Re: [PATCH -v1 1/2] x86/microcode: Add microcode= cmdline parsing

Re: [PATCH -v1 1/2] x86/microcode: Add microcode= cmdline parsing

[Nathan Chancellor]

Hi Boris and the Intel folks,

+ Ryusuke and linux-nilfs

On Thu, Sep 04, 2025 at 01:37:52PM +0200, Borislav Petkov wrote:
> On Tue, Sep 02, 2025 at 04:45:12PM +0800, kernel test robot wrote:
> > 
> > 
> > Hello,
> > 
> > 
> > this could be a noise, we didn't see the relation between the patch with the
> > issue we observed. however, we rebuild the kernels for both this commit and
> > parent 3 times.
> > (
> > our bot chose 894af4a1cde61c as the parent as below
> > * 19f370d45aceea x86/microcode: Add microcode= cmdline parsing
> > * 894af4a1cde61c (tip/x86/core, peterz-queue/x86/core) objtool: Validate kCFI calls
> > )
> > 
> > and for each rerun of both this commit and parent, we run more times, but the
> > issue is still quite persistent while parent keeps clean:
> > 
> > =========================================================================================
> > tbox_group/testcase/rootfs/kconfig/compiler/runtime/group/nr_groups:
> >   vm-snb/trinity/debian-11.1-i386-20220923.cgz/x86_64-randconfig-006-20250826/clang-20/300s/group-01/5
> > 
> > 894af4a1cde61c34 19f370d45aceea5ab4c52e3afa0
> > ---------------- ---------------------------
> >        fail:runs  %reproduction    fail:runs
> >            |             |             |
> >            :200         74%         149:200   last_state.is_incomplete_run
> >            :200         74%         147:200   last_state.running
> >            :200         75%         150:200   dmesg.CFI_failure_at_kobj_attr_show
> >            :200         75%         150:200   dmesg.Kernel_panic-not_syncing:Fatal_exception
> >            :200         75%         150:200   dmesg.Oops:invalid_opcode:#[##]KASAN
> >            :200         75%         150:200   dmesg.RIP:kobj_attr_show
> >            :200         75%         150:200   dmesg.boot_failures
> > 
> > so we just follow our report rule to still report this results FYI.
> > 
> > if it's really irrelevant, sorry maybe our env issues (though we still cannot
> > figure out for now). and if you can help us to figure out the potential problem
> > from our dmesg in below link, it will be very apprecidated!
> 
> Yeah, I don't know what you did here but building with that .config, I can't
> even boot that kernel in a VM because doing:
> 
> qemu-... -kernel bzImage ...
> 
> sends me into grub and asks me to select the default kernel.
> 
> And my qemu script boots arbitrary kernels just fine.

Does your QEMU boot via UEFI? This configuration has

  # CONFIG_EFI is not set

so if I try to boot QEMU via OVMF, I get:

  BdsDxe: failed to load Boot0002 "UEFI Non-Block Boot Device" from VenMedia(1428F772-B64A-441E-B8C3-9EBDD7F893C7): Not Found
  BdsDxe: No bootable option or device was found.
  BdsDxe: Press any key to enter the Boot Manager Menu.

Turning on CONFIG_EFI and CONFIG_EFI_STUB is enough for me to boot this
configuration.

> Also, I used clang-20 from here:
> 
> https://mirrors.edge.kernel.org/pub/tools/llvm/
> 
> and version 20.1.8 took something like ~10(!) minutes to link vmlinux with
> that config. Just FYI for Nathan, maybe something's weird there.

Looks like this configuration has

  CONFIG_LTO_CLANG_FULL=y

so that's not too surprising :) turning that off or making it

  CONFIG_LTO_CLANG_THIN=y

should be much quicker.

> > below is full report.
> 
> Leaving it in.

As for the actual report...

I ran 200 boots using our simple Buildroot initrd and QEMU wrapper
script [1] and saw no issues, however...

