yahoo-eng-team team mailing list archive

Thread
Date
[Bug 2117170] Re: vmcoreinfo should not be automatically added to encrypted guests

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: sean mooney <2117170@xxxxxxxxxxxxxxxxxx>
Date: Thu, 17 Jul 2025 16:23:51 -0000
Reply-to: Bug 2117170 <2117170@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx
** Also affects: nova/2025.2
   Importance: Medium
       Status: Triaged

** Also affects: nova/2024.1
   Importance: Undecided
       Status: New

** Also affects: nova/2024.2
   Importance: Undecided
       Status: New

** Also affects: nova/2025.1
   Importance: Undecided
       Status: New

** Changed in: nova/2025.1
   Importance: Undecided => Medium

** Changed in: nova/2024.1
   Importance: Undecided => Medium

** Changed in: nova/2024.2
   Importance: Undecided => Medium

** Changed in: nova/2025.1
       Status: New => Triaged

** Changed in: nova/2024.2
       Status: New => Triaged

** Changed in: nova/2024.1
       Status: New => Triaged

** Tags added: libvirt sev

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/2117170

Title:
  vmcoreinfo should not be automatically added to encrypted guests

Status in OpenStack Compute (nova):
  Triaged
Status in OpenStack Compute (nova) 2024.1 series:
  Triaged
Status in OpenStack Compute (nova) 2024.2 series:
  Triaged
Status in OpenStack Compute (nova) 2025.1 series:
  Triaged
Status in OpenStack Compute (nova) 2025.2 series:
  Triaged

Bug description:
  Nova automatically adds `-device vmcoreinfo`, to support processing
  kernel dump with KASLR enabled. When this feature is enabled in
  conjunction with deploying an encrypted guest on AMD-Sev, the guest os
  fails to fully boot e.g.:

