* [PATCH] x86/mm: fix objtool failure with KMSAN enabled
@ 2026-07-01 12:51 Dmitry Voytik
2026-07-01 13:18 ` Alexander Potapenko
2026-07-02 2:53 ` Borislav Petkov
0 siblings, 2 replies; 11+ messages in thread
From: Dmitry Voytik @ 2026-07-01 12:51 UTC (permalink / raw)
To: Alexander Potapenko, Borislav Petkov, Peter Zijlstra,
Thomas Gleixner, Ingo Molnar, Dave Hansen, Josh Poimboeuf
Cc: Dmitry Vyukov, Andrew Morton, Ankur Arora, H . Peter Anvin,
Nathan Chancellor, Nick Desaulniers, Bill Wendling, Justin Stitt,
Marco Elver, x86, linux-kernel, kasan-dev, linux-mm, llvm,
Dmitry Voytik
This patch fixes broken builds with defconfig + CONFIG_KMSAN +
CONFIG_DEBUG_INFO_*.
To reproduce the issue before the fix:
make mrproper
make LLVM=1 defconfig
./scripts/config -e CONFIG_KMSAN \
-e CONFIG_DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT
make LLVM=1 olddefconfig
make LLVM=1 -j(nproc) vmlinux
...
LD vmlinux.o
vmlinux.o: warning: objtool: folio_zero_user+0x801: undefined stack state
vmlinux.o: error: objtool: folio_zero_user+0x801: unknown CFA base reg -1
make[2]: *** [scripts/Makefile.vmlinux_o:76: vmlinux.o] Error 255
objtool in verbose mode shows how the frame pointer is omitted:
make LLVM=1 OBJTOOL_VERBOSE=1 -j(nproc) vmlinux
...
b15a2c: folio_zero_user+0x7fc xor %eax,%eax
b15a2e: folio_zero_user+0x7fe mov %rcx,%rsp
b15a31: folio_zero_user+0x801 mov %r14,%rdi
b15a34: folio_zero_user+0x804 mov %rbx,%rcx
b15a37: folio_zero_user+0x807 call 0xb15a3c <__clear_pages_unrol
After the fix, the frame pointer is back:
b15a37: 31 c0 xor %eax,%eax
b15a39: 48 89 ec mov %rbp,%rsp
b15a3c: 4c 89 f7 mov %r14,%rdi
b15a3f: 48 89 d9 mov %rbx,%rcx
b15a42: e8 00 00 00 00 call b15a47 <folio_zero_user+0x817>
It seems the issue was introduced by
commit 54a6b89a3db2 ("x86/mm: simplify clear_page_*")
The actual fix is to revert the change how ASM_CALL_CONSTRAINT is
positioned.
Additionally, reintroduce asm_inline to prevent potential compiler
rejection of inlining.
Link: https://lore.kernel.org/CAAX90H2_RPnZL_dFYN7cQF6yt-wAweKKSx2=6e2aZ0kv+Pm+NQ@mail.gmail.com
Signed-off-by: Dmitry Voytik <voytikd@gmail.com>
---
arch/x86/include/asm/page_64.h | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)
diff --git a/arch/x86/include/asm/page_64.h b/arch/x86/include/asm/page_64.h
index 1895c207f629..de8604f0a3a1 100644
--- a/arch/x86/include/asm/page_64.h
+++ b/arch/x86/include/asm/page_64.h
@@ -100,12 +100,13 @@ static inline void clear_pages(void *addr, unsigned int npages)
* __clear_pages_unrolled() are part of the inline asm register
* specification.
*/
- asm volatile(ALTERNATIVE_2("call __clear_pages_unrolled",
- "shrq $3, %%rcx; rep stosq", X86_FEATURE_REP_GOOD,
- "rep stosb", X86_FEATURE_ERMS)
- : "+c" (len), "+D" (addr), ASM_CALL_CONSTRAINT
- : "a" (0)
- : "cc", "memory");
+ asm_inline volatile(
+ ALTERNATIVE_2("call __clear_pages_unrolled",
+ "shrq $3, %%rcx; rep stosq", X86_FEATURE_REP_GOOD,
+ "rep stosb", X86_FEATURE_ERMS)
+ : ASM_CALL_CONSTRAINT, "+c"(len), "+D"(addr)
+ : "a"(0)
+ : "cc", "memory");
}
#define clear_pages clear_pages
--
2.54.0
^ permalink raw reply related [flat|nested] 11+ messages in thread* Re: [PATCH] x86/mm: fix objtool failure with KMSAN enabled 2026-07-01 12:51 [PATCH] x86/mm: fix objtool failure with KMSAN enabled Dmitry Voytik @ 2026-07-01 13:18 ` Alexander Potapenko 2026-07-01 14:45 ` Dmitry Voytik 2026-07-02 2:53 ` Borislav Petkov 1 sibling, 1 reply; 11+ messages in thread From: Alexander Potapenko @ 2026-07-01 13:18 UTC (permalink / raw) To: Dmitry Voytik, Thomas Gleixner Cc: Borislav Petkov, Peter Zijlstra, Ingo Molnar, Dave Hansen, Josh Poimboeuf, Dmitry Vyukov, Andrew Morton, Ankur Arora, H . Peter Anvin, Nathan Chancellor, Nick Desaulniers, Bill Wendling, Justin Stitt, Marco Elver, x86, linux-kernel, kasan-dev, linux-mm, llvm On Wed, Jul 1, 2026 at 2:51 PM Dmitry Voytik <voytikd@gmail.com> wrote: > > This patch fixes broken builds with defconfig + CONFIG_KMSAN + > CONFIG_DEBUG_INFO_*. > > To reproduce the issue before the fix: > make mrproper > make LLVM=1 defconfig > ./scripts/config -e CONFIG_KMSAN \ > -e CONFIG_DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT > make LLVM=1 olddefconfig > make LLVM=1 -j(nproc) vmlinux > ... > LD vmlinux.o > vmlinux.o: warning: objtool: folio_zero_user+0x801: undefined stack state > vmlinux.o: error: objtool: folio_zero_user+0x801: unknown CFA base reg -1 > make[2]: *** [scripts/Makefile.vmlinux_o:76: vmlinux.o] Error 255 > > objtool in verbose mode shows how the frame pointer is omitted: > make LLVM=1 OBJTOOL_VERBOSE=1 -j(nproc) vmlinux > ... > b15a2c: folio_zero_user+0x7fc xor %eax,%eax > b15a2e: folio_zero_user+0x7fe mov %rcx,%rsp > b15a31: folio_zero_user+0x801 mov %r14,%rdi > b15a34: folio_zero_user+0x804 mov %rbx,%rcx > b15a37: folio_zero_user+0x807 call 0xb15a3c <__clear_pages_unrol > > After the fix, the frame pointer is back: > b15a37: 31 c0 xor %eax,%eax > b15a39: 48 89 ec mov %rbp,%rsp > b15a3c: 4c 89 f7 mov %r14,%rdi > b15a3f: 48 89 d9 mov %rbx,%rcx > b15a42: e8 00 00 00 00 call b15a47 <folio_zero_user+0x817> > > It seems the issue was introduced by > commit 54a6b89a3db2 ("x86/mm: simplify clear_page_*") > > The actual fix is to revert the change how ASM_CALL_CONSTRAINT is > positioned. > Additionally, reintroduce asm_inline to prevent potential compiler > rejection of inlining. > > Link: https://lore.kernel.org/CAAX90H2_RPnZL_dFYN7cQF6yt-wAweKKSx2=6e2aZ0kv+Pm+NQ@mail.gmail.com > Signed-off-by: Dmitry Voytik <voytikd@gmail.com> Have you tried running KMSAN with this fix? I tried running with the config that Thomas posted at https://lore.kernel.org/all/87tsqjq3i3.ffs@fw13/ (https://tglx.de/~tglx/config.fail), and it still hangs for me. ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH] x86/mm: fix objtool failure with KMSAN enabled 2026-07-01 13:18 ` Alexander Potapenko @ 2026-07-01 14:45 ` Dmitry Voytik 2026-07-01 15:15 ` Alexander Potapenko 0 siblings, 1 reply; 11+ messages in thread From: Dmitry Voytik @ 2026-07-01 14:45 UTC (permalink / raw) To: Alexander Potapenko Cc: Thomas Gleixner, Borislav Petkov, Peter Zijlstra, Ingo Molnar, Dave Hansen, Josh Poimboeuf, Dmitry Vyukov, Andrew Morton, Ankur Arora, H . Peter Anvin, Nathan Chancellor, Nick Desaulniers, Bill Wendling, Justin Stitt, Marco Elver, x86, linux-kernel, kasan-dev, linux-mm, llvm Hi Alexander, On Wed, Jul 1, 2026 at 3:18 PM Alexander Potapenko <glider@google.com> wrote: > > On Wed, Jul 1, 2026 at 2:51 PM Dmitry Voytik <voytikd@gmail.com> wrote: > > > > This patch fixes broken builds with defconfig + CONFIG_KMSAN + > > CONFIG_DEBUG_INFO_*. > > > > To reproduce the issue before the fix: > > make mrproper > > make LLVM=1 defconfig > > ./scripts/config -e CONFIG_KMSAN \ > > -e CONFIG_DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT > > make LLVM=1 olddefconfig > > make LLVM=1 -j(nproc) vmlinux > > ... > > LD vmlinux.o > > vmlinux.o: warning: objtool: folio_zero_user+0x801: undefined stack state > > vmlinux.o: error: objtool: folio_zero_user+0x801: unknown CFA base reg -1 > > make[2]: *** [scripts/Makefile.vmlinux_o:76: vmlinux.o] Error 255 > > > > objtool in verbose mode shows how the frame pointer is omitted: > > make LLVM=1 OBJTOOL_VERBOSE=1 -j(nproc) vmlinux > > ... > > b15a2c: folio_zero_user+0x7fc xor %eax,%eax > > b15a2e: folio_zero_user+0x7fe mov %rcx,%rsp > > b15a31: folio_zero_user+0x801 mov %r14,%rdi > > b15a34: folio_zero_user+0x804 mov %rbx,%rcx > > b15a37: folio_zero_user+0x807 call 0xb15a3c <__clear_pages_unrol > > > > After the fix, the frame pointer is back: > > b15a37: 31 c0 xor %eax,%eax > > b15a39: 48 89 ec mov %rbp,%rsp > > b15a3c: 4c 89 f7 mov %r14,%rdi > > b15a3f: 48 89 d9 mov %rbx,%rcx > > b15a42: e8 00 00 00 00 call b15a47 <folio_zero_user+0x817> > > > > It seems the issue was introduced by > > commit 54a6b89a3db2 ("x86/mm: simplify clear_page_*") > > > > The actual fix is to revert the change how ASM_CALL_CONSTRAINT is > > positioned. > > Additionally, reintroduce asm_inline to prevent potential compiler > > rejection of inlining. > > > > Link: https://lore.kernel.org/CAAX90H2_RPnZL_dFYN7cQF6yt-wAweKKSx2=6e2aZ0kv+Pm+NQ@mail.gmail.com > > Signed-off-by: Dmitry Voytik <voytikd@gmail.com> > Have you tried running KMSAN with this fix? > > I tried running with the config that Thomas posted at > https://lore.kernel.org/all/87tsqjq3i3.ffs@fw13/ > (https://tglx.de/~tglx/config.fail), and it still hangs for me. I only tested the fix with defconfig + CONFIG_KMSAN + CONFIG_DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT + olddefconfig. qemu-system-x86_64 \ -kernel arch/x86/boot/bzImage \ -append "console=ttyS0" \ -nographic \ -m 8G -smp 4 \ -serial file:serial_output.log Booting from ROM.. [ 0.000000] Linux version 7.1.0-14280-g3dd2bc904bda (voyt@voyt-laptop-dell) (clang version 22.1.6, LLD 22.1.6) #2 SMP PREEMPT_DYNAMIC Wed Jul 1 16:25:28 CEST 2026 ... [ 2.274314] Starting KernelMemorySanitizer [ 2.274356] ATTENTION: KMSAN is a debugging tool! Do not use it on production machines! [ 2.357699] Dynamic Preempt: lazy [ 2.390793] rcu: Preemptible hierarchical RCU implementation. [ 2.391032] rcu: RCU event tracing is enabled. [ 2.391256] rcu: RCU restricting CPUs from NR_CPUS=64 to nr_cpu_ids=4. ... [ 53.009112] /dev/root: Can't open blockdev [ 53.012357] VFS: Cannot open root device "" or unknown-block(0,0): error -6 [ 53.013186] Please append a correct "root=" boot option; here are the available partitions: ... ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH] x86/mm: fix objtool failure with KMSAN enabled 2026-07-01 14:45 ` Dmitry Voytik @ 2026-07-01 15:15 ` Alexander Potapenko 2026-07-01 22:47 ` Dmitry Voytik 0 siblings, 1 reply; 11+ messages in thread From: Alexander Potapenko @ 2026-07-01 15:15 UTC (permalink / raw) To: Dmitry Voytik Cc: Thomas Gleixner, Borislav Petkov, Peter Zijlstra, Ingo Molnar, Dave Hansen, Josh Poimboeuf, Dmitry Vyukov, Andrew Morton, Ankur Arora, H . Peter Anvin, Nathan Chancellor, Nick Desaulniers, Bill Wendling, Justin Stitt, Marco Elver, x86, linux-kernel, kasan-dev, linux-mm, llvm On Wed, Jul 1, 2026 at 4:45 PM Dmitry Voytik <voytikd@gmail.com> wrote: > > Hi Alexander, > > On Wed, Jul 1, 2026 at 3:18 PM Alexander Potapenko <glider@google.com> wrote: > > > > On Wed, Jul 1, 2026 at 2:51 PM Dmitry Voytik <voytikd@gmail.com> wrote: > > > > > > This patch fixes broken builds with defconfig + CONFIG_KMSAN + > > > CONFIG_DEBUG_INFO_*. > > > > > > To reproduce the issue before the fix: > > > make mrproper > > > make LLVM=1 defconfig > > > ./scripts/config -e CONFIG_KMSAN \ > > > -e CONFIG_DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT > > > make LLVM=1 olddefconfig > > > make LLVM=1 -j(nproc) vmlinux > > > ... > > > LD vmlinux.o > > > vmlinux.o: warning: objtool: folio_zero_user+0x801: undefined stack state > > > vmlinux.o: error: objtool: folio_zero_user+0x801: unknown CFA base reg -1 > > > make[2]: *** [scripts/Makefile.vmlinux_o:76: vmlinux.o] Error 255 > > > > > > objtool in verbose mode shows how the frame pointer is omitted: > > > make LLVM=1 OBJTOOL_VERBOSE=1 -j(nproc) vmlinux > > > ... > > > b15a2c: folio_zero_user+0x7fc xor %eax,%eax > > > b15a2e: folio_zero_user+0x7fe mov %rcx,%rsp > > > b15a31: folio_zero_user+0x801 mov %r14,%rdi > > > b15a34: folio_zero_user+0x804 mov %rbx,%rcx > > > b15a37: folio_zero_user+0x807 call 0xb15a3c <__clear_pages_unrol > > > > > > After the fix, the frame pointer is back: > > > b15a37: 31 c0 xor %eax,%eax > > > b15a39: 48 89 ec mov %rbp,%rsp > > > b15a3c: 4c 89 f7 mov %r14,%rdi > > > b15a3f: 48 89 d9 mov %rbx,%rcx > > > b15a42: e8 00 00 00 00 call b15a47 <folio_zero_user+0x817> > > > > > > It seems the issue was introduced by > > > commit 54a6b89a3db2 ("x86/mm: simplify clear_page_*") > > > > > > The actual fix is to revert the change how ASM_CALL_CONSTRAINT is > > > positioned. > > > Additionally, reintroduce asm_inline to prevent potential compiler > > > rejection of inlining. > > > > > > Link: https://lore.kernel.org/CAAX90H2_RPnZL_dFYN7cQF6yt-wAweKKSx2=6e2aZ0kv+Pm+NQ@mail.gmail.com > > > Signed-off-by: Dmitry Voytik <voytikd@gmail.com> > > Have you tried running KMSAN with this fix? > > > > I tried running with the config that Thomas posted at > > https://lore.kernel.org/all/87tsqjq3i3.ffs@fw13/ > > (https://tglx.de/~tglx/config.fail), and it still hangs for me. > > I only tested the fix with defconfig + CONFIG_KMSAN + > CONFIG_DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT + olddefconfig. > > qemu-system-x86_64 \ > -kernel arch/x86/boot/bzImage \ > -append "console=ttyS0" \ > -nographic \ > -m 8G -smp 4 \ > -serial file:serial_output.log > > Booting from ROM.. > [ 0.000000] Linux version 7.1.0-14280-g3dd2bc904bda > (voyt@voyt-laptop-dell) (clang version 22.1.6, LLD 22.1.6) #2 SMP > PREEMPT_DYNAMIC Wed Jul 1 16:25:28 CEST 2026 > ... In fact I think the hangs are being caused by CONFIG_UNWINDER_ORC=y, sorry for the noise. ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH] x86/mm: fix objtool failure with KMSAN enabled 2026-07-01 15:15 ` Alexander Potapenko @ 2026-07-01 22:47 ` Dmitry Voytik 0 siblings, 0 replies; 11+ messages in thread From: Dmitry Voytik @ 2026-07-01 22:47 UTC (permalink / raw) To: Alexander Potapenko Cc: Thomas Gleixner, Borislav Petkov, Peter Zijlstra, Ingo Molnar, Dave Hansen, Josh Poimboeuf, Dmitry Vyukov, Andrew Morton, Ankur Arora, H . Peter Anvin, Nathan Chancellor, Nick Desaulniers, Bill Wendling, Justin Stitt, Marco Elver, x86, linux-kernel, kasan-dev, linux-mm, llvm On Wed, Jul 1, 2026 at 5:16 PM Alexander Potapenko <glider@google.com> wrote: > In fact I think the hangs are being caused by CONFIG_UNWINDER_ORC=y, > sorry for the noise. No worries! Just in case, I double checked with current Linus' tree, defconfig + KMSAN + DEBUG_INFO_* , and it looks like CONFIG_UNWINDER_ORC gets enabled: git pull -r make mrproper make LLVM=1 defconfig ./scripts/config -e CONFIG_KMSAN \ -e CONFIG_DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT make LLVM=1 olddefconfig make LLVM=1 W=ce -j(nproc) bzImage grep CONFIG_UNWINDER_ORC .config CONFIG_UNWINDER_ORC=y and the kernel boots in qemu, so maybe something else is causing (another?) issue? ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH] x86/mm: fix objtool failure with KMSAN enabled 2026-07-01 12:51 [PATCH] x86/mm: fix objtool failure with KMSAN enabled Dmitry Voytik 2026-07-01 13:18 ` Alexander Potapenko @ 2026-07-02 2:53 ` Borislav Petkov 2026-07-02 10:41 ` Dmitry Voytik 1 sibling, 1 reply; 11+ messages in thread From: Borislav Petkov @ 2026-07-02 2:53 UTC (permalink / raw) To: Dmitry Voytik, linux-toolchains Cc: Alexander Potapenko, Peter Zijlstra, Thomas Gleixner, Ingo Molnar, Dave Hansen, Josh Poimboeuf, Dmitry Vyukov, Andrew Morton, Ankur Arora, H . Peter Anvin, Nathan Chancellor, Nick Desaulniers, Bill Wendling, Justin Stitt, Marco Elver, x86, linux-kernel, kasan-dev, linux-mm, llvm On Wed, Jul 01, 2026 at 02:51:51PM +0200, Dmitry Voytik wrote: > This patch fixes broken builds with defconfig + CONFIG_KMSAN + > CONFIG_DEBUG_INFO_*. > > To reproduce the issue before the fix: > make mrproper > make LLVM=1 defconfig > ./scripts/config -e CONFIG_KMSAN \ > -e CONFIG_DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT > make LLVM=1 olddefconfig > make LLVM=1 -j(nproc) vmlinux > ... > LD vmlinux.o > vmlinux.o: warning: objtool: folio_zero_user+0x801: undefined stack state > vmlinux.o: error: objtool: folio_zero_user+0x801: unknown CFA base reg -1 > make[2]: *** [scripts/Makefile.vmlinux_o:76: vmlinux.o] Error 255 > > objtool in verbose mode shows how the frame pointer is omitted: > make LLVM=1 OBJTOOL_VERBOSE=1 -j(nproc) vmlinux > ... > b15a2c: folio_zero_user+0x7fc xor %eax,%eax > b15a2e: folio_zero_user+0x7fe mov %rcx,%rsp > b15a31: folio_zero_user+0x801 mov %r14,%rdi > b15a34: folio_zero_user+0x804 mov %rbx,%rcx > b15a37: folio_zero_user+0x807 call 0xb15a3c <__clear_pages_unrol > > After the fix, the frame pointer is back: > b15a37: 31 c0 xor %eax,%eax > b15a39: 48 89 ec mov %rbp,%rsp > b15a3c: 4c 89 f7 mov %r14,%rdi > b15a3f: 48 89 d9 mov %rbx,%rcx > b15a42: e8 00 00 00 00 call b15a47 <folio_zero_user+0x817> > > It seems the issue was introduced by > commit 54a6b89a3db2 ("x86/mm: simplify clear_page_*") > > The actual fix is to revert the change how ASM_CALL_CONSTRAINT is > positioned. Why? Where does it say that the current stack ptr dependency needs to be the first asm input operand? If that were the case, we have a bunch more of those bugs around the tree. Anyway, + linux-toolchains. > Additionally, reintroduce asm_inline to prevent potential compiler > rejection of inlining. > > Link: https://lore.kernel.org/CAAX90H2_RPnZL_dFYN7cQF6yt-wAweKKSx2=6e2aZ0kv+Pm+NQ@mail.gmail.com > Signed-off-by: Dmitry Voytik <voytikd@gmail.com> > --- > arch/x86/include/asm/page_64.h | 13 +++++++------ > 1 file changed, 7 insertions(+), 6 deletions(-) > > diff --git a/arch/x86/include/asm/page_64.h b/arch/x86/include/asm/page_64.h > index 1895c207f629..de8604f0a3a1 100644 > --- a/arch/x86/include/asm/page_64.h > +++ b/arch/x86/include/asm/page_64.h > @@ -100,12 +100,13 @@ static inline void clear_pages(void *addr, unsigned int npages) > * __clear_pages_unrolled() are part of the inline asm