From nobody Fri Dec 26 03:31:06 2025
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8135039ADD
	for <linux-kernel@vger.kernel.org>; Wed, 10 Jan 2024 07:15:33 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=redhat.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=redhat.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com
 header.b="Dk3zwH4z"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1704870932;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=pq0F4aFw6g681LkvfPcovxOw7gCCC2AmnjI1JKPUo/g=;
	b=Dk3zwH4z7P10c1QJMPmgTBIUhvly81Pi5wyhK3+9gOuGlr0l8mNbrJ7QPIkccWBLofuBzv
	kc3ZQcRVOA+lxtQeKET44OwpZxR3tvt9zWhP0jhaHJRNY5UOrF9Dv3NXWGJ2At6tE/mz/e
	Mbwlje0VRVaIPSMi3dU+jkYgDHvwRMQ=
Received: from mail-oi1-f197.google.com (mail-oi1-f197.google.com
 [209.85.167.197]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
 us-mta-27-y6DAq6wXOvaiky6pOAc7JA-1; Wed, 10 Jan 2024 02:15:30 -0500
X-MC-Unique: y6DAq6wXOvaiky6pOAc7JA-1
Received: by mail-oi1-f197.google.com with SMTP id
 5614622812f47-3bbb6fd2cceso4744972b6e.2
        for <linux-kernel@vger.kernel.org>;
 Tue, 09 Jan 2024 23:15:30 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1704870929; x=1705475729;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=pq0F4aFw6g681LkvfPcovxOw7gCCC2AmnjI1JKPUo/g=;
        b=nxwiWChC895Br3dxqr6VNEsd9HBeFxjNUirswX/OaZI+ZA612teq8GxVTqWkAQEvEG
         1Uap3gJRMAAMagVuk/fBlMH8YM1IhXJ/KBFlIyQQS0b2WNUcTqgxsaZR8l8AQcvYGkKd
         bfQZ6EjiKrh/Kr1lBt5huQ7LuvopjxFvgELIg5g9D8a+CvZxvNVk3TqRjSRUqtOTfdJj
         K2yLDMDhgMnhvvoW+QRzksic+goVrMx1zgiIz1e5EXWZHHPv14AdOQ25tYioFd3wg7z7
         BJFxW8CgZaoPArw4Ag2p9Fcvo2hfCn8GgUxF8s7I/5lee9wmrz1kZ7Bjn7R0hfW7nBYY
         iW1g==
X-Gm-Message-State: AOJu0YxU/GiAZkauxcHUcdtDSGZEmUJyNFYW5heYiRA5XqGqscGoCFNV
	9aTqziGU9/bUOwq2H7IYSiKQcIyCsEM8jGH3h1CBkkvbb7wsC1XmOjA8Wcy5mTDWL8MauH/FR2x
	MlWOfQoqoJMwvSUiHxPQ5nmf/MhA+IsIYhpudec8ox4+VKK6s
X-Received: by 2002:a05:6808:1827:b0:3bc:4f4b:2876 with SMTP id
 bh39-20020a056808182700b003bc4f4b2876mr836091oib.85.1704870929452;
        Tue, 09 Jan 2024 23:15:29 -0800 (PST)
X-Google-Smtp-Source: 
 AGHT+IEAh30PQjEcO5UsWPrWFGKjGa/q7fyVdh5HckMBNYLKlvjstQEK5unXc4t5sinSV02Bz4i0yQ==
X-Received: by 2002:a05:6808:1827:b0:3bc:4f4b:2876 with SMTP id
 bh39-20020a056808182700b003bc4f4b2876mr836080oib.85.1704870929172;
        Tue, 09 Jan 2024 23:15:29 -0800 (PST)
Received: from localhost ([43.228.180.230])
        by smtp.gmail.com with ESMTPSA id
 5-20020a631245000000b005b92e60cf57sm2628739pgs.56.2024.01.09.23.15.28
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 09 Jan 2024 23:15:28 -0800 (PST)
From: Coiby Xu <coxu@redhat.com>
To: kexec@lists.infradead.org
Cc: Ondrej Kozina <okozina@redhat.com>,
	Milan Broz <gmazyland@gmail.com>,
	Thomas Staudt <tstaudt@de.ibm.com>,
	=?UTF-8?q?Daniel=20P=20=2E=20Berrang=C3=A9?= <berrange@redhat.com>,
	Kairui Song <ryncsn@gmail.com>,
	dm-devel@redhat.com,
	Jan Pazdziora <jpazdziora@redhat.com>,
	Pingfan Liu <kernelfans@gmail.com>,
	Baoquan He <bhe@redhat.com>,
	Dave Young <dyoung@redhat.com>,
	linux-kernel@vger.kernel.org,
	x86@kernel.org,
	Dave Hansen <dave.hansen@intel.com>,
	Vitaly Kuznetsov <vkuznets@redhat.com>,
	Eric Biederman <ebiederm@xmission.com>
Subject: [PATCH v2 1/5] kexec_file: allow to place kexec_buf randomly
Date: Wed, 10 Jan 2024 15:15:16 +0800
Message-ID: <20240110071522.1308935-2-coxu@redhat.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20240110071522.1308935-1-coxu@redhat.com>
References: <20240110071522.1308935-1-coxu@redhat.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Currently, kexec_buf is placed in order which means for the same
machine, the info in the kexec_buf is always located at the same
position each time the machine is booted. This may cause a risk for
sensitive information like LUKS volume key. Now struct kexec_buf has a
new field random which indicates it's supposed to be placed in a random
position.

