From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-pj1-f74.google.com (mail-pj1-f74.google.com [209.85.216.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9A8FD313267 for ; Fri, 10 Apr 2026 15:47:49 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.74 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775836070; cv=none; b=eGYOyBQ/Crdy0SdzD3xLfa5rtGrFBnCJPIYIQuX0yU/az1chSQN74PSH2EvP3Mw9aPBwPHEkMhq6M0Z7umyFiRwGQQAVrqTJzLGp06wfSUO2pdcQ7U3I3NZWOA7+N4e2rT21D61UCq/hvTzBgYFK6mmp9lViYb078SYwAAu+cX0= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775836070; c=relaxed/simple; bh=KToXzCipvtY/sFpaq3pZT2/mPupYhkevrSw0Mn9KHdU=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=XKpS/VbNQd2qkb/zmSQzc8ckpIUDcI8r0+JHmd6PAD3Sqzre+Bh5FglXB+1FyFwQLZBu2lI+cR9VfkyzByCm1iApVPOQbGcpYU7o5NSv/0fUbCwb6D9QSIOh7kfewjyvCmAt1rZ0slOWHK1Z/qgBCeX/FxHCIL0iex0pHMbzB9Y= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=mWCsQeAQ; arc=none smtp.client-ip=209.85.216.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="mWCsQeAQ" Received: by mail-pj1-f74.google.com with SMTP id 98e67ed59e1d1-35d9010602bso2673762a91.3 for ; Fri, 10 Apr 2026 08:47:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20251104; t=1775836069; x=1776440869; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=MfEsC47Q5FV6JR3sQ/LyjvxdeOwvsPeB7DWK60evM2U=; b=mWCsQeAQtF0EFKCbAQWpqs6qlmWVpcCez5SmWKDO6/V0zWnBnzNr9bOC03CAzhr8p2 goilfCzntAin2pkoldACH+q4REZ/6xtOFrccAGuKyw2zYuBjT+0uMp4rnEbFyeKC7hou a01lEOx/iynSzPABT7mNxp3Fh1e39iB71XnrFVTsWGH0Bffrfxs7eeFJzj6flKEdNb0b Ehv6YWhZr6UX55IUH5voW+kidEx8B/pJAX5g636h79QpGzeoukhQ0mnpvTwc5NPdS7CV vzZhXV+uY8FN/kvnf2qhU9wrebxBlUY55buXHbQH3yZzf/daEw46TA2oiq9U/J2aytNk MAVw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775836069; x=1776440869; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=MfEsC47Q5FV6JR3sQ/LyjvxdeOwvsPeB7DWK60evM2U=; b=tKWWmnMCxtyiXphk9Ekfyf37h+irQTbx4/mktOzecXK8iI2FfuehzApp6M+tbuzi7I zMRRACczEbMlQruldXtXBB89kyemONol7cDLGlTfeIxAnCKWm/89t9yW7fJsHY36F8OA 2gdJHAlvtoL/mFB2DcS1+tt2Hi41PHJt4160Kse6GoxyeUQ6cD66EJkkgsao2wo04yGx FNIGne2MnHZGJoiAsK6UVxTyN11wnOyjsEUyFfb4+RUZxkPFr9FX3zBNWWp2AuHZ+B5T V0+LCwESjdGkzYe5HanqSosulHOazZLo9x+QZ60SVNP+r+DCvj4tiBzYobXL6aKypBe5 u3pQ== X-Forwarded-Encrypted: i=1; AJvYcCX7recXDmi4ZlXqWYc1oAN8eMFMX1uFjq/0iltFsWtGdqPSiPsCvnXsEUhmJM4mTuppO7u8DT2GpuFVJ/0=@vger.kernel.org X-Gm-Message-State: AOJu0YwTYFuNTWZN/n5vBIGn3u44Ikpz+pQAmZzsxaFmy+OPbTxR97aq pMogI3lFrJk8MEpaHcrU/xcP6Ui+nqvU2B8ErdqdEgt1rf0Lq102G0J5A4C1b5riUOtOXTvFg2i iJSBq6A== X-Received: from pjbcz14.prod.google.com ([2002:a17:90a:d44e:b0:35d:9c50:4f5e]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:2c88:b0:354:a332:1a61 with SMTP id 98e67ed59e1d1-35e4274e568mr4325019a91.5.1775836068815; Fri, 10 Apr 2026 08:47:48 -0700 (PDT) Date: Fri, 10 Apr 2026 08:47:47 -0700 In-Reply-To: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260409182941.1912856-1-seanjc@google.com> Message-ID: Subject: Re: [PATCH] x86/bug: Add printf() validation to HAVE_ARCH_BUG_FORMAT_ARGS WARNs From: Sean Christopherson To: Yan Zhao Cc: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, linux-kernel@vger.kernel.org, Peter Zijlstra Content-Type: text/plain; charset="us-ascii" On Fri, Apr 10, 2026, Yan Zhao wrote: > On Thu, Apr 09, 2026 at 11:29:41AM -0700, Sean Christopherson wrote: > > Add explicit printf() validation for x86-64's newfangled WARN > > implementation, as most (all?) compilers fail to detect basic formatting > > issues without the annotation. Lack of validation is especially > > problematic for code that is 64-bit-only, as blatant goofs can easily go > > unnoticed. > > > > Cc: Yan Zhao > > Cc: Peter Zijlstra (Intel) > > Link: https://lore.kernel.org/all/adc1IrD8uqWdaOKv@yzhao56-desk.sh.intel.com > > Fixes: 5b472b6e5bd9 ("x86_64/bug: Implement __WARN_printf()") > > Fixes: 11bb4944f014 ("x86/bug: Implement WARN_ONCE()") > > Signed-off-by: Sean Christopherson > > --- > > > > This is *very* lightly tested. Yan reported a bug against a commit in the > > kvm-x86 tree (see the link) where I botched the formatting of a WARN_ONCE() > > argument, but none of my builds (with W=1 and -Werror) detected the issue, > > nor did any of the build bots (AFAIK). I'm not entirely sure how Yan managed > > to trigger the diagnostic, but it's easy to observe the lack of validation by > I triggered it by having CONFIG_BUG=n. See details at > https://lore.kernel.org/all/adiq6GTAhbVubEg%2F@yzhao56-desk.sh.intel.com/ > > With CONFIG_BUG=y, this patch allows detecting the error on my side. > > > creating a malformed WARN/WARN_ONCE, and then toggling > > HAVE_ARCH_BUG_FORMAT_ARGS. > > > > Thankfully, it looks like my goof is the only one that has snuck in (and I > > need to rebase that commit anyways). > > > > arch/x86/include/asm/bug.h | 4 ++++ > > 1 file changed, 4 insertions(+) > > > > diff --git a/arch/x86/include/asm/bug.h b/arch/x86/include/asm/bug.h > > index 80c1696d8d59..29b7dad4d5ef 100644 > > --- a/arch/x86/include/asm/bug.h > > +++ b/arch/x86/include/asm/bug.h > > @@ -153,6 +153,9 @@ struct arch_va_list { > > struct sysv_va_list args; > > }; > > extern void *__warn_args(struct arch_va_list *args, struct pt_regs *regs); > > +static __always_inline __printf(1, 2) void __WARN_validate_printf(const char *fmt, ...) { } > > +#else > > +#define __WARN_validate_printf(fmt, ...) > Maybe a dumb question, why do we need this define in __ASSEMBLER__ case? Heh, not a dumb question, because AFAICT this isn't actually necessary. > Could the macro WARN_ONCE() be included in an assembly file? > > Should we also include WARN_ONCE() and __WARN_*() in this file under > #ifndef __ASSEMBLER__ ? Ya, that seems like the right thing to do. > > #endif /* __ASSEMBLER__ */ > > > > #define __WARN_bug_entry(flags, format) ({ \ > > @@ -172,6 +175,7 @@ extern void *__warn_args(struct arch_va_list *args, struct pt_regs *regs); > > #define __WARN_print_arg(flags, format, arg...) \ > > do { \ > > int __flags = (flags) | BUGFLAG_WARNING | BUGFLAG_ARGS ; \ > > + __WARN_validate_printf(format, ## arg); \ > > static_call_mod(WARN_trap)(__WARN_bug_entry(__flags, format), ## arg); \ > > asm (""); /* inhibit tail-call optimization */ \ > > } while (0) > > > > base-commit: c9904c53ca958b5ebf5165dd1705c52f6afc2b2f > > -- > > 2.53.0.1213.gd9a14994de-goog > >