	+ in newer releases.
	39	+
	40	+config CC_HAS_UBSAN_BOUNDS
	41	+ def_bool $(cc-option,-fsanitize=bounds)
	42	+
	43	+config CC_HAS_UBSAN_ARRAY_BOUNDS
	44	+ def_bool $(cc-option,-fsanitize=array-bounds)
	45	+
	46	+config UBSAN_BOUNDS
	47	+ bool "Perform array index bounds checking"
	48	+ default UBSAN
	49	+ depends on !UBSAN_KCOV_BROKEN
	50	+ depends on CC_HAS_UBSAN_ARRAY_BOUNDS \|\| CC_HAS_UBSAN_BOUNDS
	51	+ help
	52	+ This option enables detection of directly indexed out of bounds
	53	+ array accesses, where the array size is known at compile time.
	54	+ Note that this does not protect array overflows via bad calls
	55	+ to the {str,mem}*cpy() family of functions (that is addressed
	56	+ by CONFIG_FORTIFY_SOURCE).
	57	+
	58	+config UBSAN_ONLY_BOUNDS
	59	+ def_bool CC_HAS_UBSAN_BOUNDS && !CC_HAS_UBSAN_ARRAY_BOUNDS
	60	+ depends on UBSAN_BOUNDS
	61	+ help
	62	+ This is a weird case: Clang's -fsanitize=bounds includes
	63	+ -fsanitize=local-bounds, but it's trapping-only, so for
	64	+ Clang, we must use -fsanitize=array-bounds when we want
	65	+ traditional array bounds checking enabled. For GCC, we
	66	+ want -fsanitize=bounds.
	67	+
	68	+config UBSAN_ARRAY_BOUNDS
	69	+ def_bool CC_HAS_UBSAN_ARRAY_BOUNDS
	70	+ depends on UBSAN_BOUNDS
	71	+
	72	+config UBSAN_LOCAL_BOUNDS
	73	+ bool "Perform array local bounds checking"
	74	+ depends on UBSAN_TRAP
	75	+ depends on !UBSAN_KCOV_BROKEN
	76	+ depends on $(cc-option,-fsanitize=local-bounds)
	77	+ help
	78	+ This option enables -fsanitize=local-bounds which traps when an
	79	+ exception/error is detected. Therefore, it may only be enabled
	80	+ with CONFIG_UBSAN_TRAP.
	81	+
	82	+ Enabling this option detects errors due to accesses through a
	83	+ pointer that is derived from an object of a statically-known size,
	84	+ where an added offset (which may not be known statically) is
	85	+ out-of-bounds.
	86	+
	87	+config UBSAN_SHIFT
	88	+ bool "Perform checking for bit-shift overflows"
	89	+ default UBSAN
	90	+ depends on $(cc-option,-fsanitize=shift)
	91	+ help
	92	+ This option enables -fsanitize=shift which checks for bit-shift
	93	+ operations that overflow to the left or go switch to negative
	94	+ for signed types.
	95	+
	96	+config UBSAN_DIV_ZERO
	97	+ bool "Perform checking for integer divide-by-zero"
	98	+ depends on $(cc-option,-fsanitize=integer-divide-by-zero)
	99	+ help
	100	+ This option enables -fsanitize=integer-divide-by-zero which checks
	101	+ for integer division by zero. This is effectively redundant with the
	102	+ kernel's existing exception handling, though it can provide greater
	103	+ debugging information under CONFIG_UBSAN_REPORT_FULL.
	104	+
	105	+config UBSAN_UNREACHABLE
	106	+ bool "Perform checking for unreachable code"
	107	+ # objtool already handles unreachable checking and gets angry about
	108	+ # seeing UBSan instrumentation located in unreachable places.
	109	+ depends on !STACK_VALIDATION
	110	+ depends on $(cc-option,-fsanitize=unreachable)
	111	+ help
	112	+ This option enables -fsanitize=unreachable which checks for control
	113	+ flow reaching an expected-to-be-unreachable position.
	114	+
	115	+config UBSAN_OBJECT_SIZE
	116	+ bool "Perform checking for accesses beyond the end of objects"
	117	+ default UBSAN
	118	+ # gcc hugely expands stack usage with -fsanitize=object-size
	119	+ # https://lore.kernel.org/lkml/CAHk-=wjPasyJrDuwDnpHJS2TuQfExwe=px-SzLeN8GFMAQJPmQ@mail.gmail.com/
	120	+ depends on !CC_IS_GCC
	121	+ depends on $(cc-option,-fsanitize=object-size)
	122	+ help
	123	+ This option enables -fsanitize=object-size which checks for accesses
	124	+ beyond the end of objects where the optimizer can determine both the
	125	+ object being operated on and its size, usually seen with bad downcasts,
	126	+ or access to struct members from NULL pointers.
	127	+
	128	+config UBSAN_BOOL
	129	+ bool "Perform checking for non-boolean values used as boolean"
	130	+ default UBSAN
	131	+ depends on $(cc-option,-fsanitize=bool)
	132	+ help
	133	+ This option enables -fsanitize=bool which checks for boolean values being
	134	+ loaded that are neither 0 nor 1.
	135	+
	136	+config UBSAN_ENUM
	137	+ bool "Perform checking for out of bounds enum values"
	138	+ default UBSAN
	139	+ depends on $(cc-option,-fsanitize=enum)
	140	+ help
	141	+ This option enables -fsanitize=enum which checks for values being loaded
	142	+ into an enum that are outside the range of given values for the given enum.
	143	+
	144	+config UBSAN_ALIGNMENT
	145	+ bool "Perform checking for misaligned pointer usage"
	146	+ default !HAVE_EFFICIENT_UNALIGNED_ACCESS
	147	+ depends on !UBSAN_TRAP && !COMPILE_TEST
	148	+ depends on $(cc-option,-fsanitize=alignment)
	149	+ help
	150	+ This option enables the check of unaligned memory accesses.
	151	+ Enabling this option on architectures that support unaligned
	152	+ accesses may produce a lot of false positives.
12	153
13	154	config UBSAN_SANITIZE_ALL
14	155	bool "Enable instrumentation for the entire kernel"
15		- depends on UBSAN
16	156	depends on ARCH_HAS_UBSAN_SANITIZE_ALL
17		-
18		- # We build with -Wno-maybe-uninitilzed, but we still want to
19		- # use -Wmaybe-uninitilized in allmodconfig builds.
20		- # So dependsy bellow used to disable this option in allmodconfig
21		- depends on !COMPILE_TEST
22	157	default y
23	158	help
24	159	This option activates instrumentation for the entire kernel.
..	..	@@ -27,18 +162,11 @@
27	162	Enabling this option will get kernel image size increased
28	163	significantly.
29	164
30		-config UBSAN_ALIGNMENT
31		- bool "Enable checking of pointers alignment"
32		- depends on UBSAN
33		- default y if !HAVE_EFFICIENT_UNALIGNED_ACCESS
34		- help
35		- This option enables detection of unaligned memory accesses.
36		- Enabling this option on architectures that support unaligned
37		- accesses may produce a lot of false positives.
38		-
39	165	config TEST_UBSAN
40	166	tristate "Module for testing for undefined behavior detection"
41		- depends on m && UBSAN
	167	+ depends on m
42	168	help
43	169	This is a test module for UBSAN.
44	170	It triggers various undefined behavior, and detect it.
	171	+
	172	+endif # if UBSAN