linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: lijiang <lijiang@redhat.com>
To: Boris Petkov <bp@alien8.de>, linux-kernel@vger.kernel.org
Cc: kexec@lists.infradead.org, tglx@linutronix.de, mingo@redhat.com,
	x86@kernel.org, bhe@redhat.com, dyoung@redhat.com
Subject: Re: [PATCH] kdump, vmcoreinfo: Export sme_me_mask value to vmcoreinfo
Date: Fri, 26 Oct 2018 20:32:11 +0800	[thread overview]
Message-ID: <1263471c-a27d-a698-15f0-b5947f13ea93@redhat.com> (raw)
In-Reply-To: <053CC83A-9A95-4C12-9627-AABD1427DA9C@alien8.de>

在 2018年10月26日 17:43, Boris Petkov 写道:
> On October 26, 2018 10:36:30 AM GMT+01:00, Lianbo Jiang <lijiang@redhat.com> wrote:
>> For AMD machine with SME feature, makedumpfile tools need to know
>> whether the crash kernel was encrypted or not. 
> 
> Why?
> 

If SME is enabled in the first kernel, the crash kernel's page table(pgd/pud/pmd/pte)
contains the memory encryption mask, so i have to remove the sme mask to obtain the
true physical address when dump vmcore. 

>> So it is necessary
>> to write the sme_me_mask to vmcoreinfo.
>>
>> Signed-off-by: Lianbo Jiang <lijiang@redhat.com>
>> ---
>> arch/x86/kernel/machine_kexec_64.c | 2 ++
>> 1 file changed, 2 insertions(+)
>>
>> diff --git a/arch/x86/kernel/machine_kexec_64.c
>> b/arch/x86/kernel/machine_kexec_64.c
>> index 4c8acdfdc5a7..dcfdb64d1097 100644
>> --- a/arch/x86/kernel/machine_kexec_64.c
>> +++ b/arch/x86/kernel/machine_kexec_64.c
>> @@ -357,6 +357,8 @@ void arch_crash_save_vmcoreinfo(void)
>> 	vmcoreinfo_append_str("NUMBER(pgtable_l5_enabled)=%d\n",
>> 			pgtable_l5_enabled());
>>
>> +	VMCOREINFO_NUMBER(sme_me_mask);
> 
> No we're not going to expose a kernel-internal mask to userspace. 
> 

If so, can i set a variable flag for the 'sme_me_mask' and export the
variable flag? For example:

void arch_crash_save_vmcoreinfo(void) {

    ....

    if (sme_active())
        sme_enabled = 1;

    VMCOREINFO_NUMBER(sme_enabled);
....
}

> If at all needed, add functions to kexec which figure out whether we are encrypted or not and export that result as a kexec variable.
> 
> 

For AMD machine with the SME feature, the msr 'MSR_K8_SYSCFG' can examine
whether SME is enabled in kernel, but the kexec is also userspace tool,
it has no permission to access the msr.

Furthermore, i also tried to read the "/dev/cpu/cpu[number]/msr", but
the value depends on BIOS's configuration. That is to say, if SME is
set in BIOS, the value of msr is always 0xF40000 whatever the kernel
commandline parameter is "mem_encrypt=on" or "mem_encrypt=off".

If i made a mistake, please help to point it out.

Thanks.
Lianbo

  reply	other threads:[~2018-10-26 12:32 UTC|newest]

Thread overview: 33+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-10-26  9:36 [PATCH] kdump, vmcoreinfo: Export sme_me_mask value to vmcoreinfo Lianbo Jiang
2018-10-26  9:43 ` Boris Petkov
2018-10-26 12:32   ` lijiang [this message]
2018-10-26 16:24     ` Petr Tesarik
2018-10-26 22:25       ` Borislav Petkov
2018-10-27  2:57         ` lijiang
2018-10-27  8:13         ` Baoquan He
2018-10-27  9:10           ` Borislav Petkov
2018-10-27  9:39             ` Baoquan He
2018-10-27 10:12               ` Borislav Petkov
2018-10-27 11:08                 ` Baoquan He
2018-10-27 13:17                   ` Boris Petkov
2018-10-27 14:41                     ` lijiang
2018-10-27 14:51                       ` Borislav Petkov
2018-10-29  7:59                         ` lijiang
2018-10-29  8:31                           ` Baoquan He
2018-10-29  9:29                             ` lijiang
2018-10-29  9:57                               ` Borislav Petkov
2018-10-29 10:12                                 ` lijiang
2018-10-29 11:44                                   ` Baoquan He
2018-10-29 13:41                                     ` lijiang
2018-10-29 13:49                                       ` Borislav Petkov
2018-10-30  4:46                                         ` lijiang
2018-10-30  5:09                                           ` Dave Young
2018-10-30  9:15                                             ` Borislav Petkov
2018-10-30  9:23                                               ` Baoquan He
2018-10-31  2:26                                                 ` lijiang
2018-10-31  2:47                                                   ` Dave Young
2018-10-31  7:43                                                     ` lijiang
2018-10-31 10:10                                                     ` Borislav Petkov
2018-11-01 15:01                                                       ` Kazuhito Hagio
2018-10-26 16:35     ` Borislav Petkov
2018-10-27  2:19       ` lijiang

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1263471c-a27d-a698-15f0-b5947f13ea93@redhat.com \
    --to=lijiang@redhat.com \
    --cc=bhe@redhat.com \
    --cc=bp@alien8.de \
    --cc=dyoung@redhat.com \
    --cc=kexec@lists.infradead.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mingo@redhat.com \
    --cc=tglx@linutronix.de \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).