From mboxrd@z Thu Jan 1 00:00:00 1970 From: Tom Lendacky Subject: Re: [RFC PATCH v4 26/28] x86: Allow kexec to be used with SME Date: Mon, 6 Mar 2017 11:58:40 -0600 Message-ID: <998eb58b-eefd-3093-093f-9ae25ddda472@amd.com> References: <20170216154158.19244.66630.stgit@tlendack-t1.amdoffice.net> <20170216154755.19244.51276.stgit@tlendack-t1.amdoffice.net> <20170217155756.GJ30272@char.us.ORACLE.com> <20170301092536.GB8353@dhcp-128-65.nay.redhat.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; Format="flowed" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <20170301092536.GB8353-0VdLhd/A9Pl+NNSt+8eSiB/sF2h8X+2i0E9HWUfgJXw@public.gmane.org> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: iommu-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org Errors-To: iommu-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org To: Dave Young Cc: linux-efi-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, Brijesh Singh , Toshimitsu Kani , =?UTF-8?B?UmFkaW0gS3LEjW3DocWZ?= , Matt Fleming , x86-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org, linux-mm-Bw31MaZKKs3YtjvyW6yDsg@public.gmane.org, Alexander Potapenko , "H. Peter Anvin" , Larry Woodman , linux-arch-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, kvm-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, Jonathan Corbet , linux-doc-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, kasan-dev-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org, Ingo Molnar , Andrey Ryabinin , Rik van Riel , Arnd Bergmann , Borislav Petkov , Andy Lutomirski , Thomas Gleixner , Dmitry Vyukov , linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, iommu-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org, "Michael S. Tsirkin" , Paolo List-Id: linux-arch.vger.kernel.org On 3/1/2017 3:25 AM, Dave Young wrote: > Hi Tom, Hi Dave, > > On 02/17/17 at 10:43am, Tom Lendacky wrote: >> On 2/17/2017 9:57 AM, Konrad Rzeszutek Wilk wrote: >>> On Thu, Feb 16, 2017 at 09:47:55AM -0600, Tom Lendacky wrote: >>>> Provide support so that kexec can be used to boot a kernel when SME is >>>> enabled. >>> >>> Is the point of kexec and kdump to ehh, dump memory ? But if the >>> rest of the memory is encrypted you won't get much, will you? >> >> Kexec can be used to reboot a system without going back through BIOS. >> So you can use kexec without using kdump. >> >> For kdump, just taking a quick look, the option to enable memory >> encryption can be provided on the crash kernel command line and then > > Is there a simple way to get the SME status? Probably add some sysfs > file for this purpose. Currently there is not. I can look at adding something, maybe just the sme_me_mask value, which if non-zero, would indicate SME is active. > >> crash kernel can would be able to copy the memory decrypted if the >> pagetable is set up properly. It looks like currently ioremap_cache() >> is used to map the old memory page. That might be able to be changed >> to a memremap() so that the encryption bit is set in the mapping. That >> will mean that memory that is not marked encrypted (EFI tables, swiotlb >> memory, etc) would not be read correctly. > > Manage to store info about those ranges which are not encrypted so that > memremap can handle them? I can look into whether something can be done in this area. Any input you can provide as to what would be the best way/place to store the range info so kdump can make use of it, would be greatly appreciated. > >> >>> >>> Would it make sense to include some printk to the user if they >>> are setting up kdump that they won't get anything out of it? >> >> Probably a good idea to add something like that. > > It will break kdump functionality, it should be fixed instead of > just adding printk to warn user.. I do want kdump