Re: [PATCH 1/5 V5] Add a function(ioremap_encrypted) for kdump when AMD sme enabled

[lijiang]

å 2018å07æ03æ 19:44, lijiang åé:
> å 2018å07æ03æ 19:14, Borislav Petkov åé:
>> On Tue, Jul 03, 2018 at 06:58:14PM +0800, lijiang wrote:
>>> For kdump, the elf header finally use the crash kernel reserved memory, it is not an old memory.
>>
>> Lamme repeat my suggestion:
>>
>> So beef up the logic in __ioremap_caller() to figure out based on the
>> address whether to access the memory encrypted or not. In general, you
>> can deduce, based on the region you're mapping, whether you need to map
>> in encrypted or decrypted.
>>
>> For example:
>>
>>         addr = elfcorehdr_addr;
>>
>>         /* Read Elf header */
>>         rc = elfcorehdr_read((char *)&ehdr, sizeof(Elf64_Ehdr), &addr);
>>         if (rc < 0)
>>                 return rc;
>>
>> elfcorehdr_addr has that elfcorehdr address. So you can check which address
>> you're mapping and do:
>>
>> __ioremap_caller:
>>
>> ...
>> 	prot = __ioremap_compute_prot(...);
>>
>> and that __ioremap_compute_prot() function which you will add will have
>> all that logic to determine encrypted or not by comparing addresses etc.
>>
>> Does that make more sense?
>>
> Thank you, Boris. Good idea, I will rethink about this issue and post it again.
> 
Hi, Boris
Last week, I had tried many ways to do this work, but it looks like that the ways of
deducing address is not suitable to another scenarios, such as mapping some devices
mmio space, which are unencrypted, and the device mmio space is outside kdump kernel
like the old memory, but the old memory is encrypted, we can't find the general rules
to decide when to encrypt or not. So it should be the best way that the caller care about
encryption or not. What do you think?

> Regards,
> Lianbo
>