如何在linux内核中启用带符号整数溢出UBSan？

Question

当我使用以下命令配置内核5.4.0时：

CONFIG_UBSAN=y
UBSAN_SANITIZE_ALL=y

而-fsanitize=signed-integer-overflow在编译时也出现在了gcc的命令中。

然而，在最后的vmlinux中，__ubsan_handle_add_overflow出现在映像中，但从未调用过。

相比之下，__ubsan_handle_load_invalid_value、__ubsan_handle_shift_out_of_bounds等其他无符号整数溢出UBSan处理程序被广泛调用。

在整个编译过程中，我找不到这两种类型的UBSan之间的任何区别。这可能是因为编译器优化假设溢出永远不会存在，因此没有检测这些与溢出相关的UBSan？

我在这里附加了一个典型的gcc命令，以备需要时使用：

cmd_fs/ioctl.o := /home/cm/exp/symslice/syzkaller/gcc/bin/gcc -Wp,-MD,fs/.ioctl.o.d -nostdinc -isystem /home/cm/exp/symslice/syzkaller/gcc/bin/../lib/gcc/x86_64-pc-linux-gnu/8.0.1/include -I./arch/x86/include -I./arch/x86/include/generated -I./include -I./arch/x86/include/uapi -I./arch/x86/include/generated/uapi -I./include/uapi -I./include/generated/uapi -include ./include/linux/kconfig.h -include ./include/linux/compiler_types.h -D__KERNEL__ -Wall -Wundef -Werror=strict-prototypes -Wno-trigraphs -fno-strict-aliasing -fno-common -fshort-wchar -fno-PIE -Werror=implicit-function-declaration -Werror=implicit-int -Wno-format-security -std=gnu89 -mno-sse -mno-mmx -mno-sse2 -mno-3dnow -mno-avx -m64 -falign-jumps=1 -falign-loops=1 -mno-80387 -mno-fp-ret-in-387 -mpreferred-stack-boundary=3 -mskip-rax-setup -march=core2 -mno-red-zone -mcmodel=kernel -DCONFIG_X86_X32_ABI -DCONFIG_AS_CFI=1 -DCONFIG_AS_CFI_SIGNAL_FRAME=1 -DCONFIG_AS_CFI_SECTIONS=1 -DCONFIG_AS_SSSE3=1 -DCONFIG_AS_AVX=1 -DCONFIG_AS_AVX2=1 -DCONFIG_AS_AVX512=1 -DCONFIG_AS_SHA1_NI=1 -DCONFIG_AS_SHA256_NI=1 -Wno-sign-compare -fno-asynchronous-unwind-tables -fno-delete-null-pointer-checks -Wno-frame-address -Wno-format-truncation -Wno-format-overflow -O2 --param=allow-store-data-races=0 -Wframe-larger-than=2048 -fstack-protector-strong -Wno-unused-but-set-variable -Wimplicit-fallthrough -Wno-unused-const-variable -fomit-frame-pointer -fno-var-tracking-assignments -g -femit-struct-debug-baseonly -fno-var-tracking -Wdeclaration-after-statement -Wvla -Wno-pointer-sign -Wno-stringop-truncation -fno-strict-overflow -fno-merge-all-constants -fmerge-constants -fno-stack-check -fconserve-stack -Werror=date-time -Werror=incompatible-pointer-types -Werror=designated-init -fmacro-prefix-map=./= -Wno-packed-not-aligned -fsanitize=kernel-address -fasan-shadow-offset=0xdffffc0000000000 --param asan-globals=1 --param asan-instrumentation-with-call-threshold=10000 --param asan-stack=1 --param asan-instrument-allocas=1 -fsanitize=shift -fsanitize=integer-divide-by-zero -fsanitize=unreachable -fsanitize=signed-integer-overflow -fsanitize=bounds -fsanitize=object-size -fsanitize=bool -fsanitize=enum -Wno-maybe-uninitialized -fsanitize-coverage=trace-pc -fsanitize-coverage=trace-cmp -DKBUILD_BASENAME='"ioctl"' -DKBUILD_MODNAME='"ioctl"' -c -o fs/ioctl.o fs/ioctl.c

Answer 1

您正在使用-fno-strict-overflow进行编译，这意味着添加有符号数字时的溢出不会被视为UB。