From nobody Mon Jun 22 19:02:53 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5C1BDC433EF for ; Fri, 18 Mar 2022 10:34:44 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235003AbiCRKgA (ORCPT ); Fri, 18 Mar 2022 06:36:00 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53480 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234992AbiCRKfy (ORCPT ); Fri, 18 Mar 2022 06:35:54 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id D82EB255A0 for ; Fri, 18 Mar 2022 03:34:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1647599675; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=PODFzb3mjImlWQPxxoECM7lRSKqdrL/May27LmTIUmk=; b=TnppTak9YM95yoJsPt9n0JEIKOasxvJ7jqw00wNvZIm7qs4iXLE9oobtGnUQZH0SHxo2tG iQr7CYfHVOceekEbshaO4S6izRZKycCn/A6z10+6T3ZCTPjkVUW2rmyuzCYJVCgZg96+bX cHDe1NP+E+H/PCl1QbLiwxIhW8Zn8UM= Received: from mail-pf1-f197.google.com (mail-pf1-f197.google.com [209.85.210.197]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-227-Aq4d69K9MqirLeG7oJgbhw-1; Fri, 18 Mar 2022 06:34:33 -0400 X-MC-Unique: Aq4d69K9MqirLeG7oJgbhw-1 Received: by mail-pf1-f197.google.com with SMTP id s3-20020aa78bc3000000b004fa59ef2a34so2143351pfd.19 for ; Fri, 18 Mar 2022 03:34:33 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=PODFzb3mjImlWQPxxoECM7lRSKqdrL/May27LmTIUmk=; b=hp3PWRXK58OLg1GifACZJKCCc3AC9IB8WMMVHfUaLtnJgmvhw/yElFoqdzclmzIKL3 wrhVNomCpbs0AalVp3RfMjM47zpdT3L4c9NvSu4Ii7OBSmuvtaSowZTdKSszaVxI+/l7 wmCdXixz4hw9bOx4uc0XKdac+34aPoOFSdewgLvfJbYrrFLAWqDFu6IqqUJd25acP0cU M3NyZmbySoq8caTJbGKd9AJE/W+yyKqu3ia3nkK2UO8qtxFIqKBpVkGx6lzQLq8rfmWA qFmZvp2plTKOzAxRKvSxuRLHU5CwiPc71Da/xf6+PyZVnEu6A6cfWPIDKXEsDpnUHcYN UljQ== X-Gm-Message-State: AOAM5311ghNTzbQVan8eUX7j5G12SAOoUFnpYHmx1ZBpfQpKN6KEy1Z+ Ie9Lz8y3ZICoz0YRqoy2IgDYd8NtDS+qcluHo5ApnpkQPgf/6m8Wx2ZisCLMbAOEvdBNxYC/22F yCpVGlZUuw7xXD3FBovXHfR4w X-Received: by 2002:a05:6a00:1152:b0:4be:ab79:fcfa with SMTP id b18-20020a056a00115200b004beab79fcfamr9598492pfm.3.1647599671395; Fri, 18 Mar 2022 03:34:31 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwVqCTYHmMvd/+g0VOR29gw2GmqZvnV0UPmluByeNafGkhNa+o3V1s2U3kyohRsqW5FHTDTeA== X-Received: by 2002:a05:6a00:1152:b0:4be:ab79:fcfa with SMTP id b18-20020a056a00115200b004beab79fcfamr9598457pfm.3.1647599671120; Fri, 18 Mar 2022 03:34:31 -0700 (PDT) Received: from localhost ([240e:3a1:2e5:800:f995:6136:f760:a3d0]) by smtp.gmail.com with ESMTPSA id s20-20020a056a00179400b004f709998d13sm9657970pfg.10.2022.03.18.03.34.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 18 Mar 2022 03:34:30 -0700 (PDT) From: Coiby Xu To: kexec@lists.infradead.org Cc: Milan Broz , Thomas Staudt , Kairui Song , dm-devel@redhat.com, Mike Snitzer , Baoquan He , Dave Young , linux-kernel@vger.kernel.org, Alasdair Kergon , Eric Biederman Subject: [RFC 1/4] kexec, dm-crypt: receive LUKS master key from dm-crypt and pass it to kdump Date: Fri, 18 Mar 2022 18:34:20 +0800 Message-Id: <20220318103423.286410-2-coxu@redhat.