[PATCH] x86/sev: Work around broken noinstr on GCC

linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH] x86/sev: Work around broken noinstr on GCC
@ 2025-07-14  7:34 Ard Biesheuvel
  2025-07-14 10:27 ` Borislav Petkov
                   ` (2 more replies)
  0 siblings, 3 replies; 5+ messages in thread
From: Ard Biesheuvel @ 2025-07-14  7:34 UTC (permalink / raw)
  To: linux-kernel; +Cc: x86, Ard Biesheuvel, Randy Dunlap

From: Ard Biesheuvel <ardb@kernel.org>

Forcibly disable KCSAN for the sev-nmi.c source file, which only
contains functions annotated as 'noinstr' but is emitted with calls to
KCSAN instrumentation nonetheless. E.g.,

  vmlinux.o: error: objtool: __sev_es_nmi_complete+0x58: call to __kcsan_check_access() leaves .noinstr.text section
  make[2]: *** [/usr/local/google/home/ardb/linux/scripts/Makefile.vmlinux_o:72: vmlinux.o] Error 1

Reported-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 arch/x86/coco/sev/Makefile | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/arch/x86/coco/sev/Makefile b/arch/x86/coco/sev/Makefile
index db3255b979bd..342d79f0ab6a 100644
--- a/arch/x86/coco/sev/Makefile
+++ b/arch/x86/coco/sev/Makefile
@@ -5,5 +5,6 @@ obj-y += core.o sev-nmi.o vc-handle.o
 # Clang 14 and older may fail to respect __no_sanitize_undefined when inlining
 UBSAN_SANITIZE_sev-nmi.o	:= n
 
-# GCC may fail to respect __no_sanitize_address when inlining
+# GCC may fail to respect __no_sanitize_address or __no_kcsan when inlining
 KASAN_SANITIZE_sev-nmi.o	:= n
+KCSAN_SANITIZE_sev-nmi.o	:= n
-- 
2.50.0.727.gbf7dc18ff4-goog


^ permalink raw reply related	[flat|nested] 5+ messages in thread

* Re: [PATCH] x86/sev: Work around broken noinstr on GCC
  2025-07-14  7:34 [PATCH] x86/sev: Work around broken noinstr on GCC Ard Biesheuvel
@ 2025-07-14 10:27 ` Borislav Petkov
  2025-07-14 23:22   ` Ard Biesheuvel
  2025-07-15  3:07 ` Randy Dunlap
  2025-07-15  8:39 ` [tip: x86/urgent] " tip-bot2 for Ard Biesheuvel
  2 siblings, 1 reply; 5+ messages in thread
From: Borislav Petkov @ 2025-07-14 10:27 UTC (permalink / raw)
  To: Ard Biesheuvel; +Cc: linux-kernel, x86, Ard Biesheuvel, Randy Dunlap

On Mon, Jul 14, 2025 at 09:34:03AM +0200, Ard Biesheuvel wrote:
> From: Ard Biesheuvel <ardb@kernel.org>
> 
> Forcibly disable KCSAN for the sev-nmi.c source file, which only
> contains functions annotated as 'noinstr' but is emitted with calls to
> KCSAN instrumentation nonetheless. E.g.,
> 
>   vmlinux.o: error: objtool: __sev_es_nmi_complete+0x58: call to __kcsan_check_access() leaves .noinstr.text section
>   make[2]: *** [/usr/local/google/home/ardb/linux/scripts/Makefile.vmlinux_o:72: vmlinux.o] Error 1
> 
> Reported-by: Randy Dunlap <rdunlap@infradead.org>
> Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
> ---
>  arch/x86/coco/sev/Makefile | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/arch/x86/coco/sev/Makefile b/arch/x86/coco/sev/Makefile
> index db3255b979bd..342d79f0ab6a 100644
> --- a/arch/x86/coco/sev/Makefile
> +++ b/arch/x86/coco/sev/Makefile
> @@ -5,5 +5,6 @@ obj-y += core.o sev-nmi.o vc-handle.o
>  # Clang 14 and older may fail to respect __no_sanitize_undefined when inlining
>  UBSAN_SANITIZE_sev-nmi.o	:= n
>  
> -# GCC may fail to respect __no_sanitize_address when inlining
> +# GCC may fail to respect __no_sanitize_address or __no_kcsan when inlining
>  KASAN_SANITIZE_sev-nmi.o	:= n
> +KCSAN_SANITIZE_sev-nmi.o	:= n
> -- 

Hmm, so this points to the carve out:

b66fcee1574e ("x86/sev: Move noinstr NMI handling code into separate source file")

but then we didn't do any KCSAN exclusion to SEV code before either.

