x86/bug: Fix BUG_FORMAT vs KASLR

Encoding a relative NULL pointer doesn't work for KASLR, when the whole kernel image gets shifted, the __bug_table and the target string get shifted by the same amount and the relative offset is preserved. However when the target is an absolute 0 value and the __bug_table gets moved about, the end result in a pointer equivalent to kaslr_offset(), not NULL. Notably, this will generate SHN_UNDEF relocations, and Ard would really like to not have those at all. Use the empty string to denote no-string. Suggested-by: Linus Torvalds <torvalds@linuxfoundation.org> Cc: Ard Biesheuvel <ardb@kernel.org> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
2026-04-18 06:33:43 -04:00 · 2025-11-26 10:55:17 +01:00
parent 860238af7a
commit d62e4f2b95
2 changed files with 17 additions and 3 deletions
--- a/lib/bug.c
+++ b/lib/bug.c
@@ -144,7 +144,17 @@ static const char *bug_get_format(struct bug_entry *bug)
 	const char *format = NULL;
 #ifdef HAVE_ARCH_BUG_FORMAT
 #ifdef CONFIG_GENERIC_BUG_RELATIVE_POINTERS
-	format = (const char *)&bug->format_disp + bug->format_disp;
+	/*
+	 * Allow an architecture to:
+	 *  - relative encode NULL (difficult vs KASLR);
+	 *  - use a literal 0 (there are no valid objects inside
+	 *    the __bug_table itself to refer to after all);
+	 *  - use an empty string.
+	 */
+	if (bug->format_disp)
+		format = (const char *)&bug->format_disp + bug->format_disp;
+	if (format && format[0] == '\0')
+		format = NULL;
 #else
 	format = bug->format;
 #endif