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20220318103423.286410-1-coxu@redhat.com> References: <20220318103423.286410-1-coxu@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" After receiving the LUKS master key from driver/md/dm-crypt, kdump has 1 hour at maximum to ask kexec to pass the key before the key gets wiped by kexec. And after kdump retrieves the key, the key will be wiped immediately. Signed-off-by: Coiby Xu --- drivers/md/dm-crypt.c | 5 +++- include/linux/kexec.h | 3 ++ kernel/kexec_core.c | 66 +++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 73 insertions(+), 1 deletion(-) diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c index d4ae31558826..41f9ca377312 100644 --- a/drivers/md/dm-crypt.c +++ b/drivers/md/dm-crypt.c @@ -41,6 +41,7 @@ #include =20 #include +#include =20 #include "dm-audit.h" =20 @@ -2388,6 +2389,8 @@ static int crypt_setkey(struct crypt_config *cc) unsigned subkey_size; int err =3D 0, i, r; =20 + /* save master key to kexec */ + kexec_save_luks_master_key(cc->key, cc->key_size); /* Ignore extra keys (which are used for IV etc) */ subkey_size =3D crypt_subkey_size(cc); =20 @@ -3580,6 +3583,7 @@ static int crypt_message(struct dm_target *ti, unsign= ed argc, char **argv, DMWARN("not suspended during key manipulation."); return -EINVAL; } + if (argc =3D=3D 3 && !strcasecmp(argv[1], "set")) { /* The key size may not be changed. */ key_size =3D get_key_size(&argv[2]); @@ -3587,7 +3591,6 @@ static int crypt_message(struct dm_target *ti, unsign= ed argc, char **argv, memset(argv[2], '0', strlen(argv[2])); return -EINVAL; } - ret =3D crypt_set_key(cc, argv[2]); if (ret) return ret; diff --git a/include/linux/kexec.h b/include/linux/kexec.h index 0c994ae37729..91507bc684e2 100644 --- a/include/linux/kexec.h +++ b/include/linux/kexec.h @@ -205,6 +205,9 @@ int arch_kexec_locate_mem_hole(struct kexec_buf *kbuf); extern int kexec_add_buffer(struct kexec_buf *kbuf); int kexec_locate_mem_hole(struct kexec_buf *kbuf); =20 +extern int kexec_pass_luks_master_key(void **addr, unsigned long *sz); +extern int kexec_save_luks_master_key(u8 *key, unsigned int key_size); + /* Alignment required for elf header segment */ #define ELF_CORE_HEADER_ALIGN 4096 =20 diff --git a/kernel/kexec_core.c b/kernel/kexec_core.c index 68480f731192..86df36b71443 100644 --- a/kernel/kexec_core.c +++ b/kernel/kexec_core.c @@ -1218,3 +1218,69 @@ void __weak arch_kexec_protect_crashkres(void) =20 void __weak arch_kexec_unprotect_crashkres(void) {} + + +static u8 *luks_master_key; +static unsigned int luks_master_key_size; + +void wipe_luks_master_key(void) +{ + if (luks_master_key) { + memset(luks_master_key, 0, luks_master_key_size * sizeof(u8)); + kfree(luks_master_key); + luks_master_key =3D NULL; + } +} + +static void _wipe_luks_master_key(struct work_struct *dummy) +{ + wipe_luks_master_key(); +} + +static DECLARE_DELAYED_WORK(wipe_luks_master_key_work, _wipe_luks_master_k= ey); + +static unsigned __read_mostly wipe_key_delay =3D 3600; /* 1 hour */ + +int kexec_save_luks_master_key(u8 *key, unsigned int key_size) +{ + if (luks_master_key) { + memset(luks_master_key, 0, luks_master_key_size * sizeof(u8)); + kfree(luks_master_key); + } + + luks_master_key =3D kmalloc(key_size * sizeof(u8), GFP_KERNEL); + + if (!luks_master_key) + return -ENOMEM; + memcpy(luks_master_key, key, key_size * sizeof(u8)); + luks_master_key_size =3D key_size; + pr_debug("LUKS master key (size=3D%u): %64ph\n", key_size, luks_master_ke= y); + schedule_delayed_work(&wipe_luks_master_key_work, + round_jiffies_relative(wipe_key_delay * HZ)); + return 0; +} +EXPORT_SYMBOL(kexec_save_luks_master_key); + +int kexec_pass_luks_master_key(void **addr, unsigned long *sz) +{ + unsigned long luks_key_sz; + unsigned char *buf; + unsigned int *size_ptr; + + if (!luks_master_key) + return -EINVAL; + + luks_key_sz =3D sizeof(unsigned int) + luks_master_key_size * sizeof(u8); + + buf =3D vzalloc(luks_key_sz); + if (!buf) + return -ENOMEM; + + size_ptr =3D (unsigned int *)buf; + memcpy(size_ptr, &luks_master_key_size, sizeof(unsigned int)); + memcpy(size_ptr + 1, luks_master_key, luks_master_key_size * sizeof(u8)); + *addr =3D buf; + *sz =3D luks_key_sz; + wipe_luks_master_key(); + return 0; +} --=20 2.34.1 From nobody Mon Jun 22 19:02:53 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7E222C433EF for ; Fri, 18 Mar 2022 10:34:51 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235047AbiCRKgI (ORCPT ); Fri, 18 Mar 2022 06:36:08 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53946 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235004AbiCRKf6 (ORCPT ); Fri, 18 Mar 2022 06:35:58 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 8D5CDF3281 for ; Fri, 18 Mar 2022 03:34:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1647599679; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=EDf+Cue22NIq+++ettcFUZpGsy+wdzQQBWaXtBz9VhU=; b=gPcgEv8OHxrim7lrL/8J+Mug5yaSL35teVplXwedYFj/RpaOXlq3MHi/clJU+s/pxm745Q Q8atBqxgfbl4lhZeaF/mGHd59RrMSrD+UtrJ9F/HpP8TjdI/ZyWNAfIgx72YlpHbiI4ro4 +o02VeaD043a+kWS2BmkeSk0kK47JaM= Received: from mail-pf1-f198.google.com (mail-pf1-f198.google.com [209.85.210.198]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-240-0mtlhistOFCYu4-Lvs7XCQ-1; Fri, 18 Mar 2022 06:34:38 -0400 X-MC-Unique: 0mtlhistOFCYu4-Lvs7XCQ-1 Received: by mail-pf1-f198.google.com with SMTP id w68-20020a62dd47000000b004f6aa5e4824so5094477pff.4 for ; Fri, 18 Mar 2022 03:34:38 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=EDf+Cue22NIq+++ettcFUZpGsy+wdzQQBWaXtBz9VhU=; b=sQEphs3T9Dw+3lk6qMeSjvl0ghWBK5Sfmj3VUrT2ABqITkFd67wVglq9U6kpr2BZD1 OEiKG0pS/cCGYwYCwilEKj9kfhPQ8oeMogbbY/w2JZtJCZi/xMxtVnklZa4PM9WMY/4d TRabFoL35HDA/VZZHtxU6ykhQtFdIdjC6kjjGiu6sJzH0KqR+TXs2aBV6qtd+x/LugqK 7BSzTbV0n1FFVIy6XIXrpWthf9+e/IEP9tIq5CgHxasg07eStjkaRyBTLoncZ9wCglCE KzhIvyVG+f7oo9rH5N6eaTaU8O8tWdGgJEhl+F5vHC4aA9BQiNDBv1mPjnXxdFiP71PD hieQ== X-Gm-Message-State: AOAM532k6vYtFXPcdEhQjTLRdTECuqP6DVibyE3L0CwUPho3AT3ty4Y3 WdrzbJOaK91+/eUYPibkhAUU7W6WTk4rzuojuDeA+DTSZP4EmPyUEedVR8c4XGwsSbP1+aUIVwa IPER7h4eskiPsquq/ZbWV8sXO X-Received: by 2002:a17:902:db10:b0:151:ef9a:7e27 with SMTP id m16-20020a170902db1000b00151ef9a7e27mr9211897plx.39.1647599677355; Fri, 18 Mar 2022 03:34:37 -0700 (PDT) X-Google-Smtp-Source: ABdhPJw4eHzy4IQF50hT/ddKSZ0UY2J9cU8InbYVKChGw7aJVMkZmTYKHNSbfCTQcgf4H6bZpxJhpw== X-Received: by 2002:a17:902:db10:b0:151:ef9a:7e27 with SMTP id m16-20020a170902db1000b00151ef9a7e27mr9211781plx.39.1647599675619; Fri, 18 Mar 2022 03:34:35 -0700 (PDT) Received: from localhost ([240e:3a1:2e5:800:f995:6136:f760:a3d0]) by smtp.gmail.com with ESMTPSA id pi10-20020a17090b1e4a00b001bf9749b95bsm12445631pjb.50.2022.03.18.03.34.33 