Commit 6a6155f664e3 for kernel

commit 6a6155f664e31c9be43cd690541a9a682ba3dc22
Author: George Popescu <>
Date:   Thu Oct 15 20:13:38 2020 -0700

    ubsan: introduce CONFIG_UBSAN_LOCAL_BOUNDS for Clang

    When the kernel is compiled with Clang, -fsanitize=bounds expands to
    -fsanitize=array-bounds and -fsanitize=local-bounds.

    Enabling -fsanitize=local-bounds with Clang has the unfortunate
    side-effect of inserting traps; this goes back to its original intent,
    which was as a hardening and not a debugging feature [1].  The same
    feature made its way into -fsanitize=bounds, but the traps remained.  For
    that reason, -fsanitize=bounds was split into 'array-bounds' and
    'local-bounds' [2].

    Since 'local-bounds' doesn't behave like a normal sanitizer, enable it
    with Clang only if trapping behaviour was requested by

    Add the UBSAN_BOUNDS_LOCAL config to Kconfig.ubsan to enable the
    'local-bounds' option by default when UBSAN_TRAP is enabled.


    Suggested-by: Marco Elver <>
    Signed-off-by: George Popescu <>
    Signed-off-by: Andrew Morton <>
    Reviewed-by: David Brazdil <>
    Reviewed-by: Marco Elver <>
    Cc: Masahiro Yamada <>
    Cc: Michal Marek <>
    Cc: Nathan Chancellor <>
    Cc: Nick Desaulniers <>
    Cc: Kees Cook <>
    Cc: Dmitry Vyukov <>
    Cc: Arnd Bergmann <>
    Cc: Peter Zijlstra <>
    Signed-off-by: Linus Torvalds <>

diff --git a/lib/Kconfig.ubsan b/lib/Kconfig.ubsan
index 774315de555a..58f8d03d037b 100644
--- a/lib/Kconfig.ubsan
+++ b/lib/Kconfig.ubsan
@@ -47,6 +47,20 @@ config UBSAN_BOUNDS
 	  to the {str,mem}*cpy() family of functions (that is addressed

+	bool "Perform array local bounds checking"
+	depends on UBSAN_TRAP
+	depends on CC_IS_CLANG
+	depends on !UBSAN_KCOV_BROKEN
+	help
+	  This option enables -fsanitize=local-bounds which traps when an
+	  exception/error is detected. Therefore, it should be enabled only
+	  if trapping is expected.
+	  Enabling this option detects errors due to accesses through a
+	  pointer that is derived from an object of a statically-known size,
+	  where an added offset (which may not be known statically) is
+	  out-of-bounds.
 config UBSAN_MISC
 	bool "Enable all other Undefined Behavior sanity checks"
 	default UBSAN
diff --git a/scripts/Makefile.ubsan b/scripts/Makefile.ubsan
index 27348029b2b8..4e3fff0745e8 100644
--- a/scripts/Makefile.ubsan
+++ b/scripts/Makefile.ubsan
@@ -4,7 +4,15 @@ ifdef CONFIG_UBSAN_ALIGNMENT

-      CFLAGS_UBSAN += $(call cc-option, -fsanitize=bounds)
+      ifdef CONFIG_CC_IS_CLANG
+            CFLAGS_UBSAN += -fsanitize=array-bounds
+      else
+            CFLAGS_UBSAN += $(call cc-option, -fsanitize=bounds)
+      endif
+      CFLAGS_UBSAN += -fsanitize=local-bounds