lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <176458277141.498.10249599680541531664.tip-bot2@tip-bot2>
Date: Mon, 01 Dec 2025 09:52:51 -0000
From: "tip-bot2 for Ingo Molnar" <tip-bot2@...utronix.de>
To: linux-tip-commits@...r.kernel.org
Cc: Alexandre Chartre <alexandre.chartre@...cle.com>,
 "Peter Zijlstra (Intel)" <peterz@...radead.org>,
 Josh Poimboeuf <jpoimboe@...nel.org>, linux-kernel@...r.kernel.org,
 Ingo Molnar <mingo@...nel.org>, x86@...nel.org
Subject: [tip: objtool/core] objtool: Fix segfault on unknown alternatives

The following commit has been merged into the objtool/core branch of tip:

Commit-ID:     6ec33db1aaf06a76fb063610e668f8e12f32ebbf
Gitweb:        https://git.kernel.org/tip/6ec33db1aaf06a76fb063610e668f8e12f32ebbf
Author:        Ingo Molnar <mingo@...nel.org>
AuthorDate:    Mon, 01 Dec 2025 10:42:27 +01:00
Committer:     Ingo Molnar <mingo@...nel.org>
CommitterDate: Mon, 01 Dec 2025 10:42:27 +01:00

objtool: Fix segfault on unknown alternatives

So 'objtool --link -d vmlinux.o' gets surprised by this endbr64+endbr64 pattern
in ___bpf_prog_run():

	___bpf_prog_run:
	1e7680:  ___bpf_prog_run+0x0                                                     push   %r12
	1e7682:  ___bpf_prog_run+0x2                                                     mov    %rdi,%r12
	1e7685:  ___bpf_prog_run+0x5                                                     push   %rbp
	1e7686:  ___bpf_prog_run+0x6                                                     xor    %ebp,%ebp
	1e7688:  ___bpf_prog_run+0x8                                                     push   %rbx
	1e7689:  ___bpf_prog_run+0x9                                                     mov    %rsi,%rbx
	1e768c:  ___bpf_prog_run+0xc                                                     movzbl (%rbx),%esi
	1e768f:  ___bpf_prog_run+0xf                                                     movzbl %sil,%edx
	1e7693:  ___bpf_prog_run+0x13                                                    mov    %esi,%eax
	1e7695:  ___bpf_prog_run+0x15                                                    mov    0x0(,%rdx,8),%rdx
	1e769d:  ___bpf_prog_run+0x1d                                                    jmp    0x1e76a2 <__x86_indirect_thunk_rdx>
	1e76a2:  ___bpf_prog_run+0x22                                                    endbr64
	1e76a6:  ___bpf_prog_run+0x26                                                    endbr64
	1e76aa:  ___bpf_prog_run+0x2a                                                    mov    0x4(%rbx),%edx

And crashes due to blindly dereferencing alt->insn->alt_group.

Bail out on NULL ->alt_group, which produces this warning and continues
with the disassembly, instead of a segfault:

  .git/O/vmlinux.o: warning: objtool: <alternative.1e769d>: failed to disassemble alternative

Cc: Alexandre Chartre <alexandre.chartre@...cle.com>
Cc: Peter Zijlstra (Intel) <peterz@...radead.org>
Cc: Josh Poimboeuf <jpoimboe@...nel.org>
Cc: linux-kernel@...r.kernel.org
Signed-off-by: Ingo Molnar <mingo@...nel.org>
---
 tools/objtool/disas.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/tools/objtool/disas.c b/tools/objtool/disas.c
index 441b930..2b5059f 100644
--- a/tools/objtool/disas.c
+++ b/tools/objtool/disas.c
@@ -684,6 +684,9 @@ char *disas_alt_name(struct alternative *alt)
 		 *   '?'  unknown flag
 		 */
 
+		if (!alt->insn->alt_group)
+			return NULL;
+
 		feature = alt->insn->alt_group->feature;
 		num = alt_feature(feature);
 		flags = alt_flags(feature);

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