[1]: https://github.com/ClangBuiltLinux/boot-utils

> > kernel test robot noticed "CFI_failure_at_kobj_attr_show" on:
> > 
> > commit: 19f370d45aceea5ab4c52e3afa00226fb99c3fc8 ("[PATCH -v1 1/2] x86/microcode: Add microcode= cmdline parsing")
> > url: https://github.com/intel-lab-lkp/linux/commits/Borislav-Petkov/x86-microcode-Add-microcode-cmdline-parsing/20250820-215624
> > base: https://git.kernel.org/cgit/linux/kernel/git/tip/tip.git 894af4a1cde61c3401f237184fb770f72ff12df8
> > patch link: https://lore.kernel.org/all/20250820135043.19048-2-bp@kernel.org/
> > patch subject: [PATCH -v1 1/2] x86/microcode: Add microcode= cmdline parsing
> > 
> > in testcase: trinity
> > version: trinity-i386-abe9de86-1_20230429
> > with following parameters:
> > 
> > 	runtime: 300s
> > 	group: group-01
> > 	nr_groups: 5
> > 
> > 
> > 
> > config: x86_64-randconfig-006-20250826
> > compiler: clang-20
> > test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G
> > 
> > (please refer to attached dmesg/kmsg for entire log/backtrace)
> > 
> > 
> > 
> > If you fix the issue in a separate patch/commit (i.e. not just a new version of
> > the same patch/commit), kindly add following tags
> > | Reported-by: kernel test robot <oliver.sang@intel.com>
> > | Closes: https://lore.kernel.org/oe-lkp/202509021646.bc78d9ef-lkp@intel.com
> > 
> > 
> > The kernel config and materials to reproduce are available at:
> > https://download.01.org/0day-ci/archive/20250902/202509021646.bc78d9ef-lkp@intel.com
> > 
> > 
> > [  453.382281][ T7761] CFI failure at kobj_attr_show+0x59/0x80 (target: nilfs_feature_revision_show+0x0/0x30; expected type: 0x1b8aae92)

I am surprised that this was not reproducible at 894af4a1cde61c34 for
the Intel folks because it does for me assuming I actually try to read
that file (maybe trinity was not hitting it on the older revision?):

