ACK: [SRU][F, J][PATCH 0/1] Encountering an issue with memcpy_fromio causing failed boot of SEV-enabled guest

Andrei Gherzan andrei.gherzan at canonical.com
Mon May 22 09:44:48 UTC 2023 

On 23/05/22 03:44PM, Chengen Du wrote:
> BugLink: https://bugs.launchpad.net/bugs/2020319
> 
> SRU Justification:
> 
> [Impact]
> When launching a SEV-enabled guest, the guest kernel panics with the following call trace,
> indicating a critical error in the system.
> 
> ==========
> [ 1.090638] software IO TLB: Memory encryption is active and system is using DMA bounce buffers
> [ 1.092105] Linux agpgart interface v0.103
> [ 1.092716] BUG: unable to handle page fault for address: ffff9b820003d068
> [ 1.093445] #PF: supervisor read access in kernel mode
> [ 1.093966] #PF: error_code(0x0000) - not-present page
> [ 1.094481] PGD 800100000067 P4D 800100000067 PUD 8001001d7067 PMD 8001001da067 PTE 80000000fed40173
> [ 1.094629] Oops: 0000 [#1] SMP NOPTI
> [ 1.094629] CPU: 1 PID: 1 Comm: swapper/0 Not tainted 5.15.0-46-generic #49-Ubuntu
> [ 1.094629] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015
> [ 1.094629] RIP: 0010:memcpy_fromio+0x27/0x50
> [ 1.094629] Code: cc cc cc 0f 1f 44 00 00 55 48 89 e5 48 85 d2 74 28 40 f6 c6 01 75 30 48 83 fa 01 76 06 40 f6 c6 02 75 1c 48 89 d1 48 c1 e9 02 <f3> a5 f6 c2 02 74 02 66 a5 f6 c2 01 74 01 a4 5d e9 14 b3 97 00 66
> [ 1.094629] RSP: 0018:ffff9b820001ba50 EFLAGS: 00010212
> [ 1.094629] RAX: ffff9b820003d040 RBX: ffff9b820001bac0 RCX: 0000000000000002
> [ 1.094629] RDX: 0000000000000008 RSI: ffff9b820003d068 RDI: ffff9b820001ba90
> [ 1.094629] RBP: ffff9b820001ba50 R08: 0000000000000f80 R09: 0000000000000f80
> [ 1.094629] R10: 00000000fed40080 R11: ffff9b820001bac0 R12: ffff8cc7068eca48
> [ 1.094629] R13: ffff8cc700a64288 R14: 0000000000000000 R15: 00000000fed40080
> [ 1.094629] FS: 0000000000000000(0000) GS:ffff8cc77bd00000(0000) knlGS:0000000000000000
> [ 1.094629] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [ 1.094629] CR2: ffff9b820003d068 CR3: 0000800174a10000 CR4: 0000000000350ee0
> [ 1.094629] Call Trace:
> [ 1.094629] <TASK>
> [ 1.094629] crb_map_io+0x315/0x870
> [ 1.094629] ? radix_tree_iter_tag_clear+0x12/0x20
> [ 1.094629] ? _raw_spin_unlock_irqrestore+0xe/0x30
> [ 1.094629] crb_acpi_add+0xc2/0x140
> [ 1.094629] acpi_device_probe+0x4c/0x170
> [ 1.094629] really_probe+0x222/0x420
> [ 1.094629] __driver_probe_device+0x119/0x190
> [ 1.094629] driver_probe_device+0x23/0xc0
> [ 1.094629] __driver_attach+0xbd/0x1e0
> [ 1.094629] ? __device_attach_driver+0x120/0x120
> [ 1.094629] bus_for_each_dev+0x7e/0xd0
> [ 1.094629] driver_attach+0x1e/0x30
> [ 1.094629] bus_add_driver+0x139/0x200
> [ 1.094629] driver_register+0x95/0x100
> [ 1.094629] ? init_tis+0xfd/0xfd
> [ 1.094629] acpi_bus_register_driver+0x39/0x50
> [ 1.094629] crb_acpi_driver_init+0x15/0x1b
> [ 1.094629] do_one_initcall+0x48/0x1e0
> [ 1.094629] do_initcalls+0x12f/0x159
> [ 1.094629] kernel_init_freeable+0x162/0x1b5
> [ 1.094629] ? rest_init+0x100/0x100
> [ 1.094629] kernel_init+0x1b/0x150
> [ 1.094629] ? rest_init+0x100/0x100
> [ 1.094629] ret_from_fork+0x22/0x30
> [ 1.094629] </TASK>
> [ 1.094629] Modules linked in:
