| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250922191559.GA2463388@joelbox2>
Date: Mon, 22 Sep 2025 15:15:59 -0400
From: Joel Fernandes <joelagnelf@...dia.com>
To: Alice Ryhl <aliceryhl@...gle.com>
Cc: linux-kernel@...r.kernel.org, Miguel Ojeda <ojeda@...nel.org>,
Alex Gaynor <alex.gaynor@...il.com>,
Boqun Feng <boqun.feng@...il.com>, Gary Guo <gary@...yguo.net>,
Björn Roy Baron <bjorn3_gh@...tonmail.com>,
Benno Lossin <lossin@...nel.org>,
Andreas Hindborg <a.hindborg@...nel.org>,
Trevor Gross <tmgross@...ch.edu>,
Danilo Krummrich <dakr@...nel.org>, acourbot@...dia.com,
Alistair Popple <apopple@...dia.com>, Timur Tabi <ttabi@...dia.com>,
rust-for-linux@...r.kernel.org
Subject: Re: [PATCH] rust: print: Fix issue with rust_build_error
On Sun, Sep 21, 2025 at 12:46:26PM +0200, Alice Ryhl wrote:
> On Sat, Sep 20, 2025 at 6:20 PM Joel Fernandes <joelagnelf@...dia.com> wrote:
> >
> > When printing just before calling io.write32(), modpost fails due to
> > build_assert's missing rust_build_error symbol. The issue is that, the
> > printk arguments are passed as reference in bindings code, thus Rust
> > cannot trust its value and fails to optimize away the build_assert.
> >
> > The issue can be reproduced with the following simple snippet:
> > let offset = 0;
> > pr_err!("{}", offset);
> > io.write32(base, offset);
> >
> > Fix it by just using a closure to call printk. Rust captures the
> > arguments into the closure's arguments thus breaking the dependency.
> > This can be fixed by simply creating a variable alias for each variable
> > however the closure is a simple and concise fix.
> >
> > Another approach with using const-generics for the io.write32 API was
> > investigated, but it cannot work with code that dynamically calculates
> > the write offset.
> >
> > Disassembly of users of pr_err!() with/without patch shows identical
> > code generation, thus the fix has no difference in the final binary.
> >
> > Signed-off-by: Joel Fernandes <joelagnelf@...dia.com>
>
> The actual bug is that write32 uses build_error!.
I don't think that is the issue, I spoke with Gary and he educated me that
failure of the compiler to do simple compiler optimizations (I am guessing in
this case, dead-code elimination) is a compiler bug. Even in the case where
the write offset is dynamic at runtime, since the caller of write should be
using something like try_write or checking for the offset bounds, the
build_error should be optimized out. Right?
> Trying to change the printing macros is just a band-aid. Someone already
> mentioned that it breaks the ? operator. I think this change is a bad idea.
> We should fix the actual problem, rather than making random changes to
> other parts of the kernel to work around build_error!'s inherent fragility.
I don't think the fragility is in build_error since the direction here is the
bug is in the compiler. So if the compiler optimizes things correctly, we may
conclude that build_error is the correct thing to call. Or is there some
other reason you think build_error is fragile?
As for this patch (and its being a bad idea), I think it was already
mentioned that this patch was not intended for a permanent solution but
rather as a starting point for an investigation. I am probably to take the
blame for not tagging it as 'RFC' though. I encourage people personally to
send patches (whether good or bad ideas) to code I maintain. Lets have mercy
on ideas, they may be bad sometimes but every once in a while, they may
happen to turn out to be good too. How would one know if they didn't try? ;-)
thanks,
- Joel
Powered by blists - more mailing lists