On Mon, Aug 27, 2018 at 01:13:19AM +0200, Eugeniu Rosca wrote:
Import Undefined Behavior SANitizer from Linux Kernel v4.18, as implemented by Andrey Ryabinin aryabinin@virtuozzo.com.
Roughly, the UBSAN development history in Linux kernel looks like:
v4.18 3ca17b1f3628 ("lib/ubsan: remove null-pointer checks") v4.17-rc1 317506009216 ("lib/test_ubsan.c: make test_ubsan_misaligned_access() static") v4.17-rc1 854686f4edf4 ("lib: add testing module for UBSAN") v4.16-rc1 bac7a1fff792 ("lib/ubsan: remove returns-nonnull-attribute checks") v4.16-rc1 42440c1f9911 ("lib/ubsan: add type mismatch handler for new GCC/Clang") v4.16-rc1 b8fe1120b4ba ("lib/ubsan.c: s/missaligned/misaligned/") v4.10-rc1 0462554707d6 ("Kconfig: lib/Kconfig.ubsan fix reference to ubsan documentation") v4.9-rc5 a76bcf557ef4 ("Kbuild: enable -Wmaybe-uninitialized warning for "make W=1"") v4.9-rc1 725c4d22bbc4 ("ubsan: allow to disable the null sanitizer") v4.9-rc1 1ead009cd622 ("docs: sphinxify ubsan.txt and move it to dev-tools") v4.8-rc1 901d805c33fc ("UBSAN: fix typo in format string") v4.8-rc1 6e8d666e9253 ("Disable "maybe-uninitialized" warning globally") v4.6-rc1 dde5cf39d4d2 ("ubsan: fix tree-wide -Wmaybe-uninitialized false positives") v4.5-rc4 7707535ab95e ("ubsan: cosmetic fix to Kconfig text") v4.5-rc1 bf76f73c5f65 ("powerpc: enable UBSAN support") v4.5-rc1 c6d308534aef ("UBSAN: run-time undefined behavior sanity checker")
What's not interesting for U-Boot is:
- 317506009216 ("lib/test_ubsan.c: make test_ubsan_misaligned_access() static")
- 854686f4edf4 ("lib: add testing module for UBSAN") since they add a module-only test functionality.
- any Documentation commits.
Since dump_stack() evaluates to NOOP in U-Boot, the UBSAN report retains only the header from the original kernel report.
As example, below is a UB found in U-Boot thanks to UBSAN:
==================================================================== UBSAN: Undefined behaviour in drivers/net/phy/phy.c:728:19 left shift of 1 by 31 places cannot be represented in type 'int' ====================================================================
For comparison, below is a full-fledged kernel UBSAN report, based on v4.17-rc4 Linux commit 0dfc0c792d69 ("iommu/vt-d: fix shift-out-of- bounds in bug checking"):
================================================================================ UBSAN: Undefined behaviour in drivers/iommu/dmar.c:1348:3 shift exponent 64 is too large for 32-bit type 'int' CPU: 2 PID: 0 Comm: swapper/2 Tainted: G U 4.17.0-rc1+ #89 Hardware name: Dell Inc. OptiPlex 7040/0Y7WYT, BIOS 1.2.8 01/26/2016 Call Trace:
<IRQ> dump_stack+0x90/0xfb ubsan_epilogue+0x9/0x40 __ubsan_handle_shift_out_of_bounds+0x10e/0x170 ? qi_flush_dev_iotlb+0x124/0x180
Reviewed-by: Tom Rini trini@konsulko.com