  $ cat /sys/fs/nilfs2/features/revision
  [    6.975426][  T150] CFI failure at kobj_attr_show+0x59/0x80 (target: nilfs_feature_revision_show+0x0/0x30; expected type: 0xed60cafc)
  [    6.976822][  T150] Oops: invalid opcode: 0000 [#1] KASAN
  [    6.977407][  T150] CPU: 0 UID: 0 PID: 150 Comm: cat Not tainted 6.17.0-rc2-00016-g894af4a1cde6 #1 NONE
  [    6.978432][  T150] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.17.0-0-gb52ca86e094d-prebuilt.qemu.org 04/01/2014
  [    6.979752][  T150] RIP: 0010:kobj_attr_show+0x59/0x80
  [    6.980321][  T150] Code: 08 00 74 08 4c 89 e7 e8 05 6b d6 fb 4d 8b 1c 24 4d 85 db 74 1f 4c 89 ff 4c 89 f6 48 89 da 41 ba 04 35 9f 12 45 03 53 f1 74 02 <0f> 0b 41 ff d3 0f 1f 00 eb 07 48 c7 c0 fb ff ff ff 5b 41 5c 41 5e
  [    6.982456][  T150] RSP: 0018:ffa0000000e17b28 EFLAGS: 00010216
  [    6.983163][  T150] RAX: 1ffffffff3753765 RBX: ff11000109eca000 RCX: dffffc0000000000
  [    6.984012][  T150] RDX: ff11000109eca000 RSI: ffffffff9ba9bb00 RDI: ff11000100b4f250
  [    6.984900][  T150] RBP: ffa0000000e17b48 R08: ff11000109ecafff R09: ff11000109eca000
  [    6.985830][  T150] R10: 000000007b3f6fc3 R11: ffffffff9541ea80 R12: ffffffff9ba9bb28
  [    6.986658][  T150] R13: 1fe2200020fdfe80 R14: ffffffff9ba9bb00 R15: ff11000100b4f250
  [    6.987542][  T150] FS:  00007f4818d2b740(0000) GS:0000000000000000(0000) knlGS:0000000000000000
  [    6.988508][  T150] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
  [    6.989241][  T150] CR2: 00007f481899a000 CR3: 0000000109f3b002 CR4: 0000000000371eb0
  [    6.990120][  T150] Call Trace:
  [    6.990498][  T150]  <TASK>
  [    6.990867][  T150]  sysfs_kf_seq_show+0x2a6/0x390
  [    6.991410][  T150]  ? __cfi_kobj_attr_show+0x10/0x10
  [    6.992015][  T150]  kernfs_seq_show+0x104/0x15b
  [    6.992542][  T150]  seq_read_iter+0x580/0xe2b
  [    6.993076][  T150]  kernfs_fop_read_iter+0x137/0x470
  [    6.993650][  T150]  new_sync_read+0x27e/0x365
  [    6.994185][  T150]  vfs_read+0x1e8/0x46b
  [    6.994650][  T150]  ksys_read+0xc2/0x170
  [    6.995129][  T150]  __x64_sys_read+0x7f/0x90
  [    6.995631][  T150]  ? entry_SYSCALL_64_after_hwframe+0x6b/0x73
  [    6.996299][  T150]  x64_sys_call+0x2589/0x2cdb
  [    6.996843][  T150]  do_syscall_64+0x89/0xfa0
  [    6.997343][  T150]  ? irqentry_exit+0x33/0x70
  [    6.997882][  T150]  ? exc_page_fault+0x96/0xe0
  [    6.998400][  T150]  entry_SYSCALL_64_after_hwframe+0x6b/0x73
  [    6.999068][  T150] RIP: 0033:0x7f4818dc11ce
  [    6.999564][  T150] Code: 4d 89 d8 e8 64 be 00 00 4c 8b 5d f8 41 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 11 c9 c3 0f 1f 80 00 00 00 00 48 8b 45 10 0f 05 <c9> c3 83 e2 39 83 fa 08 75 e7 e8 13 ff ff ff 0f 1f 00 f3 0f 1e fa
  [    7.001627][  T150] RSP: 002b:00007ffc2d325600 EFLAGS: 00000202 ORIG_RAX: 0000000000000000
  [    7.002558][  T150] RAX: ffffffffffffffda RBX: 0000000000040000 RCX: 00007f4818dc11ce
  [    7.003443][  T150] RDX: 0000000000040000 RSI: 00007f481899b000 RDI: 0000000000000003
  [    7.004363][  T150] RBP: 00007ffc2d325610 R08: 0000000000000000 R09: 0000000000000000
  [    7.005260][  T150] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000040000
  [    7.006143][  T150] R13: 00007f481899b000 R14: 0000000000000003 R15: 0000000000000000
  [    7.007027][  T150]  </TASK>
  [    7.007411][  T150] Modules linked in:
  [    7.007994][  T150] ---[ end trace 0000000000000000 ]---
  [    7.008711][  T150] RIP: 0010:kobj_attr_show+0x59/0x80
  [    7.009430][  T150] Code: 08 00 74 08 4c 89 e7 e8 05 6b d6 fb 4d 8b 1c 24 4d 85 db 74 1f 4c 89 ff 4c 89 f6 48 89 da 41 ba 04 35 9f 12 45 03 53 f1 74 02 <0f> 0b 41 ff d3 0f 1f 00 eb 07 48 c7 c0 fb ff ff ff 5b 41 5c 41 5e
  [    7.011712][  T150] RSP: 0018:ffa0000000e17b28 EFLAGS: 00010216
  [    7.012369][  T150] RAX: 1ffffffff3753765 RBX: ff11000109eca000 RCX: dffffc0000000000
  [    7.013214][  T150] RDX: ff11000109eca000 RSI: ffffffff9ba9bb00 RDI: ff11000100b4f250
  [    7.014202][  T150] RBP: ffa0000000e17b48 R08: ff11000109ecafff R09: ff11000109eca000
  [    7.015201][  T150] R10: 000000007b3f6fc3 R11: ffffffff9541ea80 R12: ffffffff9ba9bb28
  [    7.016202][  T150] R13: 1fe2200020fdfe80 R14: ffffffff9ba9bb00 R15: ff11000100b4f250
  [    7.017212][  T150] FS:  00007f4818d2b740(0000) GS:0000000000000000(0000) knlGS:0000000000000000
  [    7.018332][  T150] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
  [    7.019154][  T150] CR2: 00007f481899a000 CR3: 0000000109f3b002 CR4: 0000000000371eb0
  [    7.020147][  T150] Kernel panic - not syncing: Fatal exception
  [    7.020837][  T150] Kernel Offset: 0x12e00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)

The fix should be something like the following, which resolves the issue
for me.

  nilfs_sysfs_init() ->
    kset_create_and_add() ->
      kset_create()

has

  kset->kobj.ktype = &kset_ktype

which is

  static const struct kobj_type kset_ktype = {
    .sysfs_ops      = &kobj_sysfs_ops,
    .release        = kset_release,
    .get_ownership  = kset_get_ownership,
  };

