| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 07 Apr 2015 17:55:03 +0800 From: "Li, ZhenHua" <zhen-hual@...com> To: Dave Young <dyoung@...hat.com> CC: Baoquan He <bhe@...hat.com>, dwmw2@...radead.org, indou.takao@...fujitsu.com, joro@...tes.org, vgoyal@...hat.com, iommu@...ts.linux-foundation.org, linux-kernel@...r.kernel.org, linux-pci@...r.kernel.org, kexec@...ts.infradead.org, alex.williamson@...hat.com, ddutile@...hat.com, ishii.hironobu@...fujitsu.com, bhelgaas@...gle.com, doug.hatch@...com, jerry.hoemann@...com, tom.vaden@...com, li.zhang6@...com, lisa.mitchell@...com, billsumnerlinux@...il.com, rwright@...com Subject: Re: [PATCH v9 0/10] iommu/vt-d: Fix intel vt-d faults in kdump kernel On 04/07/2015 05:08 PM, Dave Young wrote: > On 04/07/15 at 11:46am, Dave Young wrote: >> On 04/05/15 at 09:54am, Baoquan He wrote: >>> On 04/03/15 at 05:21pm, Dave Young wrote: >>>> On 04/03/15 at 05:01pm, Li, ZhenHua wrote: >>>>> Hi Dave, >>>>> >>>>> There may be some possibilities that the old iommu data is corrupted by >>>>> some other modules. Currently we do not have a better solution for the >>>>> dmar faults. >>>>> >>>>> But I think when this happens, we need to fix the module that corrupted >>>>> the old iommu data. I once met a similar problem in normal kernel, the >>>>> queue used by the qi_* functions was written again by another module. >>>>> The fix was in that module, not in iommu module. >>>> >>>> It is too late, there will be no chance to save vmcore then. >>>> >>>> Also if it is possible to continue corrupt other area of oldmem because >>>> of using old iommu tables then it will cause more problems. >>>> >>>> So I think the tables at least need some verifycation before being used. >>>> >>> >>> Yes, it's a good thinking anout this and verification is also an >>> interesting idea. kexec/kdump do a sha256 calculation on loaded kernel >>> and then verify this again when panic happens in purgatory. This checks >>> whether any code stomps into region reserved for kexec/kernel and corrupt >>> the loaded kernel. >>> >>> If this is decided to do it should be an enhancement to current >>> patchset but not a approach change. Since this patchset is going very >>> close to point as maintainers expected maybe this can be merged firstly, >>> then think about enhancement. After all without this patchset vt-d often >>> raised error message, hung. >> >> It does not convince me, we should do it right at the beginning instead of >> introduce something wrong. >> >> I wonder why the old dma can not be remap to a specific page in kdump kernel >> so that it will not corrupt more memory. But I may missed something, I will >> looking for old threads and catch up. > > I have read the old discussion, above way was dropped because it could corrupt > filesystem. Apologize about late commenting. > > But current solution sounds bad to me because of using old memory which is not > reliable. > > Thanks > Dave > Seems we do not have a better solution for the dmar faults. But I believe we can find out how to verify the iommu data which is located in old memory. Thanks Zhenhua -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists