ubsan: Remove CONFIG_UBSAN_SANITIZE_ALL

For simplicity in splitting out UBSan options into separate rules,
remove CONFIG_UBSAN_SANITIZE_ALL, effectively defaulting to "y", which
is how it is generally used anyway. (There are no ":= y" cases beyond
where a specific file is enabled when a top-level ":= n" is in effect.)

Cc: Andrey Konovalov <andreyknvl@gmail.com>
Cc: Marco Elver <elver@google.com>
Cc: linux-doc@vger.kernel.org
Cc: linux-kbuild@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>

diff --git a/Documentation/dev-tools/ubsan.rst b/Documentation/dev-tools/ubsan.rst
index 2de7c63415da0ee674ad3251b7f0e027c264e26e..e3591f8e9d5b4d1a6311a1e234142405231bd9aa 100644 (file)
--- a/Documentation/dev-tools/ubsan.rst
+++ b/Documentation/dev-tools/ubsan.rst
@@ -49,34 +49,22 @@ Report example
 Usage
 -----
 
-To enable UBSAN configure kernel with::
+To enable UBSAN, configure the kernel with::
 
-       CONFIG_UBSAN=y
+  CONFIG_UBSAN=y
 
-and to check the entire kernel::
-
-        CONFIG_UBSAN_SANITIZE_ALL=y
-
-To enable instrumentation for specific files or directories, add a line
-similar to the following to the respective kernel Makefile:
-
-- For a single file (e.g. main.o)::
-
-    UBSAN_SANITIZE_main.o := y
-
-- For all files in one directory::
-
-    UBSAN_SANITIZE := y
-
-To exclude files from being instrumented even if
-``CONFIG_UBSAN_SANITIZE_ALL=y``, use::
+To exclude files from being instrumented use::
 
   UBSAN_SANITIZE_main.o := n
 
-and::
+and to exclude all targets in one directory use::
 
   UBSAN_SANITIZE := n
 
+When disabled for all targets, specific files can be enabled using::
+
+  UBSAN_SANITIZE_main.o := y
+
 Detection of unaligned accesses controlled through the separate option -
 CONFIG_UBSAN_ALIGNMENT. It's off by default on architectures that support
 unaligned accesses (CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS=y). One could

diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
index 0af6709570d147f3cb914454ec7a9364a621ea9b..287e625220646bff235b9587f83331a9b3aa81f9 100644 (file)
--- a/arch/arm/Kconfig
+++ b/arch/arm/Kconfig
@@ -29,7 +29,7 @@ config ARM
        select ARCH_HAVE_NMI_SAFE_CMPXCHG if CPU_V7 || CPU_V7M || CPU_V6K
        select ARCH_HAS_GCOV_PROFILE_ALL
        select ARCH_KEEP_MEMBLOCK
-       select ARCH_HAS_UBSAN_SANITIZE_ALL
+       select ARCH_HAS_UBSAN
        select ARCH_MIGHT_HAVE_PC_PARPORT
        select ARCH_OPTIONAL_KERNEL_RWX if ARCH_HAS_STRICT_KERNEL_RWX
        select ARCH_OPTIONAL_KERNEL_RWX_DEFAULT if CPU_V7

diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
index aa7c1d435139684d7b56f96f3f93945d331d64d6..78533d1b7f354f80254630f4148cfb460508ab34 100644 (file)
--- a/arch/arm64/Kconfig
+++ b/arch/arm64/Kconfig
@@ -107,7 +107,7 @@ config ARM64
        select ARCH_WANT_LD_ORPHAN_WARN
        select ARCH_WANTS_NO_INSTR
        select ARCH_WANTS_THP_SWAP if ARM64_4K_PAGES
-       select ARCH_HAS_UBSAN_SANITIZE_ALL
+       select ARCH_HAS_UBSAN
        select ARM_AMBA
        select ARM_ARCH_TIMER
        select ARM_GIC

diff --git a/arch/mips/Kconfig b/arch/mips/Kconfig
index 797ae590ebdba505c313b448720c7207b29673f8..9750ce3e40d59afac56ccf854a19d0e37e0a6c65 100644 (file)
--- a/arch/mips/Kconfig
+++ b/arch/mips/Kconfig
@@ -14,7 +14,7 @@ config MIPS
        select ARCH_HAS_STRNCPY_FROM_USER
        select ARCH_HAS_STRNLEN_USER
        select ARCH_HAS_TICK_BROADCAST if GENERIC_CLOCKEVENTS_BROADCAST
-       select ARCH_HAS_UBSAN_SANITIZE_ALL
+       select ARCH_HAS_UBSAN
        select ARCH_HAS_GCOV_PROFILE_ALL
        select ARCH_KEEP_MEMBLOCK
        select ARCH_USE_BUILTIN_BSWAP

diff --git a/arch/parisc/Kconfig b/arch/parisc/Kconfig
index d14ccc948a29b920854b6c750febffac625619fd..dbc9027ea2f43934d1b6ae9ad0b5aab6d851cce0 100644 (file)
--- a/arch/parisc/Kconfig
+++ b/arch/parisc/Kconfig
@@ -12,7 +12,7 @@ config PARISC
        select ARCH_HAS_ELF_RANDOMIZE
        select ARCH_HAS_STRICT_KERNEL_RWX
        select ARCH_HAS_STRICT_MODULE_RWX
-       select ARCH_HAS_UBSAN_SANITIZE_ALL
+       select ARCH_HAS_UBSAN
        select ARCH_HAS_PTE_SPECIAL
        select ARCH_NO_SG_CHAIN
        select ARCH_SUPPORTS_HUGETLBFS if PA20

diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig
index b9fc064d38d281f1c32584e79edd705c670b1731..2065973e09d209c43b035da265ddf4086923728a 100644 (file)
--- a/arch/powerpc/Kconfig
+++ b/arch/powerpc/Kconfig
@@ -154,7 +154,7 @@ config PPC
        select ARCH_HAS_SYSCALL_WRAPPER         if !SPU_BASE && !COMPAT
        select ARCH_HAS_TICK_BROADCAST          if GENERIC_CLOCKEVENTS_BROADCAST
        select ARCH_HAS_UACCESS_FLUSHCACHE
-       select ARCH_HAS_UBSAN_SANITIZE_ALL
+       select ARCH_HAS_UBSAN
        select ARCH_HAVE_NMI_SAFE_CMPXCHG
        select ARCH_KEEP_MEMBLOCK
        select ARCH_MHP_MEMMAP_ON_MEMORY_ENABLE if PPC_RADIX_MMU

diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig
index bffbd869a0682842883591788da784648acf1626..d824d113a02d6376ec8bbe2b413c7886a4784cd1 100644 (file)
--- a/arch/riscv/Kconfig
+++ b/arch/riscv/Kconfig
@@ -37,7 +37,7 @@ config RISCV
        select ARCH_HAS_STRICT_MODULE_RWX if MMU && !XIP_KERNEL
        select ARCH_HAS_SYSCALL_WRAPPER
        select ARCH_HAS_TICK_BROADCAST if GENERIC_CLOCKEVENTS_BROADCAST
-       select ARCH_HAS_UBSAN_SANITIZE_ALL
+       select ARCH_HAS_UBSAN
        select ARCH_HAS_VDSO_DATA
        select ARCH_KEEP_MEMBLOCK if ACPI
        select ARCH_OPTIONAL_KERNEL_RWX if ARCH_HAS_STRICT_KERNEL_RWX

diff --git a/arch/s390/Kconfig b/arch/s390/Kconfig
index fe565f3a3a917d0da83dbd8329a503910fa41948..97dd25521617ea766d72180a12c1252396b5bd55 100644 (file)
--- a/arch/s390/Kconfig
+++ b/arch/s390/Kconfig
@@ -82,7 +82,7 @@ config S390
        select ARCH_HAS_STRICT_KERNEL_RWX
        select ARCH_HAS_STRICT_MODULE_RWX
        select ARCH_HAS_SYSCALL_WRAPPER
-       select ARCH_HAS_UBSAN_SANITIZE_ALL
+       select ARCH_HAS_UBSAN
        select ARCH_HAS_VDSO_DATA
        select ARCH_HAVE_NMI_SAFE_CMPXCHG
        select ARCH_INLINE_READ_LOCK

diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 5edec175b9bfc92dfac8832fc3600b843407828b..1c4c326a3640fd4dbed655352aa64356c54959f6 100644 (file)
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -100,7 +100,7 @@ config X86
        select ARCH_HAS_STRICT_MODULE_RWX
        select ARCH_HAS_SYNC_CORE_BEFORE_USERMODE
        select ARCH_HAS_SYSCALL_WRAPPER
-       select ARCH_HAS_UBSAN_SANITIZE_ALL
+       select ARCH_HAS_UBSAN
        select ARCH_HAS_DEBUG_WX
        select ARCH_HAS_ZONE_DMA_SET if EXPERT
        select ARCH_HAVE_NMI_SAFE_CMPXCHG

diff --git a/lib/Kconfig.ubsan b/lib/Kconfig.ubsan
index 59e21bfec188cc060a5426c88c1a8eb387956fea..56d7653f494138e7e3e66ca414e54eb347cab085 100644 (file)
--- a/lib/Kconfig.ubsan
+++ b/lib/Kconfig.ubsan
@@ -1,5 +1,5 @@
 # SPDX-License-Identifier: GPL-2.0-only
-config ARCH_HAS_UBSAN_SANITIZE_ALL
+config ARCH_HAS_UBSAN
        bool
 
 menuconfig UBSAN
@@ -142,17 +142,6 @@ config UBSAN_ALIGNMENT
          Enabling this option on architectures that support unaligned
          accesses may produce a lot of false positives.
 
-config UBSAN_SANITIZE_ALL
-       bool "Enable instrumentation for the entire kernel"
-       depends on ARCH_HAS_UBSAN_SANITIZE_ALL
-       default y
-       help
-         This option activates instrumentation for the entire kernel.
-         If you don't enable this option, you have to explicitly specify
-         UBSAN_SANITIZE := y for the files/directories you want to check for UB.
-         Enabling this option will get kernel image size increased
-         significantly.
-
 config TEST_UBSAN
        tristate "Module for testing for undefined behavior detection"
        depends on m

diff --git a/scripts/Makefile.lib b/scripts/Makefile.lib
index cd5b181060f151f2c28186feb5b96db37ee04da9..52efc520ae4fa3c201d1e87a1a581e886dcf77b8 100644 (file)
--- a/scripts/Makefile.lib
+++ b/scripts/Makefile.lib
@@ -175,7 +175,7 @@ endif
 
 ifeq ($(CONFIG_UBSAN),y)
 _c_flags += $(if $(patsubst n%,, \
-               $(UBSAN_SANITIZE_$(basetarget).o)$(UBSAN_SANITIZE)$(CONFIG_UBSAN_SANITIZE_ALL)), \
+               $(UBSAN_SANITIZE_$(basetarget).o)$(UBSAN_SANITIZE)y), \
                $(CFLAGS_UBSAN))
 endif