linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Stefan Berger <stefanb@linux.ibm.com>
To: Rob Herring <robh@kernel.org>, Michael Ellerman <mpe@ellerman.id.au>
Cc: linux-integrity@vger.kernel.org, linuxppc-dev@lists.ozlabs.org,
	linux-kernel@vger.kernel.org, jarkko@kernel.org,
	rnsastry@linux.ibm.com, peterhuewe@gmx.de, viparash@in.ibm.com
Subject: Re: [PATCH 1/2] powerpc/prom_init: Replace linux,sml-base/sml-size with linux,sml-log
Date: Tue, 12 Mar 2024 15:15:25 -0400	[thread overview]
Message-ID: <9d4aeb9e-4fd3-412b-92ed-55db2ca705d2@linux.ibm.com> (raw)
In-Reply-To: <20240312162238.GA2308643-robh@kernel.org>



On 3/12/24 12:22, Rob Herring wrote:
> On Tue, Mar 12, 2024 at 09:32:50PM +1100, Michael Ellerman wrote:
>> Rob Herring <robh@kernel.org> writes:
>>> On Fri, Mar 08, 2024 at 07:23:35AM -0500, Stefan Berger wrote:
>>>> On 3/7/24 16:52, Rob Herring wrote:
>>>>> On Thu, Mar 07, 2024 at 09:41:31PM +1100, Michael Ellerman wrote:
>>>>>> Stefan Berger <stefanb@linux.ibm.com> writes:
>>>>>>> linux,sml-base holds the address of a buffer with the TPM log. This
>>>>>>> buffer may become invalid after a kexec and therefore embed the whole TPM
>>>>>>> log in linux,sml-log. This helps to protect the log since it is properly
>>>>>>> carried across a kexec with both of the kexec syscalls.
>>>>>>>
>>>>>>> Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
>>>>>>> ---
>>>>>>>    arch/powerpc/kernel/prom_init.c | 8 ++------
>>>>>>>    1 file changed, 2 insertions(+), 6 deletions(-)
>>>>>>>
>>>>
>>>>>
>>>>>
>>>>>> Also adding the new linux,sml-log property should be accompanied by a
>>>>>> change to the device tree binding.
>>>>>>
>>>>>> The syntax is not very obvious to me, but possibly something like?
>>>>>>
>>>>>> diff --git a/Documentation/devicetree/bindings/tpm/ibm,vtpm.yaml b/Documentation/devicetree/bindings/tpm/ibm,vtpm.yaml
>>>>>> index 50a3fd31241c..cd75037948bc 100644
>>>>>> --- a/Documentation/devicetree/bindings/tpm/ibm,vtpm.yaml
>>>>>> +++ b/Documentation/devicetree/bindings/tpm/ibm,vtpm.yaml
>>>>>> @@ -74,8 +74,6 @@ required:
>>>>>>      - ibm,my-dma-window
>>>>>>      - ibm,my-drc-index
>>>>>>      - ibm,loc-code
>>>>>> -  - linux,sml-base
>>>>>> -  - linux,sml-size
>>>>>
>>>>> Dropping required properties is an ABI break. If you drop them, an older
>>>>> OS version won't work.
>>>>
>>>> 1) On PowerVM and KVM on Power these two properties were added in the Linux
>>>> code. I replaced the creation of these properties with creation of
>>>> linux,sml-log (1/2 in this series). I also replaced the handling of
>>>> these two (2/2 in this series) for these two platforms but leaving it for
>>>> powernv systems where the firmware creates these.
>>>
>>> Okay, I guess your case is not a ABI break if the kernel is populating
>>> it and the same kernel consumes it.
>>>
>>> You failed to answer my question on using /reserved-memory. Again, why
>>> can't that be used? That is the standard way we prevent chunks of memory
>>> from being clobbered.
>>
>> Yes I think that would mostly work. I don't see support for
>> /reserved-memory in kexec-tools, so that would need fixing I think.
>>
>> My logic was that the memory is not special. It's just a buffer we
>> allocated during early boot to store the log. There isn't anything else
>> in the system that relies on that memory remaining untouched. So it
>> seemed cleaner to just put the log in the device tree, rather than a
>> pointer to it.
> 
> My issue is we already have 2 ways to describe the log to the OS. I
> don't see a good reason to add a 3rd way. (Though it might actually be a
> 4th way, because the chosen property for the last attempt was accepted
> to dtschema yet the code has been abandoned.)

