From: lijiang <lijiang@redhat.com>
To: Borislav Petkov <bp@alien8.de>
Cc: linux-kernel@vger.kernel.org, kexec@lists.infradead.org,
tglx@linutronix.de, mingo@redhat.com, hpa@zytor.com,
x86@kernel.org, akpm@linux-foundation.org,
dan.j.williams@intel.com, thomas.lendacky@amd.com,
bhelgaas@google.com, baiyaowei@cmss.chinamobile.com,
tiwai@suse.de, brijesh.singh@amd.com, dyoung@redhat.com,
bhe@redhat.com, jroedel@suse.de
Subject: Re: [PATCH v7 RESEND 2/4] kexec: allocate unencrypted control pages for kdump in case SME is enabled
Date: Fri, 28 Sep 2018 18:09:04 +0800 [thread overview]
Message-ID: <2c5000d8-9f20-cc85-6d41-d6ece314c6ba@redhat.com> (raw)
In-Reply-To: <20180928075654.GA20768@zn.tnic>
在 2018年09月28日 15:57, Borislav Petkov 写道:
> On Fri, Sep 28, 2018 at 11:52:21AM +0800, lijiang wrote:
>> There are two functions that are usually called in pairs, they are:
>> arch_kexec_post_alloc_pages() and arch_kexec_pre_free_pages().
>>
>> One marks the pages as decrypted, another one marks the pages as encrypted.
>>
>> But for the crash control pages, no need to call arch_kexec_pre_free_pages(),
>> there are three reasons:
>> 1. Crash pages are reserved in memblock, these pages are only used by kdump,
>> no other people uses these pages;
>>
>> 2. Whenever crash pages are allocated, these pages are always marked as
>> decrypted(when SME is active);
>>
>> 3. If we plan to call the arch_kexe_pre_free_pages(), we have to store these
>> pages to somewhere, which will have more code changes.
>
> I don't think any of that answers the question *why* control pages do
> not need to be marked encrypted again. And I think the reason is simple:
> because you don't really need to, because once the crash kernel is done,
> you reboot the box.
>
Thanks for your comment, your explanation is very good.
But there are another cases, we might load or unload the crash kernel image and
initrafms, maybe again and again for test or debug, we don't reboot at once. For
example, repeat the following steps:
systemctl start kdump.service
...
systemctl stop kdump.service
But we always mark these pages as decrypted whenever these control pages are
allocated, because other people can't use these pages(reserved memory), which
are only used by kdump, so no need to mark these pages as encrypted again.
Regards,
Lianbo
next prev parent reply other threads:[~2018-09-28 10:09 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-09-27 7:19 [PATCH v7 RESEND 0/4] Support kdump for AMD secure memory encryption(SME) Lianbo Jiang
2018-09-27 7:19 ` [PATCH v7 RESEND 1/4] x86/ioremap: add a function ioremap_encrypted() to remap kdump old memory Lianbo Jiang
2018-09-27 13:17 ` Borislav Petkov
2018-09-27 14:53 ` lijiang
2018-09-27 16:10 ` Borislav Petkov
2018-09-28 0:33 ` lijiang
2018-10-06 11:45 ` [tip:x86/mm] x86/ioremap: Add an ioremap_encrypted() helper tip-bot for Lianbo Jiang
2018-09-27 7:19 ` [PATCH v7 RESEND 2/4] kexec: allocate unencrypted control pages for kdump in case SME is enabled Lianbo Jiang
2018-09-27 16:53 ` Borislav Petkov
2018-09-28 3:52 ` lijiang
2018-09-28 7:57 ` Borislav Petkov
2018-09-28 10:09 ` lijiang [this message]
2018-09-29 8:53 ` Borislav Petkov
2018-09-27 7:19 ` [PATCH v7 RESEND 3/4] iommu/amd: Remap the device table of IOMMU with the memory encryption mask for kdump Lianbo Jiang
2018-09-27 7:19 ` [PATCH v7 RESEND 4/4] kdump/vmcore: support encrypted old memory with SME enabled Lianbo Jiang
2018-09-28 8:38 ` Borislav Petkov
2018-09-29 6:24 ` lijiang
2018-09-29 8:30 ` Borislav Petkov
2018-09-29 9:36 ` lijiang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2c5000d8-9f20-cc85-6d41-d6ece314c6ba@redhat.com \
--to=lijiang@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=baiyaowei@cmss.chinamobile.com \
--cc=bhe@redhat.com \
--cc=bhelgaas@google.com \
--cc=bp@alien8.de \
--cc=brijesh.singh@amd.com \
--cc=dan.j.williams@intel.com \
--cc=dyoung@redhat.com \
--cc=hpa@zytor.com \
--cc=jroedel@suse.de \
--cc=kexec@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=tglx@linutronix.de \
--cc=thomas.lendacky@amd.com \
--cc=tiwai@suse.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).