register > * specification. > */ > - asm volatile(ALTERNATIVE_2("call __clear_pages_unrolled", > - "shrq $3, %%rcx; rep stosq", X86_FEATURE_REP_GOOD, > - "rep stosb", X86_FEATURE_ERMS) > - : "+c" (len), "+D" (addr), ASM_CALL_CONSTRAINT > - : "a" (0) > - : "cc", "memory"); > + asm_inline volatile( > + ALTERNATIVE_2("call __clear_pages_unrolled", > + "shrq $3, %%rcx; rep stosq", X86_FEATURE_REP_GOOD, > + "rep stosb", X86_FEATURE_ERMS) > + : ASM_CALL_CONSTRAINT, "+c"(len), "+D"(addr) > + : "a"(0) > + : "cc", "memory"); > } > #define clear_pages clear_pages -- Regards/Gruss, Boris. https://people.kernel.org/tglx/notes-about-netiquette ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH] x86/mm: fix objtool failure with KMSAN enabled 2026-07-02 2:53 ` Borislav Petkov @ 2026-07-02 10:41 ` Dmitry Voytik 2026-07-02 11:15 ` Peter Zijlstra 0 siblings, 1 reply; 11+ messages in thread From: Dmitry Voytik @ 2026-07-02 10:41 UTC (permalink / raw) To: Borislav Petkov Cc: linux-toolchains, Alexander Potapenko, Peter Zijlstra, Thomas Gleixner, Ingo Molnar, Dave Hansen, Josh Poimboeuf, Dmitry Vyukov, Andrew Morton, Ankur Arora, H . Peter Anvin, Nathan Chancellor, Nick Desaulniers, Bill Wendling, Justin Stitt, Marco Elver, x86, linux-kernel, kasan-dev, linux-mm, llvm Hi Borislav, On Thu, Jul 2, 2026 at 4:54 AM Borislav Petkov <bp@alien8.de> wrote: > > On Wed, Jul 01, 2026 at 02:51:51PM +0200, Dmitry Voytik wrote: > > This patch fixes broken builds with defconfig + CONFIG_KMSAN + > > CONFIG_DEBUG_INFO_*. > > > > To reproduce the issue before the fix: > > make mrproper > > make LLVM=1 defconfig > > ./scripts/config -e CONFIG_KMSAN \ > > -e CONFIG_DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT > > make LLVM=1 olddefconfig > > make LLVM=1 -j(nproc) vmlinux > > ... > > LD vmlinux.o > > vmlinux.o: warning: objtool: folio_zero_user+0x801: undefined stack state > > vmlinux.o: error: objtool: folio_zero_user+0x801: unknown CFA base reg -1 > > make[2]: *** [scripts/Makefile.vmlinux_o:76: vmlinux.o] Error 255 > > > > objtool in verbose mode shows how the frame pointer is omitted: > > make LLVM=1 OBJTOOL_VERBOSE=1 -j(nproc) vmlinux > > ... > > b15a2c: folio_zero_user+0x7fc xor %eax,%eax > > b15a2e: folio_zero_user+0x7fe mov %rcx,%rsp > > b15a31: folio_zero_user+0x801 mov %r14,%rdi > > b15a34: folio_zero_user+0x804 mov %rbx,%rcx > > b15a37: folio_zero_user+0x807 call 0xb15a3c <__clear_pages_unrol > > > > After the fix, the frame pointer is back: > > b15a37: 31 c0 xor %eax,%eax > > b15a39: 48 89 ec mov %rbp,%rsp > > b15a3c: 4c 89 f7 mov %r14,%rdi > > b15a3f: 48 89 d9 mov %rbx,%rcx > > b15a42: e8 00 00 00 00 call b15a47 <folio_zero_user+0x817> > > > > It seems the issue was introduced by > > commit 54a6b89a3db2 ("x86/mm: simplify clear_page_*") > > > > The actual fix is to revert the change how ASM_CALL_CONSTRAINT is > > positioned. > > Why? > > Where does it say that the current stack ptr dependency needs to be the first > asm input operand? Very good question. My uneducated guess - bugs in clang. Out of curiosity, I compared (see below) what clang and gcc do when ASM_CALL_CONSTRAINT moves around, and it indeed affects generated code, which is weird. I might just be holding it wrong, like optimization must be on, etc. > If that were the case, we have a bunch more of those bugs around the tree. At least, it makes objtool happy for the defconfig + KMSAN. > Anyway, + linux-toolchains. Thanks for looking into this. Comparing clang and gcc: // clang asm_clang.c -o out // gcc asm_clang.c -o out // objdump -d --disassemble=main out #include <stdio.h> int func() { return 42; } #define __stringify_1(x...) #x #define __stringify(x...) __stringify_1(x) # define __ASM_FORM_RAW(x, ...) __stringify(x,##__VA_ARGS__) # define __ASM_SEL_RAW(a,b) __ASM_FORM_RAW(b) #define __ASM_REG(reg) __ASM_SEL_RAW(e##reg, r##reg) #define _ASM_SP __ASM_REG(sp) register unsigned long current_stack_pointer asm(_ASM_SP); #define ASM_CALL_CONSTRAINT "+r" (current_stack_pointer) int main() { int output_val = 0; __asm__ __volatile__ ( "call func\n\t" : "=a" (output_val) : :); // clang v22.1.6 // 1142: e8 d9 ff ff ff call 1120 <func> // 1147: 89 45 f8 mov %eax,-0x8(%rbp) // gcc: // 112f: e8 e5 ff ff ff call 1119 <func> // 1134: 89 45 fc mov %eax,-0x4(%rbp) __asm__ __volatile__ ( "call