  sh-5.1$ openstack console log show 86158e5e-22df-4453-969b-d0879c1d1dc2
  [2J[01;01H[=3h[2J[01;01H[2J[01;01H[=3h[2J[01;01H[2J[01;01H[=3h[2J[01;01HBdsDxe: loading Boot0001 "UEFI Misc Device" from PciRoot(0x0)/Pci(0x2,0x2)/Pci(0x0,0x0)
  BdsDxe: starting Boot0001 "UEFI Misc Device" from PciRoot(0x0)/Pci(0x2,0x2)/Pci(0x0,0x0)
  Booting `Red Hat Enterprise Linux (5.14.0-277.el9.x86_64) 9.2 (Plow)'
  [ 0.000000] Linux version 5.14.0-277.el9.x86_64 (mockbuild@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx) (gcc (GCC) 11.3.1 20221121 (Red Hat 11.3.1-4), GNU ld version 2.35.2-37.el9) #1 SMP PREEMPT_DYNAMIC Fri Feb 17 09:45:09 EST 2023
  [ 0.000000] The list of certified hardware and cloud instances for Red Hat Enterprise Linux 9 can be viewed at the Red Hat Ecosystem Catalog, https://catalog.redhat.com.
  [ 0.000000] Command line: BOOT_IMAGE=(hd0,gpt3)/vmlinuz-5.14.0-277.el9.x86_64 root=UUID=6089295f-e6a6-4d0c-8096-5996a463fd35 console=tty0 console=ttyS0,115200n8 no_timer_check net.ifnames=0 crashkernel=1G-4G:192M,4G-64G:256M,64G-:512M
  [ 0.000000] x86/fpu: Supporting XSAVE feature 0x001: 'x87 floating point registers'
  [ 0.000000] x86/fpu: Supporting XSAVE feature 0x002: 'SSE registers'
  [ 0.000000] x86/fpu: Supporting XSAVE feature 0x004: 'AVX registers'
  [ 0.000000] x86/fpu: xstate_offset[2]: 576, xstate_sizes[2]: 256
  [ 0.000000] x86/fpu: Enabled xstate features 0x7, context size is 832 bytes, using 'compacted' format.
  ....REMOVED FOR BREVITY....
  [    2.948593] input: VirtualPS/2 VMware VMMouse as /devices/platform/i8042/serio1/input/input3
  [   28.266697] watchdog: BUG: soft lockup - CPU#0 stuck for 26s! [swapper/0:1]
  [   28.266697] Modules linked in:
  [   28.266697] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.14.0-277.el9.x86_64 #1
  [   28.266697] Hardware name: Red Hat OpenStack Compute/RHEL, BIOS edk2-20231122-6.el9 11/22/2023
  [   28.266697] RIP: 0010:fw_cfg_write_vmcoreinfo+0x154/0x210
  [   28.266697] Code: 1a 02 48 89 d8 48 c1 e8 20 48 89 c7 e8 f5 8c d0 ff 0f ae f8 48 8b 05 0b f4 1a 02 89 df 48 8d 70 04 e8 e0 8c d0 ff eb 02 f3 90 <8b> 45 00 0f c8 0f ae e8 83 e0 fe 75 f1 8b 45 00 0f c8 83 e0 01 83
  [   28.266697] RSP: 0018:ffffa8178001fc10 EFLAGS: 00000206
  [   28.266697] RAX: 0000000051946f84 RBX: 0000000002107590 RCX: 0000000000000001
  [   28.266697] RDX: 0000000000010518 RSI: 0000000000010518 RDI: 0000000090751002
  [   28.266697] RBP: ffff9aa002107590 R08: 0000000000000010 R09: ffffffffb34eff80
  [   28.282722] R10: ffff9aa002b14948 R11: 0000000000000000 R12: ffff9aa082107540
  [   28.282722] R13: ffff9aa030b94000 R14: ffff9aa0311d2128 R15: 0000000000000000
  [   28.282722] FS:  0000000000000000(0000) GS:ffff9aa03ca00000(0000) knlGS:0000000000000000
  [   28.282722] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
  [   28.282722] CR2: 0000000000000000 CR3: 000080001b410000 CR4: 0000000000350ef0
  [   28.282722] Call Trace:
  [   28.282722]  <TASK>
  [   28.282722]  fw_cfg_register_file+0x196/0x1c0
  [   28.282722]  fw_cfg_register_dir_entries+0xa4/0xf0
  [   28.282722]  fw_cfg_sysfs_probe+0x112/0x180
  [   28.293721]  platform_probe+0x3f/0xa0
  [   28.293721]  really_probe+0xe1/0x3a0
  [   28.293721]  ? pm_runtime_barrier+0x50/0x90
  [   28.293721]  __driver_probe_device+0x105/0x180
  [   28.293721]  driver_probe_device+0x1e/0x90
  [   28.293721]  __driver_attach+0x9d/0x1f0
  [   28.293721]  ? __device_attach_driver+0x110/0x110
  [   28.293721]  ? __device_attach_driver+0x110/0x110
  [   28.293721]  bus_for_each_dev+0x78/0xc0
  [   28.293721]  bus_add_driver+0x15c/0x210
  [   28.293721]  driver_register+0x8f/0xf0
  [   28.293721]  ? firmware_map_add_early+0x56/0x56
