Bug 216385 - 5.19 regression: CONFIG_RETPOLINE=n CONFIG_AMD_MEM_ENCRYPT=y crashes on boot
Summary: 5.19 regression: CONFIG_RETPOLINE=n CONFIG_AMD_MEM_ENCRYPT=y crashes on boot
Status: NEW
Alias: None
Product: Platform Specific/Hardware
Classification: Unclassified
Component: x86-64 (show other bugs)
Hardware: AMD Linux
: P1 low
Assignee: platform_x86_64@kernel-bugs.osdl.org
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2022-08-19 22:47 UTC by Chris Harrington
Modified: 2022-08-25 15:06 UTC (History)
4 users (show)

See Also:
Kernel Version: 5.19
Subsystem:
Regression: No
Bisected commit-id:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Chris Harrington 2022-08-19 22:47:44 UTC 
AMD memory encryption, if enabled during boot, crashes when retpoline is not enabled in the kernel.

Bisected:
efac0eedfab515e523cde5cb7a62289eb2ee58f8 is the first bad commit
commit efac0eedfab515e523cde5cb7a62289eb2ee58f8
Author: Brijesh Singh <brijesh.singh@amd.com>
Date:   Wed Feb 9 12:10:13 2022 -0600

    x86/kernel: Mark the .bss..decrypted section as shared in the RMP table

    The encryption attribute for the .bss..decrypted section is cleared in the
    initial page table build. This is because the section contains the data
    that need to be shared between the guest and the hypervisor.

    When SEV-SNP is active, just clearing the encryption attribute in the
    page table is not enough. The page state needs to be updated in the RMP
    table.

    Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
    Signed-off-by: Borislav Petkov <bp@suse.de>
    Link: https://lore.kernel.org/r/20220307213356.2797205-20-brijesh.singh@amd.com

 arch/x86/kernel/head64.c | 13 +++++++++++++
 1 file changed, 13 insertions(+)

Relevant config:
$ zcat /proc/config.gz | grep -E '(RETPOLINE|AMD_MEM_ENCRYPT)'
# CONFIG_RETPOLINE is not set
CONFIG_AMD_MEM_ENCRYPT=y
CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT=y

Adding mem_encrypt=off to cmdline in grub avoids the crash. Since the crash is so early in boot, no output is visible; it reverts to the BIOS almost immediately.

Severity low, because this is admittedly a niche configuration. Most folks will either not enable SME, or won't enable it by default, or will enable retpolines. Also only impacts AMD processors, of course. There's a mailing list thread that also seems to implicate this commit:
https://lore.kernel.org/all/YqfabnTRxFSM+LoX@google.com/
Comment 1 Borislav Petkov 2022-08-25 11:19:25 UTC 
Does that fix it:

https://git.kernel.org/tip/cdaa0a407f1acd3a44861e3aea6e3c7349e668f1

?
Comment 2 Chris Harrington 2022-08-25 15:06:32 UTC 
(In reply to Borislav Petkov from comment #1)
> Does that fix it:
> 
> https://git.kernel.org/tip/cdaa0a407f1acd3a44861e3aea6e3c7349e668f1
> 
> ?

Yes.

Tested by cloning https://kernel.googlesource.com/pub/scm/linux/kernel/git/tip/tip.git , checking out v5.19, build, install, reboot, and validating that the issue is still present.
Then doing:
curl 'https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/patch/?id=cdaa0a407f1acd3a44861e3aea6e3c7349e668f1' | patch -p1
followed by build, install, reboot, with success.

$ dmesg | grep -iE '(encrypt|command|retpoline)'
[    0.000000] Command line: BOOT_IMAGE=/vmlinuz-5.19.0-shore-dirty root=/dev/nvme0n1p2 ro rootwait mitigations=off
[    0.063658] Kernel command line: BOOT_IMAGE=/vmlinuz-5.19.0-shore-dirty root=/dev/nvme0n1p2 ro rootwait mitigations=off
[    0.063679] Unknown kernel command line parameters "BOOT_IMAGE=/vmlinuz-5.19.0-shore-dirty", will be passed to user space.
[    0.154478] Memory Encryption Features active: AMD SME

$ zcat /proc/config.gz | grep -E '(RETPOLINE|AMD_MEM_ENCRYPT)'
CONFIG_AMD_MEM_ENCRYPT=y
CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT=y
Note You need to log in before you can comment on or make changes to this bug.