[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <87a5n34u5p.fsf@mail.lhotse>
Date: Tue, 12 Mar 2024 21:32:50 +1100
From: Michael Ellerman <mpe@...erman.id.au>
To: Rob Herring <robh@...nel.org>, Stefan Berger <stefanb@...ux.ibm.com>
Cc: linux-integrity@...r.kernel.org, linuxppc-dev@...ts.ozlabs.org,
linux-kernel@...r.kernel.org, jarkko@...nel.org, rnsastry@...ux.ibm.com,
peterhuewe@....de, viparash@...ibm.com
Subject: Re: [PATCH 1/2] powerpc/prom_init: Replace linux,sml-base/sml-size
with linux,sml-log
Rob Herring <robh@...nel.org> writes:
> On Fri, Mar 08, 2024 at 07:23:35AM -0500, Stefan Berger wrote:
>> On 3/7/24 16:52, Rob Herring wrote:
>> > On Thu, Mar 07, 2024 at 09:41:31PM +1100, Michael Ellerman wrote:
>> > > Stefan Berger <stefanb@...ux.ibm.com> writes:
>> > > > linux,sml-base holds the address of a buffer with the TPM log. This
>> > > > buffer may become invalid after a kexec and therefore embed the whole TPM
>> > > > log in linux,sml-log. This helps to protect the log since it is properly
>> > > > carried across a kexec with both of the kexec syscalls.
>> > > >
>> > > > Signed-off-by: Stefan Berger <stefanb@...ux.ibm.com>
>> > > > ---
>> > > > arch/powerpc/kernel/prom_init.c | 8 ++------
>> > > > 1 file changed, 2 insertions(+), 6 deletions(-)
>> > > >
>>
>> >
>> >
>> > > Also adding the new linux,sml-log property should be accompanied by a
>> > > change to the device tree binding.
>> > >
>> > > The syntax is not very obvious to me, but possibly something like?
>> > >
>> > > diff --git a/Documentation/devicetree/bindings/tpm/ibm,vtpm.yaml b/Documentation/devicetree/bindings/tpm/ibm,vtpm.yaml
>> > > index 50a3fd31241c..cd75037948bc 100644
>> > > --- a/Documentation/devicetree/bindings/tpm/ibm,vtpm.yaml
>> > > +++ b/Documentation/devicetree/bindings/tpm/ibm,vtpm.yaml
>> > > @@ -74,8 +74,6 @@ required:
>> > > - ibm,my-dma-window
>> > > - ibm,my-drc-index
>> > > - ibm,loc-code
>> > > - - linux,sml-base
>> > > - - linux,sml-size
>> >
>> > Dropping required properties is an ABI break. If you drop them, an older
>> > OS version won't work.
>>
>> 1) On PowerVM and KVM on Power these two properties were added in the Linux
>> code. I replaced the creation of these properties with creation of
>> linux,sml-log (1/2 in this series). I also replaced the handling of
>> these two (2/2 in this series) for these two platforms but leaving it for
>> powernv systems where the firmware creates these.
>
> Okay, I guess your case is not a ABI break if the kernel is populating
> it and the same kernel consumes it.
>
> You failed to answer my question on using /reserved-memory. Again, why
> can't that be used? That is the standard way we prevent chunks of memory
> from being clobbered.
Yes I think that would mostly work. I don't see support for
/reserved-memory in kexec-tools, so that would need fixing I think.
My logic was that the memory is not special. It's just a buffer we
allocated during early boot to store the log. There isn't anything else
in the system that relies on that memory remaining untouched. So it
seemed cleaner to just put the log in the device tree, rather than a
pointer to it.
Having the log external to the device tree creates several problems,
like the crash kernel region colliding with it, it being clobbered by
kexec, etc.
cheers
Powered by blists - more mailing lists