arch/x86/include/asm/bug.h | 2 ++ 1 file changed, 2 insertions(+)
The following commit has been merged into the x86/misc branch of tip:
Commit-ID: 40c4b47f41b95dff743c841536cb64014e65ef0c
Gitweb: https://git.kernel.org/tip/40c4b47f41b95dff743c841536cb64014e65ef0c
Author: Sean Christopherson <seanjc@google.com>
AuthorDate: Thu, 23 Apr 2026 07:54:17 -07:00
Committer: Dave Hansen <dave.hansen@linux.intel.com>
CommitterDate: Mon, 27 Apr 2026 12:02:40 -07:00
x86/bug: Add printf() validation to HAVE_ARCH_BUG_FORMAT_ARGS WARNs
Add explicit printf() validation for x86-64's newfangled WARN
implementation, as most (all?) compilers fail to detect basic formatting
issues without the annotation. E.g. even goofs like printing a u64 as a
string aren't detected:
WARN_ONCE(1, "Bad message, %s", vcpu->arch.last_guest_tsc);
32-bit x86 doesn't support HAVE_ARCH_BUG_FORMAT_ARGS and uses generic
implementations that provide printf() validation. This means there's
now a big blind spot is code that is strictly x86-64. Inconveniently,
new features are also frequently x86-64-only.
Fix the blind 64-bit blind spot.
[ dhansen: changelog tweaks to flesh out the 64-bit-only details ]
Fixes: 5b472b6e5bd9 ("x86_64/bug: Implement __WARN_printf()")
Fixes: 11bb4944f014 ("x86/bug: Implement WARN_ONCE()")
Signed-off-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Acked-by: Dave Hansen <dave.hansen@linux.intel.com>
Link: https://lore.kernel.org/all/adc1IrD8uqWdaOKv@yzhao56-desk.sh.intel.com
Link: https://patch.msgid.link/20260423145419.459988-2-seanjc@google.com
---
arch/x86/include/asm/bug.h | 2 ++
1 file changed, 2 insertions(+)
diff --git a/arch/x86/include/asm/bug.h b/arch/x86/include/asm/bug.h
index 80c1696..bf3c802 100644
--- a/arch/x86/include/asm/bug.h
+++ b/arch/x86/include/asm/bug.h
@@ -153,6 +153,7 @@ struct arch_va_list {
struct sysv_va_list args;
};
extern void *__warn_args(struct arch_va_list *args, struct pt_regs *regs);
+static __always_inline __printf(1, 2) void __WARN_validate_printf(const char *fmt, ...) { }
#endif /* __ASSEMBLER__ */
#define __WARN_bug_entry(flags, format) ({ \
@@ -172,6 +173,7 @@ extern void *__warn_args(struct arch_va_list *args, struct pt_regs *regs);
#define __WARN_print_arg(flags, format, arg...) \
do { \
int __flags = (flags) | BUGFLAG_WARNING | BUGFLAG_ARGS ; \
+ __WARN_validate_printf(format, ## arg); \
static_call_mod(WARN_trap)(__WARN_bug_entry(__flags, format), ## arg); \
asm (""); /* inhibit tail-call optimization */ \
} while (0)On Mon, Apr 27, 2026, tip-bot2 for Sean Christopherson wrote: > The following commit has been merged into the x86/misc branch of tip: > > Commit-ID: 40c4b47f41b95dff743c841536cb64014e65ef0c > Gitweb: https://git.kernel.org/tip/40c4b47f41b95dff743c841536cb64014e65ef0c > Author: Sean Christopherson <seanjc@google.com> > AuthorDate: Thu, 23 Apr 2026 07:54:17 -07:00 > Committer: Dave Hansen <dave.hansen@linux.intel.com> > CommitterDate: Mon, 27 Apr 2026 12:02:40 -07:00 > > x86/bug: Add printf() validation to HAVE_ARCH_BUG_FORMAT_ARGS WARNs > > Add explicit printf() validation for x86-64's newfangled WARN > implementation, as most (all?) compilers fail to detect basic formatting > issues without the annotation. E.g. even goofs like printing a u64 as a > string aren't detected: > > WARN_ONCE(1, "Bad message, %s", vcpu->arch.last_guest_tsc); > > 32-bit x86 doesn't support HAVE_ARCH_BUG_FORMAT_ARGS and uses generic > implementations that provide printf() validation. This means there's > now a big blind spot is code that is strictly x86-64. Inconveniently, > new features are also frequently x86-64-only. > > Fix the blind 64-bit blind spot. > > [ dhansen: changelog tweaks to flesh out the 64-bit-only details ] Much better than what I wrote, thanks Dave!
© 2016 - 2026 Red Hat, Inc.