1# 2# Copyright (c) 2019, Google, Inc. All rights reserved 3# 4# Permission is hereby granted, free of charge, to any person obtaining 5# a copy of this software and associated documentation files 6# (the "Software"), to deal in the Software without restriction, 7# including without limitation the rights to use, copy, modify, merge, 8# publish, distribute, sublicense, and/or sell copies of the Software, 9# and to permit persons to whom the Software is furnished to do so, 10# subject to the following conditions: 11# 12# The above copyright notice and this permission notice shall be 13# included in all copies or substantial portions of the Software. 14# 15# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 16# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 17# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. 18# IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY 19# CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, 20# TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 21# SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 22# 23 24# Including this file in your project will enable UBSan. 25# 26# Modules other than the kernel wishing to use UBSan must link in this 27# runtime by adding it to MODULE_DEPS, conditional on the UBSAN_ENABLED 28# variable (which sindicates whether UBSan is on for the build). 29# 30# Userspace apps do not need to worry about this as this runtime is already 31# being pulled in by libc when needed. 32# 33# Modules wishing to opt out of UBSan can do so by adding 34# the contents of UBSAN_DISABLE to their MODULE_CFLAGS/MODULE_CPPFLAGS or by 35# adding to trusty/kernel/lib/ubsan/exemptlist. 36# 37# Example reasons to do this include: 38# * Contexts which cannot easily support the ubsan runtime (e.g. test-runner) 39# * External code that is comparatively difficult to change (e.g. boringssl) 40# * Code which is highly sensitive to modification (e.g. crypto or performance 41# code) and is already thoroughly tested. 42# 43# If the code is trusty-owned, please consider either making the code UBSan 44# clean or using an __attribute__ decorator on a limited function with an 45# appropriate comment explaining why rather than disabling UBSan. 46# 47# The syntax for suppression is 48# __attribute__((no_sanitize("specific-sanitizer"))) 49# 50# Please *DO NOT* use __attribute__((no_sanitize("undefined"))), as which 51# sanitizers it disables may expand with compiler revisions and makes it 52# harder for a reader to figure out which sanitizer is expected to generate 53# a false-positive in that code. 54 55UBSAN_SANITIZERS ?= \ 56 alignment \ 57 bool \ 58 builtin \ 59 bounds \ 60 enum \ 61 float-cast-overflow \ 62 float-divide-by-zero \ 63 implicit-unsigned-integer-truncation \ 64 implicit-signed-integer-truncation \ 65 implicit-integer-sign-change \ 66 integer-divide-by-zero \ 67 pointer-overflow \ 68 return \ 69 shift \ 70 signed-integer-overflow \ 71 unreachable \ 72 unsigned-integer-overflow \ 73 vla-bound \ 74 75# object-size only works at higher than -O0 and so is not enabled 76# 77# non-null sanitizers are not enabled because we are not using the annotations 78# 79# C++ sanitizers requiring full language features (e.g. RTTI or stdlib) are 80# not enabled 81 82UBSAN_ENABLE := \ 83 $(foreach san,$(UBSAN_SANITIZERS),-fsanitize=$(san)) \ 84 -fsanitize-blacklist=trusty/kernel/lib/ubsan/exemptlist \ 85 86UBSAN_DISABLE := \ 87 $(foreach san,$(UBSAN_SANITIZERS),-fno-sanitize=$(san)) 88 89GLOBAL_SHARED_COMPILEFLAGS += $(UBSAN_ENABLE) -DUBSAN_ENABLED 90 91MODULES += trusty/kernel/lib/ubsan 92UBSAN_ENABLED := true 93