[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1263471c-a27d-a698-15f0-b5947f13ea93@redhat.com>
Date: Fri, 26 Oct 2018 20:32:11 +0800
From: lijiang <lijiang@...hat.com>
To: Boris Petkov <bp@...en8.de>, linux-kernel@...r.kernel.org
Cc: kexec@...ts.infradead.org, tglx@...utronix.de, mingo@...hat.com,
x86@...nel.org, bhe@...hat.com, dyoung@...hat.com
Subject: Re: [PATCH] kdump, vmcoreinfo: Export sme_me_mask value to vmcoreinfo
在 2018年10月26日 17:43, Boris Petkov 写道:
> On October 26, 2018 10:36:30 AM GMT+01:00, Lianbo Jiang <lijiang@...hat.com> wrote:
>> For AMD machine with SME feature, makedumpfile tools need to know
>> whether the crash kernel was encrypted or not.
>
> Why?
>
If SME is enabled in the first kernel, the crash kernel's page table(pgd/pud/pmd/pte)
contains the memory encryption mask, so i have to remove the sme mask to obtain the
true physical address when dump vmcore.
>> So it is necessary
>> to write the sme_me_mask to vmcoreinfo.
>>
>> Signed-off-by: Lianbo Jiang <lijiang@...hat.com>
>> ---
>> arch/x86/kernel/machine_kexec_64.c | 2 ++
>> 1 file changed, 2 insertions(+)
>>
>> diff --git a/arch/x86/kernel/machine_kexec_64.c
>> b/arch/x86/kernel/machine_kexec_64.c
>> index 4c8acdfdc5a7..dcfdb64d1097 100644
>> --- a/arch/x86/kernel/machine_kexec_64.c
>> +++ b/arch/x86/kernel/machine_kexec_64.c
>> @@ -357,6 +357,8 @@ void arch_crash_save_vmcoreinfo(void)
>> vmcoreinfo_append_str("NUMBER(pgtable_l5_enabled)=%d\n",
>> pgtable_l5_enabled());
>>
>> + VMCOREINFO_NUMBER(sme_me_mask);
>
> No we're not going to expose a kernel-internal mask to userspace.
>
If so, can i set a variable flag for the 'sme_me_mask' and export the
variable flag? For example:
void arch_crash_save_vmcoreinfo(void) {
....
if (sme_active())
sme_enabled = 1;
VMCOREINFO_NUMBER(sme_enabled);
....
}
> If at all needed, add functions to kexec which figure out whether we are encrypted or not and export that result as a kexec variable.
>
>
For AMD machine with the SME feature, the msr 'MSR_K8_SYSCFG' can examine
whether SME is enabled in kernel, but the kexec is also userspace tool,
it has no permission to access the msr.
Furthermore, i also tried to read the "/dev/cpu/cpu[number]/msr", but
the value depends on BIOS's configuration. That is to say, if SME is
set in BIOS, the value of msr is always 0xF40000 whatever the kernel
commandline parameter is "mem_encrypt=on" or "mem_encrypt=off".
If i made a mistake, please help to point it out.
Thanks.
Lianbo
Powered by blists - more mailing lists