I have a revert for this in my tree...

> 
> If you put the log into the DT, then the memory for the log remains
> untouched too because the FDT remains untouched. For reserved-memory
> regions, the OS is free to free them if it knows what the region is and
> that it is no longer needed. IOW, if freeing the log memory is desired,
> then the suggested approach doesn't work.

The log, once embedded in the FDT, would stay there forever. The TPM 
subsystem looks at it when initializing and will look at it again when 
initializing after a kexec soft reboot.

> 
>>
>> Having the log external to the device tree creates several problems,
>> like the crash kernel region colliding with it, it being clobbered by
>> kexec, etc.
> 
> We have multiple regions to pass/maintain thru kexec, so how does having
> one less really matter?

I had tried it with the newer kexec syscall. Yes, there was a way of 
doing it but the older kexec call is still around and since that one is 
also still being used the problems with corrupted memory for example 
still persisted. So that's why we now embed it in the FDT because both 
syscalls carry that across unharmed.

> 
> Rob

  reply	other threads:[~2024-03-12 19:15 UTC|newest]

Thread overview: 29+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-03-06 15:55 [PATCH 0/2] Preserve TPM log across kexec Stefan Berger
2024-03-06 15:55 ` [PATCH 1/2] powerpc/prom_init: Replace linux,sml-base/sml-size with linux,sml-log Stefan Berger
2024-03-07 10:41   ` Michael Ellerman
2024-03-07 15:11     ` Stefan Berger
2024-03-07 20:39       ` Conor Dooley
2024-03-07 21:15         ` Stefan Berger
2024-03-07 21:29           ` Conor Dooley
2024-03-07 21:52     ` Rob Herring
2024-03-08 12:23       ` Stefan Berger
2024-03-08 20:57         ` Rob Herring
2024-03-08 21:26           ` Stefan Berger
2024-03-12 10:32           ` Michael Ellerman
2024-03-12 16:22             ` Rob Herring
2024-03-12 19:15               ` Stefan Berger [this message]
2024-03-07 20:11   ` Jarkko Sakkinen
2024-03-06 15:55 ` [PATCH 2/2] tpm: of: If available Use linux,sml-log to get the log and its size Stefan Berger
2024-03-07 10:42   ` Michael Ellerman
2024-03-07 15:00     ` Stefan Berger
2024-03-07 11:35   ` Conor Dooley
2024-03-07 19:57   ` Jarkko Sakkinen
2024-03-07 20:00     ` Jarkko Sakkinen
2024-03-08 12:17       ` Stefan Berger
2024-03-11 20:09         ` Jarkko Sakkinen
2024-03-12 10:35         ` Michael Ellerman
2024-03-12 15:50           ` Jarkko Sakkinen
2024-03-12 19:08             ` Stefan Berger
2024-03-06 16:08 ` [PATCH 0/2] Preserve TPM log across kexec Stefan Berger
2024-03-07 21:42   ` Rob Herring
2024-03-07 22:32     ` Stefan Berger

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=9d4aeb9e-4fd3-412b-92ed-55db2ca705d2@linux.ibm.com \
    --to=stefanb@linux.ibm.com \
    --cc=jarkko@kernel.org \
    --cc=linux-integrity@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linuxppc-dev@lists.ozlabs.org \
    --cc=mpe@ellerman.id.au \
    --cc=peterhuewe@gmx.de \
    --cc=rnsastry@linux.ibm.com \
    --cc=robh@kernel.org \
    --cc=viparash@in.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).