About Kernel Documentation Linux Kernel Contact Linux Resources Linux Blog

Documentation / ubsan.txt


Based on kernel version 4.8. Page generated on 2016-10-06 23:19 EST.

1	Undefined Behavior Sanitizer - UBSAN
2	
3	Overview
4	--------
5	
6	UBSAN is a runtime undefined behaviour checker.
7	
8	UBSAN uses compile-time instrumentation to catch undefined behavior (UB).
9	Compiler inserts code that perform certain kinds of checks before operations
10	that may cause UB. If check fails (i.e. UB detected) __ubsan_handle_*
11	function called to print error message.
12	
13	GCC has that feature since 4.9.x [1] (see -fsanitize=undefined option and
14	its suboptions). GCC 5.x has more checkers implemented [2].
15	
16	Report example
17	---------------
18	
19		 ================================================================================
20		 UBSAN: Undefined behaviour in ../include/linux/bitops.h:110:33
21		 shift exponent 32 is to large for 32-bit type 'unsigned int'
22		 CPU: 0 PID: 0 Comm: swapper Not tainted 4.4.0-rc1+ #26
23		  0000000000000000 ffffffff82403cc8 ffffffff815e6cd6 0000000000000001
24		  ffffffff82403cf8 ffffffff82403ce0 ffffffff8163a5ed 0000000000000020
25		  ffffffff82403d78 ffffffff8163ac2b ffffffff815f0001 0000000000000002
26		 Call Trace:
27		  [<ffffffff815e6cd6>] dump_stack+0x45/0x5f
28		  [<ffffffff8163a5ed>] ubsan_epilogue+0xd/0x40
29		  [<ffffffff8163ac2b>] __ubsan_handle_shift_out_of_bounds+0xeb/0x130
30		  [<ffffffff815f0001>] ? radix_tree_gang_lookup_slot+0x51/0x150
31		  [<ffffffff8173c586>] _mix_pool_bytes+0x1e6/0x480
32		  [<ffffffff83105653>] ? dmi_walk_early+0x48/0x5c
33		  [<ffffffff8173c881>] add_device_randomness+0x61/0x130
34		  [<ffffffff83105b35>] ? dmi_save_one_device+0xaa/0xaa
35		  [<ffffffff83105653>] dmi_walk_early+0x48/0x5c
36		  [<ffffffff831066ae>] dmi_scan_machine+0x278/0x4b4
37		  [<ffffffff8111d58a>] ? vprintk_default+0x1a/0x20
38		  [<ffffffff830ad120>] ? early_idt_handler_array+0x120/0x120
39		  [<ffffffff830b2240>] setup_arch+0x405/0xc2c
40		  [<ffffffff830ad120>] ? early_idt_handler_array+0x120/0x120
41		  [<ffffffff830ae053>] start_kernel+0x83/0x49a
42		  [<ffffffff830ad120>] ? early_idt_handler_array+0x120/0x120
43		  [<ffffffff830ad386>] x86_64_start_reservations+0x2a/0x2c
44		  [<ffffffff830ad4f3>] x86_64_start_kernel+0x16b/0x17a
45		 ================================================================================
46	
47	Usage
48	-----
49	
50	To enable UBSAN configure kernel with:
51	
52		CONFIG_UBSAN=y
53	
54	and to check the entire kernel:
55	
56	        CONFIG_UBSAN_SANITIZE_ALL=y
57	
58	To enable instrumentation for specific files or directories, add a line
59	similar to the following to the respective kernel Makefile:
60	
61	        For a single file (e.g. main.o):
62	                UBSAN_SANITIZE_main.o := y
63	
64	        For all files in one directory:
65	                UBSAN_SANITIZE := y
66	
67	To exclude files from being instrumented even if
68	CONFIG_UBSAN_SANITIZE_ALL=y, use:
69	
70	                UBSAN_SANITIZE_main.o := n
71	        and:
72	                UBSAN_SANITIZE := n
73	
74	Detection of unaligned accesses controlled through the separate option -
75	CONFIG_UBSAN_ALIGNMENT. It's off by default on architectures that support
76	unaligned accesses (CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS=y). One could
77	still enable it in config, just note that it will produce a lot of UBSAN
78	reports.
79	
80	References
81	----------
82	
83	[1] - https://gcc.gnu.org/onlinedocs/gcc-4.9.0/gcc/Debugging-Options.html
84	[2] - https://gcc.gnu.org/onlinedocs/gcc/Debugging-Options.html
Hide Line Numbers


About Kernel Documentation Linux Kernel Contact Linux Resources Linux Blog