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 18 Mar 2022 03:34:34 -0700 (PDT) From: Coiby Xu To: kexec@lists.infradead.org Cc: Milan Broz , Thomas Staudt , Kairui Song , dm-devel@redhat.com, Mike Snitzer , Baoquan He , Dave Young , linux-kernel@vger.kernel.org, Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org (maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT)), "H. Peter Anvin" , Eric Biederman Subject: [RFC 2/4] kdump, x86: pass the LUKS master key to kdump kernel using a kernel command line parameter luksmasterkey Date: Fri, 18 Mar 2022 18:34:21 +0800 Message-Id: <20220318103423.286410-3-coxu@redhat.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20220318103423.286410-1-coxu@redhat.com> References: <20220318103423.286410-1-coxu@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" kdump will build up the kernel command parameter luksmasterkey as similar to elfcorehdr to pass the memory address of the stored info of LUKS master key to kdump kernel. Signed-off-by: Coiby Xu --- arch/x86/include/asm/crash.h | 1 + arch/x86/kernel/crash.c | 42 ++++++++++++++++++++++++++++++- arch/x86/kernel/kexec-bzimage64.c | 7 ++++++ include/linux/kexec.h | 4 +++ 4 files changed, 53 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/asm/crash.h b/arch/x86/include/asm/crash.h index 8b6bd63530dc..757374389296 100644 --- a/arch/x86/include/asm/crash.h +++ b/arch/x86/include/asm/crash.h @@ -4,6 +4,7 @@ =20 struct kimage; =20 +int crash_load_luks_key(struct kimage *image); int crash_load_segments(struct kimage *image); int crash_setup_memmap_entries(struct kimage *image, struct boot_params *params); diff --git a/arch/x86/kernel/crash.c b/arch/x86/kernel/crash.c index e8326a8d1c5d..6d117da62da4 100644 --- a/arch/x86/kernel/crash.c +++ b/arch/x86/kernel/crash.c @@ -304,6 +304,7 @@ static int memmap_exclude_ranges(struct kimage *image, = struct crash_mem *cmem, unsigned long long mend) { unsigned long start, end; + int r; =20 cmem->ranges[0].start =3D mstart; cmem->ranges[0].end =3D mend; @@ -312,7 +313,19 @@ static int memmap_exclude_ranges(struct kimage *image,= struct crash_mem *cmem, /* Exclude elf header region */ start =3D image->elf_load_addr; end =3D start + image->elf_headers_sz - 1; - return crash_exclude_mem_range(cmem, start, end); + r =3D crash_exclude_mem_range(cmem, start, end); + + if (r) + return r; + + /* Exclude LUKS master key region */ + if (image->luks_master_key_addr) { + start =3D image->luks_master_key_addr; + end =3D start + image->luks_master_key_sz - 1; + return crash_exclude_mem_range(cmem, start, end); + } + + return r; } =20 /* Prepare memory map for crash dump kernel */ @@ -383,6 +396,33 @@ int crash_setup_memmap_entries(struct kimage *image, s= truct boot_params *params) return ret; } =20 +int crash_load_luks_key(struct kimage *image) +{ + int ret; + struct kexec_buf kbuf =3D { .image =3D image, .buf_min =3D 0, + .buf_max =3D ULONG_MAX, .top_down =3D false }; + + image->luks_master_key_addr =3D 0; + ret =3D kexec_pass_luks_master_key(&kbuf.buffer, &kbuf.bufsz); + if (ret) + return ret; + + kbuf.memsz =3D kbuf.bufsz; + kbuf.buf_align =3D ELF_CORE_HEADER_ALIGN; + kbuf.mem =3D KEXEC_BUF_MEM_UNKNOWN; + ret =3D