[PATCH 1/4] sandbox: use host system's UBSan library

Ahmad Fatoum a.fatoum at pengutronix.de
Mon Nov 25 07:09:42 PST 2024


The host system's libubsan is more extensive than what we have and when
building with libfuzzer later, having the functions defined again leads
to linker error due to repeated definitions.

Therefore, let's only use our ubsan functions when we are outside
sandbox.

While at it, we restructure the Makefile a bit to look more like Linux'
and to allow easier extension in future.  CFLAGS_UBSAN will now
unconditionally have the enabled options, but this is ok as we only
make use of it when UBSAN is actually enabled.

Signed-off-by: Ahmad Fatoum <a.fatoum at pengutronix.de>
---
 lib/Kconfig.ubsan      |  3 +++
 lib/Makefile           |  2 +-
 scripts/Makefile.ubsan | 33 ++++++++++++++++++---------------
 3 files changed, 22 insertions(+), 16 deletions(-)

diff --git a/lib/Kconfig.ubsan b/lib/Kconfig.ubsan
index 22958f48011e..c04ff3cbb6fd 100644
--- a/lib/Kconfig.ubsan
+++ b/lib/Kconfig.ubsan
@@ -31,6 +31,9 @@ config UBSAN_NO_ALIGNMENT
 	  Disabling this option on architectures that support unaligned
 	  accesses may produce a lot of false positives.
 
+config UBSAN_STANDALONE
+	def_bool !SANDBOX
+
 config UBSAN_ALIGNMENT
 	def_bool !UBSAN_NO_ALIGNMENT
 
diff --git a/lib/Makefile b/lib/Makefile
index 41aed121267c..1cf311ebcdb8 100644
--- a/lib/Makefile
+++ b/lib/Makefile
@@ -82,7 +82,7 @@ obj-$(CONFIG_CRC_CCITT) += crc-ccitt.o
 obj-$(CONFIG_CRC8)	+= crc8.o
 obj-$(CONFIG_NLS)	+= nls_base.o
 obj-$(CONFIG_FSL_QE_FIRMWARE) += fsl-qe-firmware.o
-obj-$(CONFIG_UBSAN)	+= ubsan.o
+obj-$(CONFIG_UBSAN_STANDALONE)	+= ubsan.o
 obj-$(CONFIG_GENERIC_ALLOCATOR) += genalloc.o
 
 # GCC library routines
diff --git a/scripts/Makefile.ubsan b/scripts/Makefile.ubsan
index 019771b845c5..4fb30a6c3768 100644
--- a/scripts/Makefile.ubsan
+++ b/scripts/Makefile.ubsan
@@ -1,19 +1,22 @@
 # SPDX-License-Identifier: GPL-2.0
-ifdef CONFIG_UBSAN
-      CFLAGS_UBSAN += $(call cc-option, -fsanitize=shift)
-      CFLAGS_UBSAN += $(call cc-option, -fsanitize=integer-divide-by-zero)
-      CFLAGS_UBSAN += $(call cc-option, -fsanitize=unreachable)
-      CFLAGS_UBSAN += $(call cc-option, -fsanitize=signed-integer-overflow)
-      CFLAGS_UBSAN += $(call cc-option, -fsanitize=bounds)
-      CFLAGS_UBSAN += $(call cc-option, -fsanitize=object-size)
-      CFLAGS_UBSAN += $(call cc-option, -fsanitize=bool)
-      CFLAGS_UBSAN += $(call cc-option, -fsanitize=enum)
+ifdef CONFIG_UBSAN_STANDALONE
+      ubsan-cflags-y += $(call cc-option, -fsanitize=shift)
+      ubsan-cflags-y += $(call cc-option, -fsanitize=integer-divide-by-zero)
+      ubsan-cflags-y += $(call cc-option, -fsanitize=unreachable)
+      ubsan-cflags-y += $(call cc-option, -fsanitize=signed-integer-overflow)
+      ubsan-cflags-y += $(call cc-option, -fsanitize=bounds)
+      ubsan-cflags-y += $(call cc-option, -fsanitize=object-size)
+      ubsan-cflags-y += $(call cc-option, -fsanitize=bool)
+      ubsan-cflags-y += $(call cc-option, -fsanitize=enum)
 
-ifdef CONFIG_UBSAN_ALIGNMENT
-      CFLAGS_UBSAN += $(call cc-option, -fsanitize=alignment)
+      ubsan-cflags-$(CONFIG_UBSAN_ALIGNMENT) += $(call cc-option, -fsanitize=alignment)
+else
+      ubsan-cflags-y += -fsanitize=undefined
+      ubsan-cflags-$(if $(CONFIG_UBSAN_ALIGNMENT),,y) += $(call cc-option, -fno-sanitize=alignment)
 endif
 
-      # -fsanitize=* options makes GCC less smart than usual and
-      # increase number of 'maybe-uninitialized false-positives
-      CFLAGS_UBSAN += $(call cc-option, -Wno-maybe-uninitialized)
-endif
+# -fsanitize=* options makes GCC less smart than usual and
+# increase number of 'maybe-uninitialized false-positives
+ubsan-cflags-y += $(call cc-option, -Wno-maybe-uninitialized)
+
+export CFLAGS_UBSAN := $(ubsan-cflags-y)
-- 
2.39.5




More information about the barebox mailing list