Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp3150051yba; Mon, 8 Apr 2019 12:15:23 -0700 (PDT) X-Google-Smtp-Source: APXvYqxsMTi63RnLwkBDtAKAUZLqcYRFuJL89frdjezprjSK3wX1Yd9/uXxy2Lwptw1Uj3AuIfwE X-Received: by 2002:a63:1247:: with SMTP id 7mr29753362pgs.352.1554750922889; Mon, 08 Apr 2019 12:15:22 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1554750922; cv=none; d=google.com; s=arc-20160816; b=kJ0MLZ5W1YL4bu2p5jJ2SYv2R4IBFks0J7XVlFgyz1mnhwNbrcUj8AzYLVrt1nQisY EbveM6CZVARB97xzlfPYzfkBQeZ7/+VBGZgPWTMUPfZfe9Vz/JUVSkrX7oJyUlyHBRtl go3DlIT7D300gdP0ZAIoCU4pjR53VQDR56uj/EH356sBt6VJxwNSc4beDRFQhZVoUAYo OUXWnap8YoO9VIjH9VfXAdiONbqnGfCTUtRv7Hb9EhB7/O67eUT3bsoz4aEFY06ssUCH nNja/SEy8C5clS4VE01IJJBbAbgwTeB71cVps68yeAVjZuAtbEjHo92rRX0+3DFXsRsx sZ7A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=SHqHYc/eOKCh+KxMIryEeLE4qmh9wDo/A0zT51iwnoI=; b=zprN6uOb/IqTqFUdo8ca0DODwIEqiOLUyQNX5ycuNOSDu9BfrSxZorPdqvf7rf/D1G kooQd1ED7EHdvWAJGgZAUUVBLppPU2I0kcfk4YWeZJELzJ7oJPRNUry3I11tBiBB5ezF s+6GOKwNnW/hLrV8FB5Fs0DB9lXli5kGo7104aSYOLzXjyJpph2+TsFlyH5vq7ehMeNn 5wqEdxGQNm2g9BDFasG6ObSEyyr8iPysB7K9wej6nSIS9UtIe0xyXpuS9ryEqOosot7b b/N46lWls2aCwJaAdtIgAWES75+EdtCRcB5DBK5bnmnfnfvZ6S7XyKsCzkGNQ09nFAAJ tPIg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b=lv1s5aR8; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id i14si18269671pgb.0.2019.04.08.12.15.07; Mon, 08 Apr 2019 12:15:22 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b=lv1s5aR8; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727445AbfDHTIK (ORCPT + 99 others); Mon, 8 Apr 2019 15:08:10 -0400 Received: from mail.skyhub.de ([5.9.137.197]:55350 "EHLO mail.skyhub.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726349AbfDHTIK (ORCPT ); Mon, 8 Apr 2019 15:08:10 -0400 Received: from zn.tnic (p200300EC2F07270090E7A6A2A5AE3819.dip0.t-ipconnect.de [IPv6:2003:ec:2f07:2700:90e7:a6a2:a5ae:3819]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.skyhub.de (SuperMail on ZX Spectrum 128k) with ESMTPSA id 7BDFD1EC0B07; Mon, 8 Apr 2019 21:08:08 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alien8.de; s=dkim; t=1554750488; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:in-reply-to:in-reply-to: references:references; bh=SHqHYc/eOKCh+KxMIryEeLE4qmh9wDo/A0zT51iwnoI=; b=lv1s5aR876KqvYn4Ga4ZSDebDnn4i4apj0A1eBbtPF7yM1D9dNscehmBoukD7vJBwujRoC PURhdEPpeWDZADzChkO0kGxYLGIcZiqtlIb/hj5fu73GrsfZ/KiYfG7o2uU4oFn6rhPiwx 6xSDzupmXwUMiJ1nwFoMjlnNj2TgcBc= Date: Mon, 8 Apr 2019 21:08:00 +0200 From: Borislav Petkov To: Gary R Hook Cc: Thomas Gleixner , "Hook, Gary" , "linux-kernel@vger.kernel.org" , "dave.hansen@linux.intel.com" , "peterz@infradead.org" , "x86@kernel.org" , "mingo@redhat.com" , "luto@kernel.org" , Alexander Potapenko Subject: Re: [PATCH] x86/mm/mem_encrypt: Disable all instrumentation for SME early boot code Message-ID: <20190408190800.GL15689@zn.tnic> References: <155440965936.6194.3202659723198724589.stgit@sosrh7.amd.com> <5dfcb133-0a0e-9e07-3774-313e30814e79@amd.com> <20190408165835.GJ15689@zn.tnic> <8a14050e-2516-5c0f-195d-611c6959b94b@amd.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <8a14050e-2516-5c0f-195d-611c6959b94b@amd.com> User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Apr 08, 2019 at 06:41:30PM +0000, Gary R Hook wrote: > Again, not arguing. I completely understand. However, to be fair, this > isn't about SME having trouble with those facilities, this is about > using certain features (e.g. command line option processing) early in > the boot. Any complex feature could have had that requirement, don't you > think? Sure, but then why do we need that patch at all then? Why do we need to disable instrumentation for SME early code and not for other early code? I mean, if you grep around the tree you can see a bunch of KASAN_SANITIZE but in lib/ we only have lib/Makefile:210:KASAN_SANITIZE_stackdepot.o := n which is special. But the rest of the generic code in lib/ or arch/x86/lib/ isn't. Now, there's this: arch/x86/boot/Makefile:12:KASAN_SANITIZE := n arch/x86/boot/compressed/Makefile:20:KASAN_SANITIZE := n which disables KASAN for all boot code. And this is what you mean - all early boot code should not be sanitized. Which also gives the right solution, IMO: cmdline.o should not be sanitized only when used in the boot code. But that is already the case. So why do you need to disable KASAN for arch/x86/lib/cmdline.c? Because for those two: arch/x86/boot/cmdline.c arch/x86/boot/compressed/cmdline.c that should already be the case due to the Makefile defines above. > Right. My goal was to get a conversation started, because folks are > running into this problem when KASAN is enabled. You say KASAN. Why is there KCOV_INSTRUMENT_cmdline.o too? > N.B. Here's another facet of this problem: cmdline.c doesn't (today) > contain anything that would trigger the stack protector. However, it's > possible to enable the stack protector globally when building, right? In > which case, a boot would fail, so we have the same issue: early boot > code has special requirements / restrictions. How so? This .config boots here in a vm just fine. $ grep STACKPROT .config CONFIG_CC_HAS_SANE_STACKPROTECTOR=y CONFIG_HAVE_STACKPROTECTOR=y CONFIG_CC_HAS_STACKPROTECTOR_NONE=y CONFIG_STACKPROTECTOR=y CONFIG_STACKPROTECTOR_STRONG=y -- Regards/Gruss, Boris. Good mailing practices for 400: avoid top-posting and trim the reply.