WARN in free_init_pages() inside Nitro Enclave #719
Description
Launching Nitro enclaves from the public hello-world Docker image consistently produces a WARN in free_init_pages() while the kernel frees the initramfs:
[ 0.057908] Unpacking initramfs...
[ 0.059456] ------------[ cut here ]------------
[ 0.060037] WARNING: CPU: 1 PID: 1 at arch/x86/mm/init.c:745 free_init_pages+0x73/0x80
[ 0.060549] Modules linked in:
[ 0.060549] CPU: 1 PID: 1 Comm: swapper/0 Not tainted 4.14.256-209.484.amzn2.x86_64 #1
[ 0.060549] task: ffff88803d9d0000 task.stack: ffffc9000018c000
[ 0.060549] RIP: 0010:free_init_pages+0x73/0x80
[ 0.060549] RSP: 0000:ffffc9000018fdb8 EFLAGS: 00010287
[ 0.060549] RAX: ffff888002e2f000 RBX: ffff888000000000 RCX: ffff888002eec1a0
[ 0.060549] RDX: ffff888002eed000 RSI: ffff888002e2e3a0 RDI: ffffffff81d12346
[ 0.060549] RBP: ffffc9000018fdd8 R08: 00000000000268c0 R09: ffffffff81ef53cd
[ 0.060549] R10: ffffea0000f6a800 R11: 78184e2600766564 R12: ffff888002eed000
[ 0.060549] R13: ffffffff82011af0 R14: ffffffff81d12346 R15: ffffffff81ef3815
[ 0.060549] FS: 0000000000000000(0000) GS:ffff88803f500000(0000) knlGS:0000000000000000
[ 0.060549] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 0.060549] CR2: 0000000000000000 CR3: 0000000001e0a001 CR4: 00000000007606a0
[ 0.060549] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 0.060549] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 0.060549] PKRU: 00000000
[ 0.060549] Call Trace:
[ 0.060549] ? unpack_to_rootfs+0x2bd/0x2bd
[ 0.060549] free_initrd_mem+0x21/0x23
[ 0.060549] populate_rootfs+0xe8/0x10d
[ 0.060549] do_one_initcall+0x4d/0x190
[ 0.060549] kernel_init_freeable+0x1b2/0x254
[ 0.060549] ? rest_init+0xb0/0xb0
[ 0.060549] kernel_init+0x9/0x100
[ 0.060549] ret_from_fork+0x1f/0x40
[ 0.060549] Code: a4 6a 00 00 44 89 ee 48 89 df e8 a9 76 00 00 4c 89 f1 ba cc 00 00 00 4c 89 e6 48 89 df e8 16 de 0e 00 5b 41 5c 41 5d 41 5e 5d c3 <0f> 0b 49 89 d4 48 89 c3 eb b5 0f 1f 00 85 ff 75 04 85 f6 75 33
[ 0.060549] ---[ end trace e959d8971d93119f ]---
[ 0.079508] Freeing initrd memory: 760K
Even though the enclave keeps running, the WARN splat resembles a panic and fills the console, which makes it harder to spot real issues.
Reproduction steps
- Install
nitro-cliv1.4.2 on m5.2xlarge. - Pull any image:
docker pull hello-world. - Build an EIF:
nitro-cli build-enclave --docker-uri hello-world --output-file test.eif. - Run the enclave:
nitro-cli run-enclave --cpu-count 2 --memory 1G --eif-path test.eif --attach-console. - Observe WARN just after
Unpacking initramfs....
Additional information
No initrd reservation entries appear in /sys/kernel/boot_params, /proc/device-tree/chosen, or /proc/iomem, and the BIOS e820 map lists only generic RAM. This suggests the loader hands the initramfs without reserving its physical range, so free_init_pages() believes it is releasing pages that were never marked reserved.