Received: by 2002:ac0:a581:0:0:0:0:0 with SMTP id m1-v6csp1755661imm; Thu, 21 Jun 2018 01:41:52 -0700 (PDT) X-Google-Smtp-Source: ADUXVKIc5hGmndQAfwIbJL36+/3NIb31wgoQMxtQO0oNjljSV2R6lH1UILiw9xGDB87az3J3QyD1 X-Received: by 2002:a65:5003:: with SMTP id f3-v6mr21589209pgo.425.1529570512134; Thu, 21 Jun 2018 01:41:52 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1529570512; cv=none; d=google.com; s=arc-20160816; b=Zdfm+IUxymydB0csKF3GqqfzuenOfSx/diLhnvOL6cE1I+8C7HI2ngCnbm3psDiq3u XMDohLwr4N/CEGk20agfTjXnIcM3eHIh+1f7e7KcrtPI85MOKiS9RsboBuD5QxgQMFc7 0sGFAZpb2Aeykzl8GcU34NVRt7umlA67iSgxJ3KkHPcIqEnJ5YFlTripGJU1ttslwgbK UGi8JD8m2ZIzZ2Uz9mSioRvo5lLnzDEGZLssOmPyHtvl4BzYA1vHn9A0TIqSs/mXAG5e HAL6PFL5w+chQX6dzz/Odc3FFlSwJf+p1Qei2+Dr5Dz6AyYjOLZhewhJShnBLOG4cBIo V00Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-transfer-encoding:content-disposition:mime-version :references:message-id:subject:cc:to:from:date :arc-authentication-results; bh=3I1WX9lAAMSM05tpNAtyPUR8o1r80ina6N2ldUvlpC8=; b=GHrVRkmCzSXF16P6PMEMYAL9x0lB4j0nqfW2GFBkWJnwi2pjYBuYPx7p4metkbXRWV 8BQANk1l4c4tny4aICaSCLl6tLtp59BRqPlE9DW9SZUeE4vh9CyZdn9pCEZXJaEYVVCh dzBQ7PAL42QlYZvINGAGxzCqyb+QqRk1OPDvt0ghyHqGVfGKuWxTHvwh004NX4qF7xDd c5ANIF3MU0MYrKiKSYu+v/BstSl0qnlA8lhH+uCdrrw+hw7fv+sIUn/jQiUpphcVnAJv Rr5TFElpKuLjeY6juleKKW3G3hy1luPgsndGCaImNG4oez+5OiaAPd8jQCH7BCSaB2CO 94NA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id x14-v6si3532580pgq.242.2018.06.21.01.41.37; Thu, 21 Jun 2018 01:41:52 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932742AbeFUIj0 (ORCPT + 99 others); Thu, 21 Jun 2018 04:39:26 -0400 Received: from mx3-rdu2.redhat.com ([66.187.233.73]:53466 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1754334AbeFUIjV (ORCPT ); Thu, 21 Jun 2018 04:39:21 -0400 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 394B14023336; Thu, 21 Jun 2018 08:39:20 +0000 (UTC) Received: from localhost (ovpn-8-18.pek2.redhat.com [10.72.8.18]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 355FE2026D6B; Thu, 21 Jun 2018 08:39:18 +0000 (UTC) Date: Thu, 21 Jun 2018 16:39:15 +0800 From: Baoquan He To: lijiang Cc: Tom Lendacky , linux-kernel@vger.kernel.org, dyoung@redhat.com, iommu@lists.linux-foundation.org, kexec@lists.infradead.org Subject: Re: [PATCH 3/4 V3] Remap the device table of IOMMU in encrypted manner for kdump Message-ID: <20180621083915.GE3815@MiWiFi-R3L-srv> References: <20180616082714.32035-1-lijiang@redhat.com> <20180616082714.32035-4-lijiang@redhat.com> <60c6f00e-0eb3-d39c-6a1e-8a1dc1e095af@amd.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: User-Agent: Mutt/1.9.1 (2017-09-22) X-Scanned-By: MIMEDefang 2.78 on 10.11.54.4 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.6]); Thu, 21 Jun 2018 08:39:20 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.6]); Thu, 21 Jun 2018 08:39:20 +0000 (UTC) for IP:'10.11.54.4' DOMAIN:'int-mx04.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'bhe@redhat.com' RCPT:'' Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 06/21/18 at 01:42pm, lijiang wrote: > 在 2018年06月21日 00:42, Tom Lendacky 写道: > > On 6/16/2018 3:27 AM, Lianbo Jiang wrote: > >> In kdump mode, it will copy the device table of IOMMU from the old > >> device table, which is encrypted when SME is enabled in the first > >> kernel. So we must remap it in encrypted manner in order to be > >> automatically decrypted when we read. > >> > >> Signed-off-by: Lianbo Jiang > >> --- > >> Some changes: > >> 1. add some comments > >> 2. clean compile warning. > >> > >> drivers/iommu/amd_iommu_init.c | 15 ++++++++++++++- > >> 1 file changed, 14 insertions(+), 1 deletion(-) > >> > >> diff --git a/drivers/iommu/amd_iommu_init.c b/drivers/iommu/amd_iommu_init.c > >> index 904c575..a20af4c 100644 > >> --- a/drivers/iommu/amd_iommu_init.c > >> +++ b/drivers/iommu/amd_iommu_init.c > >> @@ -889,11 +889,24 @@ static bool copy_device_table(void) > >> } > >> > >> old_devtb_phys = entry & PAGE_MASK; > >> + > >> + /* > >> + * When sme enable in the first kernel, old_devtb_phys includes the > >> + * memory encryption mask(sme_me_mask), we must remove the memory > >> + * encryption mask to obtain the true physical address in kdump mode. > >> + */ > >> + if (mem_encrypt_active() && is_kdump_kernel()) > >> + old_devtb_phys = __sme_clr(old_devtb_phys); > >> + > > > > You can probably just use "if (is_kdump_kernel())" here, since memory > > encryption is either on in both the first and second kernel or off in > > both the first and second kernel. At which point __sme_clr() will do > > the proper thing. > > > > Actually, this needs to be done no matter what. When doing either the > > ioremap_encrypted() or the memremap(), the physical address should not > > include the encryption bit/mask. > > > > Thanks, > > Tom > > > Thanks for your comments. If we don't remove the memory encryption mask, it will > return false because the 'old_devtb_phys >= 0x100000000ULL' may become true. Lianbo, you may not get what Tom suggested. Tom means no matter what it is, encrypted or not in 1st kernel, we need get pure physicall address, and using below code is always right for both cases. if (is_kdump_kernel()) old_devtb_phys = __sme_clr(old_devtb_phys); And this is simpler. You even can add one line of code comment to say like "Physical address w/o encryption mask is needed here." > > Lianbo > >> if (old_devtb_phys >= 0x100000000ULL) { > >> pr_err("The address of old device table is above 4G, not trustworthy!\n"); > >> return false; > >> } > >> - old_devtb = memremap(old_devtb_phys, dev_table_size, MEMREMAP_WB); > >> + old_devtb = (mem_encrypt_active() && is_kdump_kernel()) > >> + ? (__force void *)ioremap_encrypted(old_devtb_phys, > >> + dev_table_size) > >> + : memremap(old_devtb_phys, dev_table_size, MEMREMAP_WB);> + > >> if (!old_devtb) > >> return false; > >> > >> > > _______________________________________________ > kexec mailing list > kexec@lists.infradead.org > http://lists.infradead.org/mailman/listinfo/kexec