lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20250920161958.2079105-1-joelagnelf@nvidia.com>
Date: Sat, 20 Sep 2025 12:19:58 -0400
From: Joel Fernandes <joelagnelf@...dia.com>
To: linux-kernel@...r.kernel.org,
	Miguel Ojeda <ojeda@...nel.org>,
	Alex Gaynor <alex.gaynor@...il.com>,
	Boqun Feng <boqun.feng@...il.com>,
	Gary Guo <gary@...yguo.net>,
	Björn Roy Baron <bjorn3_gh@...tonmail.com>,
	Benno Lossin <lossin@...nel.org>,
	Andreas Hindborg <a.hindborg@...nel.org>,
	Alice Ryhl <aliceryhl@...gle.com>,
	Trevor Gross <tmgross@...ch.edu>,
	Danilo Krummrich <dakr@...nel.org>
Cc: acourbot@...dia.com,
	Alistair Popple <apopple@...dia.com>,
	Timur Tabi <ttabi@...dia.com>,
	Joel Fernandes <joelagnelf@...dia.com>,
	rust-for-linux@...r.kernel.org
Subject: [PATCH] rust: print: Fix issue with rust_build_error

When printing just before calling io.write32(), modpost fails due to
build_assert's missing rust_build_error symbol. The issue is that, the
printk arguments are passed as reference in bindings code, thus Rust
cannot trust its value and fails to optimize away the build_assert.

The issue can be reproduced with the following simple snippet:
  let offset = 0;
  pr_err!("{}", offset);
  io.write32(base, offset);

Fix it by just using a closure to call printk. Rust captures the
arguments into the closure's arguments thus breaking the dependency.
This can be fixed by simply creating a variable alias for each variable
however the closure is a simple and concise fix.

Another approach with using const-generics for the io.write32 API was
investigated, but it cannot work with code that dynamically calculates
the write offset.

Disassembly of users of pr_err!() with/without patch shows identical
code generation, thus the fix has no difference in the final binary.

Signed-off-by: Joel Fernandes <joelagnelf@...dia.com>
---
 rust/kernel/print.rs | 44 ++++++++++++++++++++++++--------------------
 1 file changed, 24 insertions(+), 20 deletions(-)

diff --git a/rust/kernel/print.rs b/rust/kernel/print.rs
index 2d743d78d220..5847942195a7 100644
--- a/rust/kernel/print.rs
+++ b/rust/kernel/print.rs
@@ -143,34 +143,38 @@ pub fn call_printk_cont(args: fmt::Arguments<'_>) {
 #[expect(clippy::crate_in_macro_def)]
 macro_rules! print_macro (
     // The non-continuation cases (most of them, e.g. `INFO`).
-    ($format_string:path, false, $($arg:tt)+) => (
+    ($format_string:path, false, $($arg:tt)+) => ({
         // To remain sound, `arg`s must be expanded outside the `unsafe` block.
         // Typically one would use a `let` binding for that; however, `format_args!`
         // takes borrows on the arguments, but does not extend the scope of temporaries.
         // Therefore, a `match` expression is used to keep them around, since
         // the scrutinee is kept until the end of the `match`.
-        match $crate::prelude::fmt!($($arg)+) {
-            // SAFETY: This hidden macro should only be called by the documented
-            // printing macros which ensure the format string is one of the fixed
-            // ones. All `__LOG_PREFIX`s are null-terminated as they are generated
-            // by the `module!` proc macro or fixed values defined in a kernel
-            // crate.
-            args => unsafe {
-                $crate::print::call_printk(
-                    &$format_string,
-                    crate::__LOG_PREFIX,
-                    args,
-                );
+        (|| {
+            match $crate::prelude::fmt!($($arg)+) {
+                // SAFETY: This hidden macro should only be called by the documented
+                // printing macros which ensure the format string is one of the fixed
+                // ones. All `__LOG_PREFIX`s are null-terminated as they are generated
+                // by the `module!` proc macro or fixed values defined in a kernel
+                // crate.
+                args => unsafe {
+                    $crate::print::call_printk(
+                        &$format_string,
+                        crate::__LOG_PREFIX,
+                        args,
+                    );
+                }
             }
-        }
-    );
+        })();
+    });
 
     // The `CONT` case.
-    ($format_string:path, true, $($arg:tt)+) => (
-        $crate::print::call_printk_cont(
-            $crate::prelude::fmt!($($arg)+),
-        );
-    );
+    ($format_string:path, true, $($arg:tt)+) => ({
+        (|| {
+            $crate::print::call_printk_cont(
+                $crate::prelude::fmt!($($arg)+),
+            );
+        })();
+    });
 );
 
 /// Stub for doctests
-- 
2.34.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