1.\"	$OpenBSD: kubsan.4,v 1.5 2024/09/06 13:31:59 mbuhl Exp $
2.\"
3.\" Copyright (c) 2019 Anton Lindqvist <anton@openbsd.org>
4.\"
5.\" Permission to use, copy, modify, and distribute this software for any
6.\" purpose with or without fee is hereby granted, provided that the above
7.\" copyright notice and this permission notice appear in all copies.
8.\"
9.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16.Dd $Mdocdate: September 6 2024 $
17.Dt KUBSAN 4
18.Os
19.Sh NAME
20.Nm kubsan
21.Nd kernel undefined behavior sanitizer
22.Sh SYNOPSIS
23.Cd option KUBSAN
24.Sh DESCRIPTION
25.Nm
26detects undefined behavior at runtime inside the kernel.
27Detected undefined behavior is printed to the system console,
28including the offending line in the source code.
29.Pp
30By default,
31.Nm
32is not enabled but instead requires the following line to be present in the
33kernel configuration:
34.Bd -literal -offset indent
35option KUBSAN
36.Ed
37.Pp
38The following undefined behavior is detected:
39.Bl -tag -width 4n
40.It Float cast overflow
41The conversion from a floating point to an integer cannot be represented by
42the destination type.
43.It Integer overflow
44The result of an arithmetic computation on two integer operands cannot be
45represented by the destination type.
46.It Negate overflow
47Negation of an integer cannot be represented by the destination type.
48.It Pointer overflow
49Pointer arithmetic overflow.
50.It Out of bounds
51Array indexing out of bounds, limited to cases where the size of the array
52can be statically determined.
53.It Shift out of bounds
54Undefined logical shift caused by:
55.Bl -dash
56.It
57The shift amount being negative.
58.It
59The shift operand being negative.
60.It
61The shift amount exceeds the number of bits as given by the shift operand
62type.
63.It
64The result of the shift computation cannot be represented by the destination
65type.
66.El
67.It Non-null argument
68Passing
69.Dv NULL
70as the value for a function argument annotated with
71.Dv __nonnull__ .
72.It Invalid builtin
73Passing zero to a compiler builtin where not allowed.
74.It Invalid load
75Loading a value that cannot be represented by the destination type.
76.It Type mismatch
77Mismatch between pointer and value type caused by:
78.Bl -dash
79.It
80A pointer which does not fulfill the alignment requirements of the value type.
81.It
82A pointer to an address which lacks sufficient space to store the value type.
83.El
84.It Unreachable
85Execution reached passed a function annotated with
86.Dv __dead .
87.El
88.Sh SEE ALSO
89.Xr options 4
90.Sh HISTORY
91The
92.Nm
93implementation
94is derived from
95.Nx
96and first appeared in
97.Ox 6.5 .
98.Sh AUTHORS
99The
100.Nm
101implementation was written by
102.An Anton Lindqvist Aq Mt anton@openbsd.org .
103.Sh CAVEATS
104The
105.Nm
106implementation is limited to architectures using
107.Xr clang 1
108as their default compiler.
109