hardening fixes for v6.9-rc5
- Correctly disable UBSAN configs in configs/hardening (Nathan Chancellor) - Add missing signed integer overflow trap types to arm64 handler -----BEGIN PGP SIGNATURE----- iQJKBAABCgA0FiEEpcP2jyKd1g9yPm4TiXL039xtwCYFAmYi0M8WHGtlZXNjb29r QGNocm9taXVtLm9yZwAKCRCJcvTf3G3AJjPrEACrLlPZUPLiJPlPdYC5bW4lLSgZ v6z5XjeEVWVvIlzW3DKPKvzMmIl6D3CTN6KbgdjHR+s5VYGYVlkoQJw09SSBu1OX yFC2i0lyqUKuAmh6jK1T46kXvbrgK/3ClO3nQk7KotTfvuRcorAcGEmayTYnaWqd JX3qyry2oEiQG9pWDHl9bRQ1ZgbNdNkxR2YYIhy88lrMWORdVNG7PFkgNnVsEbnb UAbXl817//TSTuXUwklTllz0UNInmDmQTjrmMRUhiwTKEs8aRS5VX6biSyc1Fucz KYXNeK9ciV80mQYnj7jDxgXC5jNThtrjEokzht8vvZGHcBp3WMr6CJLmwj9aaSXE edib7mJf/YveJTCPN17xAvIMHZAFZyoyeiVIOE1Ys2lWSj8rXH5TvWnn/E4QPxHK 77lOKGZNwNMYmIa+L6gb3OOWpiZpOMTLCGMuJh6VSDf5BcA0i45yTxAlAe5JYpgw txxDscFu5MtrabR4Z28J+VY/wnWqQAC89D6qYsJOPH8kL0o3XhELCDKPNUZoY094 LV7XuhAB+xDqNdvZi7SHTmTtZSLPqRBlNrOUqQSmXrwjp11naya26l7fn1Y0cpQM K8o3ioUkSg0PJNox/kGxryouHXXMqtN/k52JPotkfa6XEQDpN82uo0xJD9r21Viu qhA7A8vcQ3KIb0cUbw== =Q6Hg -----END PGP SIGNATURE----- Merge tag 'hardening-v6.9-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux Pull hardening fixes from Kees Cook: - Correctly disable UBSAN configs in configs/hardening (Nathan Chancellor) - Add missing signed integer overflow trap types to arm64 handler * tag 'hardening-v6.9-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: ubsan: Add awareness of signed integer overflow traps configs/hardening: Disable CONFIG_UBSAN_SIGNED_WRAP configs/hardening: Fix disabling UBSAN configurations
This commit is contained in:
commit
2d412262cc
|
@ -39,11 +39,12 @@ CONFIG_UBSAN=y
|
||||||
CONFIG_UBSAN_TRAP=y
|
CONFIG_UBSAN_TRAP=y
|
||||||
CONFIG_UBSAN_BOUNDS=y
|
CONFIG_UBSAN_BOUNDS=y
|
||||||
# CONFIG_UBSAN_SHIFT is not set
|
# CONFIG_UBSAN_SHIFT is not set
|
||||||
# CONFIG_UBSAN_DIV_ZERO
|
# CONFIG_UBSAN_DIV_ZERO is not set
|
||||||
# CONFIG_UBSAN_UNREACHABLE
|
# CONFIG_UBSAN_UNREACHABLE is not set
|
||||||
# CONFIG_UBSAN_BOOL
|
# CONFIG_UBSAN_SIGNED_WRAP is not set
|
||||||
# CONFIG_UBSAN_ENUM
|
# CONFIG_UBSAN_BOOL is not set
|
||||||
# CONFIG_UBSAN_ALIGNMENT
|
# CONFIG_UBSAN_ENUM is not set
|
||||||
|
# CONFIG_UBSAN_ALIGNMENT is not set
|
||||||
|
|
||||||
# Sampling-based heap out-of-bounds and use-after-free detection.
|
# Sampling-based heap out-of-bounds and use-after-free detection.
|
||||||
CONFIG_KFENCE=y
|
CONFIG_KFENCE=y
|
||||||
|
|
18
lib/ubsan.c
18
lib/ubsan.c
|
@ -44,9 +44,10 @@ const char *report_ubsan_failure(struct pt_regs *regs, u32 check_type)
|
||||||
case ubsan_shift_out_of_bounds:
|
case ubsan_shift_out_of_bounds:
|
||||||
return "UBSAN: shift out of bounds";
|
return "UBSAN: shift out of bounds";
|
||||||
#endif
|
#endif
|
||||||
#ifdef CONFIG_UBSAN_DIV_ZERO
|
#if defined(CONFIG_UBSAN_DIV_ZERO) || defined(CONFIG_UBSAN_SIGNED_WRAP)
|
||||||
/*
|
/*
|
||||||
* SanitizerKind::IntegerDivideByZero emits
|
* SanitizerKind::IntegerDivideByZero and
|
||||||
|
* SanitizerKind::SignedIntegerOverflow emit
|
||||||
* SanitizerHandler::DivremOverflow.
|
* SanitizerHandler::DivremOverflow.
|
||||||
*/
|
*/
|
||||||
case ubsan_divrem_overflow:
|
case ubsan_divrem_overflow:
|
||||||
|
@ -77,6 +78,19 @@ const char *report_ubsan_failure(struct pt_regs *regs, u32 check_type)
|
||||||
return "UBSAN: alignment assumption";
|
return "UBSAN: alignment assumption";
|
||||||
case ubsan_type_mismatch:
|
case ubsan_type_mismatch:
|
||||||
return "UBSAN: type mismatch";
|
return "UBSAN: type mismatch";
|
||||||
|
#endif
|
||||||
|
#ifdef CONFIG_UBSAN_SIGNED_WRAP
|
||||||
|
/*
|
||||||
|
* SanitizerKind::SignedIntegerOverflow emits
|
||||||
|
* SanitizerHandler::AddOverflow, SanitizerHandler::SubOverflow,
|
||||||
|
* or SanitizerHandler::MulOverflow.
|
||||||
|
*/
|
||||||
|
case ubsan_add_overflow:
|
||||||
|
return "UBSAN: integer addition overflow";
|
||||||
|
case ubsan_sub_overflow:
|
||||||
|
return "UBSAN: integer subtraction overflow";
|
||||||
|
case ubsan_mul_overflow:
|
||||||
|
return "UBSAN: integer multiplication overflow";
|
||||||
#endif
|
#endif
|
||||||
default:
|
default:
|
||||||
return "UBSAN: unrecognized failure code";
|
return "UBSAN: unrecognized failure code";
|
||||||
|
|
Loading…
Reference in New Issue