lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Thu, 27 Sep 2018 13:12:16 +0800
From:   lijiang <lijiang@...hat.com>
To:     Baoquan He <bhe@...hat.com>
Cc:     linux-kernel@...r.kernel.org, joro@...tes.org, mingo@...hat.com,
        ebiederm@...ssion.com, hpa@...or.com, tglx@...utronix.de,
        Dave Young <dyoung@...hat.com>,
        "Lendacky, Thomas" <thomas.lendacky@....com>,
        kexec@...ts.infradead.org
Subject: Re: [PATCH 1/4 v8] x86/ioremap: add a function ioremap_encrypted() to
 remap kdump old memory

在 2018年09月27日 10:06, Baoquan He 写道:
> Hi Lianbo,
> 
> On 09/26/18 at 05:34pm, lijiang wrote:
>> When SME is enabled on AMD machine, the memory is encrypted in the first
>> kernel. In this case, SME also needs to be enabled in kdump kernel, and
>> we have to remap the old memory with the memory encryption mask.
>>
>> Here we only talk about the case that SME is active in the first kernel,
>> and only care it's active too in kdump kernel. there are four cases we
>> need considered.
>>
>> a. dump vmcore
>>    It is encrypted in the first kernel, and needs be read out in kdump
>>    kernel.
>>
>> b. crash notes
>>    When dumping vmcore, the people usually need to read the useful
>>    information from notes, and the notes is also encrypted.
>>
>> c. iommu device table
>>    It is allocated by kernel, need fill its pointer into mmio of amd iommu.
>>    It's encrypted in the first kernel, need read the old content to analyze
>>    and get useful information.
>>
>> d. mmio of amd iommu
>>    Register reported by amd firmware, it's not RAM, we don't encrypt in
>>    both the first kernel and kdump kernel.
>>
>> To achieve the goal, the solution is:
>> 1. add a new bool parameter "encrypted" to __ioremap_caller()
>>    It is a low level function, and check the newly added parameter, if it's
>>    true and in kdump kernel, will remap the memory with sme mask.
>>
>> 2. add a new function ioremap_encrypted() to explicitly passed in a "true"
>>    value for "encrypted".
>>    For above a, b, c, we will call ioremap_encrypted();
>>
>> 3. adjust all existed ioremap wrapper functions, passed in "false" for
>>    encrypted to make them an before.
>>
>>    ioremap_encrypted()\
>>    ioremap_cache()     |
>>    ioremap_prot()      |
>>    ioremap_wt()        |->__ioremap_caller()
>>    ioremap_wc()        |
>>    ioremap_uc()        |
>>    ioremap_nocache()  /
> 
> Thanks, I think it's better. Since no code change, just patch log
> improvement, maybe you can repost a series and carry both Tom and
> Joerg's ACK.
> 
Thank you, Baoquan.
I will resend a series, and add Tom's Reviewed-by for all patches, also
add Joerg's Acked-by for patch 3/4.

Thanks.
Lianbo

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