Instrumenting sev.c and mem_encrypt_identity.c with KMSAN will result in
kernel being unable to boot. Some of the code are invoked too early in
boot stage that before kmsan is ready.
This change disable kmsan instrumentation for above two files to fix the
boot failure.
Signed-off-by: Changbin Du <[email protected]>
---
arch/x86/kernel/Makefile | 1 +
arch/x86/mm/Makefile | 1 +
2 files changed, 2 insertions(+)
diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile
index 0000325ab98f..04591d0145e0 100644
--- a/arch/x86/kernel/Makefile
+++ b/arch/x86/kernel/Makefile
@@ -33,6 +33,7 @@ KASAN_SANITIZE_sev.o := n
KCSAN_SANITIZE := n
KMSAN_SANITIZE_head$(BITS).o := n
KMSAN_SANITIZE_nmi.o := n
+KMSAN_SANITIZE_sev.o := n
# If instrumentation of the following files is enabled, boot hangs during
# first second.
diff --git a/arch/x86/mm/Makefile b/arch/x86/mm/Makefile
index c80febc44cd2..6ec103bedcf1 100644
--- a/arch/x86/mm/Makefile
+++ b/arch/x86/mm/Makefile
@@ -16,6 +16,7 @@ KASAN_SANITIZE_pgprot.o := n
KCSAN_SANITIZE := n
# Avoid recursion by not calling KMSAN hooks for CEA code.
KMSAN_SANITIZE_cpu_entry_area.o := n
+KMSAN_SANITIZE_mem_encrypt_identity.o := n
ifdef CONFIG_FUNCTION_TRACER
CFLAGS_REMOVE_mem_encrypt.o = -pg
--
2.25.1
On Fri, Mar 08, 2024 at 12:44:01PM +0800, Changbin Du wrote:
> Instrumenting sev.c and mem_encrypt_identity.c with KMSAN will result in
> kernel being unable to boot. Some of the code are invoked too early in
> boot stage that before kmsan is ready.
How do you trigger this?
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
On Fri, Mar 08, 2024 at 06:45:32AM +0100, Borislav Petkov wrote:
> On Fri, Mar 08, 2024 at 12:44:01PM +0800, Changbin Du wrote:
> > Instrumenting sev.c and mem_encrypt_identity.c with KMSAN will result in
> > kernel being unable to boot. Some of the code are invoked too early in
> > boot stage that before kmsan is ready.
>
> How do you trigger this?
>
I run the kernel in qemu. One of the calltrace is:
(gdb) bt
#0 find_cc_blob (bp=0x14700 <exception_stacks+30464>) at arch/x86/kernel/sev.c:2067
#1 0x0000000003daeaab in snp_init (bp=0x14700 <exception_stacks+30464>) at arch/x86/kernel/sev.c:2098
#2 0x0000000003db3d69 in sme_enable (bp=0x14700 <exception_stacks+30464>) at arch/x86/mm/mem_encrypt_identity.c:516
#3 0x000000000100003e in startup_64 () at arch/x86/kernel/head_64.S:99
#4 0x0000000000000000 in ?? ()
find_cc_blob() has instrumentation enabled and panic when accessing shadow
memory.
> --
> Regards/Gruss,
> Boris.
>
> https://people.kernel.org/tglx/notes-about-netiquette
--
Cheers,
Changbin Du
On Fri, Mar 08, 2024 at 02:10:54PM +0800, Changbin Du wrote:
> find_cc_blob() has instrumentation enabled and panic when accessing shadow
> memory.
Thanks, I was able to reproduce. With KMSAN enabled, a 5sec guest turns
into a 2 minute snooze fest. :-)
Oh well.
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
The following commit has been merged into the x86/sev branch of tip:
Commit-ID: c0935fca6ba4799e5efc6daeee37887e84707d01
Gitweb: https://git.kernel.org/tip/c0935fca6ba4799e5efc6daeee37887e84707d01
Author: Changbin Du <[email protected]>
AuthorDate: Fri, 08 Mar 2024 12:44:01 +08:00
Committer: Borislav Petkov (AMD) <[email protected]>
CommitterDate: Fri, 08 Mar 2024 08:59:22 +01:00
x86/sev: Disable KMSAN for memory encryption TUs
Instrumenting sev.c and mem_encrypt_identity.c with KMSAN will result in
a triple-faulting kernel. Some of the code is invoked too early during
boot, before KMSAN is ready.
Disable KMSAN instrumentation for the two translation units.
[ bp: Massage commit message. ]
Signed-off-by: Changbin Du <[email protected]>
Signed-off-by: Borislav Petkov (AMD) <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
---
arch/x86/kernel/Makefile | 1 +
arch/x86/mm/Makefile | 1 +
2 files changed, 2 insertions(+)
diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile
index 0000325..04591d0 100644
--- a/arch/x86/kernel/Makefile
+++ b/arch/x86/kernel/Makefile
@@ -33,6 +33,7 @@ KASAN_SANITIZE_sev.o := n
KCSAN_SANITIZE := n
KMSAN_SANITIZE_head$(BITS).o := n
KMSAN_SANITIZE_nmi.o := n
+KMSAN_SANITIZE_sev.o := n
# If instrumentation of the following files is enabled, boot hangs during
# first second.
diff --git a/arch/x86/mm/Makefile b/arch/x86/mm/Makefile
index c80febc..6ec103b 100644
--- a/arch/x86/mm/Makefile
+++ b/arch/x86/mm/Makefile
@@ -16,6 +16,7 @@ KASAN_SANITIZE_pgprot.o := n
KCSAN_SANITIZE := n
# Avoid recursion by not calling KMSAN hooks for CEA code.
KMSAN_SANITIZE_cpu_entry_area.o := n
+KMSAN_SANITIZE_mem_encrypt_identity.o := n
ifdef CONFIG_FUNCTION_TRACER
CFLAGS_REMOVE_mem_encrypt.o = -pg