Re: [PATCH v2 08/12] x86/bug: Add BUG_FORMAT basics
From: Peter Zijlstra
Date: Tue Nov 25 2025 - 07:33:31 EST
On Tue, Nov 25, 2025 at 12:17:50PM +0100, Peter Zijlstra wrote:
> On Mon, Nov 10, 2025 at 12:46:41PM +0100, Peter Zijlstra wrote:
> > Opt-in to BUG_FORMAT for x86_64, adjust the BUGTABLE helper and for
> > now, just store NULL pointers.
> >
> > Signed-off-by: Peter Zijlstra (Intel) <peterz@xxxxxxxxxxxxx>
> > ---
> > arch/x86/include/asm/bug.h | 31 +++++++++++++++++++++----------
> > 1 file changed, 21 insertions(+), 10 deletions(-)
> >
> > --- a/arch/x86/include/asm/bug.h
> > +++ b/arch/x86/include/asm/bug.h
> > @@ -50,33 +50,44 @@
> > #define __BUG_ENTRY_VERBOSE(file, line)
> > #endif
> >
> > -#define __BUG_ENTRY(file, line, flags) \
> > +#if defined(CONFIG_X86_64) || defined(CONFIG_DEBUG_BUGVERBOSE_DETAILED)
> > +#define HAVE_ARCH_BUG_FORMAT
> > +#define __BUG_ENTRY_FORMAT(format) \
> > + "\t" __BUG_REL(format) "\t# bug_entry::format\n"
> > +#else
> > +#define __BUG_ENTRY_FORMAT(format)
> > +#endif
> > +
> > +#define __BUG_ENTRY(format, file, line, flags) \
> > __BUG_REL("1b") "\t# bug_entry::bug_addr\n" \
> > + __BUG_ENTRY_FORMAT(format) \
> > __BUG_ENTRY_VERBOSE(file, line) \
> > "\t.word " flags "\t# bug_entry::flags\n"
> >
> > -#define _BUG_FLAGS_ASM(ins, file, line, flags, size, extra) \
> > +#define _BUG_FLAGS_ASM(ins, format, file, line, flags, size, extra) \
> > "1:\t" ins "\n" \
> > ".pushsection __bug_table,\"aw\"\n\t" \
> > ANNOTATE_DATA_SPECIAL \
> > "2:\n\t" \
> > - __BUG_ENTRY(file, line, flags) \
> > + __BUG_ENTRY(format, file, line, flags) \
> > "\t.org 2b + " size "\n" \
> > ".popsection\n" \
> > extra
> >
> > #define _BUG_FLAGS(cond_str, ins, flags, extra) \
> > do { \
> > - asm_inline volatile(_BUG_FLAGS_ASM(ins, "%c0", \
> > - "%c1", "%c2", "%c3", extra) \
> > - : : "i" (WARN_CONDITION_STR(cond_str) __FILE__), \
> > - "i" (__LINE__), \
> > - "i" (flags), \
> > - "i" (sizeof(struct bug_entry))); \
> > + asm_inline volatile(_BUG_FLAGS_ASM(ins, "%c[fmt]", "%c[file]", \
> > + "%c[line]", "%c[fl]", \
> > + "%c[size]", extra) \
> > + : : [fmt] "i" (NULL), \
>
> This doesn't work right with KASLR on -- and I hadn't noticed because
> most of my machines have nokaslr because of debugability :/
>
> When we relocate the kernel, everything shifts by kaslr_offset(), and
> that works just fine when both the __bug_table and the target string is
> shifted, because then the relative position is the same and so the
> relocation keeps working.
>
> However, when the target is the absolute value 0, this breaks, because 0
> isn't shifted by kaslr_offset() but the __bug_table itself is.
>
> So the relative entry:
>
> .long 0 - .
>
> and its inverse:
>
> format = (const char *)&bug->format_disp + bug->format_disp;
>
> then end up at kaslr_offset() and things are sad.
>
> The relative entry has a SHN_UNDEF relocation, which is ignored by the
> relocs tool.
>
> How is this supposed to be fixed?
This seems to work. Is this something we can all live with? It feels a
bit like a hack, but there doesn't appear to be anything better at hand.
---
diff --git a/lib/bug.c b/lib/bug.c
index 581a66b88c5c..8b470cc70afc 100644
--- a/lib/bug.c
+++ b/lib/bug.c
@@ -48,6 +48,7 @@
#include <linux/rculist.h>
#include <linux/ftrace.h>
#include <linux/context_tracking.h>
+#include <asm/setup.h>
extern struct bug_entry __start___bug_table[], __stop___bug_table[];
@@ -145,6 +146,10 @@ static const char *bug_get_format(struct bug_entry *bug)
#ifdef HAVE_ARCH_BUG_FORMAT
#ifdef CONFIG_GENERIC_BUG_RELATIVE_POINTERS
format = (const char *)&bug->format_disp + bug->format_disp;
+#ifdef CONFIG_RANDOMIZE_BASE
+ if ((unsigned long)format == kaslr_offset())
+ format = NULL;
+#endif
#else
format = bug->format;
#endif