From: Martin Rowe Date: Sat, 26 Mar 2022 14:20:16 +0000 (+1000) Subject: UBSAN_SANITIZE_ALL not available on ARM X-Git-Tag: v0.5.17~18^2 X-Git-Url: https://jxself.org/git/?a=commitdiff_plain;ds=sidebyside;h=refs%2Fpull%2F60%2Fhead;p=kconfig-hardened-check.git UBSAN_SANITIZE_ALL not available on ARM ARCH_HAS_UBSAN_SANITIZE_ALL is not selected for arm arch, which prevents selectiong of CONFIG_UBSAN_SANITIZE_ALL https://github.com/torvalds/linux/blob/master/arch/arm/Kconfig https://github.com/torvalds/linux/blob/master/lib/Kconfig.ubsan --- diff --git a/kconfig_hardened_check/__init__.py b/kconfig_hardened_check/__init__.py index 3f7aa19..3361bde 100644 --- a/kconfig_hardened_check/__init__.py +++ b/kconfig_hardened_check/__init__.py @@ -441,8 +441,9 @@ def add_kconfig_checks(l, arch): # 'self_protection', 'maintainer' ubsan_bounds_is_set = KconfigCheck('self_protection', 'maintainer', 'UBSAN_BOUNDS', 'y') # only array index bounds checking l += [ubsan_bounds_is_set] # recommended by Kees Cook in /issues/53 - l += [AND(KconfigCheck('self_protection', 'maintainer', 'UBSAN_SANITIZE_ALL', 'y'), - ubsan_bounds_is_set)] # recommended by Kees Cook in /issues/53 + if arch in ('X86_64', 'ARM64', 'X86_32'): # ARCH_HAS_UBSAN_SANITIZE_ALL is not enabled for ARM + l += [AND(KconfigCheck('self_protection', 'maintainer', 'UBSAN_SANITIZE_ALL', 'y'), + ubsan_bounds_is_set)] # recommended by Kees Cook in /issues/53 l += [AND(KconfigCheck('self_protection', 'maintainer', 'UBSAN_TRAP', 'y'), ubsan_bounds_is_set)] # recommended by Kees Cook in /issues/53