Note the kobj_sysfs_ops.

  const struct sysfs_ops kobj_sysfs_ops = {
    .show   = kobj_attr_show,
    .store  = kobj_attr_store,
  };

nilfs_feature_attr_group is added to the nilfs_kset->kobj via
sysfs_create_group(), where the kernfs_ops for each file in
nilfs_feature_attr_group becomes

  sysfs_create_group() ->
    internal_create_group() ->
      create_files() ->
        sysfs_add_file_mode_ns() ->
          ops = &sysfs_file_kfops_rw;
          __kernfs_create_file() ->
            kn->attr.ops = ops;

  static const struct kernfs_ops sysfs_file_kfops_rw = {
    .seq_show = sysfs_kf_seq_show,
    .write    = sysfs_kf_write,
  };

sysfs_kf_seq_show() calls kobj_attr_show() via

  const struct sysfs_ops *ops = sysfs_file_ops(of->kn);
  ...
  count = ops->show(kobj, of->kn->priv, buf);

kobj_attr_show() calls one of the nilfs_feature_*_show() functions via
after casting to 'struct kobj_attribute':

  kattr = container_of(attr, struct kobj_attribute, attr);
  if (kattr->show)
    ret = kattr->show(kobj, kattr, buf);

  struct kobj_attribute {
    struct attribute attr;
    ssize_t (*show)(struct kobject *kobj, struct kobj_attribute *attr,
            char *buf);
    ssize_t (*store)(struct kobject *kobj, struct kobj_attribute *attr,
            const char *buf, size_t count);
  };

So the types of nilfs_feature_*_show() need to match
kobj_attribute->show() to avoid triggering CFI here.

Cheers,
Nathan

diff --git a/fs/nilfs2/sysfs.c b/fs/nilfs2/sysfs.c
index 14868a3dd592..bc52afbfc5c7 100644
--- a/fs/nilfs2/sysfs.c
+++ b/fs/nilfs2/sysfs.c
@@ -1075,7 +1075,7 @@ void nilfs_sysfs_delete_device_group(struct the_nilfs *nilfs)
  ************************************************************************/
 
 static ssize_t nilfs_feature_revision_show(struct kobject *kobj,
-					    struct attribute *attr, char *buf)
+					    struct kobj_attribute *attr, char *buf)
 {
 	return sysfs_emit(buf, "%d.%d\n",
 			NILFS_CURRENT_REV, NILFS_MINOR_REV);
@@ -1087,7 +1087,7 @@ static const char features_readme_str[] =
 	"(1) revision\n\tshow current revision of NILFS file system driver.\n";
 
 static ssize_t nilfs_feature_README_show(struct kobject *kobj,
-					 struct attribute *attr,
+					 struct kobj_attribute *attr,
 					 char *buf)
 {
 	return sysfs_emit(buf, features_readme_str);
diff --git a/fs/nilfs2/sysfs.h b/fs/nilfs2/sysfs.h
index 78a87a016928..d370cd5cce3f 100644
--- a/fs/nilfs2/sysfs.h
+++ b/fs/nilfs2/sysfs.h
@@ -50,16 +50,16 @@ struct nilfs_sysfs_dev_subgroups {
 	struct completion sg_segments_kobj_unregister;
 };
 
-#define NILFS_COMMON_ATTR_STRUCT(name) \
+#define NILFS_KOBJ_ATTR_STRUCT(name) \
 struct nilfs_##name##_attr { \
 	struct attribute attr; \
-	ssize_t (*show)(struct kobject *, struct attribute *, \
+	ssize_t (*show)(struct kobject *, struct kobj_attribute *, \
 			char *); \
-	ssize_t (*store)(struct kobject *, struct attribute *, \
+	ssize_t (*store)(struct kobject *, struct kobj_attribute *, \
 			 const char *, size_t); \
 }
 
-NILFS_COMMON_ATTR_STRUCT(feature);
+NILFS_KOBJ_ATTR_STRUCT(feature);
 
 #define NILFS_DEV_ATTR_STRUCT(name) \
 struct nilfs_##name##_attr { \

Re: [PATCH -v1 1/2] x86/microcode: Add microcode= cmdline parsing

[Borislav Petkov]

