[PATCH] x86/sev: Work around broken noinstr on GCC

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH] x86/sev: Work around broken noinstr on GCC
@ 2025-07-14  7:34 Ard Biesheuvel
  2025-07-14 10:27 ` Borislav Petkov
                   ` (2 more replies)
  0 siblings, 3 replies; 5+ messages in thread
From: Ard Biesheuvel @ 2025-07-14  7:34 UTC (permalink / raw)
  To: linux-kernel; +Cc: x86, Ard Biesheuvel, Randy Dunlap

From: Ard Biesheuvel <ardb@kernel.org>

Forcibly disable KCSAN for the sev-nmi.c source file, which only
contains functions annotated as 'noinstr' but is emitted with calls to
KCSAN instrumentation nonetheless. E.g.,

  vmlinux.o: error: objtool: __sev_es_nmi_complete+0x58: call to __kcsan_check_access() leaves .noinstr.text section
  make[2]: *** [/usr/local/google/home/ardb/linux/scripts/Makefile.vmlinux_o:72: vmlinux.o] Error 1

Reported-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 arch/x86/coco/sev/Makefile | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/arch/x86/coco/sev/Makefile b/arch/x86/coco/sev/Makefile
index db3255b979bd..342d79f0ab6a 100644
--- a/arch/x86/coco/sev/Makefile
+++ b/arch/x86/coco/sev/Makefile
@@ -5,5 +5,6 @@ obj-y += core.o sev-nmi.o vc-handle.o
 # Clang 14 and older may fail to respect __no_sanitize_undefined when inlining
 UBSAN_SANITIZE_sev-nmi.o	:= n
 
-# GCC may fail to respect __no_sanitize_address when inlining
+# GCC may fail to respect __no_sanitize_address or __no_kcsan when inlining
 KASAN_SANITIZE_sev-nmi.o	:= n
+KCSAN_SANITIZE_sev-nmi.o	:= n
-- 
2.50.0.727.gbf7dc18ff4-goog


^ permalink raw reply related	[flat|nested] 5+ messages in thread

* Re: [PATCH] x86/sev: Work around broken noinstr on GCC
  2025-07-14  7:34 [PATCH] x86/sev: Work around broken noinstr on GCC Ard Biesheuvel
@ 2025-07-14 10:27 ` Borislav Petkov
  2025-07-14 23:22   ` Ard Biesheuvel
  2025-07-15  3:07 ` Randy Dunlap
  2025-07-15  8:39 ` [tip: x86/urgent] " tip-bot2 for Ard Biesheuvel
  2 siblings, 1 reply; 5+ messages in thread
From: Borislav Petkov @ 2025-07-14 10:27 UTC (permalink / raw)
  To: Ard Biesheuvel; +Cc: linux-kernel, x86, Ard Biesheuvel, Randy Dunlap

On Mon, Jul 14, 2025 at 09:34:03AM +0200, Ard Biesheuvel wrote:
> From: Ard Biesheuvel <ardb@kernel.org>
> 
> Forcibly disable KCSAN for the sev-nmi.c source file, which only
> contains functions annotated as 'noinstr' but is emitted with calls to
> KCSAN instrumentation nonetheless. E.g.,
> 
>   vmlinux.o: error: objtool: __sev_es_nmi_complete+0x58: call to __kcsan_check_access() leaves .noinstr.text section
>   make[2]: *** [/usr/local/google/home/ardb/linux/scripts/Makefile.vmlinux_o:72: vmlinux.o] Error 1
> 
> Reported-by: Randy Dunlap <rdunlap@infradead.org>
> Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
> ---
>  arch/x86/coco/sev/Makefile | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/arch/x86/coco/sev/Makefile b/arch/x86/coco/sev/Makefile
> index db3255b979bd..342d79f0ab6a 100644
> --- a/arch/x86/coco/sev/Makefile
> +++ b/arch/x86/coco/sev/Makefile
> @@ -5,5 +5,6 @@ obj-y += core.o sev-nmi.o vc-handle.o
>  # Clang 14 and older may fail to respect __no_sanitize_undefined when inlining
>  UBSAN_SANITIZE_sev-nmi.o	:= n
>  
> -# GCC may fail to respect __no_sanitize_address when inlining
> +# GCC may fail to respect __no_sanitize_address or __no_kcsan when inlining
>  KASAN_SANITIZE_sev-nmi.o	:= n
> +KCSAN_SANITIZE_sev-nmi.o	:= n
> -- 

Hmm, so this points to the carve out:

b66fcee1574e ("x86/sev: Move noinstr NMI handling code into separate source file")

but then we didn't do any KCSAN exclusion to SEV code before either.

