Re: [PATCH 1/5 V5] Add a function(ioremap_encrypted) for kdump when AMD sme enabled

From: lijiang
Date: Fri Jul 20 2018 - 01:07:17 EST

Next message: tip-bot for Jiang Biao: "[tip:x86/pti] x86/pti: Check the return value of pti_user_pagetable_walk_p4d()"
Previous message: Sekhar Nori: "Re: [PATCH v4 08/18] net: davinci_emac: potentially get the MAC address from MTD"
Next in thread: Dave Young: "Re: [PATCH 1/5 V5] Add a function(ioremap_encrypted) for kdump when AMD sme enabled"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

å 2018å07æ14æ 01:08, Borislav Petkov åé:
> On Mon, Jul 09, 2018 at 09:55:35PM +0800, lijiang wrote:
>> About this issue, i want to use an example to describe it.
>> /* drivers/iommu/amd_iommu_init.c */
>> static u8 __iomem * __init iommu_map_mmio_space(u64 address, u64 end)
>
> Those addresses come from the IVHD header which is an ACPI table. So the
> dump kernel can find that out too.
> Sure. I might understand your means, that will have to find all address out in
order to cover any cases in kdump kernel, those address might include MMIO
space, HPET, ACPI device table, ERST, and so on...

>> Obviously, the iommu mmio space is not encrypted, and the device
>> mmio space is outside kdump kernel. We know that the old memory is
>> encrypted, and the old memory is also outside kdump kernel. For the
>> current case, e820__get_entry_type() and walk_iomem_res_desc() can't
>> get the desired result, so we can't also decide whether encryption
>> or not according to this result(rules). If we want to know whether
>> encryption or not by deducing the address, we will need to read the
>> content of memory and have a reference value for comparison, then
>> what's a reference value? Sometimes we don't know that.
>
> Again, if we don't know that how is the *caller* supposed to know
> whether the memory is encrypted or not? Because
>
> "we" == "caller"
>
> in the kdump kernel.
>
> And the more important question is, why are we dumping MMIO space of the
> previous kernel *at* *all*? That doesn't make any sense to me.
>
Sorry for my late reply.
Here, it doesn't need to dump MMIO space of the previous kernel, when the
kdump kernel boot, the MMIO address will be remapped in decryption manners,
but the MMIO address don't belong to the range of the crash reserved memory,
for the kdump kernel, the MMIO space(address) and IOMMU device table(address)
are outside address, whereas, the IOMMU device table is encrypted in the first
kernel, the kdump kernel will need to copy the content of IOMMU device table
from the first kernel when the kdump kernel boot, so the IOMMU device table will
be remapped in encryption manners.
So some of them require to be remapped in encryption manners, and some(address)
require to be remapped in decryption manners.

Next message: tip-bot for Jiang Biao: "[tip:x86/pti] x86/pti: Check the return value of pti_user_pagetable_walk_p4d()"
Previous message: Sekhar Nori: "Re: [PATCH v4 08/18] net: davinci_emac: potentially get the MAC address from MTD"
Next in thread: Dave Young: "Re: [PATCH 1/5 V5] Add a function(ioremap_encrypted) for kdump when AMD sme enabled"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]