On Thu, Sep 04, 2025 at 04:29:52PM -0700, Nathan Chancellor wrote:
> Does your QEMU boot via UEFI? This configuration has
> 
>   # CONFIG_EFI is not set
> 
> so if I try to boot QEMU via OVMF, I get:
> 
>   BdsDxe: failed to load Boot0002 "UEFI Non-Block Boot Device" from VenMedia(1428F772-B64A-441E-B8C3-9EBDD7F893C7): Not Found
>   BdsDxe: No bootable option or device was found.
>   BdsDxe: Press any key to enter the Boot Manager Menu.
> 
> Turning on CONFIG_EFI and CONFIG_EFI_STUB is enough for me to boot this
> configuration.

Yeah, I'm blindly following the testing instructions because I'm being
a guinea pig for the testing folks. :-)

Looks like those instructions need massaging.

> Looks like this configuration has
> 
>   CONFIG_LTO_CLANG_FULL=y
> 
> so that's not too surprising :) turning that off or making it
> 
>   CONFIG_LTO_CLANG_THIN=y
> 
> should be much quicker.

Yeah, I hear there might be some more room for improvements in parallelizing
more of the LTO work but I dunno - just rumours :-P

> I ran 200 boots using our simple Buildroot initrd and QEMU wrapper
> script [1] and saw no issues, however...

Yeah, that's a nicely debugged issue - I think you should simply send a proper
patch.

Thanks!

-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette

Re: [PATCH -v1 1/2] x86/microcode: Add microcode= cmdline parsing

[Ryusuke Konishi]

