Re: [PATCH v9 4/4] kdump/vmcore: support encrypted old memory with SME enabled
On Sun, Sep 30, 2018 at 04:37:41PM +0800, lijiang wrote:
> In kdump kernel, the old memory needs to be dumped into vmcore file.
> If SME is enabled in the first kernel, the old memory has to be
> remapped with the memory encryption mask, which will be automatically
> decrypted when read from DRAM.
>
> For SME kdump, there are two cases that doesn't support:
Get rid of those two cases in the commit message.
>
> --
> | first-kernel | second-kernel | kdump support |
> | (mem_encrypt=on|off)| (yes|no)|
> |--+---+---|
> | on | on| yes |
> | off | off | yes |
> | on | off | no|
> | off | on| no|
> |__|___|___|
>
> 1. SME is enabled in the first kernel, but SME is disabled in kdump kernel
> In this case, because the old memory is encrypted, it can't be decrypted.
> The root cause is that the encryption key is not visible to any software
> runnint on the CPU cores(AMD cpu with SME), and is randomly generated on
> eache system reset. That is to say, kdump kernel won't have a chance to
> get the encryption key. So the encrypted memory can not be decrypted
> unless SME is active.
>
> 2. SME is disabled in the first kernel, but SME is enabled in kdump kernel
> On the one hand, the old memory is decrypted, the old memory can be dumped
> as usual, so SME doesn't need to be enabled in kdump kernel; On the other
> hand, it will increase the complexity of the code, because that will have
> to consider how to pass the SME flag from the first kernel to the kdump
> kernel, it is really too expensive to do this.
>
> This patches are only for SME kdump, the patches don't support SEV kdump.
>
> Signed-off-by: Lianbo Jiang
> Reviewed-by: Tom Lendacky
You cannot keep Reviewed-by: tags on patches which you change in a
non-trivial manner.
> ---
> Changes since v7:
> 1. Delete a file arch/x86/kernel/crash_dump_encrypt.c, and move the
> copy_oldmem_page_encrypted() to arch/x86/kernel/crash_dump_64.c, also
> rewrite some functions.(Suggested by Borislav)
> 2. Modify all code style issue.(Suggested by Borislav)
> 3. Remove a reduntant header file.(Suggested by Borislav)
> 4. Improve patch log.(Suggested by Borislav)
> 5. Modify compile error "fs/proc/vmcore.c:115: undefined reference
>to `copy_oldmem_page_encrypted'"
> 6. Modify compile error "arch/x86//kernel/crash_dump_64.c:93:9:
>error: redefinition of 'copy_oldmem_page_encrypted'"
>
> arch/x86/kernel/crash_dump_64.c | 65 -
> fs/proc/vmcore.c| 24 +---
> include/linux/crash_dump.h | 13 +++
> 3 files changed, 87 insertions(+), 15 deletions(-)
>
> diff --git a/arch/x86/kernel/crash_dump_64.c b/arch/x86/kernel/crash_dump_64.c
> index 4f2e0778feac..6adbde592c44 100644
> --- a/arch/x86/kernel/crash_dump_64.c
> +++ b/arch/x86/kernel/crash_dump_64.c
> @@ -12,7 +12,7 @@
> #include
>
> /**
> - * copy_oldmem_page - copy one page from "oldmem"
> + * __copy_oldmem_page - copy one page from "old memory encrypted or
> decrypted"
Dammit, what's it with those "old memory encrypted or decrypted" in quotation
marks?! What is wrong with simply saying:
Copy one page of the old kernel's memory. If @encrypted is set, the old
memory will be remapped with the encryption mask.
How hard is that?!
> * @pfn: page frame number to be copied
> * @buf: target memory address for the copy; this can be in kernel address
> * space or user address space (see @userbuf)
> @@ -20,31 +20,78 @@
> * @offset: offset in bytes into the page (based on pfn) to begin the copy
> * @userbuf: if set, @buf is in user address space, use copy_to_user(),
> * otherwise @buf is in kernel address space, use memcpy().
> + * @encrypted: if true, the old memory is encrypted.
> + * if false, the old memory is decrypted.
> *
> - * Copy a page from "oldmem". For this page, there is no pte mapped
> - * in the current kernel. We stitch up a pte, similar to kmap_atomic.
> + * Copy a page from "old memory encrypted or decrypted". For this page, there
> + * is no pte mapped in the current kernel. We stitch up a pte, similar to
> + * kmap_atomic.
> */
This function is static now - why does it need to keep the comments
above it? And you've duplicated almost the same comment *three* times
now. Why?
Have the whole comment *once* and only one line sentences over the other
functions explaining the difference only.
