Kernel build bug - KVM_AMD and CRYPTO_DEV_CPP

About a week ago, I failed to build a Kernel for my new Ryzen 2700X working machine. After some time of configuring my kernel I run into some weird problems

The problem

I wanted to have a Kernel with KVM_AMD support enabled. The build was going on fine, until some weird linker errors appeared.

arch/x86/kvm/svm.o: In function __sev_issue_cmd':
/home/phoenix/Kernel/linux-4.17.1/arch/x86/kvm/svm.c:6278: undefined reference to sev_issue_cmd_external_user'
arch/x86/kvm/svm.o: In function sev_unbind_asid':
/home/phoenix/Kernel/linux-4.17.1/arch/x86/kvm/svm.c:1746: undefined reference to sev_guest_deactivate'
/home/phoenix/Kernel/linux-4.17.1/arch/x86/kvm/svm.c:1749: undefined reference to sev_guest_df_flush'
/home/phoenix/Kernel/linux-4.17.1/arch/x86/kvm/svm.c:1758: undefined reference to sev_guest_decommission'
Makefile:1042: recipe for target 'vmlinux' failed</pre>


Full output is on Pastebin (hopefully it’s still there when you find this …)

Since I’m a Kernel newbee, it took me some time to realize what was going on. A google search didn’t revealed a solution, other than something similar on Unix Stackexchange, that was not directly applicable for my case.

The problem persisted and is reproducible in linux-4.17.1 and linux-4.16.15, using this config file. Building linux-4.14.49 was doing fine. For any options that were not defined by the config file I chose the default suggestion.

Fix

The problem arises, if CONFIG_CRYPTO_DEV_CCP_DD is compiled as module [=m], also if the SEV is not used. Enabling CONFIG_CRYPTO_DEV_CCP_DD to be compiled in the kernel [=y] fixes the issue.

This commit already revealed the issue.

I had to Include the Secure Processor device driver, that is found in Cryptographic API > Hardware crypto devices

Interestingly, the suggested solution from Unix Stackexchange was not solving the problem for me, neither was it causing problems. I could build the Kernel (4.17.1) with “Kernel-based Virtual Machine Support” set as module. But those are just my two cents, it might have been an issue some versions ago …

Unluckily I cannot contribute to Unix Stackexchange yet (not enough reputation *sigh*), so I cannot improve the answer there.

Thanks to Richard

Many thanks to Richard, who supported me to nail the bug down.