Re: [PATCH v9 0/10] iommu/vt-d: Fix intel vt-d faults in kdump kernel

From: Don Dutile
Date: Mon May 04 2015 - 11:22:08 EST

Next message: Laurentiu Palcu: "Re: [PATCHv2] power_supply: Add support for Richtek rt9455 battery charger"
Previous message: Johan Hovold: "[PATCH v2 22/23] gpio: sysfs: remove FLAG_SYSFS_DIR"
In reply to: Joerg Roedel: "Re: [PATCH v9 0/10] iommu/vt-d: Fix intel vt-d faults in kdump kernel"
Next in thread: Dave Young: "Re: [PATCH v9 0/10] iommu/vt-d: Fix intel vt-d faults in kdump kernel"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 05/04/2015 07:05 AM, Joerg Roedel wrote:

On Fri, Apr 03, 2015 at 04:40:31PM +0800, Dave Young wrote:

Have not read all the patches, but I have a question, not sure this
has been answered before. Old memory is not reliable, what if the old
memory get corrupted before panic? Is it safe to continue using it in
2nd kernel, I worry that it will cause problems.

Yes, the old memory could be corrupted, and there are more failure cases
left which we have no way of handling yet (if iommu data structures are
in kdump backup areas).

The question is what to do if we find some of the old data structures
corrupted, hand how far should the tests go. Should we also check the
page-tables, for example? I think if some of the data structures for a
device are corrupted it probably already failed in the old kernel and
things won't get worse in the new one.

So checking is not strictly necessary in the first version of these
patches (unless we find a valid failure scenario). Once we have some
good plan on what to do if we find corruption, we can add checking of
course.

Regards,

Joerg

Agreed. This is a significant improvement over what we (don') have.

Corruption related to IOMMU must occur within the host, and it must be
a software corruption, b/c the IOMMU inherently protects itself by protecting
all of memory from errant DMAs. Therefore, if the only IOMMU corruptor is
in the host, it's likely the entire host kernel crash dump will either be
useless, or corrupted by the security breach, at which point,
this is just another scenario of a failed crash dump that will never be taken.

The kernel can't protect the mapping tables, which are the most likely area to
be corrupted, b/c it'd (minimally) have to be per-device (to avoid locking
& coherency issues), and would require significant
overhead to keep/update a checksum-like scheme on (potentially) 4 levels of page tables.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Laurentiu Palcu: "Re: [PATCHv2] power_supply: Add support for Richtek rt9455 battery charger"
Previous message: Johan Hovold: "[PATCH v2 22/23] gpio: sysfs: remove FLAG_SYSFS_DIR"
In reply to: Joerg Roedel: "Re: [PATCH v9 0/10] iommu/vt-d: Fix intel vt-d faults in kdump kernel"
Next in thread: Dave Young: "Re: [PATCH v9 0/10] iommu/vt-d: Fix intel vt-d faults in kdump kernel"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]