> -ssize_t copy_oldmem_page(unsigned long pfn, char *buf,
> - size_t csize, unsigned long offset, int userbuf)
> +static ssize_t __copy_oldmem_page(unsigned long pfn, char *buf, size_t csize,
> + unsigned long offset, int userbuf,
> + bool encrypted)
> {
> void *vaddr;
--
Re: [PATCH v15 07/16] arm64: add image head flag definitions
On Fri, Sep 28, 2018 at 03:48:32PM +0900, AKASHI Takahiro wrote: > Those image head's flags will be used later by kexec_file loader. > > Signed-off-by: AKASHI Takahiro > Cc: Catalin Marinas > Cc: Will Deacon > Acked-by: James Morse > --- > arch/arm64/include/asm/boot.h | 15 +++ > arch/arm64/kernel/head.S | 2 +- > 2 files changed, 16 insertions(+), 1 deletion(-) > > diff --git a/arch/arm64/include/asm/boot.h b/arch/arm64/include/asm/boot.h > index 355e552a9175..0bab7eed3012 100644 > --- a/arch/arm64/include/asm/boot.h > +++ b/arch/arm64/include/asm/boot.h > @@ -5,6 +5,21 @@ > > #include > > +#define ARM64_MAGIC "ARM\x64" > + > +#define HEAD_FLAG_BE_SHIFT 0 > +#define HEAD_FLAG_PAGE_SIZE_SHIFT1 > +#define HEAD_FLAG_BE_MASK0x1 > +#define HEAD_FLAG_PAGE_SIZE_MASK 0x3 > + > +#define HEAD_FLAG_BE 1 These already exist in some form in arch/arm64/kernel/image.h; can we please factor those out rather than duplicating them? I'd be happy if you'd update image.h to use the new HEAD_FLAG_* names, and removed the old definitions. > +#define HEAD_FLAG_PAGE_SIZE_4K 1 > +#define HEAD_FLAG_PAGE_SIZE_16K 2 > +#define HEAD_FLAG_PAGE_SIZE_64K 3 I appreciate these are new, since we didn't previously need definitions. Thanks, Mark. > + > +#define head_flag_field(flags, field) \ > + (((flags) >> field##_SHIFT) & field##_MASK) > + > /* > * arm64 requires the DTB to be 8 byte aligned and > * not exceed 2MB in size. > diff --git a/arch/arm64/kernel/head.S b/arch/arm64/kernel/head.S > index b0853069702f..8cbac6232ed1 100644 > --- a/arch/arm64/kernel/head.S > +++ b/arch/arm64/kernel/head.S > @@ -91,7 +91,7 @@ _head: > .quad 0 // reserved > .quad 0 // reserved > .quad 0 // reserved > - .ascii "ARM\x64" // Magic number > + .ascii ARM64_MAGIC // Magic number > #ifdef CONFIG_EFI > .long pe_header - _head // Offset to the PE header. > > -- > 2.19.0 > ___ kexec mailing list kexec@lists.infradead.org http://lists.infradead.org/mailman/listinfo/kexec
[ANNOUNCE] kexec-tools v2.0.18 preparation
Hi all, I am planning to release kexec-tools v2.0.18 in the next two weeks to roughly coincide with the release of the v4.19 kernel. I would like to ask interested parties to send any patches they would like included in v2.0.18 within one week so that I can make an rc release. For reference the patches queued up since v2.0.17 are as follows: b9de21ef51a7 kexec: fix for "Unhandled rela relocation: R_X86_64_PLT32" error ca4823aa2fc2 arm64: error out if kernel command line is too long 7198e899ddab arm64: increase command line size to 2048 c3f043241a86 arm64: Add support to supply 'kaslr-seed' to secondary kernel 7acd257ae67b Remove obsolete kdump tool 674b9b45876c Makefile.in: Add uninstall rule e277fa9ec702 vmcore-dmesg: fix infinite loop if log buffer wraps around d4a948c26827 kexec/s390: Add support for kexec_file_load 0481e9ed61ef kexec: Add --no-checks option 72c146c20588 purgatory/ppc64: Fix uninitialized warning 3f276f71f14d kexec-elf-rel-ppc64: Fix cast from pointer warning 7be89276db19 crashdump-ppc64: Fix integer truncation warning 798317c134b2 kexec: Fix printf warning b43960c20dd2 kexec-tools 2.0.17.git ___ kexec mailing list kexec@lists.infradead.org http://lists.infradead.org/mailman/listinfo/kexec
Re: [PATCH v8 RESEND 4/4] kdump/vmcore: support encrypted old memory with SME enabled