kexec_add_buffer(&kbuf); + if (ret) { + vfree((void *)kbuf.buffer); + return ret; + } + image->luks_master_key_addr =3D kbuf.mem; + image->luks_master_key_sz =3D kbuf.bufsz; + pr_debug("Loaded LUKS master key at 0x%lx bufsz=3D0x%lx memsz=3D0x%lx\n", + image->luks_master_key_addr, kbuf.bufsz, kbuf.bufsz); + + return ret; +} + int crash_load_segments(struct kimage *image) { int ret; diff --git a/arch/x86/kernel/kexec-bzimage64.c b/arch/x86/kernel/kexec-bzim= age64.c index 170d0fd68b1f..64ea3b6a5768 100644 --- a/arch/x86/kernel/kexec-bzimage64.c +++ b/arch/x86/kernel/kexec-bzimage64.c @@ -76,6 +76,10 @@ static int setup_cmdline(struct kimage *image, struct bo= ot_params *params, if (image->type =3D=3D KEXEC_TYPE_CRASH) { len =3D sprintf(cmdline_ptr, "elfcorehdr=3D0x%lx ", image->elf_load_addr); + + if (image->luks_master_key_addr !=3D 0) + len +=3D sprintf(cmdline_ptr + len, + "luksmasterkey=3D0x%lx ", image->luks_master_key_addr); } memcpy(cmdline_ptr + len, cmdline, cmdline_len); cmdline_len +=3D len; @@ -372,6 +376,9 @@ static void *bzImage64_load(struct kimage *image, char = *kernel, ret =3D crash_load_segments(image); if (ret) return ERR_PTR(ret); + ret =3D crash_load_luks_key(image); + if (ret) + pr_debug("Either no LUKS master key or error to retrieve the LUKS maste= r key\n"); } =20 /* diff --git a/include/linux/kexec.h b/include/linux/kexec.h index 91507bc684e2..456a5bc28518 100644 --- a/include/linux/kexec.h +++ b/include/linux/kexec.h @@ -316,6 +316,10 @@ struct kimage { void *elf_headers; unsigned long elf_headers_sz; unsigned long elf_load_addr; + + /* LUKS master key buffer */ + unsigned long luks_master_key_addr; + unsigned long luks_master_key_sz; }; =20 /* kexec interface functions */ --=20 2.34.1 From nobody Mon Jun 22 19:02:53 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6DD2FC433F5 for ; Fri, 18 Mar 2022 10:34:54 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235055AbiCRKgK (ORCPT ); Fri, 18 Mar 2022 06:36:10 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54280 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235026AbiCRKgB (ORCPT ); Fri, 18 Mar 2022 06:36:01 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 1B63021BC64 for ; Fri, 18 Mar 2022 03:34:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1647599682; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=kuGSMiWQ1weBzk6gT/GPrRoo3pCEcdrOBhI/gZQe7L8=; b=aBlHR0iPLv30lGiDm/Lr7Z2pBuASxmkH+fyZ3MibHvdJHiXmpfvH3BH0NsnwkdRGwdFFua 9/M4z27eJTAqOPwCjM6WTOwt7I7ZJPmyLhxtSkbKcfXbl9Da+nOC95TXqT4/6WNGyvdvzV ko1q9flpBCVnK6RNixC1Gbmn0XY2G2A= Received: from mail-pj1-f72.google.com (mail-pj1-f72.google.com [209.85.216.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-655-kgNEwdFUOXyci25eOBvY6A-1; Fri, 18 Mar 2022 06:34:41 -0400 X-MC-Unique: kgNEwdFUOXyci25eOBvY6A-1 Received: by mail-pj1-f72.google.com with SMTP id gk23-20020a17090b119700b001c65a1baa01so4447804pjb.5 for ; Fri, 18 Mar 2022 03:34:40 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=kuGSMiWQ1weBzk6gT/GPrRoo3pCEcdrOBhI/gZQe7L8=; b=xCRQPNKX2Om30o8q2odr3osnQerEphK1wVu54+rERdptJy8Pk1OD9ehW5SllZUtQ8A a2w/FfVrlZdBIRK8Ziix/k/kTr5cOd0IjeKjjV+LuBWWD4SEz0qaXPtygKluOXPbRv0z wuUsIkk0cTo/QLmF/S6Axz/j5cMw4rXrU4c30W2xlW3wOtVJIY20X/dtO78NwXUvvk64 