func\n\t" : ASM_CALL_CONSTRAINT, "=a" (output_val) : :); // clang v22.1.6 // 114a: 48 89 e0 mov %rsp,%rax // 114d: 48 89 c4 mov %rax,%rsp // 1150: e8 cb ff ff ff call 1120 <func> // 1155: 48 89 e1 mov %rsp,%rcx // 1158: 48 89 cc mov %rcx,%rsp // 115b: 89 45 f8 mov %eax,-0x8(%rbp) // gcc: // 1137: e8 dd ff ff ff call 1119 <func> // 113c: 89 45 fc mov %eax,-0x4(%rbp) __asm__ __volatile__ ( "call func\n\t" : "=a" (output_val), ASM_CALL_CONSTRAINT : :); // clang v22.1.6 // 115e: 48 89 e0 mov %rsp,%rax // 1161: 48 89 c4 mov %rax,%rsp // 1164: e8 b7 ff ff ff call 1120 <func> // 1169: 89 c1 mov %eax,%ecx // 116b: 48 89 e0 mov %rsp,%rax // 116e: 89 4d f8 mov %ecx,-0x8(%rbp) // 1171: 48 89 c4 mov %rax,%rsp // gcc: // 113f: e8 d5 ff ff ff call 1119 <func> // 1144: 89 45 fc mov %eax,-0x4(%rbp) return 0; } > -- > Regards/Gruss, > Boris. > > https://people.kernel.org/tglx/notes-about-netiquette ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH] x86/mm: fix objtool failure with KMSAN enabled 2026-07-02 10:41 ` Dmitry Voytik @ 2026-07-02 11:15 ` Peter Zijlstra 2026-07-02 19:46 ` Thomas Gleixner 0 siblings, 1 reply; 11+ messages in thread From: Peter Zijlstra @ 2026-07-02 11:15 UTC (permalink / raw) To: Dmitry Voytik Cc: Borislav Petkov, linux-toolchains, Alexander Potapenko, Thomas Gleixner, Ingo Molnar, Dave Hansen, Josh Poimboeuf, Dmitry Vyukov, Andrew Morton, Ankur Arora, H . Peter Anvin, Nathan Chancellor, Nick Desaulniers, Bill Wendling, Justin Stitt, Marco Elver, x86, linux-kernel, kasan-dev, linux-mm, llvm On Thu, Jul 02, 2026 at 12:41:09PM +0200, Dmitry Voytik wrote: > Hi Borislav, > > On Thu, Jul 2, 2026 at 4:54 AM Borislav Petkov <bp@alien8.de> wrote: > > > > On Wed, Jul 01, 2026 at 02:51:51PM +0200, Dmitry Voytik wrote: > > > This patch fixes broken builds with defconfig + CONFIG_KMSAN + > > > CONFIG_DEBUG_INFO_*. > > > > > > To reproduce the issue before the fix: > > > make mrproper > > > make LLVM=1 defconfig > > > ./scripts/config -e CONFIG_KMSAN \ > > > -e CONFIG_DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT > > > make LLVM=1 olddefconfig > > > make LLVM=1 -j(nproc) vmlinux > > > ... > > > LD vmlinux.o > > > vmlinux.o: warning: objtool: folio_zero_user+0x801: undefined stack state > > > vmlinux.o: error: objtool: folio_zero_user+0x801: unknown CFA base reg -1 > > > make[2]: *** [scripts/Makefile.vmlinux_o:76: vmlinux.o] Error 255 > > > > > > objtool in verbose mode shows how the frame pointer is omitted: > > > make LLVM=1 OBJTOOL_VERBOSE=1 -j(nproc) vmlinux > > > ... > > > b15a2c: folio_zero_user+0x7fc xor %eax,%eax > > > b15a2e: folio_zero_user+0x7fe mov %rcx,%rsp > > > b15a31: folio_zero_user+0x801 mov %r14,%rdi > > > b15a34: folio_zero_user+0x804 mov %rbx,%rcx > > > b15a37: folio_zero_user+0x807 call 0xb15a3c <__clear_pages_unrol > > > > > > After the fix, the frame pointer is back: > > > b15a37: 31 c0 xor %eax,%eax > > > b15a39: 48 89 ec mov %rbp,%rsp > > > b15a3c: 4c 89 f7 mov %r14,%rdi > > > b15a3f: 48 89 d9 mov %rbx,%rcx > > > b15a42: e8 00 00 00 00 call b15a47 <folio_zero_user+0x817> > > > > > > It seems the issue was introduced by > > > commit 54a6b89a3db2 ("x86/mm: simplify clear_page_*") > > > > > > The actual fix is to revert the change how ASM_CALL_CONSTRAINT is > > > positioned. > > > > Why? > > > > Where does it say that the current stack ptr dependency needs to be the first > > asm input operand? > > Very good question. My uneducated guess - bugs in clang. > Out of curiosity, I compared (see below) what clang and gcc do when > ASM_CALL_CONSTRAINT moves around, and it indeed affects generated > code, which is weird. > I might just be holding it wrong, like optimization must be on, etc. > > > If that were the case, we have a bunch more of those bugs around the tree. > > At least, it makes objtool happy for the defconfig + KMSAN. Yeah, for all the wrong reasons. AFAICT it is one clang bug causing another clang bug to manifest less onerous. This ASM_CALL_CONSTRAINT placement is, for some reason, forcing a stack frame (which is not in fact required), but having a stack frame then avoids the absolutely retarded: mov %rsp, %rcx; 1: mov %rcx, %rsp ... mov %rsp, disp(%rsp) call __msam_foo mov disp(%rsp), %rcx test je 1b construct. Becaus having the stack frame (rbp) then makes all the rsp juggling less of a problem. So