xref: /linux/lib/bug.c (revision 2e05544060b9fef5d4d0e0172944e6956c55080f) 
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  *  Generic support for BUG()
4  *
5  *  This respects the following config options:
6  *
7  *  CONFIG_BUG - emit BUG traps.  Nothing happens without this.
8  *  CONFIG_GENERIC_BUG - enable this code.
9  *  CONFIG_GENERIC_BUG_RELATIVE_POINTERS - use 32-bit relative pointers for bug_addr and file
10  *  CONFIG_DEBUG_BUGVERBOSE - emit full file+line information for each BUG
11  *
12  *  CONFIG_BUG and CONFIG_DEBUG_BUGVERBOSE are potentially user-settable
13  *  (though they're generally always on).
14  *
15  *  CONFIG_GENERIC_BUG is set by each architecture using this code.
16  *
17  *  To use this, your architecture must:
18  *
19  *  1. Set up the config options:
20  *     - Enable CONFIG_GENERIC_BUG if CONFIG_BUG
21  *
22  *  2. Implement BUG (and optionally BUG_ON, WARN, WARN_ON)
23  *     - Define HAVE_ARCH_BUG
24  *     - Implement BUG() to generate a faulting instruction
25  *     - NOTE: struct bug_entry does not have "file" or "line" entries
26  *       when CONFIG_DEBUG_BUGVERBOSE is not enabled, so you must generate
27  *       the values accordingly.
28  *
29  *  3. Implement the trap
30  *     - In the illegal instruction trap handler (typically), verify
31  *       that the fault was in kernel mode, and call report_bug()
32  *     - report_bug() will return whether it was a false alarm, a warning,
33  *       or an actual bug.
34  *     - You must implement the is_valid_bugaddr(bugaddr) callback which
35  *       returns true if the eip is a real kernel address, and it points
36  *       to the expected BUG trap instruction.
37  *
38  *    Jeremy Fitzhardinge <jeremy@goop.org> 2006
39  */
40 
41 #define pr_fmt(fmt) fmt
42 
43 #include <linux/list.h>
44 #include <linux/module.h>
45 #include <linux/kernel.h>
46 #include <linux/bug.h>
47 #include <linux/sched.h>
48 #include <linux/rculist.h>
49 #include <linux/ftrace.h>
50 #include <linux/context_tracking.h>
51 #include <kunit/test-bug.h>
52 
53 extern struct bug_entry __start___bug_table[], __stop___bug_table[];
54 
55 static inline unsigned long bug_addr(const struct bug_entry *bug)
56 {
57 #ifdef CONFIG_GENERIC_BUG_RELATIVE_POINTERS
58 	return (unsigned long)&bug->bug_addr_disp + bug->bug_addr_disp;
59 #else
60 	return bug->bug_addr;
61 #endif
62 }
63 
64 #ifdef CONFIG_MODULES
65 /* Updates are protected by module mutex */
66 static LIST_HEAD(module_bug_list);
67 
68 static struct bug_entry *module_find_bug(unsigned long bugaddr)
69 {
70 	struct bug_entry *bug;
71 	struct module *mod;
72 
73 	guard(rcu)();
74 	list_for_each_entry_rcu(mod, &module_bug_list, bug_list) {
75 		unsigned int i;
76 
77 		bug = mod->bug_table;
78 		for (i = 0; i < mod->num_bugs; ++i, ++bug)
79 			if (bugaddr == bug_addr(bug))
80 				return bug;
81 	}
82 	return NULL;
83 }
84 
85 void module_bug_finalize(const Elf_Ehdr *hdr, const Elf_Shdr *sechdrs,
86 			 struct module *mod)
87 {
88 	char *secstrings;
89 	unsigned int i;
90 
91 	mod->bug_table = NULL;
92 	mod->num_bugs = 0;
93 
94 	/* Find the __bug_table section, if present */
95 	secstrings = (char *)hdr + sechdrs[hdr->e_shstrndx].sh_offset;
96 	for (i = 1; i < hdr->e_shnum; i++) {
97 		if (strcmp(secstrings+sechdrs[i].sh_name, "__bug_table"))
98 			continue;
99 		mod->bug_table = (void *) sechdrs[i].sh_addr;
100 		mod->num_bugs = sechdrs[i].sh_size / sizeof(struct bug_entry);
101 		break;
102 	}
103 
104 	/*
105 	 * Strictly speaking this should have a spinlock to protect against
106 	 * traversals, but since we only traverse on BUG()s, a spinlock
107 	 * could potentially lead to deadlock and thus be counter-productive.
