1

当我配置内核 5.4.0 时:

CONFIG_UBSAN=y
UBSAN_SANITIZE_ALL=y

并且-fsanitize=signed-integer-overflow在编译过程中也出现在 gcc 命令中。

但是,在最后的 vmlinux 中,__ubsan_handle_add_overflow被镜像了,却从来没有调用过。

相比之下,其他非有符号整数溢出 UBSan 处理程序,例如 __ubsan_handle_load_invalid_value__ubsan_handle_shift_out_of_bounds 被广泛调用。

在整个编译过程中,我找不到这两种类型的 UBSan 之间的任何区别。是否可能是因为编译器优化假设溢出不应该存在,因此没有检测这些与溢出相关的 UBSan?

我在此处附加了一个典型的 gcc 命令,以备不时之需:

cmd_fs/ioctl.o := /home/cm/exp/symslice/syzkaller/gcc/bin/gcc -Wp,-MD,fs/.ioctl.o.d -nostdinc -isystem /home/cm/exp/symslice/syzkaller/gcc/bin/../lib/gcc/x86_64-pc-linux-gnu/8.0.1/include -I./arch/x86/include -I./arch/x86/include/generated -I./include -I./arch/x86/include/uapi -I./arch/x86/include/generated/uapi -I./include/uapi -I./include/generated/uapi -include ./include/linux/kconfig.h -include ./include/linux/compiler_types.h -D__KERNEL__ -Wall -Wundef -Werror=strict-prototypes -Wno-trigraphs -fno-strict-aliasing -fno-common -fshort-wchar -fno-PIE -Werror=implicit-function-declaration -Werror=implicit-int -Wno-format-security -std=gnu89 -mno-sse -mno-mmx -mno-sse2 -mno-3dnow -mno-avx -m64 -falign-jumps=1 -falign-loops=1 -mno-80387 -mno-fp-ret-in-387 -mpreferred-stack-boundary=3 -mskip-rax-setup -march=core2 -mno-red-zone -mcmodel=kernel -DCONFIG_X86_X32_ABI -DCONFIG_AS_CFI=1 -DCONFIG_AS_CFI_SIGNAL_FRAME=1 -DCONFIG_AS_CFI_SECTIONS=1 -DCONFIG_AS_SSSE3=1 -DCONFIG_AS_AVX=1 -DCONFIG_AS_AVX2=1 -DCONFIG_AS_AVX512=1 -DCONFIG_AS_SHA1_NI=1 -DCONFIG_AS_SHA256_NI=1 -Wno-sign-compare -fno-asynchronous-unwind-tables -fno-delete-null-pointer-checks -Wno-frame-address -Wno-format-truncation -Wno-format-overflow -O2 --param=allow-store-data-races=0 -Wframe-larger-than=2048 -fstack-protector-strong -Wno-unused-but-set-variable -Wimplicit-fallthrough -Wno-unused-const-variable -fomit-frame-pointer -fno-var-tracking-assignments -g -femit-struct-debug-baseonly -fno-var-tracking -Wdeclaration-after-statement -Wvla -Wno-pointer-sign -Wno-stringop-truncation -fno-strict-overflow -fno-merge-all-constants -fmerge-constants -fno-stack-check -fconserve-stack -Werror=date-time -Werror=incompatible-pointer-types -Werror=designated-init -fmacro-prefix-map=./= -Wno-packed-not-aligned -fsanitize=kernel-address -fasan-shadow-offset=0xdffffc0000000000 --param asan-globals=1 --param asan-instrumentation-with-call-threshold=10000 --param asan-stack=1 --param asan-instrument-allocas=1 -fsanitize=shift -fsanitize=integer-divide-by-zero -fsanitize=unreachable -fsanitize=signed-integer-overflow -fsanitize=bounds -fsanitize=object-size -fsanitize=bool -fsanitize=enum -Wno-maybe-uninitialized -fsanitize-coverage=trace-pc -fsanitize-coverage=trace-cmp -DKBUILD_BASENAME='"ioctl"' -DKBUILD_MODNAME='"ioctl"' -c -o fs/ioctl.o fs/ioctl.c

4

1 回答 1

0

您正在使用 进行编译-fno-strict-overflow,这意味着添加有符号数字时溢出不会被视为 UB。

于 2020-11-15T23:45:41.160 回答