Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp1611994yba; Thu, 4 Apr 2019 14:26:26 -0700 (PDT) X-Google-Smtp-Source: APXvYqyKyrd6bBe6RJ1x6JKf/9NxB1KnQiBUuYFghDuhZaixXSjG0UMg+jZFsxSvW/JRvmKeLpbj X-Received: by 2002:a63:cf11:: with SMTP id j17mr8125851pgg.252.1554413186890; Thu, 04 Apr 2019 14:26:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1554413186; cv=none; d=google.com; s=arc-20160816; b=yiM067exZLiULu9lxal/Gxqj2CMB2GyFzxL57RjP8RJRVtI++n2+1rdo1vRydJaxUQ /qUnIl+/sXeLK/G+C8NZTaTgH6uUwD+4l3sXcytUcQT+yCfYVJgzvXpsx0sZcRaLZKv9 h/jEwmgfzmREDiZhYgkt/vtZWQkpvSFNpPgdS6yfL8MKIhdQHTHzRNeKNcK7DRUqR8WK zNVjlpKbE3jI7+Zw5X7EMm3broYiCww76MumPAj1nSltF11YqhvROcY6jdBBzZBS/YEe K/lVtQwBIRc3ozTgWo0lm/bJF60WJOFEExFG+SHx2WQYR4dzcwIfqbyyltqIiYTf75Lr an8Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :message-id:in-reply-to:subject:cc:to:from:date; bh=IhgYTFIAUIBsWx3D6T9zpZCIbdR5qAIghxDNgUwufLA=; b=eMmk4LxVM1JE2Ynh+KH2+0u5td6/uDAtpVUQB+VJe23+iZsrditHA5UQ6W9KH1x4k8 8UaFekbLhPCjGSXO8UyKn4XBrlRBr3Ste9pEaQlI/dut/Ty7FBwweEqOT9eWqarsXrJ5 kOyKA5TO+6uYbv7Yhm0NsehSjCYaVPVFfzmWMktDAL4LCR88rql53ADVq9Urn11u++ql SoiyA+I3jlDO6bF5in2MlJ+wnJeqhBlCkmet28qJ8v4FeKq9xyA4CJCqm+g91AH32QTa c8rTFZ2tHcjh0kvEaEcZP1tw6ntuPMgGTG22tt8IhoWUqBprR7xRjmKseQsbiFhrZujS bw3A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m12si17414803pgc.157.2019.04.04.14.26.10; Thu, 04 Apr 2019 14:26:26 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731149AbfDDUmK (ORCPT + 99 others); Thu, 4 Apr 2019 16:42:10 -0400 Received: from Galois.linutronix.de ([146.0.238.70]:46410 "EHLO Galois.linutronix.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729924AbfDDUmJ (ORCPT ); Thu, 4 Apr 2019 16:42:09 -0400 Received: from p5492e2fc.dip0.t-ipconnect.de ([84.146.226.252] helo=nanos) by Galois.linutronix.de with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from ) id 1hC9BU-0001LQ-7N; Thu, 04 Apr 2019 22:42:04 +0200 Date: Thu, 4 Apr 2019 22:42:03 +0200 (CEST) From: Thomas Gleixner To: "Hook, Gary" cc: "linux-kernel@vger.kernel.org" , "dave.hansen@linux.intel.com" , "peterz@infradead.org" , "x86@kernel.org" , "mingo@redhat.com" , "bp@alien8.de" , "luto@kernel.org" , Alexander Potapenko Subject: Re: [PATCH] x86/mm/mem_encrypt: Disable all instrumentation for SME early boot code In-Reply-To: <155440965936.6194.3202659723198724589.stgit@sosrh7.amd.com> Message-ID: References: <155440965936.6194.3202659723198724589.stgit@sosrh7.amd.com> User-Agent: Alpine 2.21 (DEB 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII X-Linutronix-Spam-Score: -1.0 X-Linutronix-Spam-Level: - X-Linutronix-Spam-Status: No , -1.0 points, 5.0 required, ALL_TRUSTED=-1,SHORTCIRCUIT=-0.0001 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, 4 Apr 2019, Hook, Gary wrote: > Enablement of AMD's Secure Memory Encryption feature is determined > very early in the boot cycle. Part of this procedure involves scanning > the command line for the paramater 'mem_encrypt'. > > To determine intended state, the function sme_enable() uses library > functions cmdline_find_option() and strncmp(). Their use occurs early > enough such that we can't assume that any instrumentation subsystem is > initialized. For example, making calls to a KASAN-instrumented > function before KASAN is set up will likely result in the use of > uninitialized memory and a boot failure. > > Avoid instrumenting these dependent functions by: > > 1) Making a local, static, renamed copy of strncpy() for use solely in > mem_encrypt_identity.c. In this file we are able to vet its few uses > and avoid exposing the rest of the kernel to a ubiquitously used but > un-instrumented function. > > 2) Disable instrumention of arch/x86/lib/cmdline.c based on the > assumption that the needed function (cmdline_find_option()) is vetted > through its use to date, and contains no lurking flaws that have not > yet been found through instrumentation such as KASAN. Not happy about that :) > +# SME early boot code checks the cmdline, so don't instrument > +KCOV_INSTRUMENT_cmdline.o := n > + > +KASAN_SANITIZE_cmdline.o := n If we can't come up with a better solution then this needs to depend on CONFIG_MEM_ENCRYPT so we still can run KASAN on cmdline.c to catch crap when the code is modified in the future. Thanks, tglx