0DZXIeezlE/Xa49ZwWJ5nBF4B3ersHPKsDsWhFVHZAEBWnXtwHIBFUf/pCt2Qq2aWJSa vvixPxeqFsEr0jvZOIcpnL8Hr1hetidiH06LJiuiElnVQsUE6pXBxKTdKTkJ8N4frVRE dr6Q== X-Gm-Message-State: AOAM533Yxr2tUB3//DL3r/5z+lspy1qH8IBOvGNFc63eFy7LjIBLjy+3 65fZH4NsE1yDMieN1z8oUIKQZm3/Kj6Cyl3GlclwctxlhSsfaxD4y3/Dxnlmj9ucwjxEFEJ1TcB 4E99ycrj/JG0pbHvBU8XeHGQt X-Received: by 2002:a63:4560:0:b0:370:1f21:36b8 with SMTP id u32-20020a634560000000b003701f2136b8mr7182299pgk.181.1647599679836; Fri, 18 Mar 2022 03:34:39 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyhyV5GISqvWydR24KI3Wp7EU8nU5i/FqatRN/HUbpQQsjZ2tGrMtTSM/bkqPiyk99D7Hj1wA== X-Received: by 2002:a63:4560:0:b0:370:1f21:36b8 with SMTP id u32-20020a634560000000b003701f2136b8mr7182281pgk.181.1647599679569; Fri, 18 Mar 2022 03:34:39 -0700 (PDT) Received: from localhost ([240e:3a1:2e5:800:f995:6136:f760:a3d0]) by smtp.gmail.com with ESMTPSA id p125-20020a622983000000b004f6c5d58225sm9146730pfp.90.2022.03.18.03.34.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 18 Mar 2022 03:34:39 -0700 (PDT) From: Coiby Xu To: kexec@lists.infradead.org Cc: Milan Broz , Thomas Staudt , Kairui Song , dm-devel@redhat.com, Mike Snitzer , Baoquan He , Dave Young , linux-kernel@vger.kernel.org, Vivek Goyal Subject: [RFC 3/4] crash_dump: retrieve LUKS master key in kdump kernel Date: Fri, 18 Mar 2022 18:34:22 +0800 Message-Id: <20220318103423.286410-4-coxu@redhat.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20220318103423.286410-1-coxu@redhat.com> References: <20220318103423.286410-1-coxu@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" kdump will retrieve the LUKS master key based on the luksmasterkey command line parameter. Signed-off-by: Coiby Xu --- include/linux/crash_dump.h | 4 +++ kernel/crash_dump.c | 69 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 73 insertions(+) diff --git a/include/linux/crash_dump.h b/include/linux/crash_dump.h index 620821549b23..24acb84b716e 100644 --- a/include/linux/crash_dump.h +++ b/include/linux/crash_dump.h @@ -15,6 +15,8 @@ extern unsigned long long elfcorehdr_addr; extern unsigned long long elfcorehdr_size; =20 +extern unsigned long long luks_master_key_addr; + #ifdef CONFIG_CRASH_DUMP extern int elfcorehdr_alloc(unsigned long long *addr, unsigned long long *= size); extern void elfcorehdr_free(unsigned long long addr); @@ -32,6 +34,8 @@ extern ssize_t copy_oldmem_page_encrypted(unsigned long p= fn, char *buf, =20 void vmcore_cleanup(void); =20 +int retrive_kdump_luks_master_key(u8 *buffer, unsigned int *sz); + /* Architecture code defines this if there are other possible ELF * machine types, e.g. on bi-arch capable hardware. */ #ifndef vmcore_elf_check_arch_cross diff --git a/kernel/crash_dump.c b/kernel/crash_dump.c index 92da32275af5..ee32de300b9e 100644 --- a/kernel/crash_dump.c +++ b/kernel/crash_dump.c @@ -15,6 +15,8 @@ unsigned long long elfcorehdr_addr =3D ELFCORE_ADDR_MAX; EXPORT_SYMBOL_GPL(elfcorehdr_addr); =20 +unsigned long long luks_master_key_addr; +EXPORT_SYMBOL_GPL(luks_master_key_addr); /* * stores the size of elf header of crash image */ @@ -39,3 +41,70 @@ static int __init setup_elfcorehdr(char *arg) return end > arg ? 