On Fri, Sep 5, 2025 at 8:29 AM Nathan Chancellor  wrote:
>
> Hi Boris and the Intel folks,
>
> + Ryusuke and linux-nilfs
>
> On Thu, Sep 04, 2025 at 01:37:52PM +0200, Borislav Petkov wrote:
> > On Tue, Sep 02, 2025 at 04:45:12PM +0800, kernel test robot wrote:
...
>   $ cat /sys/fs/nilfs2/features/revision
>   [    6.975426][  T150] CFI failure at kobj_attr_show+0x59/0x80 (target: nilfs_feature_revision_show+0x0/0x30; expected type: 0xed60cafc)
>   [    6.976822][  T150] Oops: invalid opcode: 0000 [#1] KASAN
>   [    6.977407][  T150] CPU: 0 UID: 0 PID: 150 Comm: cat Not tainted 6.17.0-rc2-00016-g894af4a1cde6 #1 NONE
>   [    6.978432][  T150] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.17.0-0-gb52ca86e094d-prebuilt.qemu.org 04/01/2014
>   [    6.979752][  T150] RIP: 0010:kobj_attr_show+0x59/0x80
>   [    6.980321][  T150] Code: 08 00 74 08 4c 89 e7 e8 05 6b d6 fb 4d 8b 1c 24 4d 85 db 74 1f 4c 89 ff 4c 89 f6 48 89 da 41 ba 04 35 9f 12 45 03 53 f1 74 02 <0f> 0b 41 ff d3 0f 1f 00 eb 07 48 c7 c0 fb ff ff ff 5b 41 5c 41 5e
>   [    6.982456][  T150] RSP: 0018:ffa0000000e17b28 EFLAGS: 00010216
>   [    6.983163][  T150] RAX: 1ffffffff3753765 RBX: ff11000109eca000 RCX: dffffc0000000000
>   [    6.984012][  T150] RDX: ff11000109eca000 RSI: ffffffff9ba9bb00 RDI: ff11000100b4f250
>   [    6.984900][  T150] RBP: ffa0000000e17b48 R08: ff11000109ecafff R09: ff11000109eca000
>   [    6.985830][  T150] R10: 000000007b3f6fc3 R11: ffffffff9541ea80 R12: ffffffff9ba9bb28
>   [    6.986658][  T150] R13: 1fe2200020fdfe80 R14: ffffffff9ba9bb00 R15: ff11000100b4f250
>   [    6.987542][  T150] FS:  00007f4818d2b740(0000) GS:0000000000000000(0000) knlGS:0000000000000000
>   [    6.988508][  T150] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
>   [    6.989241][  T150] CR2: 00007f481899a000 CR3: 0000000109f3b002 CR4: 0000000000371eb0
>   [    6.990120][  T150] Call Trace:
>   [    6.990498][  T150]  <TASK>
>   [    6.990867][  T150]  sysfs_kf_seq_show+0x2a6/0x390
>   [    6.991410][  T150]  ? __cfi_kobj_attr_show+0x10/0x10
>   [    6.992015][  T150]  kernfs_seq_show+0x104/0x15b
>   [    6.992542][  T150]  seq_read_iter+0x580/0xe2b
>   [    6.993076][  T150]  kernfs_fop_read_iter+0x137/0x470
>   [    6.993650][  T150]  new_sync_read+0x27e/0x365
>   [    6.994185][  T150]  vfs_read+0x1e8/0x46b
>   [    6.994650][  T150]  ksys_read+0xc2/0x170
>   [    6.995129][  T150]  __x64_sys_read+0x7f/0x90
>   [    6.995631][  T150]  ? entry_SYSCALL_64_after_hwframe+0x6b/0x73
>   [    6.996299][  T150]  x64_sys_call+0x2589/0x2cdb
>   [    6.996843][  T150]  do_syscall_64+0x89/0xfa0
>   [    6.997343][  T150]  ? irqentry_exit+0x33/0x70
>   [    6.997882][  T150]  ? exc_page_fault+0x96/0xe0
>   [    6.998400][  T150]  entry_SYSCALL_64_after_hwframe+0x6b/0x73
>   [    6.999068][  T150] RIP: 0033:0x7f4818dc11ce
>   [    6.999564][  T150] Code: 4d 89 d8 e8 64 be 00 00 4c 8b 5d f8 41 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 11 c9 c3 0f 1f 80 00 00 00 00 48 8b 45 10 0f 05 <c9> c3 83 e2 39 83 fa 08 75 e7 e8 13 ff ff ff 0f 1f 00 f3 0f 1e fa
>   [    7.001627][  T150] RSP: 002b:00007ffc2d325600 EFLAGS: 00000202 ORIG_RAX: 0000000000000000
>   [    7.002558][  T150] RAX: ffffffffffffffda RBX: 0000000000040000 RCX: 00007f4818dc11ce
>   [    7.003443][  T150] RDX: 0000000000040000 RSI: 00007f481899b000 RDI: 0000000000000003
>   [    7.004363][  T150] RBP: 00007ffc2d325610 R08: 0000000000000000 R09: 0000000000000000
>   [    7.005260][  T150] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000040000
>   [    7.006143][  T150] R13: 00007f481899b000 R14: 0000000000000003 R15: 0000000000000000
>   [    7.007027][  T150]  </TASK>
>   [    7.007411][  T150] Modules linked in:
>   [    7.007994][  T150] ---[ end trace 0000000000000000 ]---
>   [    7.008711][  T150] RIP: 0010:kobj_attr_show+0x59/0x80
>   [    7.009430][  T150] Code: 08 00 74 08 4c 89 e7 e8 05 6b d6 fb 4d 8b 1c 24 4d 85 db 74 1f 4c 89 ff 4c 89 f6 48 89 da 41 ba 04 35 9f 12 45 03 53 f1 74 02 <0f> 0b 41 ff d3 0f 1f 00 eb 07 48 c7 c0 fb ff ff ff 5b 41 5c 41 5e
>   [    7.011712][  T150] RSP: 0018:ffa0000000e17b28 EFLAGS: 00010216
>   [    7.012369][  T150] RAX: 1ffffffff3753765 RBX: ff11000109eca000 RCX: dffffc0000000000
>   [    7.013214][  T150] RDX: ff11000109eca000 RSI: ffffffff9ba9bb00 RDI: ff11000100b4f250
>   [    7.014202][  T150] RBP: ffa0000000e17b48 R08: ff11000109ecafff R09: ff11000109eca000
>   [    7.015201][  T150] R10: 000000007b3f6fc3 R11: ffffffff9541ea80 R12: ffffffff9ba9bb28
>   [    7.016202][  T150] R13: 1fe2200020fdfe80 R14: ffffffff9ba9bb00 R15: ff11000100b4f250
>   [    7.017212][  T150] FS:  00007f4818d2b740(0000) GS:0000000000000000(0000) knlGS:0000000000000000
>   [    7.018332][  T150] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
>   [    7.019154][  T150] CR2: 00007f481899a000 CR3: 0000000109f3b002 CR4: 0000000000371eb0
>   [    7.020147][  T150] Kernel panic - not syncing: Fatal exception
>   [    7.020837][  T150] Kernel Offset: 0x12e00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
>
> The fix should be something like the following, which resolves the issue
> for me.
>
>   nilfs_sysfs_init() ->
>     kset_create_and_add() ->
>       kset_create()
>
> has
>
>   kset->kobj.ktype = &kset_ktype
>
> which is
>
>   static const struct kobj_type kset_ktype = {
>     .sysfs_ops      = &kobj_sysfs_ops,
>     .release        = kset_release,
>     .get_ownership  = kset_get_ownership,
>   };
>
> Note the kobj_sysfs_ops.
>
>   const struct sysfs_ops kobj_sysfs_ops = {
>     .show   = kobj_attr_show,
>     .store  = kobj_attr_store,
>   };
>
> nilfs_feature_attr_group is added to the nilfs_kset->kobj via
> sysfs_create_group(), where the kernfs_ops for each file in
> nilfs_feature_attr_group becomes
>
>   sysfs_create_group() ->
>     internal_create_group() ->
>       create_files() ->
>         sysfs_add_file_mode_ns() ->
>           ops = &sysfs_file_kfops_rw;
>           __kernfs_create_file() ->
>             kn->attr.ops = ops;
>
>   static const struct kernfs_ops sysfs_file_kfops_rw = {
>     .seq_show = sysfs_kf_seq_show,
>     .write    = sysfs_kf_write,
>   };
>
> sysfs_kf_seq_show() calls kobj_attr_show() via
>
>   const struct sysfs_ops *ops = sysfs_file_ops(of->kn);
>   ...
>   count = ops->show(kobj, of->kn->priv, buf);
>
> kobj_attr_show() calls one of the nilfs_feature_*_show() functions via
> after casting to 'struct kobj_attribute':
>
>   kattr = container_of(attr, struct kobj_attribute, attr);
>   if (kattr->show)
>     ret = kattr->show(kobj, kattr, buf);
>
>   struct kobj_attribute {
>     struct attribute attr;
>     ssize_t (*show)(struct kobject *kobj, struct kobj_attribute *attr,
>             char *buf);
>     ssize_t (*store)(struct kobject *kobj, struct kobj_attribute *attr,
>             const char *buf, size_t count);
>   };
>
> So the types of nilfs_feature_*_show() need to match
> kobj_attribute->show() to avoid triggering CFI here.
>
> Cheers,
> Nathan

