From: Baoquan He <bhe@redhat.com> To: Thomas.Lendacky@amd.com Cc: kexec@lists.infradead.org, x86@kernel.org, linux-kernel@vger.kernel.org Subject: The current SME implementation fails kexec/kdump kernel booting. Date: Tue, 4 Jun 2019 21:49:52 +0800 [thread overview] Message-ID: <20190604134952.GC26891@MiWiFi-R3L-srv> (raw) Hi Tom, Lianbo reported kdump kernel can't boot well with 'nokaslr' added, and have to enable KASLR in kdump kernel to make it boot successfully. This blocked his work on enabling sme for kexec/kdump. And on some machines SME kernel can't boot in 1st kernel. I checked code of SME implementation, and found out the root cause. The above failures are caused by SME code, sme_encrypt_kernel(). In sme_encrypt_kernel(), you get a 2M of encryption work area as intermediate buffer to encrypt kernel in-place. And the work area is just after _end of kernel. This happens to work in 1st kernel. But it will fail kexec/kdump kernel absolutely. Because we load realmode/kernel/initrd in kexec-tools from top to down. In kexec-tools, realmode is put just after kernel image. If KASLR enabled, kernel may be randomized to other position, then kdump kernel can boot. However, if nokaslr specified, the 2M intermediate encryption workarea will definitely stump into the following realmode, and fail kexec/kdump kernel booting. I have hacked kexec-tools code to put real mode area 4M away from the kernel image end, it works and confirm my finding. So the current SME in-place encryption way is not only a kexec/kdump issue, but also an issue in 1st kernel. Because KASLR could put kernel at the end of an available memory region, how to make sure the next 2M intermediate workarea must exist; if KASLR put kernel to be close to starting address of any cmdline/initrd/setup_data, how to make sure the gap between them must be larger than 2M. Thanks Baoquan
WARNING: multiple messages have this Message-ID (diff)
From: Baoquan He <bhe@redhat.com> To: Thomas.Lendacky@amd.com Cc: x86@kernel.org, kexec@lists.infradead.org, linux-kernel@vger.kernel.org Subject: The current SME implementation fails kexec/kdump kernel booting. Date: Tue, 4 Jun 2019 21:49:52 +0800 [thread overview] Message-ID: <20190604134952.GC26891@MiWiFi-R3L-srv> (raw) Hi Tom, Lianbo reported kdump kernel can't boot well with 'nokaslr' added, and have to enable KASLR in kdump kernel to make it boot successfully. This blocked his work on enabling sme for kexec/kdump. And on some machines SME kernel can't boot in 1st kernel. I checked code of SME implementation, and found out the root cause. The above failures are caused by SME code, sme_encrypt_kernel(). In sme_encrypt_kernel(), you get a 2M of encryption work area as intermediate buffer to encrypt kernel in-place. And the work area is just after _end of kernel. This happens to work in 1st kernel. But it will fail kexec/kdump kernel absolutely. Because we load realmode/kernel/initrd in kexec-tools from top to down. In kexec-tools, realmode is put just after kernel image. If KASLR enabled, kernel may be randomized to other position, then kdump kernel can boot. However, if nokaslr specified, the 2M intermediate encryption workarea will definitely stump into the following realmode, and fail kexec/kdump kernel booting. I have hacked kexec-tools code to put real mode area 4M away from the kernel image end, it works and confirm my finding. So the current SME in-place encryption way is not only a kexec/kdump issue, but also an issue in 1st kernel. Because KASLR could put kernel at the end of an available memory region, how to make sure the next 2M intermediate workarea must exist; if KASLR put kernel to be close to starting address of any cmdline/initrd/setup_data, how to make sure the gap between them must be larger than 2M. Thanks Baoquan _______________________________________________ kexec mailing list kexec@lists.infradead.org http://lists.infradead.org/mailman/listinfo/kexec
next reply other threads:[~2019-06-04 13:50 UTC|newest] Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top 2019-06-04 13:49 Baoquan He [this message] 2019-06-04 13:49 ` The current SME implementation fails kexec/kdump kernel booting Baoquan He 2019-06-04 15:56 ` Lendacky, Thomas 2019-06-04 15:56 ` Lendacky, Thomas 2019-06-05 0:56 ` Baoquan He 2019-06-05 0:56 ` Baoquan He 2019-06-05 16:04 ` Lendacky, Thomas 2019-06-05 16:04 ` Lendacky, Thomas 2019-06-05 22:57 ` Baoquan He 2019-06-05 22:57 ` Baoquan He 2019-06-09 3:45 ` lijiang 2019-06-09 3:45 ` lijiang 2019-06-11 9:52 ` lijiang 2019-06-11 9:52 ` lijiang 2019-06-11 10:24 ` Baoquan He 2019-06-11 10:24 ` Baoquan He
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20190604134952.GC26891@MiWiFi-R3L-srv \ --to=bhe@redhat.com \ --cc=Thomas.Lendacky@amd.com \ --cc=kexec@lists.infradead.org \ --cc=linux-kernel@vger.kernel.org \ --cc=x86@kernel.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.