Re: [PATCH v9 4/4] kdump/vmcore: support encrypted old memory with SME enabled
On Sun, Sep 30, 2018 at 04:37:41PM +0800, lijiang wrote: > In kdump kernel, the old memory needs to be dumped into vmcore file. > If SME is enabled in the first kernel, the old memory has to be > remapped with the memory encryption mask, which will be automatically > decrypted when read from DRAM. > > For SME kdump, there are two cases that doesn't support: Get rid of those two cases in the commit message. > > -- > | first-kernel | second-kernel | kdump support | > | (mem_encrypt=on|off)| (yes|no)| > |--+---+---| > | on | on| yes | > | off | off | yes | > | on | off | no| > | off | on| no| > |__|___|___| > > 1. SME is enabled in the first kernel, but SME is disabled in kdump kernel > In this case, because the old memory is encrypted, it can't be decrypted. > The root cause is that the encryption key is not visible to any software > runnint on the CPU cores(AMD cpu with SME), and is randomly generated on > eache system reset. That is to say, kdump kernel won't have a chance to > get the encryption key. So the encrypted memory can not be decrypted > unless SME is active. > > 2. SME is disabled in the first kernel, but SME is enabled in kdump kernel > On the one hand, the old memory is decrypted, the old memory can be dumped > as usual, so SME doesn't need to be enabled in kdump kernel; On the other > hand, it will increase the complexity of the code, because that will have > to consider how to pass the SME flag from the first kernel to the kdump > kernel, it is really too expensive to do this. > > This patches are only for SME kdump, the patches don't support SEV kdump. > > Signed-off-by: Lianbo Jiang > Reviewed-by: Tom Lendacky You cannot keep Reviewed-by: tags on patches which you change in a non-trivial manner. > --- > Changes since v7: > 1. Delete a file arch/x86/kernel/crash_dump_encrypt.c, and move the > copy_oldmem_page_encrypted() to arch/x86/kernel/crash_dump_64.c, also > rewrite some functions.(Suggested by Borislav) > 2. Modify all code style issue.(Suggested by Borislav) > 3. Remove a reduntant header file.(Suggested by Borislav) > 4. Improve patch log.(Suggested by Borislav) > 5. Modify compile error "fs/proc/vmcore.c:115: undefined reference >to `copy_oldmem_page_encrypted'" > 6. Modify compile error "arch/x86//kernel/crash_dump_64.c:93:9: >error: redefinition of 'copy_oldmem_page_encrypted'" > > arch/x86/kernel/crash_dump_64.c | 65 - > fs/proc/vmcore.c| 24 +--- > include/linux/crash_dump.h | 13 +++ > 3 files changed, 87 insertions(+), 15 deletions(-) > > diff --git a/arch/x86/kernel/crash_dump_64.c b/arch/x86/kernel/crash_dump_64.c > index 4f2e0778feac..6adbde592c44 100644 > --- a/arch/x86/kernel/crash_dump_64.c > +++ b/arch/x86/kernel/crash_dump_64.c > @@ -12,7 +12,7 @@ > #include > > /** > - * copy_oldmem_page - copy one page from "oldmem" > + * __copy_oldmem_page - copy one page from "old memory encrypted or > decrypted" Dammit, what's it with those "old memory encrypted or decrypted" in quotation marks?! What is wrong with simply saying: Copy one page of the old kernel's memory. If @encrypted is set, the old memory will be remapped with the encryption mask. How hard is that?! > * @pfn: page frame number to be copied > * @buf: target memory address for the copy; this can be in kernel address > * space or user address space (see @userbuf) > @@ -20,31 +20,78 @@ > * @offset: offset in bytes into the page (based on pfn) to begin the copy > * @userbuf: if set, @buf is in user address space, use copy_to_user(), > * otherwise @buf is in kernel address space, use memcpy(). > + * @encrypted: if true, the old memory is encrypted. > + * if false, the old memory is decrypted. > * > - * Copy a page from "oldmem". For this page, there is no pte mapped > - * in the current kernel. We stitch up a pte, similar to kmap_atomic. > + * Copy a page from "old memory encrypted or decrypted". For this page, there > + * is no pte mapped in the current kernel. We stitch up a pte, similar to > + * kmap_atomic. > */ This function is static now - why does it need to keep the comments above it? And you've duplicated almost the same comment *three* times now. Why? Have the whole comment *once* and only one line sentences over the other functions explaining the difference only. > -ssize_t copy_oldmem_page(unsigned long pfn, char *buf, > - size_t csize, unsigned long offset, int userbuf) > +static ssize_t __copy_oldmem_page(unsigned long pfn, char *buf, size_t csize, > + unsigned long offset, int userbuf, > + bool encrypted) > { > void *vaddr; --
