[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <2c5000d8-9f20-cc85-6d41-d6ece314c6ba@redhat.com>
Date: Fri, 28 Sep 2018 18:09:04 +0800
From: lijiang <lijiang@...hat.com>
To: Borislav Petkov <bp@...en8.de>
Cc: linux-kernel@...r.kernel.org, kexec@...ts.infradead.org,
tglx@...utronix.de, mingo@...hat.com, hpa@...or.com,
x86@...nel.org, akpm@...ux-foundation.org,
dan.j.williams@...el.com, thomas.lendacky@....com,
bhelgaas@...gle.com, baiyaowei@...s.chinamobile.com, tiwai@...e.de,
brijesh.singh@....com, dyoung@...hat.com, bhe@...hat.com,
jroedel@...e.de
Subject: Re: [PATCH v7 RESEND 2/4] kexec: allocate unencrypted control pages
for kdump in case SME is enabled
在 2018年09月28日 15:57, Borislav Petkov 写道:
> On Fri, Sep 28, 2018 at 11:52:21AM +0800, lijiang wrote:
>> There are two functions that are usually called in pairs, they are:
>> arch_kexec_post_alloc_pages() and arch_kexec_pre_free_pages().
>>
>> One marks the pages as decrypted, another one marks the pages as encrypted.
>>
>> But for the crash control pages, no need to call arch_kexec_pre_free_pages(),
>> there are three reasons:
>> 1. Crash pages are reserved in memblock, these pages are only used by kdump,
>> no other people uses these pages;
>>
>> 2. Whenever crash pages are allocated, these pages are always marked as
>> decrypted(when SME is active);
>>
>> 3. If we plan to call the arch_kexe_pre_free_pages(), we have to store these
>> pages to somewhere, which will have more code changes.
>
> I don't think any of that answers the question *why* control pages do
> not need to be marked encrypted again. And I think the reason is simple:
> because you don't really need to, because once the crash kernel is done,
> you reboot the box.
>
Thanks for your comment, your explanation is very good.
But there are another cases, we might load or unload the crash kernel image and
initrafms, maybe again and again for test or debug, we don't reboot at once. For
example, repeat the following steps:
systemctl start kdump.service
...
systemctl stop kdump.service
But we always mark these pages as decrypted whenever these control pages are
allocated, because other people can't use these pages(reserved memory), which
are only used by kdump, so no need to mark these pages as encrypted again.
Regards,
Lianbo
Powered by blists - more mailing lists