6

For those who don't know, UBSAN is Undefined Behavior Address Sanitizer, and it places a whole bunch of checks in a compiled piece of code to detect mistakes, such as out-of-bounds access and various other operations which aren't supposed to happen in the code. When I program stuff I've used UBSAN before to catch bugs, but I definitely don't compile with it on most of the times, and would never think of doing so for a release build.

And yet, I had a crash on my computer which, I think, tell me if I'm wrong, would seem to indicate that the Linux kernel is running with UBSAN on? ie., was compiled with UBSAN turned on.

Here is part of the crash log (journalctl) from my system. It is Linux Mint 22.2 Cinnamon, kernel version 6.8.0-87-generic:

Nov 27 09:35:26 kernel: Bluetooth: hci0: Opcode 0x0c03 failed: -110
Nov 27 09:35:28 lightdm[1836]: gkr-pam: couldn't unlock the login keyring.
Nov 27 09:35:30 systemd[1]: Failed to start casper-md5check.service - casper-md5check Verify Live ISO checksums.
Nov 27 09:35:34 lightdm[1989]: gkr-pam: unable to locate daemon control file
Nov 27 09:35:34 systemd[2044]: Failed to start fluidsynth.service - FluidSynth Daemon.
Nov 27 09:38:17 kernel: UBSAN: array-index-out-of-bounds in /var/lib/dkms/8812au/5.6.4.2_35491.20191025/build/core/rtw_wlan_util.c:1905:48
Nov 27 09:38:17 kernel: index 1 is out of range for type 'u8 [1]'
Nov 27 09:38:17 kernel: UBSAN: array-index-out-of-bounds in /var/lib/dkms/8812au/5.6.4.2_35491.20191025/build/core/rtw_wlan_util.c:1910:75
Nov 27 09:38:17 kernel: index 2 is out of range for type 'u8 [1]'
Nov 27 09:38:17 kernel: UBSAN: array-index-out-of-bounds in /var/lib/dkms/8812au/5.6.4.2_35491.20191025/build/core/rtw_wlan_util.c:1916:76
Nov 27 09:38:17 kernel: index 2 is out of range for type 'u8 [1]'
Nov 27 09:38:17 kernel: UBSAN: array-index-out-of-bounds in /var/lib/dkms/8812au/5.6.4.2_35491.20191025/build/os_dep/linux/ioctl_cfg80211.c:1682:110
Nov 27 09:38:17 kernel: index 16 is out of range for type 'u8 [*]'
Nov 27 09:38:17 kernel: UBSAN: array-index-out-of-bounds in /var/lib/dkms/8812au/5.6.4.2_35491.20191025/build/os_dep/linux/ioctl_cfg80211.c:1683:110
Nov 27 09:38:17 kernel: index 24 is out of range for type 'u8 [*]'

Why is showing UBSAN? I thought that only happens when something is compiled with UBSAN turned on. Are Release Linux kernels compiled with UBSAN on?

Improve this question
2
  • 1
    UBSan is actually very lightweight, just an extra condition check (integer overflow, invalid values, bounds checking) here and there, nothing like ASan with complex shadow data structures and instrumentation on every single memory access. And the sort of checks UBSan generates are otherwise hand-written all over the kernel anyway (arithmetic needs to be overflow-proof, values have to be checked for validity, bounds must always be checked, etc.). So the only difference is whether the compiler auto-generates those checks or somebody has to write them by hand. Commented 18 hours ago
  • 1
    There is a page about this in the kernel docs: Undefined Behavior Sanitizer - UBSAN. Commented 12 hours ago

1 Answer 1

Reset to default
7

Yes, the Ubuntu kernel (which is what Linux Mint uses) is built with UBSAN enabled. You can check that yourself by running

grep UBSAN /boot/config-$(uname -r)

Specifically, the features involved in the messages you’re seeing are CONFIG_UBSAN and CONFIG_UBSAN_BOUNDS.

Improve this answer
4
  • 2
    Wow, I had no idea UBSAN is used for Release versions of software. Are you sure that's a good idea? There's quite a performance impact in enabling this sort of stuff. Like, a lot as far as I know. I understood it was only something to be used in development and for debugging. Commented yesterday
  • 3
    Apparently it’s fast enough, see the issue requesting it to be enabled. (There isn’t much detail there, but Kees knows what he’s doing.) Fedora kernels have UBSAN enabled too. Commented yesterday
  • 4
    @Zebrafish: I'd guess it's not the full -fsanitize=undefined (which indeed costs quite a lot of extra machine-code size, e.g. checking for arithmetic overflow on every signed integer op but not unsigned because of C rules), but rather only some subset of the sanitizers, like bounds checks. Commented 15 hours ago
  • @PeterCordes Ah, so like Rust then. Commented 7 hours ago

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.