Re: [PATCH v15 07/16] arm64: add image head flag definitions
On Fri, Sep 28, 2018 at 03:48:32PM +0900, AKASHI Takahiro wrote: > Those image head's flags will be used later by kexec_file loader. > > Signed-off-by: AKASHI Takahiro > Cc: Catalin Marinas > Cc: Will Deacon > Acked-by: James Morse > --- > arch/arm64/include/asm/boot.h | 15 +++ > arch/arm64/kernel/head.S | 2 +- > 2 files changed, 16 insertions(+), 1 deletion(-) > > diff --git a/arch/arm64/include/asm/boot.h b/arch/arm64/include/asm/boot.h > index 355e552a9175..0bab7eed3012 100644 > --- a/arch/arm64/include/asm/boot.h > +++ b/arch/arm64/include/asm/boot.h > @@ -5,6 +5,21 @@ > > #include > > +#define ARM64_MAGIC "ARM\x64" > + > +#define HEAD_FLAG_BE_SHIFT 0 > +#define HEAD_FLAG_PAGE_SIZE_SHIFT1 > +#define HEAD_FLAG_BE_MASK0x1 > +#define HEAD_FLAG_PAGE_SIZE_MASK 0x3 > + > +#define HEAD_FLAG_BE 1 These already exist in some form in arch/arm64/kernel/image.h; can we please factor those out rather than duplicating them? I'd be happy if you'd update image.h to use the new HEAD_FLAG_* names, and removed the old definitions. > +#define HEAD_FLAG_PAGE_SIZE_4K 1 > +#define HEAD_FLAG_PAGE_SIZE_16K 2 > +#define HEAD_FLAG_PAGE_SIZE_64K 3 I appreciate these are new, since we didn't previously need definitions. Thanks, Mark. > + > +#define head_flag_field(flags, field) \ > + (((flags) >> field##_SHIFT) & field##_MASK) > + > /* > * arm64 requires the DTB to be 8 byte aligned and > * not exceed 2MB in size. > diff --git a/arch/arm64/kernel/head.S b/arch/arm64/kernel/head.S > index b0853069702f..8cbac6232ed1 100644 > --- a/arch/arm64/kernel/head.S > +++ b/arch/arm64/kernel/head.S > @@ -91,7 +91,7 @@ _head: > .quad 0 // reserved > .quad 0 // reserved > .quad 0 // reserved > - .ascii "ARM\x64" // Magic number > + .ascii ARM64_MAGIC // Magic number > #ifdef CONFIG_EFI > .long pe_header - _head // Offset to the PE header. > > -- > 2.19.0 > ___ kexec mailing list kexec@lists.infradead.org http://lists.infradead.org/mailman/listinfo/kexec
[ANNOUNCE] kexec-tools v2.0.18 preparation
Hi all, I am planning to release kexec-tools v2.0.18 in the next two weeks to roughly coincide with the release of the v4.19 kernel. I would like to ask interested parties to send any patches they would like included in v2.0.18 within one week so that I can make an rc release. For reference the patches queued up since v2.0.17 are as follows: b9de21ef51a7 kexec: fix for "Unhandled rela relocation: R_X86_64_PLT32" error ca4823aa2fc2 arm64: error out if kernel command line is too long 7198e899ddab arm64: increase command line size to 2048 c3f043241a86 arm64: Add support to supply 'kaslr-seed' to secondary kernel 7acd257ae67b Remove obsolete kdump tool 674b9b45876c Makefile.in: Add uninstall rule e277fa9ec702 vmcore-dmesg: fix infinite loop if log buffer wraps around d4a948c26827 kexec/s390: Add support for kexec_file_load 0481e9ed61ef kexec: Add --no-checks option 72c146c20588 purgatory/ppc64: Fix uninitialized warning 3f276f71f14d kexec-elf-rel-ppc64: Fix cast from pointer warning 7be89276db19 crashdump-ppc64: Fix integer truncation warning 798317c134b2 kexec: Fix printf warning b43960c20dd2 kexec-tools 2.0.17.git ___ kexec mailing list kexec@lists.infradead.org http://lists.infradead.org/mailman/listinfo/kexec
Re: [PATCH v8 RESEND 4/4] kdump/vmcore: support encrypted old memory with SME enabled