108 	 * Thus, this uses RCU to safely manipulate the bug list, since BUG
109 	 * must run in non-interruptive state.
110 	 */
111 	list_add_rcu(&mod->bug_list, &module_bug_list);
112 }
113 
114 void module_bug_cleanup(struct module *mod)
115 {
116 	list_del_rcu(&mod->bug_list);
117 }
118 
119 #else
120 
121 static inline struct bug_entry *module_find_bug(unsigned long bugaddr)
122 {
123 	return NULL;
124 }
125 #endif
126 
127 void bug_get_file_line(struct bug_entry *bug, const char **file,
128 		       unsigned int *line)
129 {
130 #ifdef CONFIG_DEBUG_BUGVERBOSE
131 #ifdef CONFIG_GENERIC_BUG_RELATIVE_POINTERS
132 	*file = (const char *)&bug->file_disp + bug->file_disp;
133 #else
134 	*file = bug->file;
135 #endif
136 	*line = bug->line;
137 #else
138 	*file = NULL;
139 	*line = 0;
140 #endif
141 }
142 
143 static const char *bug_get_format(struct bug_entry *bug)
144 {
145 	const char *format = NULL;
146 #ifdef HAVE_ARCH_BUG_FORMAT
147 #ifdef CONFIG_GENERIC_BUG_RELATIVE_POINTERS
148 	/*
149 	 * Allow an architecture to:
150 	 *  - relative encode NULL (difficult vs KASLR);
151 	 *  - use a literal 0 (there are no valid objects inside
152 	 *    the __bug_table itself to refer to after all);
153 	 *  - use an empty string.
154 	 */
155 	if (bug->format_disp)
156 		format = (const char *)&bug->format_disp + bug->format_disp;
157 	if (format && format[0] == '\0')
158 		format = NULL;
159 #else
160 	format = bug->format;
161 #endif
162 #endif
163 	return format;
164 }
165 
166 struct bug_entry *find_bug(unsigned long bugaddr)
167 {
168 	struct bug_entry *bug;
169 
170 	for (bug = __start___bug_table; bug < __stop___bug_table; ++bug)
171 		if (bugaddr == bug_addr(bug))
172 			return bug;
173 
174 	return module_find_bug(bugaddr);
175 }
176 
177 static __printf(1, 0)
178 void __warn_printf(const char *fmt, struct pt_regs *regs)
179 {
180 	if (!fmt)
181 		return;
182 
183 #ifdef HAVE_ARCH_BUG_FORMAT_ARGS
184 	if (regs) {
185 		struct arch_va_list _args;
186 		va_list *args = __warn_args(&_args, regs);
187 
188 		if (args) {
189 			vprintk(fmt, *args);
190 			return;
191 		}
192 	}
193 #endif
194 
195 	pr_warn("%s", fmt);
196 }
197 
198 static enum bug_trap_type __report_bug(struct bug_entry *bug, unsigned long bugaddr, struct pt_regs *regs)
199 {
200 	bool warning, once, done, no_cut, has_args;
201 	const char *file, *fmt;
202 	unsigned int line;
203 
204 	if (!bug) {
205 		if (!is_valid_bugaddr(bugaddr))
206 			return BUG_TRAP_TYPE_NONE;
207 
208 		bug = find_bug(bugaddr);
209 		if (!bug)
210 			return BUG_TRAP_TYPE_NONE;
211 	}
212 
213 	bug_get_file_line(bug, &file, &line);
214 	fmt = bug_get_format(bug);
215 
216 	warning  = bug->flags & BUGFLAG_WARNING;
217 	once     = bug->flags & BUGFLAG_ONCE;
218 	done     = bug->flags & BUGFLAG_DONE;
219 	no_cut   = bug->flags & BUGFLAG_NO_CUT_HERE;
220 	has_args = bug->flags & BUGFLAG_ARGS;
221 
222 #ifdef CONFIG_KUNIT
223 	/*
224 	 * Before the once logic so suppressed warnings do not consume
225 	 * the single-fire budget of WARN_ON_ONCE().
