lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <tip-4eb5fec31e613105668a1472d5876f3d0558e5d8@git.kernel.org>
Date:   Thu, 20 Jun 2019 03:03:17 -0700
From:   tip-bot for Lianbo Jiang <tipbot@...or.com>
To:     linux-tip-commits@...r.kernel.org
Cc:     rppt@...ux.vnet.ibm.com, thomas.lendacky@....com, hpa@...or.com,
        tglx@...utronix.de, adobriyan@...il.com, arnd@...db.de,
        jrdr.linux@...il.com, mingo@...nel.org, x86@...nel.org,
        lijiang@...hat.com, willy@...radead.org,
        linux-kernel@...r.kernel.org, bp@...e.de, ganeshgr@...lsio.com,
        akpm@...ux-foundation.org, rahul.lakkireddy@...lsio.com,
        brijesh.singh@....com
Subject: [tip:x86/kdump] fs/proc/vmcore: Enable dumping of encrypted memory
 when SEV was active

Commit-ID:  4eb5fec31e613105668a1472d5876f3d0558e5d8
Gitweb:     https://git.kernel.org/tip/4eb5fec31e613105668a1472d5876f3d0558e5d8
Author:     Lianbo Jiang <lijiang@...hat.com>
AuthorDate: Tue, 30 Apr 2019 15:44:21 +0800
Committer:  Borislav Petkov <bp@...e.de>
CommitDate: Thu, 20 Jun 2019 10:07:49 +0200

fs/proc/vmcore: Enable dumping of encrypted memory when SEV was active

In the kdump kernel, the memory of the first kernel gets to be dumped
into a vmcore file.

Similarly to SME kdump, if SEV was enabled in the first kernel, the old
memory has to be remapped encrypted in order to access it properly.

Commit

  992b649a3f01 ("kdump, proc/vmcore: Enable kdumping encrypted memory with SME enabled")

took care of the SME case but it uses sme_active() which checks for SME
only. Use mem_encrypt_active() instead, which returns true when either
SME or SEV is active.

Unlike SME, the second kernel images (kernel and initrd) are loaded into
encrypted memory when SEV is active, hence the kernel elf header must be
remapped as encrypted in order to access it properly.

 [ bp: Massage commit message. ]

Co-developed-by: Brijesh Singh <brijesh.singh@....com>
Signed-off-by: Brijesh Singh <brijesh.singh@....com>
Signed-off-by: Lianbo Jiang <lijiang@...hat.com>
Signed-off-by: Borislav Petkov <bp@...e.de>
Cc: Alexey Dobriyan <adobriyan@...il.com>
Cc: Andrew Morton <akpm@...ux-foundation.org>
Cc: Arnd Bergmann <arnd@...db.de>
Cc: bhe@...hat.com
Cc: dyoung@...hat.com
Cc: Ganesh Goudar <ganeshgr@...lsio.com>
Cc: H. Peter Anvin <hpa@...or.com>
Cc: kexec@...ts.infradead.org
Cc: linux-fsdevel@...r.kernel.org
Cc: Matthew Wilcox <willy@...radead.org>
Cc: Mike Rapoport <rppt@...ux.vnet.ibm.com>
Cc: mingo@...hat.com
Cc: Rahul Lakkireddy <rahul.lakkireddy@...lsio.com>
Cc: Souptick Joarder <jrdr.linux@...il.com>
Cc: Thomas Gleixner <tglx@...utronix.de>
Cc: Tom Lendacky <thomas.lendacky@....com>
Cc: x86-ml <x86@...nel.org>
Link: https://lkml.kernel.org/r/20190430074421.7852-4-lijiang@redhat.com
---
 fs/proc/vmcore.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/fs/proc/vmcore.c b/fs/proc/vmcore.c
index 7bb96fdd38ad..57957c91c6df 100644
--- a/fs/proc/vmcore.c
+++ b/fs/proc/vmcore.c
@@ -166,7 +166,7 @@ void __weak elfcorehdr_free(unsigned long long addr)
  */
 ssize_t __weak elfcorehdr_read(char *buf, size_t count, u64 *ppos)
 {
-	return read_from_oldmem(buf, count, ppos, 0, false);
+	return read_from_oldmem(buf, count, ppos, 0, sev_active());
 }
 
 /*
@@ -174,7 +174,7 @@ ssize_t __weak elfcorehdr_read(char *buf, size_t count, u64 *ppos)
  */
 ssize_t __weak elfcorehdr_read_notes(char *buf, size_t count, u64 *ppos)
 {
-	return read_from_oldmem(buf, count, ppos, 0, sme_active());
+	return read_from_oldmem(buf, count, ppos, 0, mem_encrypt_active());
 }
 
 /*
@@ -374,7 +374,7 @@ static ssize_t __read_vmcore(char *buffer, size_t buflen, loff_t *fpos,
 					    buflen);
 			start = m->paddr + *fpos - m->offset;
 			tmp = read_from_oldmem(buffer, tsz, &start,
-					       userbuf, sme_active());
+					       userbuf, mem_encrypt_active());
 			if (tmp < 0)
 				return tmp;
 			buflen -= tsz;

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