[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20221124091246.4957-1-zelin.deng@linux.alibaba.com>
Date: Thu, 24 Nov 2022 17:12:44 +0800
From: Zelin Deng <zelin.deng@...ux.alibaba.com>
To: x86@...nel.org, linux-kernel@...r.kernel.org
Cc: Tom Lendacky <thomas.lendacky@....com>,
Thomas Gleixner <tglx@...utronix.de>,
Borislav Petkov <bp@...en8.de>,
Zelin Deng <zelin.deng@...ux.alibaba.com>
Subject: [PATCH 0/2] Map initrd as encrypted when relocating if SME is enabled
I found an issue on SME enabled AMD machine when initrd is relocated if
it was located in e820 reserved area.
For example key dmesg output:
...
[mem 0x000000005aafe000-0x000000006005ffff] reserved //e820 mapping
Move RAMDISK from [mem 0x5aafe000-0x5ccd5167] //relocate_initrd()
...
Early initrd will be copied by copy_from_early_mem() which will clear
encrypted pgprot flag as initrd source address is not in kernel usable
area. As initrd has been encrypted at earlier stage, encrypted data is
copied, which leads new initrd cannot be unpacked, then rootfs cannot be
mounted.
dmesg output:
...
[ 11.296725] Trying to unpack rootfs image as initramfs...
[ 11.302127] Initramfs unpacking failed: invalid magic at start of compressed archive
...
[ 16.698152] /dev/root: Can't open blockdev
[ 16.702255] VFS: Cannot open root device "PARTUUID=0ad58d87-05c7-43f8-b147-93140ad315e5" or unknown-block(0,0): error -6
[ 16.713114] Please append a correct "root=" boot option; here are the available partitions:
[ 16.721462] Kernel panic - not syncing: VFS: Unable to mount root fs on unknown-block(0,0)
[ 16.729716] CPU: 9 PID: 1 Comm: swapper/0 Not tainted 6.1.0-rc5-next-20221114 #3
[ 16.737099] Hardware name: AMD Corporation DAYTONA_X/DAYTONA_X, BIOS RYM1008B 01/19/2022
[ 16.745175] Call Trace:
[ 16.747623] <TASK>
[ 16.749727] dump_stack_lvl+0x38/0x4c
[ 16.753393] panic+0xfb/0x28a
[ 16.771999] ? _printk+0x4c/0x52
[ 16.775224] mount_block_root+0x143/0x1dd
[ 16.779237] prepare_namespace+0x13f/0x16e
[ 16.783334] kernel_init_freeable+0x15a/0x164
[ 16.787687] ? __pfx_kernel_init+0x10/0x10
[ 16.791785] kernel_init+0x1a/0x130
[ 16.795268] ret_from_fork+0x29/0x50
[ 16.798840] </TASK>
To fix this issue, early initrd must be mapped as encrypted when it is
being relocated.
Zelin Deng (2):
mm/early_ioremap.c: Always build early_memremap_prot() in x86
x86/setup: Preserve _ENC flag when initrd is being relocated
arch/x86/Kconfig | 1 +
arch/x86/kernel/setup.c | 30 ++++++++++++++++++++++++++++-
include/asm-generic/early_ioremap.h | 6 ------
mm/early_ioremap.c | 21 --------------------
4 files changed, 30 insertions(+), 28 deletions(-)
--
2.27.0
Powered by blists - more mailing lists