lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <a07bc9f1-e3c6-04b4-b9b0-63d33373ee31@igalia.com>
Date: Sun, 27 Oct 2024 17:43:22 -0300
From: "Guilherme G. Piccoli" <gpiccoli@...lia.com>
To: Michael Kelley <mhklinux@...look.com>
Cc: "bhe@...hat.com" <bhe@...hat.com>,
 "kexec@...ts.infradead.org" <kexec@...ts.infradead.org>,
 "vgoyal@...hat.com" <vgoyal@...hat.com>,
 "dyoung@...hat.com" <dyoung@...hat.com>, "corbet@....net" <corbet@....net>,
 "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
 "linux-doc@...r.kernel.org" <linux-doc@...r.kernel.org>,
 "linux-debuggers@...r.kernel.org" <linux-debuggers@...r.kernel.org>,
 "stephen.s.brennan@...cle.com" <stephen.s.brennan@...cle.com>,
 "horms@...nel.org" <horms@...nel.org>,
 "kernel@...ccoli.net" <kernel@...ccoli.net>,
 "kernel-dev@...lia.com" <kernel-dev@...lia.com>
Subject: Re: [PATCH V3] Documentation: Improve crash_kexec_post_notifiers
 description

On 27/10/2024 15:16, Michael Kelley wrote:
> [...]
>>  	crash_kexec_post_notifiers
>> -			Run kdump after running panic-notifiers and dumping
>> -			kmsg. This only for the users who doubt kdump always
>> -			succeeds in any situation.
>> -			Note that this also increases risks of kdump failure,
>> -			because some panic notifiers can make the crashed
>> -			kernel more unstable.
>> +			Only jump to kdump kernel after running the panic
>> +			notifiers and dumping kmsg. This option increases
>> +			the risks of a kdump failure, since some panic
>> +			notifiers can make the crashed kernel more unstable.
>> +			In configurations where kdump may not be reliable,
>> +			running the panic notifiers could allow collecting
>> +			more data on dmesg, like stack traces from other CPUS
>> +			or extra data dumped by panic_print. Note that some
>> +			configurations enable this option unconditionally,
>> +			like Hyper-V, PowerPC (fadump) and AMD SEV.
> 
> This last line should be more specific and use "AMD SEV-SNP" instead of
> just "AMD SEV". Commit 8ef979584ea8 that you mentioned above is
> specific to SEV-SNP.
> 
> There have been three versions of SEV functionality in AMD processors:
> * SEV:  the original guest VM encryption
> * SEV-ES:  SEV enhanced to cover register state as well
> * SEV-SNP:  SEV-ES plus Secure Nested Paging, which provides
> functionality to address the Confidential Computing VM threat model
> described in the Linux CoCo VM documentation. SEV-SNP processors are
> AMD's product that is widely deployed for CoCo VMs in large public clouds.
> 
> Just using "SEV" is somewhat ambiguous because it's not clear whether
> it refers to the family of three SEV levels, or just the original guest VM
> encryption. Since this case is clearly SEV-SNP only, being specific removes
> the ambiguity.
> 
> Michael

Thanks a lot Michael, for the clarification. I've just sent a V4
updating that.
Cheers,


Guilherme

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