0 : -EINVAL; } early_param("elfcorehdr", setup_elfcorehdr); + +static int __init setup_luksmasterkey(char *arg) +{ + char *end; + + if (!arg) + return -EINVAL; + luks_master_key_addr =3D memparse(arg, &end); + if (end > arg) + return 0; + + luks_master_key_addr =3D 0; + return -EINVAL; +} + +early_param("luksmasterkey", setup_luksmasterkey); + +/* + * Architectures may override this function to read LUKS master key + */ +ssize_t __weak luks_key_read(char *buf, size_t count, u64 *ppos) +{ + return read_from_oldmem(buf, count, ppos, 0, false); +} + +int retrive_kdump_luks_master_key(u8 *buffer, unsigned int *sz) +{ + unsigned int key_size; + size_t lukskeybuf_sz; + unsigned int *size_ptr; + char *lukskeybuf; + u64 addr; + int r; + + if (luks_master_key_addr =3D=3D 0) { + pr_debug("LUKS master key memory address inaccessible"); + return -EINVAL; + } + + addr =3D luks_master_key_addr; + + /* Read LUKS master key size */ + r =3D luks_key_read((char *)&key_size, sizeof(unsigned int), &addr); + + if (r < 0) + return r; + + pr_debug("Retrieve LUKS master key: size=3D%u\n", key_size); + /* Read in LUKS maste rkey */ + lukskeybuf_sz =3D sizeof(unsigned int) + key_size * sizeof(u8); + lukskeybuf =3D (void *)__get_free_pages(GFP_KERNEL | __GFP_ZERO, + get_order(lukskeybuf_sz)); + if (!lukskeybuf) + return -ENOMEM; + + addr =3D luks_master_key_addr; + r =3D luks_key_read((char *)lukskeybuf, lukskeybuf_sz, &addr); + + if (r < 0) + return r; + size_ptr =3D (unsigned int *)lukskeybuf; + memcpy(buffer, size_ptr + 1, key_size * sizeof(u8)); + pr_debug("Retrieve LUKS master key (size=3D%u): %48ph...\n", key_size, bu= ffer); + *sz =3D key_size; + return 0; +} +EXPORT_SYMBOL(retrive_kdump_luks_master_key); --=20 2.34.1 From nobody Mon Jun 22 19:02:53 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 87FB2C433EF for ; Fri, 18 Mar 2022 10:35:11 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235092AbiCRKgW (ORCPT ); Fri, 18 Mar 2022 06:36:22 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54498 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235041AbiCRKgF (ORCPT ); Fri, 18 Mar 2022 06:36:05 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id BE3A325278A for ; Fri, 18 Mar 2022 03:34:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1647599685; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=e6SFRMKes32y2Epjb9bRfBHy+sHjP48gM2WVhKsacmY=; b=MZtl9cnYEuydwSh1G3DkaGCt7GDKSAdJ+3CaXJeRLI69K7TfF9TSUuLVEaBuNgYSIX+4dB yjAbMtACeQRaUjYD2FnVaa/M8aekW5kMOHzs1pKbUy/nPGgOcVRbUkSjnC50hwOZdkp8jR CALtG+nJn1YrBtil98lGS35V3j807mg= Received: from mail-pj1-f70.google.com (mail-pj1-f70.google.com [209.85.216.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-624-q8hOKRhAOai4pS1PjarNVg-1; Fri, 18 Mar 2022 06:34:44 -0400 X-MC-Unique: q8hOKRhAOai4pS1PjarNVg-1 Received: by mail-pj1-f70.google.com with SMTP id bv2-20020a17090af18200b001c63c69a774so4850251pjb.0 for ; Fri, 18 Mar 2022 03:34:44 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=e6SFRMKes32y2Epjb9bRfBHy+sHjP48gM2WVhKsacmY=; b=L3QTjApdqEP/KofCX/omuxNySnGPqKal7jUfq6kEliMK60lKMEuuqoXn7xnxFup0D1 rKY5dWvapx7v2qJti+sS0ZPtTiN6eQY5/301nfO6500tP+R0F964ngz17WNFmYhQJN5c 4I1lRYcJ9lXjZvUcSJ3TF6KIsj5TfMcJ5W0crygRHE74vo2agACLwqRhktxYozO7CwKc