From: Guilherme G. Piccoli <gpiccoli@xxxxxxxxxx> Sent: Friday, October 25, 2024 9:18 AM
>
> The crash_kexec_post_notifiers description could be improved a bit,
> by clarifying its upsides (yes, there are some!) and be more descriptive
> about the downsides, specially mentioning code that enables the option
> unconditionally, like Hyper-V[0], PowerPC (fadump)[1] and more
> recently, AMD SEV[2].
>
> [0] Commit a11589563e96 ("x86/Hyper-V: Report crash register data or kmsg before
> running crash kernel").
> [1] Commit 06e629c25daa ("powerpc/fadump: Fix inaccurate CPU state info in vmcore
> generated with panic").
> [2] Commit 8ef979584ea8 ("crypto: ccp: Add panic notifier for SEV/SNP firmware
> shutdown on kdump").
>
> Reviewed-by: Stephen Brennan <stephen.s.brennan@xxxxxxxxxx>
> Signed-off-by: Guilherme G. Piccoli <gpiccoli@xxxxxxxxxx>
> ---
>
> V3: Improved wording and commit description, detailing more about the addition
> of code that enables crash_kexec_post_notifiers unconditionally.
>
> Thanks Baoquan and Simon for the suggestions!
>
>
> Documentation/admin-guide/kernel-parameters.txt | 16 ++++++++++------
> 1 file changed, 10 insertions(+), 6 deletions(-)
>
> diff --git a/Documentation/admin-guide/kernel-parameters.txt
> b/Documentation/admin-guide/kernel-parameters.txt
> index 3978fb704c53..2a7a523bb90b 100644
> --- a/Documentation/admin-guide/kernel-parameters.txt
> +++ b/Documentation/admin-guide/kernel-parameters.txt
> @@ -918,12 +918,16 @@
> the parameter has no effect.
>
> crash_kexec_post_notifiers
> - Run kdump after running panic-notifiers and dumping
> - kmsg. This only for the users who doubt kdump always
> - succeeds in any situation.
> - Note that this also increases risks of kdump failure,
> - because some panic notifiers can make the crashed
> - kernel more unstable.
> + Only jump to kdump kernel after running the panic
> + notifiers and dumping kmsg. This option increases
> + the risks of a kdump failure, since some panic
> + notifiers can make the crashed kernel more unstable.
> + In configurations where kdump may not be reliable,
> + running the panic notifiers could allow collecting
> + more data on dmesg, like stack traces from other CPUS
> + or extra data dumped by panic_print. Note that some
> + configurations enable this option unconditionally,
> + like Hyper-V, PowerPC (fadump) and AMD SEV.
This last line should be more specific and use "AMD SEV-SNP" instead of
just "AMD SEV". Commit 8ef979584ea8 that you mentioned above is
specific to SEV-SNP.
There have been three versions of SEV functionality in AMD processors:
* SEV: the original guest VM encryption
* SEV-ES: SEV enhanced to cover register state as well
* SEV-SNP: SEV-ES plus Secure Nested Paging, which provides
functionality to address the Confidential Computing VM threat model
described in the Linux CoCo VM documentation. SEV-SNP processors are
AMD's product that is widely deployed for CoCo VMs in large public clouds.
Just using "SEV" is somewhat ambiguous because it's not clear whether
it refers to the family of three SEV levels, or just the original guest VM
encryption. Since this case is clearly SEV-SNP only, being specific removes
the ambiguity.
Michael
>
> crashkernel=size[KMG][@offset[KMG]]
> [KNL,EARLY] Using kexec, Linux can switch to a 'crash kernel'
> --
> 2.46.2
>