Hi Lianbo, Thank you for the patch! Yet something to improve: [auto build test ERROR on sof-driver-fuweitax/master] [also build test ERROR on v4.19-rc5 next-20180928] [if your patch is applied to the wrong git tree, please drop us a note to help improve the system] url: https://github.com/0day-ci/linux/commits/Lianbo-Jiang/Support-kdump-for-AMD-secure-memory-encryption-SME/20180930-112044 base: https://github.com/fuweitax/linux master config: x86_64-randconfig-x005-201839 (attached as .config) compiler: gcc-7 (Debian 7.3.0-1) 7.3.0 reproduce: # save the attached .config to linux build tree make ARCH=x86_64 All errors (new ones prefixed by >>): >> arch/x86//kernel/crash_dump_64.c:93:9: error: redefinition of >> 'copy_oldmem_page_encrypted' ssize_t copy_oldmem_page_encrypted(unsigned long pfn, char *buf, size_t csize, ^~ In file included from arch/x86//kernel/crash_dump_64.c:10:0: include/linux/crash_dump.h:34:9: note: previous definition of 'copy_oldmem_page_encrypted' was here ssize_t copy_oldmem_page_encrypted(unsigned long pfn, char *buf, size_t csize, ^~ vim +/copy_oldmem_page_encrypted +93 arch/x86//kernel/crash_dump_64.c 78 79 /** 80 * copy_oldmem_page_encrypted - copy one page from "old memory encrypted" 81 * @pfn: page frame number to be copied 82 * @buf: target memory address for the copy; this can be in kernel address 83 * space or user address space (see @userbuf) 84 * @csize: number of bytes to copy 85 * @offset: offset in bytes into the page (based on pfn) to begin the copy 86 * @userbuf: if set, @buf is in user address space, use copy_to_user(), 87 * otherwise @buf is in kernel address space, use memcpy(). 88 * 89 * Copy a page from "old memory encrypted". For this page, there is no pte 90 * mapped in the current kernel. We stitch up a pte, similar to 91 * kmap_atomic. 92 */ > 93 ssize_t copy_oldmem_page_encrypted(unsigned long pfn, char *buf, size_t csize, --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation .config.gz Description: application/gzip ___ kexec mailing list kexec@lists.infradead.org http://lists.infradead.org/mailman/listinfo/kexec
Re: [PATCH 4/4 v8] kdump/vmcore: support encrypted old memory with SME enabled
Hi Lianbo, Thank you for the patch! Yet something to improve: [auto build test ERROR on sof-driver-fuweitax/master] [also build test ERROR on v4.19-rc5 next-20180928] [if your patch is applied to the wrong git tree, please drop us a note to help improve the system] url: https://github.com/0day-ci/linux/commits/Lianbo-Jiang/Support-kdump-for-AMD-secure-memory-encryption-SME/20180930-001539 base: https://github.com/fuweitax/linux master config: i386-randconfig-x0-09300051 (attached as .config) compiler: gcc-5 (Debian 5.5.0-3) 5.4.1 20171010 reproduce: # save the attached .config to linux build tree make ARCH=i386 All errors (new ones prefixed by >>): fs/proc/vmcore.o: In function `read_from_oldmem': >> fs/proc/vmcore.c:115: undefined reference to `copy_oldmem_page_encrypted' vim +115 fs/proc/vmcore.c 88 89 /* Reads a page from the oldmem device from given offset. */ 90 static ssize_t read_from_oldmem(char *buf, size_t count, 91 u64 *ppos, int userbuf, 92 bool encrypted) 93 { 94 unsigned long pfn, offset; 95 size_t nr_bytes; 96 ssize_t read = 0, tmp; 97 98 if (!count) 99 return 0; 100 101 offset = (unsigned long)(*ppos % PAGE_SIZE); 102 pfn = (unsigned long)(*ppos / PAGE_SIZE); 103 104 do { 105 if (count > (PAGE_SIZE - offset)) 106 nr_bytes = PAGE_SIZE - offset; 107 else 108 nr_bytes = count; 109 110 /* If pfn is not ram, return zeros for sparse dump files */ 111 if (pfn_is_ram(pfn) == 0) 112 memset(buf, 0, nr_bytes); 113 else { 114 if (encrypted) > 115 tmp = copy_oldmem_page_encrypted(pfn, > buf, 116 nr_bytes, 117 offset, 118 userbuf); 119 else 120 tmp = copy_oldmem_page(pfn, buf, nr_bytes, 121 offset, userbuf); 122 123 if (tmp < 0) 124 return tmp; 125 } 126 *ppos += nr_bytes; 127 count -= nr_bytes; 128 buf += nr_bytes; 129 read += nr_bytes; 130 ++pfn; 131 offset = 0; 132 } while (count); 133 134 return read; 135 } 136 --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation .config.gz Description: application/gzip ___ kexec mailing list kexec@lists.infradead.org http://lists.infradead.org/mailman/listinfo/kexec