I guess send this to Linus now so that it is in 6.16?

Hmm.

-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] x86/sev: Work around broken noinstr on GCC
  2025-07-14 10:27 ` Borislav Petkov
@ 2025-07-14 23:22   ` Ard Biesheuvel
  0 siblings, 0 replies; 5+ messages in thread
From: Ard Biesheuvel @ 2025-07-14 23:22 UTC (permalink / raw)
  To: Borislav Petkov; +Cc: Ard Biesheuvel, linux-kernel, x86, Randy Dunlap

On Mon, 14 Jul 2025 at 20:27, Borislav Petkov <bp@alien8.de> wrote:
>
> On Mon, Jul 14, 2025 at 09:34:03AM +0200, Ard Biesheuvel wrote:
> > From: Ard Biesheuvel <ardb@kernel.org>
> >
> > Forcibly disable KCSAN for the sev-nmi.c source file, which only
> > contains functions annotated as 'noinstr' but is emitted with calls to
> > KCSAN instrumentation nonetheless. E.g.,
> >
> >   vmlinux.o: error: objtool: __sev_es_nmi_complete+0x58: call to __kcsan_check_access() leaves .noinstr.text section
> >   make[2]: *** [/usr/local/google/home/ardb/linux/scripts/Makefile.vmlinux_o:72: vmlinux.o] Error 1
> >
> > Reported-by: Randy Dunlap <rdunlap@infradead.org>
> > Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
> > ---
> >  arch/x86/coco/sev/Makefile | 3 ++-
> >  1 file changed, 2 insertions(+), 1 deletion(-)
> >
> > diff --git a/arch/x86/coco/sev/Makefile b/arch/x86/coco/sev/Makefile
> > index db3255b979bd..342d79f0ab6a 100644
> > --- a/arch/x86/coco/sev/Makefile
> > +++ b/arch/x86/coco/sev/Makefile
> > @@ -5,5 +5,6 @@ obj-y += core.o sev-nmi.o vc-handle.o
> >  # Clang 14 and older may fail to respect __no_sanitize_undefined when inlining
> >  UBSAN_SANITIZE_sev-nmi.o     := n
> >
> > -# GCC may fail to respect __no_sanitize_address when inlining
> > +# GCC may fail to respect __no_sanitize_address or __no_kcsan when inlining
> >  KASAN_SANITIZE_sev-nmi.o     := n
> > +KCSAN_SANITIZE_sev-nmi.o     := n
> > --
>
> Hmm, so this points to the carve out:
>
> b66fcee1574e ("x86/sev: Move noinstr NMI handling code into separate source file")
>
> but then we didn't do any KCSAN exclusion to SEV code before either.
>

This is actually an oversight on my part,

Fixes: a3cbbb4717e1 ("x86/boot: Move SEV startup code into startup/")

> I guess send this to Linus now so that it is in 6.16?
>

Yes.

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] x86/sev: Work around broken noinstr on GCC
  2025-07-14  7:34 [PATCH] x86/sev: Work around broken noinstr on GCC Ard Biesheuvel
  2025-07-14 10:27 ` Borislav Petkov
@ 2025-07-15  3:07 ` Randy Dunlap
  2025-07-15  8:39 ` [tip: x86/urgent] " tip-bot2 for Ard Biesheuvel
  2 siblings, 0 replies; 5+ messages in thread
From: Randy Dunlap @ 2025-07-15  3:07 UTC (permalink / raw)
  To: Ard Biesheuvel, linux-kernel; +Cc: x86, Ard Biesheuvel



On 7/14/25 12:34 AM, Ard Biesheuvel wrote:
> From: Ard Biesheuvel <ardb@kernel.org>
> 
> Forcibly disable KCSAN for the sev-nmi.c source file, which only
> contains functions annotated as 'noinstr' but is emitted with calls to
> KCSAN instrumentation nonetheless. E.g.,
> 
>   vmlinux.o: error: objtool: __sev_es_nmi_complete+0x58: call to __kcsan_check_access() leaves .noinstr.text section
>   make[2]: *** [/usr/local/google/home/ardb/linux/scripts/Makefile.vmlinux_o:72: vmlinux.o] Error 1
> 
> Reported-by: Randy Dunlap <rdunlap@infradead.org>

Acked-by: Randy Dunlap <rdunlap@infradead.org>
Tested-by: Randy Dunlap <rdunlap@infradead.org>

Thanks.

> Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
> ---
>  arch/x86/coco/sev/Makefile | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/arch/x86/coco/sev/Makefile b/arch/x86/coco/sev/Makefile
> index db3255b979bd..342d79f0ab6a 100644
> --- a/arch/x86/coco/sev/Makefile
> +++ b/arch/x86/coco/sev/Makefile
> @@ -5,5 +5,6 @@ obj-y += core.o sev-nmi.o vc-handle.o
>  # Clang 14 and older may fail to respect __no_sanitize_undefined when inlining
>  UBSAN_SANITIZE_sev-nmi.o	:= n
>  
> -# GCC may fail to respect __no_sanitize_address when inlining
> +# GCC may fail to respect __no_sanitize_address or __no_kcsan when inlining
>  KASAN_SANITIZE_sev-nmi.o	:= n
> +KCSAN_SANITIZE_sev-nmi.o	:= n

-- 
~Randy

^ permalink raw reply	[flat|nested] 5+ messages in thread

* [tip: x86/urgent] x86/sev: Work around broken noinstr on GCC
  2025-07-14  7:34 [PATCH] x86/sev: Work around broken noinstr on GCC Ard Biesheuvel
  2025-07-14 10:27 ` Borislav Petkov
  2025-07-15  3:07 ` Randy Dunlap
@ 2025-07-15  8:39 ` tip-bot2 for Ard Biesheuvel
  2 siblings, 0 replies; 5+ messages in thread
From: tip-bot2 for Ard Biesheuvel @ 2025-07-15  8:39 UTC (permalink / raw)
  To: linux-tip-commits
  Cc: Randy Dunlap, Ard Biesheuvel, Borislav Petkov (AMD), x86,
	linux-kernel

The following commit has been merged into the x86/urgent branch of tip:

Commit-ID:     6b995d01683feae619aa3263d18a6aa19bface16
Gitweb:        https://git.kernel.org/tip/6b995d01683feae619aa3263d18a6aa19bface16
Author:        Ard Biesheuvel <ardb@kernel.org>
AuthorDate:    Mon, 14 Jul 2025 09:34:03 +02:00
Committer:     Borislav Petkov (AMD) <bp@alien8.de>
CommitterDate: Tue, 15 Jul 2025 10:12:25 +02:00

x86/sev: Work around broken noinstr on GCC

Forcibly disable KCSAN for the sev-nmi.c source file, which only
contains functions annotated as 'noinstr' but is emitted with calls to
KCSAN instrumentation nonetheless. E.g.,

  vmlinux.o: error: objtool: __sev_es_nmi_complete+0x58: call to __kcsan_check_access() leaves .noinstr.text section
  make[2]: *** [/usr/local/google/home/ardb/linux/scripts/Makefile.vmlinux_o:72: vmlinux.o] Error 1

Fixes: a3cbbb4717e1 ("x86/boot: Move SEV startup code into startup/")
Reported-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Acked-by: Randy Dunlap <rdunlap@infradead.org>
Tested-by: Randy Dunlap <rdunlap@infradead.org>
Link: https://lore.kernel.org/20250714073402.4107091-2-ardb+git@google.com
---
 arch/x86/coco/sev/Makefile | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/arch/x86/coco/sev/Makefile b/arch/x86/coco/sev/Makefile
index db3255b..342d79f 100644
--- a/arch/x86/coco/sev/Makefile
+++ b/arch/x86/coco/sev/Makefile
@@ -5,5 +5,6 @@ obj-y += core.o sev-nmi.o vc-handle.o
 # Clang 14 and older may fail to respect __no_sanitize_undefined when inlining
 UBSAN_SANITIZE_sev-nmi.o	:= n
 
-# GCC may fail to respect __no_sanitize_address when inlining
+# GCC may fail to respect __no_sanitize_address or __no_kcsan when inlining
 KASAN_SANITIZE_sev-nmi.o	:= n
+KCSAN_SANITIZE_sev-nmi.o	:= n

^ permalink raw reply related	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2025-07-15  8:40 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-07-14  7:34 [PATCH] x86/sev: Work around broken noinstr on GCC Ard Biesheuvel
2025-07-14 10:27 ` Borislav Petkov
2025-07-14 23:22   ` Ard Biesheuvel
2025-07-15  3:07 ` Randy Dunlap
2025-07-15  8:39 ` [tip: x86/urgent] " tip-bot2 for Ard Biesheuvel

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.