on the one hand the __msan 'functions' are special annotated in clang to force re-align the stack. Then it notices the stack is already properly aligned and the actual stack alignment code goes missing, BUT it keeps the save/restore rsp (for raisins). It then furher compounds the failure by spilling the RSP copy onto the stack, and voila, total and utter insanity. I suspect you can simply remove that magic annotate for KMSAM, kernel stacks are always aligned, there no point, what-so-ever, to do the whole save/align/restore thing. There is also this thread from last year, which looks to be a similar/same problem: https://lore.kernel.org/174108458405.14745.4864877018394987266.tip-bot2@tip-bot2 those patches never made it in, Josh was going to rework, but that never quite happened either. And I think we need to, at least temporarily, deal with this, until a fixed clang is released and we can make KMSAN depend on that version, but I worry about the impact of this change on !KMSAN builds. A quick test with folio_zero_user() seems to suggest the ASM_CALL_CONSTRAINT movement (your patch) generates the same code for defconfg as does the unmodified code. The change from the thread linked above (input constraint on __builtin_frame_address(0)) generates different code. A third option is to force FRAME_POINTER=y for KMSAN builds -- for now, until clang is taught to be less insane. ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH] x86/mm: fix objtool failure with KMSAN enabled 2026-07-02 11:15 ` Peter Zijlstra @ 2026-07-02 19:46 ` Thomas Gleixner 2026-07-02 20:05 ` Thomas Gleixner 0 siblings, 1 reply; 11+ messages in thread From: Thomas Gleixner @ 2026-07-02 19:46 UTC (permalink / raw) To: Peter Zijlstra, Dmitry Voytik Cc: Borislav Petkov, linux-toolchains, Alexander Potapenko, Ingo Molnar, Dave Hansen, Josh Poimboeuf, Dmitry Vyukov, Andrew Morton, Ankur Arora, H . Peter Anvin, Nathan Chancellor, Nick Desaulniers, Bill Wendling, Justin Stitt, Marco Elver, x86, linux-kernel, kasan-dev, linux-mm, llvm On Thu, Jul 02 2026 at 13:15, Peter Zijlstra wrote: > A quick test with folio_zero_user() seems to suggest the > ASM_CALL_CONSTRAINT movement (your patch) generates the same code for > defconfg as does the unmodified code. The change from the thread linked > above (input constraint on __builtin_frame_address(0)) generates > different code. > > A third option is to force FRAME_POINTER=y for KMSAN builds -- for now, > until clang is taught to be less insane. With FRAME_POINTER=y I get now with clang-22 vmlinux.o: warning: objtool: folio_zero_user+0xa7b: stack state mismatch: reg1[4]=-1+0 reg2[4]=-2-336 vmlinux.o: warning: objtool: set_ftrace_ops_ro+0x64: relocation to !ENDBR: machine_kexec_prepare+0x8f0 That's with your objtool patch applied. When I remove that then the folio_zero_user one goes away. The relocation to !ENDBR stays. Oh well... ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH] x86/mm: fix objtool failure with KMSAN enabled 2026-07-02 19:46 ` Thomas Gleixner @ 2026-07-02 20:05 ` Thomas Gleixner 2026-07-03 10:34 ` Dmitry Voytik 0 siblings, 1 reply; 11+ messages in thread From: Thomas Gleixner @ 2026-07-02 20:05 UTC (permalink / raw) To: Peter Zijlstra, Dmitry Voytik Cc: Borislav Petkov, linux-toolchains, Alexander Potapenko, Ingo Molnar, Dave Hansen, Josh Poimboeuf, Dmitry Vyukov, Andrew Morton, Ankur Arora, H . Peter Anvin, Nathan Chancellor, Nick Desaulniers, Bill Wendling, Justin Stitt, Marco Elver, x86, linux-kernel, kasan-dev, linux-mm, llvm On Thu, Jul 02 2026 at 21:46, Thomas Gleixner wrote: > On Thu, Jul 02 2026 at 13:15, Peter Zijlstra wrote: >> A quick test with folio_zero_user() seems to suggest the >> ASM_CALL_CONSTRAINT movement (your patch) generates the same code for >> defconfg as does the unmodified code. The change from the thread linked >> above (input constraint on __builtin_frame_address(0)) generates >> different code. >> >> A third option is to force FRAME_POINTER=y for KMSAN builds -- for now, >> until clang is taught to be less insane. > > With FRAME_POINTER=y I get now with clang-22 > > vmlinux.o: warning: objtool: folio_zero_user+0xa7b: stack state mismatch: reg1[4]=-1+0 reg2[4]=-2-336 > vmlinux.o: warning: objtool: set_ftrace_ops_ro+0x64: relocation to !ENDBR: machine_kexec_prepare+0x8f0 > > That's with your objtool patch applied. When I remove that then the > folio_zero_user one goes away. The relocation to !ENDBR stays. > > Oh well... And none of this boots when KMSAN=y .... ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH] x86/mm: fix objtool failure with KMSAN enabled 2026-07-02 20:05 ` Thomas Gleixner @ 2026-07-03 10:34 ` Dmitry Voytik 0 siblings, 0 replies; 11+ messages in thread From: Dmitry Voytik @ 2026-07-03 10:34 UTC (permalink / raw) To: Thomas Gleixner Cc: Peter Zijlstra, Borislav Petkov, linux-toolchains, Alexander Potapenko, Ingo Molnar, Dave Hansen, Josh Poimboeuf, Dmitry Vyukov, Andrew Morton, Ankur Arora, H . Peter Anvin, Nathan Chancellor, Nick Desaulniers, Bill Wendling, Justin Stitt, Marco Elver, x86, linux-kernel, kasan-dev, linux-mm, llvm Hi Thomas, On Thu, Jul 2, 2026 at 10:05 PM Thomas Gleixner <tglx@kernel.org> wrote: > > On Thu, Jul 02 2026 at 21:46, Thomas Gleixner wrote: > > On Thu, Jul 02 2026 at 13:15, Peter Zijlstra wrote: > >> A quick test with folio_zero_user() seems to suggest the > >> ASM_CALL_CONSTRAINT movement (your patch) generates the same code for > >> defconfg as does the unmodified code. The change from the thread linked > >> above (input constraint on __builtin_frame_address(0)) generates > >> different code. > >> > >> A third option is to force FRAME_POINTER=y for KMSAN builds -- for now, > >> until clang is taught to be less insane. > > > > With FRAME_POINTER=y I get now with clang-22 > > > > vmlinux.o: warning: objtool: folio_zero_user+0xa7b: stack state mismatch: reg1[4]=-1+0 reg2[4]=-2-336 > > vmlinux.o: warning: objtool: set_ftrace_ops_ro+0x64: relocation to !ENDBR: machine_kexec_prepare+0x8f0 > > > > That's with your objtool patch applied. When I remove that then the > > folio_zero_user one goes away. The relocation to !ENDBR stays. > > > > Oh well... > > And none of this boots when KMSAN=y .... Thanks for checking this! I wonder if we are debugging clang here because I just retested the patch with CONFIG_FRAME_POINTER on the current Linus' tree and it works in my env: clang --version clang version 22.1.6 git pull -r git show -s --oneline -2 21f3d2b2069e (HEAD -> master) x86/mm: fix objtool failure with KMSAN enabled d2c9a99135da (origin/master, origin/HEAD) Merge tag 'device-id-rework' of git://git.kernel.org/pub/scm/linux/kernel/git/ukleinek/linux make mrproper make LLVM=1 defconfig ./scripts/config \ -e CONFIG_KMSAN \ -e CONFIG_DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT \ -e UNWINDER_FRAME_POINTER make LLVM=1 olddefconfig make LLVM=1 W=ce -j(nproc) bzImage grep -e CONFIG_KMSAN= -e CONFIG_FRAME_POINTER \ -e CONFIG_DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT .config CONFIG_DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT=y CONFIG_FRAME_POINTER=y CONFIG_KMSAN=y qemu-system-x86_64 \ -kernel arch/x86/boot/bzImage \ -accel kvm \ -append "console=ttyS0" \ -nographic \ -m 8G -smp 4 \ -serial file:serial_out.log grep -e 'Linux version' -A1 -e KernelMemorySanitizer -e 'append a correct' serial_out.log [ 0.000000] Linux version 7.2.0-rc1-00009-gb0b29f0286be (voyt@voyt-laptop-dell) (clang version 22.1.6, LLD 22.1.6) #1 SMP PREEMPT_DYNAMIC Fri Jul 3 11:55:02 CEST 2026 [ 0.000000] Command line: console=ttyS0 -- [ 0.218380] Starting KernelMemorySanitizer [ 0.218382] ATTENTION: KMSAN is a debugging tool! Do not use it on production machines! -- [ 4.037384] Please append a correct "root=" boot option; here are the available partitions: [ 4.037772] 0b00 1048575 sr0 Could another CONFIG_ be the culprit on your side? Or, has your clang version some different (buggy?) behaviour? ^ permalink raw reply [flat|nested] 11+ messages in thread
end of thread, other threads:[~2026-07-03 10:34 UTC | newest] Thread overview: 11+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2026-07-01 12:51 [PATCH] x86/mm: fix objtool failure with KMSAN enabled Dmitry Voytik 2026-07-01 13:18 ` Alexander Potapenko 2026-07-01 14:45 ` Dmitry Voytik 2026-07-01 15:15 ` Alexander Potapenko 2026-07-01 22:47 ` Dmitry Voytik 2026-07-02 2:53 ` Borislav Petkov 2026-07-02 10:41 ` Dmitry Voytik 2026-07-02 11:15 ` Peter Zijlstra 2026-07-02 19:46 ` Thomas Gleixner 2026-07-02 20:05 ` Thomas Gleixner 2026-07-03 10:34 ` Dmitry Voytik
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox