From nobody Sun Feb 8 18:48:29 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id EAA24C77B7A for ; Thu, 1 Jun 2023 07:25:50 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231189AbjFAHZt (ORCPT ); Thu, 1 Jun 2023 03:25:49 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42614 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231783AbjFAHZq (ORCPT ); Thu, 1 Jun 2023 03:25:46 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 24179184 for ; Thu, 1 Jun 2023 00:24:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1685604294; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=AV8aUvr4ixGLZyIesmYQLsbGSBUr0/xlhliel/t7Lh8=; b=K9c8Zm6BwoJeB31EY74w3URzxj6zFDliZuWsim08otfp6MIJWyaGgiNGjp+dWv7TrLJPDR dCxy2nX/fGlCsZM8pVZ06mYTalwn9vVDEXI4R9NwXk1xVsu6CkX+akptNNzdu6+aVAeaB1 ti+KiOoPUMVY8pY0xSsycA2cjD6qCtQ= Received: from mail-pl1-f200.google.com (mail-pl1-f200.google.com [209.85.214.200]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-486-oVvbfSETNHap7HRxXCrzfQ-1; Thu, 01 Jun 2023 03:24:53 -0400 X-MC-Unique: oVvbfSETNHap7HRxXCrzfQ-1 Received: by mail-pl1-f200.google.com with SMTP id d9443c01a7336-1b031a8fbe5so1757505ad.2 for ; Thu, 01 Jun 2023 00:24:52 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1685604292; x=1688196292; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=AV8aUvr4ixGLZyIesmYQLsbGSBUr0/xlhliel/t7Lh8=; b=TYFVh+p2kDOM5KzD6LophXd19IFL0SDunKEiMcbETcJNVO2iPgF290I9FfT/lBYs4K q/kiQl3540xSgqeWiRp37jZTAxgdJTK3VSJf8LcQiQBbjxhiwlO2Vd0x84mcl2rsMixc 61p9R9NPtDR4Ht3TPtkqzP5Brkd8Udiw48+9etlBVkJNF+DI2vI+YiS+px6G9I5kasQN xrLj6Q7PJh8HGjyLzpw+6GTTmA9rpx28PJQRtG2AA9A2rcBmIYhrnUN0IHDJ3ez9QUxV 8Q/855cb8sRHbgRoljaXWxNpLAdFaN2QDVxFwTb3ddeZkFOZPQ4tT7eIf09gHiOYAhgx kMTg== X-Gm-Message-State: AC+VfDzi9gnLquowFEm/HF/QrL2nKD3eP5MaN1jTuBpqSFafmy+rJxc3 XyD+JiZY2/mSdtwPCkXhbtcr1YCxPX4Yvj7qExMYoxB2SAhkoNQ0lQuk40rn/3m/lz1C6lGa5hb dOU9fOyua3JkBTKjtkso5e3oP X-Received: by 2002:a17:902:e811:b0:1b0:5e97:ee2e with SMTP id u17-20020a170902e81100b001b05e97ee2emr6960535plg.19.1685604292000; Thu, 01 Jun 2023 00:24:52 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ662P0lLrFIg86H16E966109yZnfDIKygWQtWOgjwFAIugqodl1XMDNcj6+cm1VNgP+uGfilg== X-Received: by 2002:a17:902:e811:b0:1b0:5e97:ee2e with SMTP id u17-20020a170902e81100b001b05e97ee2emr6960516plg.19.1685604291629; Thu, 01 Jun 2023 00:24:51 -0700 (PDT) Received: from localhost ([43.228.180.230]) by smtp.gmail.com with ESMTPSA id z15-20020a170903018f00b00199203a4fa3sm2666890plg.203.2023.06.01.00.24.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 01 Jun 2023 00:24:51 -0700 (PDT) From: Coiby Xu To: kexec@lists.infradead.org Cc: Milan Broz , Thomas Staudt , Kairui Song , dm-devel@redhat.com, Jan Pazdziora , Pingfan Liu , Baoquan He , Dave Young , linux-kernel@vger.kernel.org, x86@kernel.org, Dave Hansen , Vitaly Kuznetsov , Eric Biederman Subject: [PATCH 1/5] kexec_file: allow to place kexec_buf randomly Date: Thu, 1 Jun 2023 15:24:40 +0800 Message-Id: <20230601072444.2033855-2-coxu@redhat.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230601072444.2033855-1-coxu@redhat.com> References: <20230601072444.2033855-1-coxu@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" Currently, kexec_buf is placed in order which means for the same machine, the info in the kexec_buf is always located at the same position each time the machine is booted. This may cause a risk for sensitive information like LUKS volume key. Now struct kexec_buf has a new field random which indicates it's supposed to be placed in a random position. Suggested-by: Jan Pazdziora Signed-off-by: Coiby Xu --- include/linux/kexec.h | 2 ++ kernel/kexec_file.c | 15 +++++++++++++++ 2 files changed, 17 insertions(+) diff --git a/include/linux/kexec.h b/include/linux/kexec.h index 22b5cd24f581..5b2440444112 100644 --- a/include/linux/kexec.h +++ b/include/linux/kexec.h @@ -172,6 +172,7 @@ int kexec_image_post_load_cleanup_default(struct kimage= *image); * @buf_min: The buffer can't be placed below this address. * @buf_max: The buffer can't be placed above this address. * @top_down: Allocate from top of memory. + * @random: Place the buffer at a random position. */ struct kexec_buf { struct kimage *image; @@ -183,6 +184,7 @@ struct kexec_buf { unsigned long buf_min; unsigned long buf_max; bool top_down; + bool random; }; =20 int kexec_load_purgatory(struct kimage *image, struct kexec_buf *kbuf); diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c index f989f5f1933b..5dbfc119eb6a 100644 --- a/kernel/kexec_file.c +++ b/kernel/kexec_file.c @@ -25,6 +25,7 @@ #include #include #include +#include #include #include #include "kexec_internal.h" @@ -419,6 +420,16 @@ SYSCALL_DEFINE5(kexec_file_load, int, kernel_fd, int, = initrd_fd, return ret; } =20 +static unsigned long kexec_random_start(unsigned long start, unsigned long= end) +{ + unsigned long temp_start; + unsigned short i; + + get_random_bytes(&i, sizeof(unsigned short)); + temp_start =3D start + (end - start) / USHRT_MAX * i; + return temp_start; +} + static int locate_mem_hole_top_down(unsigned long start, unsigned long end, struct kexec_buf *kbuf) { @@ -427,6 +438,8 @@ static int locate_mem_hole_top_down(unsigned long start= , unsigned long end, =20 temp_end =3D min(end, kbuf->buf_max); temp_start =3D temp_end - kbuf->memsz; + if (kbuf->random) + temp_start =3D kexec_random_start(temp_start, temp_end); =20 do { /* align down start */ @@ -464,6 +477,8 @@ static int locate_mem_hole_bottom_up(unsigned long star= t, unsigned long end, unsigned long temp_start, temp_end; =20 temp_start =3D max(start, kbuf->buf_min); + if (kbuf->random) + temp_start =3D kexec_random_start(temp_start, end); =20 do { temp_start =3D ALIGN(temp_start, kbuf->buf_align); --=20 2.40.1 From nobody Sun Feb 8 18:48:29 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id E034AC77B7A for ; Thu, 1 Jun 2023 07:25:47 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231584AbjFAHZq (ORCPT ); Thu, 1 Jun 2023 03:25:46 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42606 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231371AbjFAHZo (ORCPT ); Thu, 1 Jun 2023 03:25:44 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 852EB13E for ; Thu, 1 Jun 2023 00:24:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1685604297; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=AVNhkRwZAfrMBhKh//wi6Z59DrttLTByCXwnmuvQ7Sk=; b=fwFKzULvG2I2S94hr65HA1VMsl3EkViDqVU3iLf0yXX8DlHXrfXGTz6VeASXbcbASgqrD0 2TRfgodcPK6hHz8OlLkL423mJ8cB7iE3GptQO9hSN4ZDwz8KTfkctqlG8VyNUpD6CtB/F8 4at0iTlMMOdYk7RMB5MuTxCfbULQRgM= Received: from mail-qt1-f198.google.com (mail-qt1-f198.google.com [209.85.160.198]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-645-mI8yZIRROdCh5DcXlQSo0A-1; Thu, 01 Jun 2023 03:24:56 -0400 X-MC-Unique: mI8yZIRROdCh5DcXlQSo0A-1 Received: by mail-qt1-f198.google.com with SMTP id d75a77b69052e-3f80c977f15so5029071cf.2 for ; Thu, 01 Jun 2023 00:24:56 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1685604296; x=1688196296; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=AVNhkRwZAfrMBhKh//wi6Z59DrttLTByCXwnmuvQ7Sk=; b=QT22WzI6/67PnXgtEOBUp4lA+Ww10w8KLsnNHotAbEQc1+/YWCfQxvajomqwrO6hMR l5TfIeQN6H/69/DNDFUdMiiL7M02NlegSIC+m6GkGc9hnLV8TrikuIIXl6/QrDCPpn9o kfJXpYts/KyO93B44ZLwYTkMmvoe348pSRusUBGDywnBrjQC7RNW6fb3bwVRiMmrz+8Z 0n7br4j3pAuYoGu/wtdDkLOaRTUCEoAN40H6JLpbPRY6bkxWhmgyLZN3GgWnqfo4M+3T rf6osgq2o+dSLAzbvI+mAPv/38KsbJHxOjTvgsBTgumLq1U2rIxJq0IzR/QDTgiuMWgD HZNQ== X-Gm-Message-State: AC+VfDzryhWxJzgE40e3pcbiby2AvedtMPEH45kvQ31182TkKBBmDF1H pUjWs/x5pJYxhnutU8UTXRNzxwcMr5z5GucwUvJFUIyjiKtMAaQjqpF1o1kEoT4NSA7HUZn9iRU kA8BhggmEE7N0FsnBL74GW6fr X-Received: by 2002:a05:622a:3c7:b0:3f4:eb26:6d42 with SMTP id k7-20020a05622a03c700b003f4eb266d42mr7982586qtx.63.1685604295826; Thu, 01 Jun 2023 00:24:55 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ6UZAxm2RuiVCtGixZ0U45XGL7fm+89xCNa6kmGqARldADNGbnk+xAiazKcrMefCa2tIl3eZQ== X-Received: by 2002:a05:622a:3c7:b0:3f4:eb26:6d42 with SMTP id k7-20020a05622a03c700b003f4eb266d42mr7982558qtx.63.1685604295538; Thu, 01 Jun 2023 00:24:55 -0700 (PDT) Received: from localhost ([43.228.180.230]) by smtp.gmail.com with ESMTPSA id i28-20020a63541c000000b0053efb8fae02sm2465297pgb.24.2023.06.01.00.24.54 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 01 Jun 2023 00:24:55 -0700 (PDT) From: Coiby Xu To: kexec@lists.infradead.org Cc: Milan Broz , Thomas Staudt , Kairui Song , dm-devel@redhat.com, Jan Pazdziora , Pingfan Liu , Baoquan He , Dave Young , linux-kernel@vger.kernel.org, x86@kernel.org, Dave Hansen , Vitaly Kuznetsov , Vivek Goyal Subject: [PATCH 2/5] crash_dump: save the LUKS volume key temporarily Date: Thu, 1 Jun 2023 15:24:41 +0800 Message-Id: <20230601072444.2033855-3-coxu@redhat.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230601072444.2033855-1-coxu@redhat.com> References: <20230601072444.2033855-1-coxu@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" After having the volume key, crytpsetup/systemd-cryptsetup saves the volume key as a logon key to its thread keyring and this key is destroyed immediately with the terminated thread. So a temporary copy of the volume key is needed in order to later save it to kdump reserved memory when the crash kernel is loaded later. crytpsetup/systemd-cryptsetup will write the key description to /sys/kernel/crash_luks_volume_key so the kernel will read the logon key and save a temporary copy for later user. kdump has 1 hour at maximum to get the temporary copy before the key gets wiped. And after kdump retrieves the key, the key will be wiped immediately. Signed-off-by: Coiby Xu --- include/linux/crash_core.h | 2 + kernel/Makefile | 2 +- kernel/crash_dump_luks.c | 90 ++++++++++++++++++++++++++++++++++++++ kernel/ksysfs.c | 19 ++++++++ 4 files changed, 112 insertions(+), 1 deletion(-) create mode 100644 kernel/crash_dump_luks.c diff --git a/include/linux/crash_core.h b/include/linux/crash_core.h index de62a722431e..596d83b8f362 100644 --- a/include/linux/crash_core.h +++ b/include/linux/crash_core.h @@ -83,5 +83,7 @@ int parse_crashkernel_high(char *cmdline, unsigned long l= ong system_ram, unsigned long long *crash_size, unsigned long long *crash_base); int parse_crashkernel_low(char *cmdline, unsigned long long system_ram, unsigned long long *crash_size, unsigned long long *crash_base); +int crash_sysfs_luks_volume_key_write(const char *key_des, size_t count); +int crash_pass_temp_luks_volume_key(void **addr, unsigned long *sz); =20 #endif /* LINUX_CRASH_CORE_H */ diff --git a/kernel/Makefile b/kernel/Makefile index b69c95315480..8412afa4a9f0 100644 --- a/kernel/Makefile +++ b/kernel/Makefile @@ -118,7 +118,7 @@ obj-$(CONFIG_PERF_EVENTS) +=3D events/ =20 obj-$(CONFIG_USER_RETURN_NOTIFIER) +=3D user-return-notifier.o obj-$(CONFIG_PADATA) +=3D padata.o -obj-$(CONFIG_CRASH_DUMP) +=3D crash_dump.o +obj-$(CONFIG_CRASH_DUMP) +=3D crash_dump.o crash_dump_luks.o obj-$(CONFIG_JUMP_LABEL) +=3D jump_label.o obj-$(CONFIG_CONTEXT_TRACKING) +=3D context_tracking.o obj-$(CONFIG_TORTURE_TEST) +=3D torture.o diff --git a/kernel/crash_dump_luks.c b/kernel/crash_dump_luks.c new file mode 100644 index 000000000000..2d88b77a93f8 --- /dev/null +++ b/kernel/crash_dump_luks.c @@ -0,0 +1,90 @@ +// SPDX-License-Identifier: GPL-2.0-only +#include +#include + +static u8 *luks_volume_key; +static unsigned int luks_volume_key_size; + +void wipe_luks_volume_key(void) +{ + if (luks_volume_key) { + memset(luks_volume_key, 0, luks_volume_key_size * sizeof(u8)); + kfree(luks_volume_key); + luks_volume_key =3D NULL; + } +} + +static void _wipe_luks_volume_key(struct work_struct *dummy) +{ + wipe_luks_volume_key(); +} + +static DECLARE_DELAYED_WORK(wipe_luks_volume_key_work, _wipe_luks_volume_k= ey); + +static unsigned __read_mostly wipe_key_delay =3D 3600; /* 1 hour */ + +static int crash_save_temp_luks_volume_key(const char *key_desc, size_t co= unt) +{ + const struct user_key_payload *ukp; + struct key *key; + + + if (luks_volume_key) { + memset(luks_volume_key, 0, luks_volume_key_size * sizeof(u8)); + kfree(luks_volume_key); + } + + pr_debug("Requesting key %s", key_desc); + key =3D request_key(&key_type_logon, key_desc, NULL); + + if (IS_ERR(key)) { + pr_debug("No such key %s", key_desc); + return PTR_ERR(key); + } + + ukp =3D user_key_payload_locked(key); + if (!ukp) + return -EKEYREVOKED; + + luks_volume_key =3D kmalloc(ukp->datalen, GFP_KERNEL); + if (!luks_volume_key) + return -ENOMEM; + memcpy(luks_volume_key, ukp->data, ukp->datalen); + luks_volume_key_size =3D ukp->datalen; + pr_debug("LUKS master key (size=3D%u): %8ph\n", luks_volume_key_size, luk= s_volume_key); + schedule_delayed_work(&wipe_luks_volume_key_work, + round_jiffies_relative(wipe_key_delay * HZ)); + return 0; +} + +int crash_sysfs_luks_volume_key_write(const char *key_desc, size_t count) +{ + if (!is_kdump_kernel()) + return crash_save_temp_luks_volume_key(key_desc, count); + return -EINVAL; +} +EXPORT_SYMBOL(crash_sysfs_luks_volume_key_write); + +int crash_pass_temp_luks_volume_key(void **addr, unsigned long *sz) +{ + unsigned long luks_key_sz; + unsigned char *buf; + unsigned int *size_ptr; + + if (!luks_volume_key) + return -EINVAL; + + luks_key_sz =3D sizeof(unsigned int) + luks_volume_key_size * sizeof(u8); + + buf =3D vzalloc(luks_key_sz); + if (!buf) + return -ENOMEM; + + size_ptr =3D (unsigned int *)buf; + memcpy(size_ptr, &luks_volume_key_size, sizeof(unsigned int)); + memcpy(size_ptr + 1, luks_volume_key, luks_volume_key_size * sizeof(u8)); + *addr =3D buf; + *sz =3D luks_key_sz; + wipe_luks_volume_key(); + return 0; +} diff --git a/kernel/ksysfs.c b/kernel/ksysfs.c index aad7a3bfd846..cc64a895c334 100644 --- a/kernel/ksysfs.c +++ b/kernel/ksysfs.c @@ -165,6 +165,24 @@ static ssize_t vmcoreinfo_show(struct kobject *kobj, } KERNEL_ATTR_RO(vmcoreinfo); =20 +static ssize_t crash_luks_volume_key_show(struct kobject *kobj, + struct kobj_attribute *attr, + char *buf) +{ + return 0; +} + +static ssize_t crash_luks_volume_key_store(struct kobject *kobj, + struct kobj_attribute *attr, + const char *buf, size_t count) +{ + int ret; + + ret =3D crash_sysfs_luks_volume_key_write(buf, count); + return ret < 0 ? ret : count; +} +KERNEL_ATTR_RW(crash_luks_volume_key); + #endif /* CONFIG_CRASH_CORE */ =20 /* whether file capabilities are enabled */ @@ -255,6 +273,7 @@ static struct attribute * kernel_attrs[] =3D { #endif #ifdef CONFIG_CRASH_CORE &vmcoreinfo_attr.attr, + &crash_luks_volume_key_attr.attr, #endif #ifndef CONFIG_TINY_RCU &rcu_expedited_attr.attr, --=20 2.40.1 From nobody Sun Feb 8 18:48:29 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id A1158C77B7E for ; Thu, 1 Jun 2023 07:26:04 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231840AbjFAH0B (ORCPT ); Thu, 1 Jun 2023 03:26:01 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42644 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231800AbjFAHZs (ORCPT ); Thu, 1 Jun 2023 03:25:48 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7D40F9F for ; Thu, 1 Jun 2023 00:25:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1685604302; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=BSdEOOvVOvBHgbxdtA0aSxX16fM93R7Xrib46N4HMRQ=; b=esm0yLUVbBXHsbucG2ZuTgmO4I9hOD6eap4CqfacLceGVnnC59lU87xoE4fIqwxXyLC94P vjGU0r03Kl1WzqEcATesreacg/byuEN4ElTAJ9QI/+eAZWXIcEPDPOaklvWkDNdF9IpT45 4QqkCmE/m0iGeO7TFY8tf/HDT9QB0v0= Received: from mail-pf1-f200.google.com (mail-pf1-f200.google.com [209.85.210.200]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-314-0WOvoThUO4OfG3aQVH3dIA-1; Thu, 01 Jun 2023 03:25:01 -0400 X-MC-Unique: 0WOvoThUO4OfG3aQVH3dIA-1 Received: by mail-pf1-f200.google.com with SMTP id d2e1a72fcca58-650abd6d92eso44108b3a.3 for ; Thu, 01 Jun 2023 00:25:01 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1685604300; x=1688196300; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=BSdEOOvVOvBHgbxdtA0aSxX16fM93R7Xrib46N4HMRQ=; b=XrTTX8X9zLSy1a9OLTVPSm9H6O6RLdFrOWRSSMYMv/bWMS9IWs0fSGzsoB6hY0/CcR JDoBO+ynC4vYXsGsmR6aT9rwNR969jac9BZipkXgLkT3c5XbZAlWsmz3VnYEKb0cQUO+ 35Pb3LWj3t5vFTGLTOlfNephhIJnqaaOozzFh1XxNqd6bfMeQKZZPrs4cjpOenxJoccd Yh2lDTVvELIGhtz/W3HfA+eCkkoxlu12ZJxkahA5MEfGx6lZ7bOhaY2r2fKPiRIdosbF EPYWmAkDvR4/0Tnq+0DivNa/5X6kG0Fzcat5Eyu4Pr3AymlTCAHc5hWds1wcMnNuNUr4 u2Ug== X-Gm-Message-State: AC+VfDxNzRb2G0OcB1U5mVk9qc5F2zedtmxn9xsvkHkNoQvITkzIidFs t1OapTDCLa2oiNU7dYmv70J384l0HP9vH1d62KQT5okHjMhS7DuKklX/8xgIRa8fSUXpPyVliXp iDqQGRsKRxX9WPw+BxxbZNQ2P X-Received: by 2002:a05:6a00:1a51:b0:63b:5496:7af5 with SMTP id h17-20020a056a001a5100b0063b54967af5mr7757653pfv.1.1685604300240; Thu, 01 Jun 2023 00:25:00 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ7dvgVyrzGCsjuOATzcCkMb2NCswn1qLkQ0iET/24u8jgUcZoCb8ABgYZHVIPusFMkwCuiucw== X-Received: by 2002:a05:6a00:1a51:b0:63b:5496:7af5 with SMTP id h17-20020a056a001a5100b0063b54967af5mr7757634pfv.1.1685604299873; Thu, 01 Jun 2023 00:24:59 -0700 (PDT) Received: from localhost ([43.228.180.230]) by smtp.gmail.com with ESMTPSA id f18-20020aa78b12000000b0064d27a28451sm4433388pfd.100.2023.06.01.00.24.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 01 Jun 2023 00:24:59 -0700 (PDT) From: Coiby Xu To: kexec@lists.infradead.org Cc: Milan Broz , Thomas Staudt , Kairui Song , dm-devel@redhat.com, Jan Pazdziora , Pingfan Liu , Baoquan He , Dave Young , linux-kernel@vger.kernel.org, x86@kernel.org, Dave Hansen , Vitaly Kuznetsov , Vivek Goyal Subject: [PATCH 3/5] crash_dump: retrieve LUKS volume key in kdump kernel Date: Thu, 1 Jun 2023 15:24:42 +0800 Message-Id: <20230601072444.2033855-4-coxu@redhat.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230601072444.2033855-1-coxu@redhat.com> References: <20230601072444.2033855-1-coxu@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" Crash kernel will retrieve the LUKS volume key based on the luksvolumekey command line parameter. When libcryptsetup writes the key description to /sys/kernel/crash_luks_volume_key, crash kernel will create a thread keyring and add a logon key. Signed-off-by: Coiby Xu --- include/linux/crash_dump.h | 2 + kernel/crash_dump_luks.c | 116 ++++++++++++++++++++++++++++++++++++- 2 files changed, 116 insertions(+), 2 deletions(-) diff --git a/include/linux/crash_dump.h b/include/linux/crash_dump.h index 0f3a656293b0..bc848e058c64 100644 --- a/include/linux/crash_dump.h +++ b/include/linux/crash_dump.h @@ -15,6 +15,8 @@ extern unsigned long long elfcorehdr_addr; extern unsigned long long elfcorehdr_size; =20 +extern unsigned long long luks_volume_key_addr; + #ifdef CONFIG_CRASH_DUMP extern int elfcorehdr_alloc(unsigned long long *addr, unsigned long long *= size); extern void elfcorehdr_free(unsigned long long addr); diff --git a/kernel/crash_dump_luks.c b/kernel/crash_dump_luks.c index 2d88b77a93f8..63718db318c3 100644 --- a/kernel/crash_dump_luks.c +++ b/kernel/crash_dump_luks.c @@ -1,7 +1,82 @@ // SPDX-License-Identifier: GPL-2.0-only +#include +#include #include #include =20 +unsigned long long luks_volume_key_addr; +EXPORT_SYMBOL_GPL(luks_volume_key_addr); + +static int __init setup_luksvolumekey(char *arg) +{ + char *end; + + if (!arg) + return -EINVAL; + luks_volume_key_addr =3D memparse(arg, &end); + if (end > arg) + return 0; + + luks_volume_key_addr =3D 0; + return -EINVAL; +} + +early_param("luksvolumekey", setup_luksvolumekey); + +/* + * Architectures may override this function to read LUKS master key + */ +ssize_t __weak luks_key_read(char *buf, size_t count, u64 *ppos) +{ + struct kvec kvec =3D { .iov_base =3D buf, .iov_len =3D count }; + struct iov_iter iter; + + iov_iter_kvec(&iter, READ, &kvec, 1, count); + return read_from_oldmem(&iter, count, ppos, false); +} + +static int retrive_kdump_luks_volume_key(u8 *buffer, unsigned int *sz) +{ + unsigned int key_size; + size_t lukskeybuf_sz; + unsigned int *size_ptr; + char *lukskeybuf; + u64 addr; + int r; + + if (luks_volume_key_addr =3D=3D 0) { + pr_debug("LUKS master key memory address inaccessible"); + return -EINVAL; + } + + addr =3D luks_volume_key_addr; + + /* Read LUKS master key size */ + r =3D luks_key_read((char *)&key_size, sizeof(unsigned int), &addr); + + if (r < 0) + return r; + + pr_debug("Retrieve LUKS master key: size=3D%u\n", key_size); + /* Read in LUKS maste rkey */ + lukskeybuf_sz =3D sizeof(unsigned int) + key_size * sizeof(u8); + lukskeybuf =3D (void *)__get_free_pages(GFP_KERNEL | __GFP_ZERO, + get_order(lukskeybuf_sz)); + if (!lukskeybuf) + return -ENOMEM; + + addr =3D luks_volume_key_addr; + r =3D luks_key_read((char *)lukskeybuf, lukskeybuf_sz, &addr); + + if (r < 0) + return r; + size_ptr =3D (unsigned int *)lukskeybuf; + memcpy(buffer, size_ptr + 1, key_size * sizeof(u8)); + pr_debug("Retrieve LUKS master key (size=3D%u): %48ph...\n", key_size, bu= ffer); + *sz =3D key_size; + return 0; +} + static u8 *luks_volume_key; static unsigned int luks_volume_key_size; =20 @@ -23,12 +98,48 @@ static DECLARE_DELAYED_WORK(wipe_luks_volume_key_work, = _wipe_luks_volume_key); =20 static unsigned __read_mostly wipe_key_delay =3D 3600; /* 1 hour */ =20 +static int retore_luks_volume_key_to_thread_keyring(const char *key_desc) +{ + key_ref_t keyring_ref, key_ref; + int ret; + + /* find the target keyring (which must be writable) */ + keyring_ref =3D lookup_user_key(KEY_SPEC_THREAD_KEYRING, 0x01, KEY_NEED_W= RITE); + if (IS_ERR(keyring_ref)) { + pr_alert("Failed to get keyring"); + return PTR_ERR(keyring_ref); + } + + luks_volume_key =3D kmalloc(128, GFP_KERNEL); + ret =3D retrive_kdump_luks_volume_key(luks_volume_key, &luks_volume_key_s= ize); + if (ret) { + kfree(luks_volume_key); + return ret; + } + + /* create or update the requested key and add it to the target keyring */ + key_ref =3D key_create_or_update(keyring_ref, "logon", key_desc, + luks_volume_key, luks_volume_key_size, + KEY_PERM_UNDEF, KEY_ALLOC_IN_QUOTA); + + if (!IS_ERR(key_ref)) { + ret =3D key_ref_to_ptr(key_ref)->serial; + key_ref_put(key_ref); + pr_alert("Success adding key %s", key_desc); + } else { + ret =3D PTR_ERR(key_ref); + pr_alert("Error when adding key"); + } + + key_ref_put(keyring_ref); + return ret; +} + static int crash_save_temp_luks_volume_key(const char *key_desc, size_t co= unt) { const struct user_key_payload *ukp; struct key *key; =20 - if (luks_volume_key) { memset(luks_volume_key, 0, luks_volume_key_size * sizeof(u8)); kfree(luks_volume_key); @@ -61,7 +172,8 @@ int crash_sysfs_luks_volume_key_write(const char *key_de= sc, size_t count) { if (!is_kdump_kernel()) return crash_save_temp_luks_volume_key(key_desc, count); - return -EINVAL; + else + return retore_luks_volume_key_to_thread_keyring(key_desc); } EXPORT_SYMBOL(crash_sysfs_luks_volume_key_write); =20 --=20 2.40.1 From nobody Sun Feb 8 18:48:29 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 90EF9C77B7A for ; Thu, 1 Jun 2023 07:26:00 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231955AbjFAHZ6 (ORCPT ); Thu, 1 Jun 2023 03:25:58 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42698 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231799AbjFAHZs (ORCPT ); Thu, 1 Jun 2023 03:25:48 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E5E3E18C for ; Thu, 1 Jun 2023 00:25:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1685604306; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=AgH6lkMBE6SH6kwKQ2OLQdShNDxo5U5zIXrPWoXTrzY=; b=Ic1/+iMatjM9SMHanwDvYALW62vQLEMabsTxInIjq4qAeiwnEMmT6T4miSP0p1TAFASM+A JFc4w6g7stwqUdOldQQHCEOH16dVaYybE/fdexDPFeee+T8PMfOGQO2ldw408p4T0uJd9t 37CqvX5FX62VftGPIqCzYb9wQwF7bkQ= Received: from mail-pj1-f72.google.com (mail-pj1-f72.google.com [209.85.216.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-492-9esEm7IFNhmHtrhKtE_vPg-1; Thu, 01 Jun 2023 03:25:05 -0400 X-MC-Unique: 9esEm7IFNhmHtrhKtE_vPg-1 Received: by mail-pj1-f72.google.com with SMTP id 98e67ed59e1d1-2568caac092so105325a91.1 for ; Thu, 01 Jun 2023 00:25:04 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1685604304; x=1688196304; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=AgH6lkMBE6SH6kwKQ2OLQdShNDxo5U5zIXrPWoXTrzY=; b=DCip9q1FcegtiUB8eYvU0LGklsXXLSlYGi2S9YetDwABjdwAUkAmUOi0V8mqz2u+Hw cuIjUUN5uFfGyFfH+PLSi+G8OW/E7Rf3YvtG20QI9a/v5NbpZzrcCJdnqmbaXgdxuNSE mLZO69sXHkmQI+mqvnOXiY38e9YrTrJPTIyz8Gfq9Co+G3v5eVo/Bz2kRH4AMxyKOS3+ gnu5yY0EQBOKYuxiUFEyrGsYmV12bGGk8SbS7LDVwUgsuVyMaTBj6u+0025DInrKXu1a +VVDFTJ9U2B3LptbV09VYn70hTyV66Am6/sjfhc2WCxG82sJhvHbbRjnqRMCbu6O4z1g FmWA== X-Gm-Message-State: AC+VfDwFcca25ITcTulUIb/uNmd9DxlMoPBYfJviquEyVNsyFSCpnCzj wHuziQewDLYxlBTvxfSTTS2s31tiZoKkufWXxlKbkfgFq4p7zFyKly8JpcxU+9NbgKGYOzQDu6d I4lXhU62up8CeqhACz5/hLpRR X-Received: by 2002:a17:90a:1d5:b0:258:ad44:1881 with SMTP id 21-20020a17090a01d500b00258ad441881mr348554pjd.11.1685604303891; Thu, 01 Jun 2023 00:25:03 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ7xgKGdx+9FIXW6GTYR3P3F8V57UwAyR9jIH88D5P2XGZN+XYlgvqnsqFZh+mlMZMuhp1bt/w== X-Received: by 2002:a17:90a:1d5:b0:258:ad44:1881 with SMTP id 21-20020a17090a01d500b00258ad441881mr348543pjd.11.1685604303582; Thu, 01 Jun 2023 00:25:03 -0700 (PDT) Received: from localhost ([43.228.180.230]) by smtp.gmail.com with ESMTPSA id o11-20020a17090a4e8b00b00256799877ffsm702466pjh.47.2023.06.01.00.25.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 01 Jun 2023 00:25:03 -0700 (PDT) From: Coiby Xu To: kexec@lists.infradead.org Cc: Milan Broz , Thomas Staudt , Kairui Song , dm-devel@redhat.com, Jan Pazdziora , Pingfan Liu , Baoquan He , Dave Young , linux-kernel@vger.kernel.org, x86@kernel.org, Dave Hansen , Vitaly Kuznetsov , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "H. Peter Anvin" , Eric Biederman Subject: [PATCH 4/5] x86/crash: pass the LUKS volume key to kdump kernel Date: Thu, 1 Jun 2023 15:24:43 +0800 Message-Id: <20230601072444.2033855-5-coxu@redhat.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230601072444.2033855-1-coxu@redhat.com> References: <20230601072444.2033855-1-coxu@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" 1st kernel will build up the kernel command parameter luksvolumekey as similar to elfcorehdr to pass the memory address of the stored info of LUKS volume key to kdump kernel. Signed-off-by: Coiby Xu --- arch/x86/include/asm/crash.h | 1 + arch/x86/kernel/crash.c | 47 ++++++++++++++++++++++++++++++- arch/x86/kernel/kexec-bzimage64.c | 7 +++++ include/linux/kexec.h | 4 +++ 4 files changed, 58 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/asm/crash.h b/arch/x86/include/asm/crash.h index 8b6bd63530dc..485f75dce2ca 100644 --- a/arch/x86/include/asm/crash.h +++ b/arch/x86/include/asm/crash.h @@ -4,6 +4,7 @@ =20 struct kimage; =20 +int crash_load_luks_volume_key(struct kimage *image); int crash_load_segments(struct kimage *image); int crash_setup_memmap_entries(struct kimage *image, struct boot_params *params); diff --git a/arch/x86/kernel/crash.c b/arch/x86/kernel/crash.c index cdd92ab43cda..32d4a9e3badf 100644 --- a/arch/x86/kernel/crash.c +++ b/arch/x86/kernel/crash.c @@ -289,6 +289,7 @@ static int memmap_exclude_ranges(struct kimage *image, = struct crash_mem *cmem, unsigned long long mend) { unsigned long start, end; + int r; =20 cmem->ranges[0].start =3D mstart; cmem->ranges[0].end =3D mend; @@ -297,7 +298,19 @@ static int memmap_exclude_ranges(struct kimage *image,= struct crash_mem *cmem, /* Exclude elf header region */ start =3D image->elf_load_addr; end =3D start + image->elf_headers_sz - 1; - return crash_exclude_mem_range(cmem, start, end); + r =3D crash_exclude_mem_range(cmem, start, end); + + if (r) + return r; + + /* Exclude LUKS volume key region */ + if (image->luks_volume_key_addr) { + start =3D image->luks_volume_key_addr; + end =3D start + image->luks_volume_key_sz - 1; + return crash_exclude_mem_range(cmem, start, end); + } + + return r; } =20 /* Prepare memory map for crash dump kernel */ @@ -368,6 +381,38 @@ int crash_setup_memmap_entries(struct kimage *image, s= truct boot_params *params) return ret; } =20 +int crash_load_luks_volume_key(struct kimage *image) +{ + int ret; + struct kexec_buf kbuf =3D { + .image =3D image, + .buf_min =3D 0, + .buf_max =3D ULONG_MAX, + .top_down =3D false, + .random =3D true, + }; + + image->luks_volume_key_addr =3D 0; + ret =3D crash_pass_temp_luks_volume_key(&kbuf.buffer, &kbuf.bufsz); + if (ret) + return ret; + + kbuf.memsz =3D kbuf.bufsz; + kbuf.buf_align =3D ELF_CORE_HEADER_ALIGN; + kbuf.mem =3D KEXEC_BUF_MEM_UNKNOWN; + ret =3D kexec_add_buffer(&kbuf); + if (ret) { + vfree((void *)kbuf.buffer); + return ret; + } + image->luks_volume_key_addr =3D kbuf.mem; + image->luks_volume_key_sz =3D kbuf.bufsz; + pr_debug("Loaded LUKS volume key at 0x%lx bufsz=3D0x%lx memsz=3D0x%lx\n", + image->luks_volume_key_addr, kbuf.bufsz, kbuf.bufsz); + + return ret; +} + int crash_load_segments(struct kimage *image) { int ret; diff --git a/arch/x86/kernel/kexec-bzimage64.c b/arch/x86/kernel/kexec-bzim= age64.c index a61c12c01270..a859e9e5c876 100644 --- a/arch/x86/kernel/kexec-bzimage64.c +++ b/arch/x86/kernel/kexec-bzimage64.c @@ -76,6 +76,10 @@ static int setup_cmdline(struct kimage *image, struct bo= ot_params *params, if (image->type =3D=3D KEXEC_TYPE_CRASH) { len =3D sprintf(cmdline_ptr, "elfcorehdr=3D0x%lx ", image->elf_load_addr); + + if (image->luks_volume_key_addr !=3D 0) + len +=3D sprintf(cmdline_ptr + len, + "luksvolumekey=3D0x%lx ", image->luks_volume_key_addr); } memcpy(cmdline_ptr + len, cmdline, cmdline_len); cmdline_len +=3D len; @@ -433,6 +437,9 @@ static void *bzImage64_load(struct kimage *image, char = *kernel, ret =3D crash_load_segments(image); if (ret) return ERR_PTR(ret); + ret =3D crash_load_luks_volume_key(image); + if (ret) + pr_debug("Either no LUKS volume key or error to retrieve the LUKS volum= e key\n"); } =20 /* diff --git a/include/linux/kexec.h b/include/linux/kexec.h index 5b2440444112..20d213076e46 100644 --- a/include/linux/kexec.h +++ b/include/linux/kexec.h @@ -374,6 +374,10 @@ struct kimage { void *elf_headers; unsigned long elf_headers_sz; unsigned long elf_load_addr; + + /* LUKS volume key buffer */ + unsigned long luks_volume_key_addr; + unsigned long luks_volume_key_sz; }; =20 /* kexec interface functions */ --=20 2.40.1 From nobody Sun Feb 8 18:48:29 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 98226C7EE29 for ; Thu, 1 Jun 2023 07:26:13 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231174AbjFAH0M (ORCPT ); Thu, 1 Jun 2023 03:26:12 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42684 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231895AbjFAHZ5 (ORCPT ); Thu, 1 Jun 2023 03:25:57 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3C58E180 for ; Thu, 1 Jun 2023 00:25:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1685604309; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=aefU4VwU8oFOQYKmAqFmOKJxhlCYs6WtVK98Xo9Ylw8=; b=WETCygIfvoUR4I/DFrO0Vu0WkJ/DyQ+6nprEwNcFQcTNr4cqMn7qoM4qlWhev97ZLRCc/8 SboM+RmR1oFlStBSlFS3jlU1DdEm/9UhS6Qtx1bEi/xwrNRc1DFxtHudmodzACopnj7vRy kbWjh8FFJMa5rew0SV22jWLX2isBTmM= Received: from mail-pg1-f199.google.com (mail-pg1-f199.google.com [209.85.215.199]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-433-oUVdstSjMGWKwHLJB7JtBw-1; Thu, 01 Jun 2023 03:25:08 -0400 X-MC-Unique: oUVdstSjMGWKwHLJB7JtBw-1 Received: by mail-pg1-f199.google.com with SMTP id 41be03b00d2f7-528ab7097afso566462a12.1 for ; Thu, 01 Jun 2023 00:25:08 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1685604307; x=1688196307; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=aefU4VwU8oFOQYKmAqFmOKJxhlCYs6WtVK98Xo9Ylw8=; b=PQjxXAEYSS7baW7CSbcDyJph30QjAAVj3P+JmVJIomsHogVO77gj1yo3bLmNnsB7T/ WAjEq4rP20nrvZJy4tmV4Wls2Coi9nAFwNq53Yz+JD40eFjWbqVDOTLYNBrbK1kDoAYt jjkbid2G8OECKrrVfkgXGQ76LY3Q7Gg3HnZJCMHn1RXU6XgFMoTnJ9FiyAcciGCnhO/6 KgjOL3wb9xokW66rHBwa/el/YOqOGayJsY/J6f0ByD+shIxDvHhq78bYkInwDgEaVfzH HznseSFTGq6rEpBexBdxZBjrORIF4Hi2qabJ4zXAH4t6Dd8Js+Nagr2mhx9lD9URtoFe MVSQ== X-Gm-Message-State: AC+VfDz511Gpo29Mywaym1fLFiI2kP94cQ6RxGCGtMatZ5TS2QiojKy9 BKHF7HT+berYiL9aOfGTTmWw2p7jRlNMB1qnMyBJCr8hmEXNAQkBGQdSQxFIV6JMyeYp24s7aN9 luOtlVTyTbz4qQiMkQE5huVpz X-Received: by 2002:a05:6a21:998c:b0:10c:37ed:3e88 with SMTP id ve12-20020a056a21998c00b0010c37ed3e88mr8900710pzb.23.1685604307395; Thu, 01 Jun 2023 00:25:07 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ63I95P8dhhdJ7s5jrMayaANp/DzsGmHfYS5azIKGpulSOOXmtAzsGrmoW2rz/wazIGcv1tqA== X-Received: by 2002:a05:6a21:998c:b0:10c:37ed:3e88 with SMTP id ve12-20020a056a21998c00b0010c37ed3e88mr8900696pzb.23.1685604307121; Thu, 01 Jun 2023 00:25:07 -0700 (PDT) Received: from localhost ([43.228.180.230]) by smtp.gmail.com with ESMTPSA id y15-20020a17090322cf00b001ac5896e96esm2644901plg.207.2023.06.01.00.25.06 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 01 Jun 2023 00:25:06 -0700 (PDT) From: Coiby Xu To: kexec@lists.infradead.org Cc: Milan Broz , Thomas Staudt , Kairui Song , dm-devel@redhat.com, Jan Pazdziora , Pingfan Liu , Baoquan He , Dave Young , linux-kernel@vger.kernel.org, x86@kernel.org, Dave Hansen , Vitaly Kuznetsov , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "H. Peter Anvin" Subject: [PATCH 5/5] x86/crash: make the page that stores the LUKS volume key inaccessible Date: Thu, 1 Jun 2023 15:24:44 +0800 Message-Id: <20230601072444.2033855-6-coxu@redhat.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230601072444.2033855-1-coxu@redhat.com> References: <20230601072444.2033855-1-coxu@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" This adds an addition layer of protection for the saved copy of LUKS volume key. Trying to access the saved copy will cause page fault. Suggested-by: Pingfan Liu Signed-off-by: Coiby Xu --- arch/x86/kernel/machine_kexec_64.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/arch/x86/kernel/machine_kexec_64.c b/arch/x86/kernel/machine_k= exec_64.c index 1a3e2c05a8a5..82d1ecb35827 100644 --- a/arch/x86/kernel/machine_kexec_64.c +++ b/arch/x86/kernel/machine_kexec_64.c @@ -546,9 +546,23 @@ static void kexec_mark_crashkres(bool protect) kexec_mark_range(control, crashk_res.end, protect); } =20 +static void kexec_mark_luks_volume_key_inaccessible(void) +{ + unsigned long start_paddr, end_paddr; + unsigned int nr_pages; + + if (kexec_crash_image->luks_volume_key_addr) { + start_paddr =3D kexec_crash_image->luks_volume_key_addr; + end_paddr =3D start_paddr + kexec_crash_image->luks_volume_key_sz - 1; + nr_pages =3D (PAGE_ALIGN(end_paddr) - PAGE_ALIGN_DOWN(start_paddr))/PAGE= _SIZE; + set_memory_np((unsigned long)phys_to_virt(start_paddr), nr_pages); + } +} + void arch_kexec_protect_crashkres(void) { kexec_mark_crashkres(true); + kexec_mark_luks_volume_key_inaccessible(); } =20 void arch_kexec_unprotect_crashkres(void) --=20 2.40.1