226 	 */
227 	if (warning && kunit_is_suppressed_warning(true))
228 		return BUG_TRAP_TYPE_WARN;
229 #endif
230 
231 	disable_trace_on_warning();
232 
233 	if (warning && once) {
234 		if (done)
235 			return BUG_TRAP_TYPE_WARN;
236 
237 		/*
238 		 * Since this is the only store, concurrency is not an issue.
239 		 */
240 		bug->flags |= BUGFLAG_DONE;
241 	}
242 
243 	/*
244 	 * BUG() and WARN_ON() families don't print a custom debug message
245 	 * before triggering the exception handler, so we must add the
246 	 * "cut here" line now. WARN() issues its own "cut here" before the
247 	 * extra debugging message it writes before triggering the handler.
248 	 */
249 	if (!no_cut) {
250 		pr_info(CUT_HERE);
251 		__warn_printf(fmt, has_args ? regs : NULL);
252 	}
253 
254 	if (warning) {
255 		/* this is a WARN_ON rather than BUG/BUG_ON */
256 		__warn(file, line, (void *)bugaddr, BUG_GET_TAINT(bug), regs,
257 		       NULL);
258 		return BUG_TRAP_TYPE_WARN;
259 	}
260 
261 	if (file)
262 		pr_crit("kernel BUG at %s:%u!\n", file, line);
263 	else
264 		pr_crit("kernel BUG at %pB [verbose debug info unavailable]\n",
265 			(void *)bugaddr);
266 
267 	return BUG_TRAP_TYPE_BUG;
268 }
269 
270 enum bug_trap_type report_bug_entry(struct bug_entry *bug, struct pt_regs *regs)
271 {
272 	enum bug_trap_type ret;
273 	bool rcu;
274 
275 	rcu = warn_rcu_enter();
276 	ret = __report_bug(bug, bug_addr(bug), regs);
277 	warn_rcu_exit(rcu);
278 
279 	return ret;
280 }
281 
282 enum bug_trap_type report_bug(unsigned long bugaddr, struct pt_regs *regs)
283 {
284 	enum bug_trap_type ret;
285 	bool rcu;
286 
287 	rcu = warn_rcu_enter();
288 	ret = __report_bug(NULL, bugaddr, regs);
289 	warn_rcu_exit(rcu);
290 
291 	return ret;
292 }
293 
294 static void clear_once_table(struct bug_entry *start, struct bug_entry *end)
295 {
296 	struct bug_entry *bug;
297 
298 	for (bug = start; bug < end; bug++)
299 		bug->flags &= ~BUGFLAG_DONE;
300 }
301 
302 void generic_bug_clear_once(void)
303 {
304 #ifdef CONFIG_MODULES
305 	struct module *mod;
306 
307 	scoped_guard(rcu) {
308 		list_for_each_entry_rcu(mod, &module_bug_list, bug_list)
309 			clear_once_table(mod->bug_table,
310 					 mod->bug_table + mod->num_bugs);
311 	}
312 #endif
313 
314 	clear_once_table(__start___bug_table, __stop___bug_table);
315 }
316