On Tue, Oct 10, 2023 at 10:19:38AM +0200, Borislav Petkov wrote:
On Tue, Oct 10, 2023 at 08:37:16AM +0300, Kirill A. Shutemov wrote:
On machines with 5-level paging, cpu_feature_enabled(X86_FEATURE_LA57) got patched. It includes KASAN code, where KASAN_SHADOW_START depends on __VIRTUAL_MASK_SHIFT, which is defined with the cpu_feature_enabled().
So use boot_cpu_has(X86_FEATURE_LA57).
__VIRTUAL_MASK_SHIFT used in many places. I don't think it is good idea to give up on patching completely.
It seems that KASAN gets confused when apply_alternatives() patches the
It seems?
Admittedly, I don't understand KASAN well enough. I confirmed my idea indirectly, by patching KASASN_SHADOW_START, as I mentioned.
KASAN_SHADOW_START users. A test patch that makes KASAN_SHADOW_START static, by replacing __VIRTUAL_MASK_SHIFT with 56, fixes the issue.
During text_poke_early() in apply_alternatives(), KASAN should be disabled. KASAN is already disabled in non-_early() text_poke().
It is unclear why the issue was not reported earlier. Bisecting does not help. Older kernels trigger the issue less frequently, but it still occurs. In the absence of any other clear offenders, the initial dynamic 5-level paging support is to blame.
This whole thing sounds like it is still not really clear what is actually happening...
Maybe KASAN folks can help to understand the situation.