Kenrel: Implement two more KUBSAN checks

This patch adds the following UndefinedBehaviorSanitizer sub-options: * signed-integer-overflow * vla-bound
2025-10-31 06:52:45 +00:00 · 2021-02-05 20:03:07 +01:00 · 2021-02-05 20:03:07 +01:00 · d164f89ada
commit d164f89ada
parent 8e7ad28a33
3 changed files with 51 additions and 7 deletions
--- a/Kernel/CMakeLists.txt
+++ b/Kernel/CMakeLists.txt
@ -270,7 +270,7 @@ set(SOURCES
    ${C_SOURCES}
 )

-set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fsanitize=nonnull-attribute,bool")
+set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fsanitize=nonnull-attribute,bool,vla-bound,signed-integer-overflow")
 set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wno-unknown-warning-option -DKERNEL")
 set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -pie -fPIE -fno-rtti -ffreestanding -fbuiltin")
 set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -mno-80387 -mno-mmx -mno-sse -mno-sse2")
--- a/Kernel/UBSanitizer.cpp
+++ b/Kernel/UBSanitizer.cpp
@ -36,21 +36,55 @@ extern "C" {
 static void print_location(const SourceLocation& location)
 {
    dbgln("KUBSAN: at {}, line {}, column: {}", location.filename(), location.line(), location.column());
+    dump_backtrace();
 }

-void __ubsan_handle_load_invalid_value(InvalidValueData&, void*);
-void __ubsan_handle_load_invalid_value(InvalidValueData& data, void*)
+void __ubsan_handle_load_invalid_value(const InvalidValueData&, void*);
+void __ubsan_handle_load_invalid_value(const InvalidValueData& data, void*)
 {
    dbgln("KUBSAN: load-invalid-value: {} ({}-bit)", data.type.name(), data.type.bit_width());
    print_location(data.location);
-    dump_backtrace();
 }

-void __ubsan_handle_nonnull_arg(NonnullArgData&);
-void __ubsan_handle_nonnull_arg(NonnullArgData& data)
+void __ubsan_handle_nonnull_arg(const NonnullArgData&);
+void __ubsan_handle_nonnull_arg(const NonnullArgData& data)
 {
    dbgln("KUBSAN: null pointer passed as argument {}, which is declared to never be null", data.argument_index);
    print_location(data.location);
-    dump_backtrace();
+}
+
+void __ubsan_handle_vla_bound_not_positive(const VLABoundData&, void*);
+void __ubsan_handle_vla_bound_not_positive(const VLABoundData& data, void*)
+{
+    dbgln("KUBSAN: VLA bound not positive {} ({}-bit)", data.type.name(), data.type.bit_width());
+    print_location(data.location);
+}
+
+void __ubsan_handle_add_overflow(const OverflowData&, void* lhs, void* rhs);
+void __ubsan_handle_add_overflow(const OverflowData& data, void*, void*)
+{
+    dbgln("KUBSAN: addition overflow, {} ({}-bit)", data.type.name(), data.type.bit_width());
+    print_location(data.location);
+}
+
+void __ubsan_handle_sub_overflow(const OverflowData&, void* lhs, void* rhs);
+void __ubsan_handle_sub_overflow(const OverflowData& data, void*, void*)
+{
+    dbgln("KUBSAN: subtraction overflow, {} ({}-bit)", data.type.name(), data.type.bit_width());
+    print_location(data.location);
+}
+
+void __ubsan_handle_negate_overflow(const OverflowData&, void*);
+void __ubsan_handle_negate_overflow(const OverflowData& data, void*)
+{
+    dbgln("KUBSAN: negation overflow, {} ({}-bit)", data.type.name(), data.type.bit_width());
+    print_location(data.location);
+}
+
+void __ubsan_handle_mul_overflow(const OverflowData&, void* lhs, void* rhs);
+void __ubsan_handle_mul_overflow(const OverflowData& data, void*, void*)
+{
+    dbgln("KUBSAN: multiplication overflow, {} ({}-bit)", data.type.name(), data.type.bit_width());
+    print_location(data.location);
 }
 }
--- a/Kernel/UBSanitizer.h
+++ b/Kernel/UBSanitizer.h
@ -74,4 +74,14 @@ struct NonnullArgData {
    int argument_index;
 };

+struct OverflowData {
+    SourceLocation location;
+    const TypeDescriptor& type;
+};
+
+struct VLABoundData {
+    SourceLocation location;
+    const TypeDescriptor& type;
+};
+
 }