arch/x86/Kconfig | 1 + arch/x86/kernel/setup.c | 30 ++++++++++++++++++++++++++++- include/asm-generic/early_ioremap.h | 6 ------ mm/early_ioremap.c | 21 -------------------- 4 files changed, 30 insertions(+), 28 deletions(-)
I found an issue on SME enabled AMD machine when initrd is relocated if it was located in e820 reserved area. For example key dmesg output: ... [mem 0x000000005aafe000-0x000000006005ffff] reserved //e820 mapping Move RAMDISK from [mem 0x5aafe000-0x5ccd5167] //relocate_initrd() ... Early initrd will be copied by copy_from_early_mem() which will clear encrypted pgprot flag as initrd source address is not in kernel usable area. As initrd has been encrypted at earlier stage, encrypted data is copied, which leads new initrd cannot be unpacked, then rootfs cannot be mounted. dmesg output: ... [ 11.296725] Trying to unpack rootfs image as initramfs... [ 11.302127] Initramfs unpacking failed: invalid magic at start of compressed archive ... [ 16.698152] /dev/root: Can't open blockdev [ 16.702255] VFS: Cannot open root device "PARTUUID=0ad58d87-05c7-43f8-b147-93140ad315e5" or unknown-block(0,0): error -6 [ 16.713114] Please append a correct "root=" boot option; here are the available partitions: [ 16.721462] Kernel panic - not syncing: VFS: Unable to mount root fs on unknown-block(0,0) [ 16.729716] CPU: 9 PID: 1 Comm: swapper/0 Not tainted 6.1.0-rc5-next-20221114 #3 [ 16.737099] Hardware name: AMD Corporation DAYTONA_X/DAYTONA_X, BIOS RYM1008B 01/19/2022 [ 16.745175] Call Trace: [ 16.747623] <TASK> [ 16.749727] dump_stack_lvl+0x38/0x4c [ 16.753393] panic+0xfb/0x28a [ 16.771999] ? _printk+0x4c/0x52 [ 16.775224] mount_block_root+0x143/0x1dd [ 16.779237] prepare_namespace+0x13f/0x16e [ 16.783334] kernel_init_freeable+0x15a/0x164 [ 16.787687] ? __pfx_kernel_init+0x10/0x10 [ 16.791785] kernel_init+0x1a/0x130 [ 16.795268] ret_from_fork+0x29/0x50 [ 16.798840] </TASK> To fix this issue, early initrd must be mapped as encrypted when it is being relocated. Zelin Deng (2): mm/early_ioremap.c: Always build early_memremap_prot() in x86 x86/setup: Preserve _ENC flag when initrd is being relocated arch/x86/Kconfig | 1 + arch/x86/kernel/setup.c | 30 ++++++++++++++++++++++++++++- include/asm-generic/early_ioremap.h | 6 ------ mm/early_ioremap.c | 21 -------------------- 4 files changed, 30 insertions(+), 28 deletions(-) -- 2.27.0
On 11/24/22 03:12, Zelin Deng wrote: > I found an issue on SME enabled AMD machine when initrd is relocated if > it was located in e820 reserved area. > For example key dmesg output: > ... > [mem 0x000000005aafe000-0x000000006005ffff] reserved //e820 mapping > Move RAMDISK from [mem 0x5aafe000-0x5ccd5167] //relocate_initrd() > ... > > Early initrd will be copied by copy_from_early_mem() which will clear > encrypted pgprot flag as initrd source address is not in kernel usable > area. As initrd has been encrypted at earlier stage, encrypted data is > copied, which leads new initrd cannot be unpacked, then rootfs cannot be > mounted. This is actually a bug in Grub where the kernel and initrd was moved out of loader_code/data and into runtime_service_code/data. This commit has since been reverted because it goes against the UEFI specification. It was a small window, but the bad version was picked up by some distros. No need for a kernel change, please update your version of Grub. Thanks, Tom > dmesg output: > ... > [ 11.296725] Trying to unpack rootfs image as initramfs... > [ 11.302127] Initramfs unpacking failed: invalid magic at start of compressed archive > ... > [ 16.698152] /dev/root: Can't open blockdev > [ 16.702255] VFS: Cannot open root device "PARTUUID=0ad58d87-05c7-43f8-b147-93140ad315e5" or unknown-block(0,0): error -6 > [ 16.713114] Please append a correct "root=" boot option; here are the available partitions: > [ 16.721462] Kernel panic - not syncing: VFS: Unable to mount root fs on unknown-block(0,0) > [ 16.729716] CPU: 9 PID: 1 Comm: swapper/0 Not tainted 6.1.0-rc5-next-20221114 #3 > [ 16.737099] Hardware name: AMD Corporation DAYTONA_X/DAYTONA_X, BIOS RYM1008B 01/19/2022 > [ 16.745175] Call Trace: > [ 16.747623] <TASK> > [ 16.749727] dump_stack_lvl+0x38/0x4c > [ 16.753393] panic+0xfb/0x28a > [ 16.771999] ? _printk+0x4c/0x52 > [ 16.775224] mount_block_root+0x143/0x1dd > [ 16.779237] prepare_namespace+0x13f/0x16e > [ 16.783334] kernel_init_freeable+0x15a/0x164 > [ 16.787687] ? __pfx_kernel_init+0x10/0x10 > [ 16.791785] kernel_init+0x1a/0x130 > [ 16.795268] ret_from_fork+0x29/0x50 > [ 16.798840] </TASK> > > To fix this issue, early initrd must be mapped as encrypted when it is > being relocated. > > Zelin Deng (2): > mm/early_ioremap.c: Always build early_memremap_prot() in x86 > x86/setup: Preserve _ENC flag when initrd is being relocated > > arch/x86/Kconfig | 1 + > arch/x86/kernel/setup.c | 30 ++++++++++++++++++++++++++++- > include/asm-generic/early_ioremap.h | 6 ------ > mm/early_ioremap.c | 21 -------------------- > 4 files changed, 30 insertions(+), 28 deletions(-) >
在 2022/11/24 22:26, Tom Lendacky 写道: > On 11/24/22 03:12, Zelin Deng wrote: >> I found an issue on SME enabled AMD machine when initrd is relocated if >> it was located in e820 reserved area. >> For example key dmesg output: >> ... >> [mem 0x000000005aafe000-0x000000006005ffff] reserved //e820 mapping >> Move RAMDISK from [mem 0x5aafe000-0x5ccd5167] //relocate_initrd() >> ... >> >> Early initrd will be copied by copy_from_early_mem() which will clear >> encrypted pgprot flag as initrd source address is not in kernel usable >> area. As initrd has been encrypted at earlier stage, encrypted data is >> copied, which leads new initrd cannot be unpacked, then rootfs cannot be >> mounted. > > This is actually a bug in Grub where the kernel and initrd was moved > out of loader_code/data and into runtime_service_code/data. This > commit has since been reverted because it goes against the UEFI > specification. It was a small window, but the bad version was picked > up by some distros. No need for a kernel change, please update your > version of Grub. > > Thanks, > Tom > Hi Tom, Thank you for clarification, I will update my grub and try again. Thanks, Zelin Deng >> dmesg output: >> ... >> [ 11.296725] Trying to unpack rootfs image as initramfs... >> [ 11.302127] Initramfs unpacking failed: invalid magic at start of >> compressed archive >> ... >> [ 16.698152] /dev/root: Can't open blockdev >> [ 16.702255] VFS: Cannot open root device >> "PARTUUID=0ad58d87-05c7-43f8-b147-93140ad315e5" or >> unknown-block(0,0): error -6 >> [ 16.713114] Please append a correct "root=" boot option; here are >> the available partitions: >> [ 16.721462] Kernel panic - not syncing: VFS: Unable to mount root >> fs on unknown-block(0,0) >> [ 16.729716] CPU: 9 PID: 1 Comm: swapper/0 Not tainted >> 6.1.0-rc5-next-20221114 #3 >> [ 16.737099] Hardware name: AMD Corporation DAYTONA_X/DAYTONA_X, >> BIOS RYM1008B 01/19/2022 >> [ 16.745175] Call Trace: >> [ 16.747623] <TASK> >> [ 16.749727] dump_stack_lvl+0x38/0x4c >> [ 16.753393] panic+0xfb/0x28a >> [ 16.771999] ? _printk+0x4c/0x52 >> [ 16.775224] mount_block_root+0x143/0x1dd >> [ 16.779237] prepare_namespace+0x13f/0x16e >> [ 16.783334] kernel_init_freeable+0x15a/0x164 >> [ 16.787687] ? __pfx_kernel_init+0x10/0x10 >> [ 16.791785] kernel_init+0x1a/0x130 >> [ 16.795268] ret_from_fork+0x29/0x50 >> [ 16.798840] </TASK> >> >> To fix this issue, early initrd must be mapped as encrypted when it is >> being relocated. >> >> Zelin Deng (2): >> mm/early_ioremap.c: Always build early_memremap_prot() in x86 >> x86/setup: Preserve _ENC flag when initrd is being relocated >> >> arch/x86/Kconfig | 1 + >> arch/x86/kernel/setup.c | 30 ++++++++++++++++++++++++++++- >> include/asm-generic/early_ioremap.h | 6 ------ >> mm/early_ioremap.c | 21 -------------------- >> 4 files changed, 30 insertions(+), 28 deletions(-) >>
© 2016 - 2026 Red Hat, Inc.