Re: Boot regression with bacf6b499e11 ("x86/mm: Use a struct to reduce parameters for SME PGD mapping") on top of -rc8

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Ingo Molnar <mingo@kernel.org>
To: Laura Abbott <labbott@redhat.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>,
	Gabriel C <nix.or.die@gmail.com>, Borislav Petkov <bp@suse.de>,
	Linus Torvalds <torvalds@linux-foundation.org>,
	Peter Zijlstra <peterz@infradead.org>,
	Thomas Gleixner <tglx@linutronix.de>,
	Brijesh Singh <brijesh.singh@amd.com>, X86 ML <x86@kernel.org>,
	Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: Re: Boot regression with bacf6b499e11 ("x86/mm: Use a struct to reduce parameters for SME PGD mapping") on top of -rc8
Date: Sat, 20 Jan 2018 13:33:38 +0100	[thread overview]
Message-ID: <20180120123338.buixvrhlxqo3ev5p@gmail.com> (raw)
In-Reply-To: <6b616ebc-1a8f-0bd7-68be-3674ff99500b@redhat.com>


* Laura Abbott <labbott@redhat.com> wrote:

> The machines I have are a Lenovo X1 Carbon and a Lenovo T470s.
> A Lenovo X220 ThinkPad also reported the problem.
> 
> If I comment out sme_encrypt_kernel it boots:
> 
> diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c
> index 7ba5d819ebe3..443ef5d3f1fa 100644
> --- a/arch/x86/kernel/head64.c
> +++ b/arch/x86/kernel/head64.c
> @@ -158,7 +158,7 @@ unsigned long __head __startup_64(unsigned long
> physaddr,
>         *p += load_delta - sme_get_me_mask();
> 
>         /* Encrypt the kernel and related (if SME is active) */
> -       sme_encrypt_kernel(bp);
> +       //sme_encrypt_kernel(bp);
> 
>         /*
>          * Return the SME encryption mask (if SME is active) to be used as a
> 
> 
> Interestingly, I tried to print the values in sme_active
> (sme_me_mask , sev_enabled) followed by a return at the
> very start of sme_encrypt_kernel and that rebooted as well,
> vs booting if I just kept the return. sme_me_mask and
> sev_enabled are explicitly marked as being in .data,
> is it possible they are ending up in a section that isn't
> yet mapped or did I hit print too early?

So all this is in awfully early code.

I think you should only be able to use early_printk here - is that what you are 
using?

As like Linus I don't see anything explicitly wrong in the patch, it obviously 
made a difference to you and others, and the commenting out experiment verifies 
the bisection result I think.

Here's a brute-force list of historic problems in early code, and an attempt to 
check whether those aspects are fine:

1) stack troubles

The bisected-to patch adds one more C function call parameter, and one of the (low 
probability) possibilities would be for the initial stack to be overflowing.

But stack setup in setup_64() looks fine to me:

        /* Set up the stack for verify_cpu(), similar to initial_stack below */
        leaq    (__end_init_task - SIZEOF_PTREGS)(%rip), %rsp

        /* Sanitize CPU configuration */
        call verify_cpu


__end_init_task is defined as:

#define INIT_TASK_DATA(align)                                           \
        . = ALIGN(align);                                               \
        VMLINUX_SYMBOL(__start_init_task) = .;                          \
        *(.data..init_task)                                             \
        VMLINUX_SYMBOL(__end_init_task) = .;


and we set up space for the init task in arch/x86/kernel/vmlinux.lds.S via:

        /* Data */
        .data : AT(ADDR(.data) - LOAD_OFFSET) {
                /* Start of data section */
                _sdata = .;

                /* init_task */
                INIT_TASK_DATA(THREAD_SIZE)

where THREAD_SIZE is at least 16K of space, more on KASAN.

So we put the initial stack PT_REGS below the end of &init_task - which should all 
be good and there should be plenty of space.

2)

using global variables, which is unsafe in early code if the kernel is 
relocatable.

The bisected to commit uses a new sme_populate_pgd_data to collect variables that 
were already on the stack, which should be position independent and safe.

But the other commits use sme_active(), which does:

bool sme_active(void)
{
        return sme_me_mask && !sev_enabled;
}
EXPORT_SYMBOL(sme_active);

And that looks PIC-unsafe to me, as both are globals:

u64 sme_me_mask __section(.data) = 0;
EXPORT_SYMBOL(sme_me_mask);

Does the code start working if you force sme_active() to 0 while keeping the 
function call, i.e. something like the hack below?

Thanks,

	Ingo

 arch/x86/mm/mem_encrypt.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c
index 3ef362f598e3..52f7db4d08d6 100644
--- a/arch/x86/mm/mem_encrypt.c
+++ b/arch/x86/mm/mem_encrypt.c
@@ -403,7 +403,7 @@ int __init early_set_memory_encrypted(unsigned long vaddr, unsigned long size)
  */
 bool sme_active(void)
 {
-	return sme_me_mask && !sev_enabled;
+	return 0;
 }
 EXPORT_SYMBOL(sme_active);

next prev parent reply	other threads:[~2018-01-20 12:33 UTC|newest]

Thread overview: 24+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-01-20  1:23 Boot regression with bacf6b499e11 ("x86/mm: Use a struct to reduce parameters for SME PGD mapping") on top of -rc8 Laura Abbott
2018-01-20  2:23 ` Gabriel C
2018-01-20  4:02   ` Laura Abbott
2018-01-20  5:25     ` Gabriel C
2018-01-20  6:15       ` Tom Lendacky
2018-01-20  6:57         ` Laura Abbott
2018-01-20  7:03           ` Laura Abbott
2018-01-20 12:08             ` Gabriel C
2018-01-20 12:33           ` Ingo Molnar [this message]
2018-01-20 13:13             ` Ingo Molnar
     [not found]               ` <d2b236d9-ccfc-0cd0-f097-9daba70b86ff@redhat.com>
2018-01-20 17:34                 ` Tom Lendacky
2018-01-21  1:14                   ` [PATCH] x86: Use __nostackprotect for sme_encrypt_kernel Laura Abbott
2018-01-21  1:23                     ` Linus Torvalds
2018-01-21  1:49                       ` Gabriel C
2018-01-21  4:16                         ` Linus Torvalds
2018-01-21  9:37                           ` Greg Kroah-Hartman
2018-01-21  9:50                             ` Ingo Molnar
2018-01-21 10:36                               ` Greg Kroah-Hartman
2018-01-21  8:46                       ` Ingo Molnar
2018-01-20 12:01         ` Boot regression with bacf6b499e11 ("x86/mm: Use a struct to reduce parameters for SME PGD mapping") on top of -rc8 Gabriel C
2018-01-20  2:38 ` Linus Torvalds
2018-01-20  4:13   ` Tom Lendacky
2018-01-20 12:12 ` Ingo Molnar
2018-01-20 15:35   ` Laura Abbott

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:3ef362f598e dfblob:52f7db4d08d )
 OR (
bs:"Re: Boot regression with bacf6b499e11 ("
bs:"x86/mm: Use a struct to reduce parameters for SME PGD mapping"
bs:") on top of -rc8" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20180120123338.buixvrhlxqo3ev5p@gmail.com \
    --to=mingo@kernel.org \
    --cc=bp@suse.de \
    --cc=brijesh.singh@amd.com \
    --cc=labbott@redhat.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=nix.or.die@gmail.com \
    --cc=peterz@infradead.org \
    --cc=tglx@linutronix.de \
    --cc=thomas.lendacky@amd.com \
    --cc=torvalds@linux-foundation.org \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox