| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20251125111750.GS4067720@noisy.programming.kicks-ass.net>
Date: Tue, 25 Nov 2025 12:17:50 +0100
From: Peter Zijlstra <peterz@...radead.org>
To: x86@...nel.org
Cc: linux-kernel@...r.kernel.org, kees@...nel.org, acarmina@...hat.com,
jpoimboe@...nel.org, mark.rutland@....com,
torvalds@...uxfoundation.org, maciej.wieczor-retman@...el.com
Subject: Re: [PATCH v2 08/12] x86/bug: Add BUG_FORMAT basics
On Mon, Nov 10, 2025 at 12:46:41PM +0100, Peter Zijlstra wrote:
> Opt-in to BUG_FORMAT for x86_64, adjust the BUGTABLE helper and for
> now, just store NULL pointers.
>
> Signed-off-by: Peter Zijlstra (Intel) <peterz@...radead.org>
> ---
> arch/x86/include/asm/bug.h | 31 +++++++++++++++++++++----------
> 1 file changed, 21 insertions(+), 10 deletions(-)
>
> --- a/arch/x86/include/asm/bug.h
> +++ b/arch/x86/include/asm/bug.h
> @@ -50,33 +50,44 @@
> #define __BUG_ENTRY_VERBOSE(file, line)
> #endif
>
> -#define __BUG_ENTRY(file, line, flags) \
> +#if defined(CONFIG_X86_64) || defined(CONFIG_DEBUG_BUGVERBOSE_DETAILED)
> +#define HAVE_ARCH_BUG_FORMAT
> +#define __BUG_ENTRY_FORMAT(format) \
> + "\t" __BUG_REL(format) "\t# bug_entry::format\n"
> +#else
> +#define __BUG_ENTRY_FORMAT(format)
> +#endif
> +
> +#define __BUG_ENTRY(format, file, line, flags) \
> __BUG_REL("1b") "\t# bug_entry::bug_addr\n" \
> + __BUG_ENTRY_FORMAT(format) \
> __BUG_ENTRY_VERBOSE(file, line) \
> "\t.word " flags "\t# bug_entry::flags\n"
>
> -#define _BUG_FLAGS_ASM(ins, file, line, flags, size, extra) \
> +#define _BUG_FLAGS_ASM(ins, format, file, line, flags, size, extra) \
> "1:\t" ins "\n" \
> ".pushsection __bug_table,\"aw\"\n\t" \
> ANNOTATE_DATA_SPECIAL \
> "2:\n\t" \
> - __BUG_ENTRY(file, line, flags) \
> + __BUG_ENTRY(format, file, line, flags) \
> "\t.org 2b + " size "\n" \
> ".popsection\n" \
> extra
>
> #define _BUG_FLAGS(cond_str, ins, flags, extra) \
> do { \
> - asm_inline volatile(_BUG_FLAGS_ASM(ins, "%c0", \
> - "%c1", "%c2", "%c3", extra) \
> - : : "i" (WARN_CONDITION_STR(cond_str) __FILE__), \
> - "i" (__LINE__), \
> - "i" (flags), \
> - "i" (sizeof(struct bug_entry))); \
> + asm_inline volatile(_BUG_FLAGS_ASM(ins, "%c[fmt]", "%c[file]", \
> + "%c[line]", "%c[fl]", \
> + "%c[size]", extra) \
> + : : [fmt] "i" (NULL), \
This doesn't work right with KASLR on -- and I hadn't noticed because
most of my machines have nokaslr because of debugability :/
When we relocate the kernel, everything shifts by kaslr_offset(), and
that works just fine when both the __bug_table and the target string is
shifted, because then the relative position is the same and so the
relocation keeps working.
However, when the target is the absolute value 0, this breaks, because 0
isn't shifted by kaslr_offset() but the __bug_table itself is.
So the relative entry:
.long 0 - .
and its inverse:
format = (const char *)&bug->format_disp + bug->format_disp;
then end up at kaslr_offset() and things are sad.
The relative entry has a SHN_UNDEF relocation, which is ignored by the
relocs tool.
How is this supposed to be fixed?
> + [file] "i" (WARN_CONDITION_STR(cond_str) __FILE__), \
> + [line] "i" (__LINE__), \
> + [fl] "i" (flags), \
> + [size] "i" (sizeof(struct bug_entry))); \
> } while (0)
>
> #define ARCH_WARN_ASM(file, line, flags, size) \
> - _BUG_FLAGS_ASM(ASM_UD2, file, line, flags, size, "")
> + _BUG_FLAGS_ASM(ASM_UD2, "NULL", file, line, flags, size, "")
>
> #else
>
>
>
Powered by blists - more mailing lists