| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20231128154539.GC1102144@ls.amr.corp.intel.com>
Date: Tue, 28 Nov 2023 07:45:39 -0800
From: Isaku Yamahata <isaku.yamahata@...ux.intel.com>
To: Baoquan He <bhe@...hat.com>
Cc: "Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>, ltao@...hat.com,
Borislav Petkov <bp@...en8.de>,
Dave Hansen <dave.hansen@...ux.intel.com>, x86@...nel.org,
"Rafael J. Wysocki" <rafael@...nel.org>,
Peter Zijlstra <peterz@...radead.org>,
Adrian Hunter <adrian.hunter@...el.com>,
Kuppuswamy Sathyanarayanan
<sathyanarayanan.kuppuswamy@...ux.intel.com>,
Elena Reshetova <elena.reshetova@...el.com>,
Jun Nakajima <jun.nakajima@...el.com>,
Rick Edgecombe <rick.p.edgecombe@...el.com>,
Tom Lendacky <thomas.lendacky@....com>,
"Kalra, Ashish" <ashish.kalra@....com>,
Sean Christopherson <seanjc@...gle.com>,
"Huang, Kai" <kai.huang@...el.com>, kexec@...ts.infradead.org,
linux-coco@...ts.linux.dev, linux-kernel@...r.kernel.org,
isaku.yamahata@...ux.intel.com, isaku.yamahata@...el.com
Subject: Re: [PATCHv3 00/14] x86/tdx: Add kexec support
On Tue, Nov 21, 2023 at 02:41:08PM +0800,
Baoquan He <bhe@...hat.com> wrote:
> On 11/17/23 at 06:46pm, Kirill A. Shutemov wrote:
> > On Fri, Nov 17, 2023 at 11:03:00PM +0800, Baoquan He wrote:
> > > On 11/17/23 at 03:47pm, Kirill A. Shutemov wrote:
> > > > On Thu, Nov 16, 2023 at 10:45:23PM +0800, Baoquan He wrote:
> > > > > On 11/16/23 at 10:17pm, Baoquan He wrote:
> > > > > > On 11/16/23 at 03:56pm, Kirill A. Shutemov wrote:
> > > > > > > On Thu, Nov 16, 2023 at 08:10:47PM +0800, Baoquan He wrote:
> > > > > > > > On 11/15/23 at 03:00pm, Kirill A. Shutemov wrote:
> > > > > > > > > The patchset adds bits and pieces to get kexec (and crashkernel) work on
> > > > > > > > > TDX guest.
> > > > > > > >
> > > > > > > > I finally got a machine of intel-eaglestream-spr as host and built a
> > > > > > > > tdx guest to give it a shot, the kexec reboot is working very well,
> > > > > > > > while kdump kernel always failed to boot up. I only built kernel and
> > > > > > > > installed it on tdx guest.
> > > > > > > > ------------------------------------------
> > > > > > > > [ 1.422500] Run /init as init process
> > > > > > > > [ 1.423073] Failed to execute /init (error -2)
> > > > > > > > [ 1.423759] Run /sbin/init as init process
> > > > > > > > [ 1.424370] Run /etc/init as init process
> > > > > > > > [ 1.424969] Run /bin/init as init process
> > > > > > > > [ 1.425588] Run /bin/sh as init process
> > > > > > > > [ 1.426150] Kernel panic - not syncing: No working init found. Try passing init= option to kernel. See Linux Documentation/admin-guide/init.rst for guidance.
> > > > > > > > [ 1.428122] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.7.0-rc1-00014-gbdba31ba3cec #3
> > > > > > > > [ 1.429232] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS unknown 2/2/2022
> > > > > > > > [ 1.430328] Call Trace:
> > > > > > > > [ 1.430717] <TASK>
> > > > > > > > [ 1.431041] dump_stack_lvl+0x33/0x50
> > > > > > > > [ 1.431581] panic+0x324/0x340
> > > > > > > > [ 1.432037] ? __pfx_kernel_init+0x10/0x10
> > > > > > > > [ 1.432629] kernel_init+0x174/0x1c0
> > > > > > > > [ 1.433149] ret_from_fork+0x2d/0x50
> > > > > > > > [ 1.433690] ? __pfx_kernel_init+0x10/0x10
> > > > > > > > [ 1.434277] ret_from_fork_asm+0x1b/0x30
> > > > > > > > [ 1.434850] </TASK>
> > > > > > > > [ 1.435345] Kernel Offset: disabled
> > > > > > > > [ 1.439216] Rebooting in 10 seconds..
> > > > > > > > qemu-kvm: cpus are not resettable, terminating
> > > > > > >
> > > > > > > Could you shared your kernel config and details about your setup (qemu
> > > > > > > command, kernel command line, ...)?
> > > > > >
> > > > > > We followed tdx-tools README to setup the environment and built host and
> > > > > > guest kernel, qemu command is as below. I copied the
> > > > > > tdx-tools/build/rhel-9/intel-mvp-tdx-kernel/tdx-base.config to the
> > > > > > latest upstream linxu kernel then execute 'make olddefconfig'. Because
> > > > > > your patchset can't be applied to the stable kernel with the 731
> > > > > > patches.
> > > > > >
> > > > > > cd /home/root/tdx-tools
> > > > > > ./start-qemu.sh -i /home/root/guest_tdx.qcow2 -b grub
> > > > >
> > > > > This is the qemu command when execute above line of command, just for
> > > > > your reference if you happen to not take this way.
> > > >
> > > > Still failed to reproduce :/
> > > >
> > > > Blind shot: could you check if the patch below makes any difference.
> > >
> > > Still failed. And I found the normal reboot does't work either. I will
> > > do more testing tomorrow, e.g use the tdx-tools's own rhel9 kernel
> > > config and rebuild, and update host kernel too.
>
> I did more tests, resuls are summarized as below:
>
> 1) kexec reboot works, but always fallback to 1 cpu even though multiple
> cpus are specified;
> 2) kdump kernel need more crashkernel memory to boot up,
> crashkernel=512M works well in our case. But it failed in vmcore
> saving process, either makedumpfile or cp can't access the 1st
> kernel's old memory;
> 3) Normal reboot always failed;
...
> 3) not sure if this is particular case on the system we tested on.
qemu handles guest reset request as shutdown. This is expected.
It is common for confidential guest support.
In theory it's possible for qemu to re-create TDX guest and start a new guest.
Because the qemu implementation is too convoluted, it's not worthwhile to
implement it. Instead we can modify libvirt to restart qemu for reset request.
--
Isaku Yamahata <isaku.yamahata@...ux.intel.com>
Powered by blists - more mailing lists