Thank you very much, Nathan, for sharing your detailed report and
proposing a fix.

I actually performed a reproduction test in an environment with
CONFIG_LTO_CLANG_THIN=y and confirmed that the CFI panic reoccurs, and
that your patch fixes it.

I also followed your analysis of sysfs and concluded that it is
correct and that your changes to the two
nilfs_feature_{revision,README}_show() functions are necessary. I'll
check whether these were necessary from the beginning or whether they
became necessary later.

I'd like to send your proposed fixes upstream, but could you please
send it to me and linux-nilfs in the form of a proper patch? (I'll
need at least your SoB line).

Thank you in advance.

Ryusuke Konishi

Re: [PATCH -v1 1/2] x86/microcode: Add microcode= cmdline parsing

[Nathan Chancellor]

On Fri, Sep 05, 2025 at 10:17:26PM +0900, Ryusuke Konishi wrote:
> Thank you very much, Nathan, for sharing your detailed report and
> proposing a fix.
> 
> I actually performed a reproduction test in an environment with
> CONFIG_LTO_CLANG_THIN=y and confirmed that the CFI panic reoccurs, and
> that your patch fixes it.
> 
> I also followed your analysis of sysfs and concluded that it is
> correct and that your changes to the two
> nilfs_feature_{revision,README}_show() functions are necessary. I'll
> check whether these were necessary from the beginning or whether they
> became necessary later.
> 
> I'd like to send your proposed fixes upstream, but could you please
> send it to me and linux-nilfs in the form of a proper patch? (I'll
> need at least your SoB line).

Thanks for taking a look and confirming :) I have sent a patch with a
proper changelog along for you to take a look at.

https://lore.kernel.org/20250905-nilfs2-fix-features-cfi-violation-v1-1-b5d35136d813@kernel.org/

From what I can tell, this has always been wrong, hence that Fixes tag
but if you disagree, feel free to update it!

Cheers,
Nathan