Hi Lianbo, Thank you for the patch! Yet something to improve: [auto build test ERROR on sof-driver-fuweitax/master] [also build test ERROR on v4.19-rc5 next-20180928] [if your patch is applied to the wrong git tree, please drop us a note to help improve the system] url: https://github.com/0day-ci/linux/commits/Lianbo-Jiang/Support-kdump-for-AMD-secure-memory-encryption-SME/20180930-112044 base: https://github.com/fuweitax/linux master config: x86_64-randconfig-x005-201839 (attached as .config) compiler: gcc-7 (Debian 7.3.0-1) 7.3.0 reproduce: # save the attached .config to linux build tree make ARCH=x86_64 All errors (new ones prefixed by >>): >> arch/x86//kernel/crash_dump_64.c:93:9: error: redefinition of >> 'copy_oldmem_page_encrypted' ssize_t copy_oldmem_page_encrypted(unsigned long pfn, char *buf, size_t csize, ^~ In file included from arch/x86//kernel/crash_dump_64.c:10:0: include/linux/crash_dump.h:34:9: note: previous definition of 'copy_oldmem_page_encrypted' was here ssize_t copy_oldmem_page_encrypted(unsigned long pfn, char *buf, size_t csize, ^~ vim +/copy_oldmem_page_encrypted +93 arch/x86//kernel/crash_dump_64.c 78 79 /** 80 * copy_oldmem_page_encrypted - copy one page from "old memory encrypted" 81 * @pfn: page frame number to be copied 82 * @buf: target memory address for the copy; this can be in kernel address 83 * space or user address space (see @userbuf) 84 * @csize: number of bytes to copy 85 * @offset: offset in bytes into the page (based on pfn) to begin the copy 86 * @userbuf: if set, @buf is in user address space, use copy_to_user(), 87 * otherwise @buf is in kernel address space, use memcpy(). 88 * 89 * Copy a page from "old memory encrypted". For this page, there is no pte 90 * mapped in the current kernel. We stitch up a pte, similar to 91 * kmap_atomic. 92 */ > 93 ssize_t copy_oldmem_page_encrypted(unsigned long pfn, char *buf, size_t csize, --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation .config.gz Description: application/gzip ___ kexec mailing list kexec@lists.infradead.org http://lists.infradead.org/mailman/listinfo/kexec
Re: [PATCH 4/4 v8] kdump/vmcore: support encrypted old memory with SME enabled
Hi Lianbo,
Thank you for the patch! Yet something to improve:
[auto build test ERROR on sof-driver-fuweitax/master]
[also build test ERROR on v4.19-rc5 next-20180928]
[if your patch is applied to the wrong git tree, please drop us a note to help
improve the system]
url:
https://github.com/0day-ci/linux/commits/Lianbo-Jiang/Support-kdump-for-AMD-secure-memory-encryption-SME/20180930-001539
base: https://github.com/fuweitax/linux master
config: i386-randconfig-x0-09300051 (attached as .config)
compiler: gcc-5 (Debian 5.5.0-3) 5.4.1 20171010
reproduce:
# save the attached .config to linux build tree
make ARCH=i386
All errors (new ones prefixed by >>):
fs/proc/vmcore.o: In function `read_from_oldmem':
>> fs/proc/vmcore.c:115: undefined reference to `copy_oldmem_page_encrypted'
vim +115 fs/proc/vmcore.c
88
89 /* Reads a page from the oldmem device from given offset. */
90 static ssize_t read_from_oldmem(char *buf, size_t count,
91 u64 *ppos, int userbuf,
92 bool encrypted)
93 {
94 unsigned long pfn, offset;
95 size_t nr_bytes;
96 ssize_t read = 0, tmp;
97
98 if (!count)
99 return 0;
100
101 offset = (unsigned long)(*ppos % PAGE_SIZE);
102 pfn = (unsigned long)(*ppos / PAGE_SIZE);
103
104 do {
105 if (count > (PAGE_SIZE - offset))
106 nr_bytes = PAGE_SIZE - offset;
107 else
108 nr_bytes = count;
109
110 /* If pfn is not ram, return zeros for sparse dump
files */
111 if (pfn_is_ram(pfn) == 0)
112 memset(buf, 0, nr_bytes);
113 else {
114 if (encrypted)
> 115 tmp = copy_oldmem_page_encrypted(pfn,
> buf,
116
nr_bytes,
117 offset,
118
userbuf);
119 else
120 tmp = copy_oldmem_page(pfn, buf,
nr_bytes,
121 offset, userbuf);
122
123 if (tmp < 0)
124 return tmp;
125 }
126 *ppos += nr_bytes;
127 count -= nr_bytes;
128 buf += nr_bytes;
129 read += nr_bytes;
130 ++pfn;
131 offset = 0;
132 } while (count);
133
134 return read;
135 }
136
---
0-DAY kernel test infrastructureOpen Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
.config.gz
Description: application/gzip
___
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec
