ubsan: Introduce CONFIG_UBSAN_FATAL to panic on UBSAN failure

Introduce the CONFIG_UBSAN_FATAL option to cater to scenarios where prompt
attention to undefined behavior issues, notably during CI test runs, is
essential. When enabled, this option causes Xen to panic upon detecting
UBSAN failure (as the last step in ubsan_epilogue()).

Signed-off-by: Michal Orzel <michal.orzel@amd.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>

diff --git a/xen/Kconfig.debug b/xen/Kconfig.debug
index 94e818ee09b59e8f832cdc126c2a363b30729447..e19e9d48817ccdb5acfb4f15fa9ab3bd92c4e665 100644 (file)
--- a/xen/Kconfig.debug
+++ b/xen/Kconfig.debug
@@ -107,6 +107,13 @@ config UBSAN
 
          If unsure, say N here.
 
+config UBSAN_FATAL
+       bool "Panic on UBSAN failure"
+       depends on UBSAN
+       help
+         Enabling this option will cause Xen to panic when an undefined behavior
+         is detected by UBSAN. If unsure, say N here.
+
 config DEBUG_TRACE
        bool "Debug trace support"
        ---help---

diff --git a/xen/common/ubsan/ubsan.c b/xen/common/ubsan/ubsan.c
index a3a80fa99eecc3b0b9867c643efc7ab4d53afbd8..5d50c107426f60fd82343a027128f0385e989a53 100644 (file)
--- a/xen/common/ubsan/ubsan.c
+++ b/xen/common/ubsan/ubsan.c
@@ -174,6 +174,9 @@ static void ubsan_epilogue(unsigned long *flags)
                "========================================\n");
        spin_unlock_irqrestore(&report_lock, *flags);
        current->in_ubsan--;
+
+       if (IS_ENABLED(CONFIG_UBSAN_FATAL))
+           panic("UBSAN failure detected\n");
 }
 
 static void handle_overflow(struct overflow_data *data, unsigned long lhs,