Re: [PATCH] x86/sev: Disable UBSAN on SEV code that may execute very early

[Nathan Chancellor]

On Wed, Jan 01, 2025 at 12:51:20PM +0100, Ard Biesheuvel wrote:
> Clang 14 and older may emit UBSAN instrumentation into code that is
> inlined into functions marked with __no_sanitize_undefined. This may
> result in faults when the code is executed very early, which may be the
> case for functions annotated as __head. Now that this requirement is
> strictly enforced, the build will fail in this case with the following
> message
> 
>   Absolute reference to symbol '.data' not permitted in .head.text
> 
> Work around this by disabling UBSAN instrumentation on all SEV core
> code.
> 
> Cc: Borislav Petkov <bp@xxxxxxxxx>
> Cc: Nathan Chancellor <nathan@xxxxxxxxxx>
> Signed-off-by: Ard Biesheuvel <ardb@xxxxxxxxxx>

Seems reasonable to me.

Reviewed-by: Nathan Chancellor <nathan@xxxxxxxxxx>

> ---
>  arch/x86/coco/sev/Makefile | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/arch/x86/coco/sev/Makefile b/arch/x86/coco/sev/Makefile
> index 4e375e7305ac..08de37559307 100644
> --- a/arch/x86/coco/sev/Makefile
> +++ b/arch/x86/coco/sev/Makefile
> @@ -13,3 +13,6 @@ KCOV_INSTRUMENT_core.o	:= n
>  # With some compiler versions the generated code results in boot hangs, caused
>  # by several compilation units. To be safe, disable all instrumentation.
>  KCSAN_SANITIZE		:= n
> +
> +# Clang 14 and older may fail to respect __no_sanitize_undefined when inlining
> +UBSAN_SANITIZE		:= n
> -- 
> 2.45.2
>