ANDROID: disable CONFIG_UBSAN_SIGNED_WRAP

After updating Clang to r536225 it started to sanitize signed integer
overflow/underflow despite "-fwrapv" compiler flag. The "-fwrapv" flag
is designed to treat signed integer as two’s complement unsigned integer
with defined overflow/underflow.

Sanitizing signed integer overflow in Linux kernel might be useful to
spot bugs, however there are cases where overflow is intended, for
example, `atomic_long_t` type and such cases can't be annotated to not
trigger UBSAN.

UBSAN was initially enabled for Android only for bounds sanitizer. Also
we need to have UBSAN_TRAP to have kernel panic on out-of-bounds arrays
access to harden the kernel. This change disables
CONFIG_UBSAN_SIGNED_WRAP to make UBSAN function as bounds sanitizer only
and don't trigger on signed integer wraps.

Bug: 375156207
Bug: 354745907
Change-Id: I968edf7c8761505b6484cb4a46f6e948c39d7bab
Signed-off-by: Aleksei Vetrov <vvvvvv@google.com>
This commit is contained in:
Aleksei Vetrov
2024-10-24 19:37:34 +00:00
parent b293dda1a4
commit eaf265b853
2 changed files with 2 additions and 0 deletions
+1
View File
@@ -723,6 +723,7 @@ CONFIG_HEADERS_INSTALL=y
# CONFIG_SECTION_MISMATCH_WARN_ONLY is not set
CONFIG_MAGIC_SYSRQ=y
CONFIG_UBSAN=y
# CONFIG_UBSAN_SIGNED_WRAP is not set
# CONFIG_UBSAN_BOOL is not set
# CONFIG_UBSAN_ENUM is not set
CONFIG_PAGE_OWNER=y
+1
View File
@@ -666,6 +666,7 @@ CONFIG_HEADERS_INSTALL=y
# CONFIG_SECTION_MISMATCH_WARN_ONLY is not set
CONFIG_MAGIC_SYSRQ=y
CONFIG_UBSAN=y
# CONFIG_UBSAN_SIGNED_WRAP is not set
# CONFIG_UBSAN_BOOL is not set
# CONFIG_UBSAN_ENUM is not set
CONFIG_PAGE_OWNER=y