lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Tue, 21 Nov 2023 11:43:21 +0300
From:   "Kirill A. Shutemov" <>
To:     Baoquan He <>
Cc:     Thomas Gleixner <>,
        Ingo Molnar <>,,
        Borislav Petkov <>,
        Dave Hansen <>,,
        "Rafael J. Wysocki" <>,
        Peter Zijlstra <>,
        Adrian Hunter <>,
        Kuppuswamy Sathyanarayanan 
        Elena Reshetova <>,
        Jun Nakajima <>,
        Rick Edgecombe <>,
        Tom Lendacky <>,
        "Kalra, Ashish" <>,
        Sean Christopherson <>,
        "Huang, Kai" <>,,,
Subject: Re: [PATCHv3 00/14] x86/tdx: Add kexec support

On Tue, Nov 21, 2023 at 02:41:08PM +0800, Baoquan He wrote:
> > > 
> > > Still failed. And I found the normal reboot does't work either. I will
> > > do more testing tomorrow, e.g use the tdx-tools's own rhel9 kernel
> > > config and rebuild, and update host kernel too.
> I did more tests, resuls are summarized as below: 
> 1) kexec reboot works, but always fallback to 1 cpu even though multiple
> cpus are specified;

That's expected. Until you have new BIOS. See below.

> 2) kdump kernel need more crashkernel memory to boot up,
>    crashkernel=512M works well in our case.

I guess it is due to SWIOTLB memory which requres at least 64M.

>  But it failed in vmcore
>    saving process, either makedumpfile or cp can't access the 1st
>    kernel's old memory;

Will look into it.

> 3) Normal reboot always failed;

It is expected. TD vCPUs are not resettable. So we need to destroy TD and
construct a new one to emulate "reboot".

I guess we can try to add some glue on QEMU side to make reboot more

> My colleague Tao helped to double check this, he got the same testing result.
> Plesae 
> 1) what can we do to enable the multiple cpu support for kexec reboot?

You would need a patched BIOS image. I've hacked one[1] for my testing.
But it only works if kernel runs in 4-level paging mode (specify no5lvl in
kernel command line).

BIOS folks work on proper patch, but it is not ready yet.


> 2) anything missing to allow makedumpfile/cp access 1st kernel's memory?

It worked before for us, but I have not checked for a while.

I expected you've dropped my "if (crash) return;" debug patch I asked you
to tested before, right? If not, failure is expected.

> 3) not sure if this is particular case on the system we tested on.

  Kiryl Shutsemau / Kirill A. Shutemov

Powered by blists - more mailing lists