OyzwazT9DWipWjnzFjl2gfB2/xoWvvCy6gXDl9xnT3oH8MQxU/N0/UxkUo3eYp1i0jcG tEBZv8V8fwcyZ91AO0YzrPJ4aPIj05iItlGeFzXzdPkElhZeaL70sY/D1F2xmky2HtjT NPSw== X-Gm-Message-State: AOAM5339nbostwd40kIcdmX+nlco6geuUFej9yRjWrddWgfAhSUgIWmh HMjeZ+lZj+i/N+jVW8QHpCrYXcdZwZUP9XuaQyvl3qk7QkkklsbtG9wn4andj+De9Fyo2pZ9J1V oVT4QRWXzTDISNwme7Y8ZqF2t X-Received: by 2002:a17:902:a5c7:b0:14f:e424:3579 with SMTP id t7-20020a170902a5c700b0014fe4243579mr9761883plq.74.1647599683229; Fri, 18 Mar 2022 03:34:43 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwydLGW4oyMokHqUNqgiEVlQJ73WsUZSlWeUuNnFSrLoT8M8+9OxbPejRrRKRSgMpl8ZFsEyw== X-Received: by 2002:a17:902:a5c7:b0:14f:e424:3579 with SMTP id t7-20020a170902a5c700b0014fe4243579mr9761859plq.74.1647599682974; Fri, 18 Mar 2022 03:34:42 -0700 (PDT) Received: from localhost ([240e:3a1:2e5:800:f995:6136:f760:a3d0]) by smtp.gmail.com with ESMTPSA id o24-20020a17090a5b1800b001c6aaafa5fbsm1575423pji.24.2022.03.18.03.34.41 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 18 Mar 2022 03:34:42 -0700 (PDT) From: Coiby Xu To: kexec@lists.infradead.org Cc: Milan Broz , Thomas Staudt , Kairui Song , dm-devel@redhat.com, Mike Snitzer , Baoquan He , Dave Young , linux-kernel@vger.kernel.org, Alasdair Kergon Subject: [RFC 4/4] dm-crypt: reuse LUKS master key in kdump kernel Date: Fri, 18 Mar 2022 18:34:23 +0800 Message-Id: <20220318103423.286410-5-coxu@redhat.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20220318103423.286410-1-coxu@redhat.com> References: <20220318103423.286410-1-coxu@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" When libcryptsetup passes key string starting with ":kdump", dm-crypt will interpret it as reusing the LUKS master key in kdump kernel. Signed-off-by: Coiby Xu --- drivers/md/dm-crypt.c | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c index 41f9ca377312..f3986036ec40 100644 --- a/drivers/md/dm-crypt.c +++ b/drivers/md/dm-crypt.c @@ -42,6 +42,7 @@ =20 #include #include +#include =20 #include "dm-audit.h" =20 @@ -2602,13 +2603,17 @@ static int crypt_set_key(struct crypt_config *cc, c= har *key) { int r =3D -EINVAL; int key_string_len =3D strlen(key); + bool retrieve_kdump_key =3D false; + + if (is_kdump_kernel() && !strncmp(key, ":kdump", 5)) + retrieve_kdump_key =3D true; =20 /* Hyphen (which gives a key_size of zero) means there is no key. */ - if (!cc->key_size && strcmp(key, "-")) + if (!retrieve_kdump_key && !cc->key_size && strcmp(key, "-")) goto out; =20 /* ':' means the key is in kernel keyring, short-circuit normal key proce= ssing */ - if (key[0] =3D=3D ':') { + if (!retrieve_kdump_key && key[0] =3D=3D ':') { r =3D crypt_set_keyring_key(cc, key + 1); goto out; } @@ -2620,9 +2625,15 @@ static int crypt_set_key(struct crypt_config *cc, ch= ar *key) kfree_sensitive(cc->key_string); cc->key_string =3D NULL; =20 - /* Decode key from its hex representation. */ - if (cc->key_size && hex2bin(cc->key, key, cc->key_size) < 0) - goto out; + if (retrieve_kdump_key) { + r =3D retrive_kdump_luks_master_key(cc->key, &cc->key_size); + if (r < 0) + goto out; + } else { + /* Decode key from its hex representation. */ + if (cc->key_size && hex2bin(cc->key, key, cc->key_size) < 0) + goto out; + } =20 r =3D crypt_setkey(cc); if (!r) --=20 2.34.1