ubsan: Clarify Kconfig text for CONFIG_UBSAN_TRAP
Make it clearer in the one-line description and the verbose description text that CONFIG_UBSAN_TRAP as currently implemented involves a tradeoff of much less helpful oops messages in exchange for a smaller kernel image. (With the additional effect of turning UBSAN warnings into crashes, which may or may not be desired.) Signed-off-by: Jann Horn <jannh@google.com> Link: https://lore.kernel.org/r/20230705215128.486054-1-jannh@google.com Signed-off-by: Kees Cook <keescook@chromium.org>
This commit is contained in:
parent
fdf0eaf114
commit
ce6616724f
|
@ -13,7 +13,7 @@ menuconfig UBSAN
|
|||
if UBSAN
|
||||
|
||||
config UBSAN_TRAP
|
||||
bool "On Sanitizer warnings, abort the running kernel code"
|
||||
bool "Abort on Sanitizer warnings (smaller kernel but less verbose)"
|
||||
depends on !COMPILE_TEST
|
||||
help
|
||||
Building kernels with Sanitizer features enabled tends to grow
|
||||
|
@ -26,6 +26,14 @@ config UBSAN_TRAP
|
|||
the system. For some system builders this is an acceptable
|
||||
trade-off.
|
||||
|
||||
Also note that selecting Y will cause your kernel to Oops
|
||||
with an "illegal instruction" error with no further details
|
||||
when a UBSAN violation occurs. (Except on arm64, which will
|
||||
report which Sanitizer failed.) This may make it hard to
|
||||
determine whether an Oops was caused by UBSAN or to figure
|
||||
out the details of a UBSAN violation. It makes the kernel log
|
||||
output less useful for bug reports.
|
||||
|
||||
config CC_HAS_UBSAN_BOUNDS_STRICT
|
||||
def_bool $(cc-option,-fsanitize=bounds-strict)
|
||||
help
|
||||
|
|
Loading…
Reference in New Issue