On Mon, Jul 04, 2022 at 07:09:23PM +0200, Ard Biesheuvel wrote: > On Mon, 4 Jul 2022 at 18:38, Will Deacon <will@xxxxxxxxxx> wrote: > > > > On Mon, Jul 04, 2022 at 10:34:07PM +0800, guanghui.fgh wrote: > > > Thanks. > > > > > > 在 2022/7/4 22:23, Will Deacon 写道: > > > > On Mon, Jul 04, 2022 at 10:11:27PM +0800, guanghui.fgh wrote: > ... > > > > > Namely, it's need to use non block/section mapping for crashkernel mem > > > > > before shringking. > > > > > > > > Well, yes, but we can change arch_kexec_[un]protect_crashkres() not to do > > > > that if we're leaving the thing mapped, no? > > > > > > > I think we should use arch_kexec_[un]protect_crashkres for crashkernel mem. > > > > > > Because when invalid crashkernel mem pagetable, there is no chance to rd/wr > > > the crashkernel mem by mistake. > > > > > > If we don't use arch_kexec_[un]protect_crashkres to invalid crashkernel mem > > > pagetable, there maybe some write operations to these mem by mistake which > > > may cause crashkernel boot error and vmcore saving error. > > > > I don't really buy this line of reasoning. The entire main kernel is > > writable, so why do we care about protecting the crashkernel so much? The > > _code_ to launch the crash kernel is writable! If you care about preventing > > writes to memory which should not be writable, then you should use > > rodata=full. > > > > This is not entirely true - the core kernel text and rodata are > remapped r/o in the linear map, whereas all module code and rodata are > left writable when rodata != full. Yes, sorry, you're quite right. The kernel text is only writable if rodata=off. But I still think it makes sense to protect the crashkernel only if rodata=full (which is the default on arm64) as this allows us to rely on page mappings and I think fits well with what we do for modules. > But the conclusion is the same, imo: if you can't be bothered to > protect a good chunk of the code and rodata that the kernel relies on, > why should the crashkernel be treated any differently? Thanks. Will