to work. I'll investigate further what can be done in this area. Thanks, Tom > > Thanks > Dave > From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-cys01nam02on0052.outbound.protection.outlook.com ([104.47.37.52]:49078 "EHLO NAM02-CY1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S932272AbdCFR6u (ORCPT ); Mon, 6 Mar 2017 12:58:50 -0500 Subject: Re: [RFC PATCH v4 26/28] x86: Allow kexec to be used with SME References: <20170216154158.19244.66630.stgit@tlendack-t1.amdoffice.net> <20170216154755.19244.51276.stgit@tlendack-t1.amdoffice.net> <20170217155756.GJ30272@char.us.ORACLE.com> <20170301092536.GB8353@dhcp-128-65.nay.redhat.com> From: Tom Lendacky Message-ID: <998eb58b-eefd-3093-093f-9ae25ddda472@amd.com> Date: Mon, 6 Mar 2017 11:58:40 -0600 MIME-Version: 1.0 In-Reply-To: <20170301092536.GB8353@dhcp-128-65.nay.redhat.com> Content-Type: text/plain; charset="windows-1252"; format=flowed Content-Transfer-Encoding: 7bit Sender: linux-arch-owner@vger.kernel.org List-ID: To: Dave Young Cc: Konrad Rzeszutek Wilk , linux-arch@vger.kernel.org, linux-efi@vger.kernel.org, kvm@vger.kernel.org, linux-doc@vger.kernel.org, x86@kernel.org, linux-kernel@vger.kernel.org, kasan-dev@googlegroups.com, linux-mm@kvack.org, iommu@lists.linux-foundation.org, Rik van Riel , =?UTF-8?B?UmFkaW0gS3LEjW3DocWZ?= , Toshimitsu Kani , Arnd Bergmann , Jonathan Corbet , Matt Fleming , "Michael S. Tsirkin" , Joerg Roedel , Paolo Bonzini , Brijesh Singh , Ingo Molnar , Alexander Potapenko , Andy Lutomirski , "H. Peter Anvin" , Borislav Petkov , Andrey Ryabinin , Thomas Gleixner , Larry Woodman , Dmitry Vyukov Message-ID: <20170306175840.BL42ubW5Ag1td8tjpnE9_H6Jgm1uzbQG2WTDjlUJFdU@z> On 3/1/2017 3:25 AM, Dave Young wrote: > Hi Tom, Hi Dave, > > On 02/17/17 at 10:43am, Tom Lendacky wrote: >> On 2/17/2017 9:57 AM, Konrad Rzeszutek Wilk wrote: >>> On Thu, Feb 16, 2017 at 09:47:55AM -0600, Tom Lendacky wrote: >>>> Provide support so that kexec can be used to boot a kernel when SME is >>>> enabled. >>> >>> Is the point of kexec and kdump to ehh, dump memory ? But if the >>> rest of the memory is encrypted you won't get much, will you? >> >> Kexec can be used to reboot a system without going back through BIOS. >> So you can use kexec without using kdump. >> >> For kdump, just taking a quick look, the option to enable memory >> encryption can be provided on the crash kernel command line and then > > Is there a simple way to get the SME status? Probably add some sysfs > file for this purpose. Currently there is not. I can look at adding something, maybe just the sme_me_mask value, which if non-zero, would indicate SME is active. > >> crash kernel can would be able to copy the memory decrypted if the >> pagetable is set up properly. It looks like currently ioremap_cache() >> is used to map the old memory page. That might be able to be changed >> to a memremap() so that the encryption bit is set in the mapping. That >> will mean that memory that is not marked encrypted (EFI tables, swiotlb >> memory, etc) would not be read correctly. > > Manage to store info about those ranges which are not encrypted so that > memremap can handle them? I can look into whether something can be done in this area. Any input you can provide as to what would be the best way/place to store the range info so kdump can make use of it, would be greatly appreciated. > >> >>> >>> Would it make sense to include some printk to the user if they >>> are setting up kdump that they won't get anything out of it? >> >> Probably a good idea to add something like that. > > It will break kdump functionality, it should be fixed instead of > just adding printk to warn user.. I do want kdump to work. I'll investigate further what can be done in this area. Thanks, Tom > > Thanks > Dave >