> [ 1.094629] CR2: ffff9b820003d068
> [ 1.094629] ---[ end trace 3d6d81c42a3c2030 ]---
> [ 1.094629] RIP: 0010:memcpy_fromio+0x27/0x50
> [ 1.094629] Code: cc cc cc 0f 1f 44 00 00 55 48 89 e5 48 85 d2 74 28 40 f6 c6 01 75 30 48 83 fa 01 76 06 40 f6 c6 02 75 1c 48 89 d1 48 c1 e9 02 <f3> a5 f6 c2 02 74 02 66 a5 f6 c2 01 74 01 a4 5d e9 14 b3 97 00 66
> [ 1.094629] RSP: 0018:ffff9b820001ba50 EFLAGS: 00010212
> [ 1.094629] RAX: ffff9b820003d040 RBX: ffff9b820001bac0 RCX: 0000000000000002
> [ 1.094629] RDX: 0000000000000008 RSI: ffff9b820003d068 RDI: ffff9b820001ba90
> [ 1.094629] RBP: ffff9b820001ba50 R08: 0000000000000f80 R09: 0000000000000f80
> [ 1.094629] R10: 00000000fed40080 R11: ffff9b820001bac0 R12: ffff8cc7068eca48
> [ 1.094629] R13: ffff8cc700a64288 R14: 0000000000000000 R15: 00000000fed40080
> [ 1.094629] FS: 0000000000000000(0000) GS:ffff8cc77bd00000(0000) knlGS:0000000000000000
> [ 1.094629] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [ 1.094629] CR2: ffff9b820003d068 CR3: 0000800174a10000 CR4: 0000000000350ee0
> [ 1.094629] Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000009
> [ 1.094629] Kernel Offset: 0x200000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
> [ 1.094629] ---[ end Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000009 ]---
> ==========
> 
> [Fix]
> The issue arises when launching kernels in libvirt-managed SEV virtual machines due to the addition of a tpm-crb device by virt-install.
> Upstream commit 4009a4ac82dd has fixed this issue.
> ==========
> Author: Joerg Roedel <jroedel at suse.de>
> Date: Mon Mar 21 10:33:51 2022 +0100
> 
> x86/sev: Unroll string mmio with CC_ATTR_GUEST_UNROLL_STRING_IO
> 
> The io-specific memcpy/memset functions use string mmio accesses to do
> their work. Under SEV, the hypervisor can't emulate these instructions
> because they read/write directly from/to encrypted memory.
> ==========
> 
> [Test Plan]
> 1. Use virt-install to create a SEV-enabled guest
> virt-install --name sev_guest --memory 16384 --vcpus 16 --boot uefi --disk /root/focal-server-cloudimg-amd64.img,device=disk,bus=scsi --os-variant ubuntu20.04 --import --controller type=scsi,model=virtio-scsi,driver.iommu=on --controller type=virtio-serial,driver.iommu=on --network default --memballoon driver.iommu=on --graphics none --launchSecurity sev --noautoconsole
> 2. Poweron the guest and kernel panic occurred.
> 
> [Where problems could occur]
> SEV doesn't support string I/O, so the patch unrolls the string I/O operation into a loop operating on one element at a time.
> The affected range is limited to virtual machines and specific platforms that support SEV (i.e., AMD Epyc) and have SEV-ES not enabled.
> 
> Joerg Roedel (1):
>   x86/sev: Unroll string mmio with CC_ATTR_GUEST_UNROLL_STRING_IO
> 
>  arch/x86/lib/iomem.c | 65 ++++++++++++++++++++++++++++++++++++++------
>  1 file changed, 57 insertions(+), 8 deletions(-)
> 
> -- 
> 2.39.2

Acked-by: Andrei Gherzan <andrei.gherzan at canonical.com>

-- 
Andrei Gherzan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20230522/531dc6c1/attachment.sig>

More information about the kernel-team mailing list