I guess send this to Linus now so that it is in 6.16?

Hmm.

-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] x86/sev: Work around broken noinstr on GCC
  2025-07-14 10:27 ` Borislav Petkov
@ 2025-07-14 23:22   ` Ard Biesheuvel
  0 siblings, 0 replies; 5+ messages in thread
From: Ard Biesheuvel @ 2025-07-14 23:22 UTC (permalink / raw)
  To: Borislav Petkov; +Cc: Ard Biesheuvel, linux-kernel, x86, Randy Dunlap

On Mon, 14 Jul 2025 at 20:27, Borislav Petkov <bp@alien8.de> wrote:
>
> On Mon, Jul 14, 2025 at 09:34:03AM +0200, Ard Biesheuvel wrote:
> > From: Ard Biesheuvel <ardb@kernel.org>
> >
> > Forcibly disable KCSAN for the sev-nmi.c source file, which only
> > contains functions annotated as 'noinstr' but is emitted with calls to
> > KCSAN instrumentation nonetheless. E.g.,
> >
> >   vmlinux.o: error: objtool: __sev_es_nmi_complete+0x58: call to __kcsan_check_access() leaves .noinstr.text section
> >   make[2]: *** [/usr/local/google/home/ardb/linux/scripts/Makefile.vmlinux_o:72: vmlinux.o] Error 1
> >
> > Reported-by: Randy Dunlap <rdunlap@infradead.org>
> > Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
> > ---
> >  arch/x86/coco/sev/Makefile | 3 ++-
> >  1 file changed, 2 insertions(+), 1 deletion(-)
> >
> > diff --git a/arch/x86/coco/sev/Makefile b/arch/x86/coco/sev/Makefile
> > index db3255b979bd..342d79f0ab6a 100644
> > --- a/arch/x86/coco/sev/Makefile
> > +++ b/arch/x86/coco/sev/Makefile
> > @@ -5,5 +5,6 @@ obj-y += core.o sev-nmi.o vc-handle.o
> >  # Clang 14 and older may fail to respect __no_sanitize_undefined when inlining
> >  UBSAN_SANITIZE_sev-nmi.o     := n
> >
> > -# GCC may fail to respect __no_sanitize_address when inlining
> > +# GCC may fail to respect __no_sanitize_address or __no_kcsan when inlining
> >  KASAN_SANITIZE_sev-nmi.o     := n
> > +KCSAN_SANITIZE_sev-nmi.o     := n
> > --
>
> Hmm, so this points to the carve out:
>
> b66fcee1574e ("x86/sev: Move noinstr NMI handling code into separate source file")
>
> but then we didn't do any KCSAN exclusion to SEV code before either.
>

This is actually an oversight on my part,

Fixes: a3cbbb4717e1 ("x86/boot: Move SEV startup code into startup/")

> I guess send this to Linus now so that it is in 6.16?
>

Yes.

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] x86/sev: Work around broken noinstr on GCC
  2025-07-14  7:34 [PATCH] x86/sev: Work around broken noinstr on GCC Ard Biesheuvel
  2025-07-14 10:27 ` Borislav Petkov
@ 2025-07-15  3:07 ` Randy Dunlap
  2025-07-15  8:39 ` [tip: x86/urgent] " tip-bot2 for Ard Biesheuvel
  2 siblings, 0 replies; 5+ messages in thread
From: Randy Dunlap @ 2025-07-15  3:07 UTC (permalink / raw)
  To: Ard Biesheuvel, linux-kernel; +Cc: x86, Ard Biesheuvel



On 7/14/25 12:34 AM, Ard Biesheuvel wrote:
> From: Ard Biesheuvel <ardb@kernel.org>
> 
> Forcibly disable KCSAN for the sev-nmi.c source file, which only
> contains functions annotated as 'noinstr' but is emitted with calls to
> KCSAN instrumentation nonetheless. E.g.,
> 
>   vmlinux.o: error: objtool: __sev_es_nmi_complete+0x58: call to __kcsan_check_access() leaves .noinstr.text section
>   make[2]: *** [/usr/local/google/home/ardb/linux/scripts/Makefile.vmlinux_o:72: vmlinux.o] Error 1
> 
> Reported-by: Randy Dunlap <rdunlap@infradead.org>

Acked-by: Randy Dunlap <rdunlap@infradead.org>
Tested-by: Randy Dunlap <rdunlap@infradead.org>

Thanks.

> Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
> ---
>  arch/x86/coco/sev/Makefile | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/arch/x86/coco/sev/Makefile b/arch/x86/coco/sev/Makefile
> index db3255b979bd..342d79f0ab6a 100644
> --- a/arch/x86/coco/sev/Makefile
> +++ b/arch/x86/coco/sev/Makefile
> @@ -5,5 +5,6 @@ obj-y += core.o sev-nmi.o vc-handle.o
>  # Clang 14 and older may fail to respect __no_sanitize_undefined when inlining
>  UBSAN_SANITIZE_sev-nmi.o	:= n
>  
> -# GCC may fail to respect __no_sanitize_address when inlining
> +# GCC may fail to respect __no_sanitize_address or __no_kcsan when inlining
>  KASAN_SANITIZE_sev-nmi.o	:= n
> +KCSAN_SANITIZE_sev-nmi.o	:= n

-- 
~Randy

^ permalink raw reply	[flat|nested] 5+ messages in thread

* [tip: x86/urgent] x86/sev: Work around broken noinstr on GCC
  2025-07-14  7:34 [PATCH] x86/sev: Work around broken noinstr on GCC Ard Biesheuvel
  2025-07-14 10:27 ` Borislav Petkov
  2025-07-15  3:07 ` Randy Dunlap
@ 2025-07-15  8:39 ` tip-bot2 for Ard Biesheuvel
  2 siblings, 0 replies; 5+ messages in thread
From: tip-bot2 for Ard Biesheuvel @ 2025-07-15  8:39 UTC (permalink / raw)
  To: linux-tip-commits
  Cc: Randy Dunlap, Ard Biesheuvel, Borislav Petkov (AMD), x86,
	linux-kernel

The following commit has been merged into the x86/urgent branch of tip:

Commit-ID:     6b995d01683feae619aa3263d18a6aa19bface16
Gitweb:        https://git.kernel.org/tip/6b995d01683feae619aa3263d18a6aa19bface16
Author:        Ard Biesheuvel <ardb@kernel.org>
AuthorDate:    Mon, 14 Jul 2025 09:34:03 +02:00
Committer:     Borislav Petkov (AMD) <bp@alien8.de>
CommitterDate: Tue, 15 Jul 2025 10:12:25 +02:00

x86/sev: Work around broken noinstr on GCC

Forcibly disable KCSAN for the sev-nmi.c source file, which only
contains functions annotated as 'noinstr' but is emitted with calls to
KCSAN instrumentation nonetheless. E.g.,

  vmlinux.o: error: objtool: __sev_es_nmi_complete+0x58: call to __kcsan_check_access() leaves .noinstr.text section
  make[2]: *** [/usr/local/google/home/ardb/linux/scripts/Makefile.vmlinux_o:72: vmlinux.o] Error 1

Fixes: a3cbbb4717e1 ("x86/boot: Move SEV startup code into startup/")
Reported-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Acked-by: Randy Dunlap <rdunlap@infradead.org>
Tested-by: Randy Dunlap <rdunlap@infradead.org>
Link: https://lore.kernel.org/20250714073402.4107091-2-ardb+git@google.com
---
 arch/x86/coco/sev/Makefile | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/arch/x86/coco/sev/Makefile b/arch/x86/coco/sev/Makefile
index db3255b..342d79f 100644
--- a/arch/x86/coco/sev/Makefile
+++ b/arch/x86/coco/sev/Makefile
@@ -5,5 +5,6 @@ obj-y += core.o sev-nmi.o vc-handle.o
 # Clang 14 and older may fail to respect __no_sanitize_undefined when inlining
 UBSAN_SANITIZE_sev-nmi.o	:= n
 
-# GCC may fail to respect __no_sanitize_address when inlining
+# GCC may fail to respect __no_sanitize_address or __no_kcsan when inlining
 KASAN_SANITIZE_sev-nmi.o	:= n
+KCSAN_SANITIZE_sev-nmi.o	:= n

^ permalink raw reply related	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2025-07-15  8:40 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-07-14  7:34 [PATCH] x86/sev: Work around broken noinstr on GCC Ard Biesheuvel
2025-07-14 10:27 ` Borislav Petkov
2025-07-14 23:22   ` Ard Biesheuvel
2025-07-15  3:07 ` Randy Dunlap
2025-07-15  8:39 ` [tip: x86/urgent] " tip-bot2 for Ard Biesheuvel

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).