  [   28.293721]  fw_cfg_sysfs_init+0x3b/0x64
  [   28.293721]  ? firmware_map_add_early+0x56/0x56
  [   28.293721]  do_one_initcall+0x44/0x200
  [   28.293721]  do_initcalls+0xc6/0xdf
  [   28.293721]  kernel_init_freeable+0x153/0x1a2
  [   28.293721]  ? rest_init+0xd0/0xd0
  [   28.293721]  kernel_init+0x16/0x130
  [   28.293721]  ret_from_fork+0x22/0x30
  [   28.293721]  </TASK>
  [   56.266735] watchdog: BUG: soft lockup - CPU#0 stuck for 52s! [swapper/0:1]
  [   56.266735] Modules linked in:
  [   56.266735] CPU: 0 PID: 1 Comm: swapper/0 Tainted: G             L   --------  ---  5.14.0-277.el9.x86_64 #1
  [   56.269723] Hardware name: Red Hat OpenStack Compute/RHEL, BIOS edk2-20231122-6.el9 11/22/2023
  [   56.269723] RIP: 0010:fw_cfg_write_vmcoreinfo+0x154/0x210
  [   56.269723] Code: 1a 02 48 89 d8 48 c1 e8 20 48 89 c7 e8 f5 8c d0 ff 0f ae f8 48 8b 05 0b f4 1a 02 89 df 48 8d 70 04 e8 e0 8c d0 ff eb 02 f3 90 <8b> 45 00 0f c8 0f ae e8 83 e0 fe 75 f1 8b 45 00 0f c8 83 e0 01 83
  [   56.269723] RSP: 0018:ffffa8178001fc10 EFLAGS: 00000206
  [   56.269723] RAX: 0000000051946f84 RBX: 0000000002107590 RCX: 0000000000000001
  [   56.269723] RDX: 0000000000010518 RSI: 0000000000010518 RDI: 0000000090751002
  [   56.269723] RBP: ffff9aa002107590 R08: 0000000000000010 R09: ffffffffb34eff80
  [   56.282723] R10: ffff9aa002b14948 R11: 0000000000000000 R12: ffff9aa082107540
  [   56.282723] R13: ffff9aa030b94000 R14: ffff9aa0311d2128 R15: 0000000000000000
  [   56.285724] FS:  0000000000000000(0000) GS:ffff9aa03ca00000(0000) knlGS:0000000000000000
  [   56.285724] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
  [   56.285724] CR2: 0000000000000000 CR3: 000080001b410000 CR4: 0000000000350ef0
  [   56.285724] Call Trace:
  [   56.285724]  <TASK>
  [   56.285724]  fw_cfg_register_file+0x196/0x1c0
  [   56.285724]  fw_cfg_register_dir_entries+0xa4/0xf0
  [   56.285724]  fw_cfg_sysfs_probe+0x112/0x180
  [   56.285724]  platform_probe+0x3f/0xa0
  [   56.285724]  really_probe+0xe1/0x3a0
  [   56.285724]  ? pm_runtime_barrier+0x50/0x90
  [   56.285724]  __driver_probe_device+0x105/0x180
  [   56.285724]  driver_probe_device+0x1e/0x90
  [   56.285724]  __driver_attach+0x9d/0x1f0
  [   56.285724]  ? __device_attach_driver+0x110/0x110
  [   56.285724]  ? __device_attach_driver+0x110/0x110
  [   56.285724]  bus_for_each_dev+0x78/0xc0
  [   56.285724]  bus_add_driver+0x15c/0x210
  [   56.285724]  driver_register+0x8f/0xf0
  [   56.285724]  ? firmware_map_add_early+0x56/0x56
  [   56.285724]  fw_cfg_sysfs_init+0x3b/0x64
  [   56.285724]  ? firmware_map_add_early+0x56/0x56
  [   56.285724]  do_one_initcall+0x44/0x200
  [   56.285724]  do_initcalls+0xc6/0xdf
  [   56.285724]  kernel_init_freeable+0x153/0x1a2
  [   56.285724]  ? rest_init+0xd0/0xd0
  [   56.285724]  kernel_init+0x16/0x130
  [   56.285724]  ret_from_fork+0x22/0x30
  [   56.285724]  </TASK>
  ...

  
  Steps to reproduce
  ==================
  1. Deploy an environment that supports AMD Sev.
  2. Create a flavor with hw:mem_encryption": 'true' and image with "hw_firmware_type": "uefi", "hw_machine_type": "q35". 
  3. Boot a guest with the flavor/image combination and inspect the console logs.

  Expected result
  ===============
  Guest fully boots

  Actual result
  ===============
  Guest fails to fully boot

  Environment
  ===========
  1. This was found in downstream RHOSO 18

  2. Libvirt + KVM with AMD EPYC 7402

  2. LVM

  3. OVN

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/2117170/+subscriptions
References

[Bug 2117170] [NEW] vmcoreinfo should not be automatically added to encrypted guests
From: James Parker, 2025-07-17