Suggested-by: Jan Pazdziora <jpazdziora@redhat.com>
Signed-off-by: Coiby Xu <coxu@redhat.com>
---
 include/linux/kexec.h |  2 ++
 kernel/kexec_file.c   | 15 +++++++++++++++
 2 files changed, 17 insertions(+)

diff --git a/include/linux/kexec.h b/include/linux/kexec.h
index 8227455192b7..6f4626490ebf 100644
--- a/include/linux/kexec.h
+++ b/include/linux/kexec.h
@@ -169,6 +169,7 @@ int kexec_image_post_load_cleanup_default(struct kimage=
 *image);
  * @buf_min:	The buffer can't be placed below this address.
  * @buf_max:	The buffer can't be placed above this address.
  * @top_down:	Allocate from top of memory.
+ * @random:	Place the buffer at a random position.
  */
 struct kexec_buf {
 	struct kimage *image;
@@ -180,6 +181,7 @@ struct kexec_buf {
 	unsigned long buf_min;
 	unsigned long buf_max;
 	bool top_down;
+	bool random;
 };
=20
 int kexec_load_purgatory(struct kimage *image, struct kexec_buf *kbuf);
diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c
index f9a419cd22d4..7abcfc3c8491 100644
--- a/kernel/kexec_file.c
+++ b/kernel/kexec_file.c
@@ -25,6 +25,7 @@
 #include <linux/elfcore.h>
 #include <linux/kernel.h>
 #include <linux/kernel_read_file.h>
+#include <linux/prandom.h>
 #include <linux/syscalls.h>
 #include <linux/vmalloc.h>
 #include "kexec_internal.h"
@@ -419,6 +420,16 @@ SYSCALL_DEFINE5(kexec_file_load, int, kernel_fd, int, =
initrd_fd,
 	return ret;
 }
=20
+static unsigned long kexec_random_start(unsigned long start, unsigned long=
 end)
+{
+	unsigned long temp_start;
+	unsigned short i;
+
+	get_random_bytes(&i, sizeof(unsigned short));
+	temp_start =3D start + (end - start) / USHRT_MAX * i;
+	return temp_start;
+}
+
 static int locate_mem_hole_top_down(unsigned long start, unsigned long end,
 				    struct kexec_buf *kbuf)
 {
@@ -427,6 +438,8 @@ static int locate_mem_hole_top_down(unsigned long start=
, unsigned long end,
=20
 	temp_end =3D min(end, kbuf->buf_max);
 	temp_start =3D temp_end - kbuf->memsz;
+	if (kbuf->random)
+		temp_start =3D kexec_random_start(temp_start, temp_end);
=20
 	do {
 		/* align down start */
@@ -464,6 +477,8 @@ static int locate_mem_hole_bottom_up(unsigned long star=
t, unsigned long end,
 	unsigned long temp_start, temp_end;
=20
 	temp_start =3D max(start, kbuf->buf_min);
+	if (kbuf->random)
+		temp_start =3D kexec_random_start(temp_start, end);
=20
 	do {
 		temp_start =3D ALIGN(temp_start, kbuf->buf_align);
--=20
2.43.0
From nobody Fri Dec 26 03:31:06 2025
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id D7BA73C464
	for <linux-kernel@vger.kernel.org>; Wed, 10 Jan 2024 07:15:42 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=redhat.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=redhat.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com
 header.b="FEXDCw4p"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1704870941;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=oBE8JDxyIcX3XnD0pP2q5BqXiSX10f124bX6uMmNC58=;
	b=FEXDCw4pYW4MlRnrkEBmZqDuKaniL8ZpyzEtELwfKAnHqtJppNxrxR+yWrply/aCQ5ovCG
	CMaojcRFN07YC0j9hGYAs2u+tdqzxhukmNML/izEF97Lk3Oze8rBlnlAXD/F2cjYowiDL4
	ktTrwwt3VhUzzDTZ0YZ9CjxtFqMp5S8=
Received: from mail-pj1-f70.google.com (mail-pj1-f70.google.com
 [209.85.216.70]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
 us-mta-371-5i5vkIxVNHuMCp-9eIiobw-1; Wed, 10 Jan 2024 02:15:35 -0500
X-MC-Unique: 5i5vkIxVNHuMCp-9eIiobw-1
Received: by mail-pj1-f70.google.com with SMTP id
 98e67ed59e1d1-28d1199b572so2291993a91.2
        for <linux-kernel@vger.kernel.org>;
 Tue, 09 Jan 2024 23:15:35 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1704870934; x=1705475734;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=oBE8JDxyIcX3XnD0pP2q5BqXiSX10f124bX6uMmNC58=;
        b=F73C7INjhkieAvE6TvSy2vUwmbGH0Hokt8Rnao1raKMptf82tkUAgKxPMQKt3WMkP+
         1OWOXmvmdR6vl1aoPy8NLzvDKsFHyQrCALzOfjHBdTFaMMKyJp0HM7LY5hO5uEGRBhrr
         IASNopH5dfnEeqk3FBmPVOkunnK3uHPYdcl74XSIH8Eid1Pnp0LqQFSZBDwnXpuzVVHx
         3+fJ+5+NUDsaCuD/GTUxvkD1a7BMs1OKO6l+vfIV/DGVZI7OoDz0WvnsLdRJGsHVc1GY
         6FIgwrt+pk68/X8NAfEkftNdVayoiMuNimUmmNNHh58YI7U0XYm/YjkFKI7g5shUWoAp
         Z7Nw==
X-Gm-Message-State: AOJu0YzojeN1Eg/HYSNJXf5iUTVCb5kNZNbawpIJOHbTcF3cc+bQc6Oo
	IaWtDrqZtSPiCNEHmkU2hrKtpDJl4MT2hDAv4AhKFMW5sNREKV8X9UL/V0S2YlsUyveKP2INIDF
	kPPDAD6yg2KlNKdtjB75sekyfbFHOzu+Y
X-Received: by 2002:a17:90b:e0c:b0:28b:e09f:58c4 with SMTP id
 ge12-20020a17090b0e0c00b0028be09f58c4mr242184pjb.67.1704870933983;
        Tue, 09 Jan 2024 23:15:33 -0800 (PST)
X-Google-Smtp-Source: 
 AGHT+IHbr8Y7pHWBLgmB5dAnNAAdqpjnYReE9oYBoscYaP8UswLavR5htEwSOes6Jgz3Ih8a0UUJDA==
X-Received: by 2002:a17:90b:e0c:b0:28b:e09f:58c4 with SMTP id
 ge12-20020a17090b0e0c00b0028be09f58c4mr242170pjb.67.1704870933631;
        Tue, 09 Jan 2024 23:15:33 -0800 (PST)
Received: from localhost ([43.228.180.230])
        by smtp.gmail.com with ESMTPSA id
 se3-20020a17090b518300b00274b035246esm434215pjb.1.2024.01.09.23.15.32
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 09 Jan 2024 23:15:33 -0800 (PST)
From: Coiby Xu <coxu@redhat.com>
To: kexec@lists.infradead.org
Cc: Ondrej Kozina <okozina@redhat.com>,
	Milan Broz <gmazyland@gmail.com>,
	Thomas Staudt <tstaudt@de.ibm.com>,
	=?UTF-8?q?Daniel=20P=20=2E=20Berrang=C3=A9?= <berrange@redhat.com>,
	Kairui Song <ryncsn@gmail.com>,
	dm-devel@redhat.com,
	Jan Pazdziora <jpazdziora@redhat.com>,
	Pingfan Liu <kernelfans@gmail.com>,
	Baoquan He <bhe@redhat.com>,
	Dave Young <dyoung@redhat.com>,
	linux-kernel@vger.kernel.org,
	x86@kernel.org,
	Dave Hansen <dave.hansen@intel.com>,
	Vitaly Kuznetsov <vkuznets@redhat.com>,
	Vivek Goyal <vgoyal@redhat.com>,
	Eric Biederman <ebiederm@xmission.com>
Subject: [PATCH v2 2/5] crash_dump: save the dm crypt key temporarily
Date: Wed, 10 Jan 2024 15:15:17 +0800
Message-ID: <20240110071522.1308935-3-coxu@redhat.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20240110071522.1308935-1-coxu@redhat.com>
References: <20240110071522.1308935-1-coxu@redhat.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

User space is supposed to write the key description to
/sys/kernel/crash_dm_crypt_key so the kernel will read the key and save
a temporary copy for later user. User space has 2 minutes at maximum to
load the kdump initrd before the key gets wiped. And after kdump
retrieves the key, the key will be wiped immediately.

Signed-off-by: Coiby Xu <coxu@redhat.com>
---
 include/linux/crash_core.h   |   7 +-
 include/linux/kexec.h        |   4 ++
 kernel/Makefile              |   2 +-
 kernel/crash_dump_dm_crypt.c | 121 +++++++++++++++++++++++++++++++++++
 kernel/ksysfs.c              |  23 ++++++-
 5 files changed, 153 insertions(+), 4 deletions(-)
 create mode 100644 kernel/crash_dump_dm_crypt.c

diff --git a/include/linux/crash_core.h b/include/linux/crash_core.h
index 5126a4fecb44..7078eda6418d 100644
--- a/include/linux/crash_core.h
+++ b/include/linux/crash_core.h
@@ -125,6 +125,12 @@ static inline void __init reserve_crashkernel_generic(=
char *cmdline,
 {}
 #endif
=20
+struct kimage;
+
+int crash_sysfs_dm_crypt_key_write(const char *key_des, size_t count);
+int crash_pass_temp_dm_crypt_key(void **addr, unsigned long *sz);
+int crash_load_dm_crypt_key(struct kimage *image);
+
 /* Alignment required for elf header segment */
 #define ELF_CORE_HEADER_ALIGN   4096
=20
@@ -140,7 +146,6 @@ extern int crash_exclude_mem_range(struct crash_mem *me=
m,
 extern int crash_prepare_elf64_headers(struct crash_mem *mem, int need_ker=
nel_map,
 				       void **addr, unsigned long *sz);
=20
-struct kimage;
 struct kexec_segment;
=20
 #define KEXEC_CRASH_HP_NONE			0
diff --git a/include/linux/kexec.h b/include/linux/kexec.h
index 6f4626490ebf..bf7ab1e927ef 100644
--- a/include/linux/kexec.h
+++ b/include/linux/kexec.h
@@ -366,6 +366,10 @@ struct kimage {
 	void *elf_headers;
 	unsigned long elf_headers_sz;
 	unsigned long elf_load_addr;
+
+	/* dm crypt key buffer */
+	unsigned long dm_crypt_key_addr;
+	unsigned long dm_crypt_key_sz;
 };
=20
 /* kexec interface functions */
diff --git a/kernel/Makefile b/kernel/Makefile
index 3947122d618b..48859bf63db5 100644
--- a/kernel/Makefile
+++ b/kernel/Makefile
@@ -119,7 +119,7 @@ obj-$(CONFIG_PERF_EVENTS) +=3D events/
=20
 obj-$(CONFIG_USER_RETURN_NOTIFIER) +=3D user-return-notifier.o
 obj-$(CONFIG_PADATA) +=3D padata.o
-obj-$(CONFIG_CRASH_DUMP) +=3D crash_dump.o
+obj-$(CONFIG_CRASH_DUMP) +=3D crash_dump.o crash_dump_dm_crypt.o
 obj-$(CONFIG_JUMP_LABEL) +=3D jump_label.o
 obj-$(CONFIG_CONTEXT_TRACKING) +=3D context_tracking.o
 obj-$(CONFIG_TORTURE_TEST) +=3D torture.o
diff --git a/kernel/crash_dump_dm_crypt.c b/kernel/crash_dump_dm_crypt.c
new file mode 100644
index 000000000000..3a0b0b773598
--- /dev/null
+++ b/kernel/crash_dump_dm_crypt.c
@@ -0,0 +1,121 @@
+// SPDX-License-Identifier: GPL-2.0-only
+#include <keys/user-type.h>
+#include <linux/crash_dump.h>
+
+static u8 *dm_crypt_key;
+static unsigned int dm_crypt_key_size;
+
+void wipe_dm_crypt_key(void)
+{
+	if (dm_crypt_key) {
+		memset(dm_crypt_key, 0, dm_crypt_key_size * sizeof(u8));
+		kfree(dm_crypt_key);
+		dm_crypt_key =3D NULL;
+	}
+}
+
+static void _wipe_dm_crypt_key(struct work_struct *dummy)
+{
+	wipe_dm_crypt_key();
+}
+
+static DECLARE_DELAYED_WORK(wipe_dm_crypt_key_work, _wipe_dm_crypt_key);
+
+static unsigned __read_mostly wipe_key_delay =3D 120; /* 2 mins */
+
+static int crash_save_temp_dm_crypt_key(const char *key_desc, size_t count)
+{
+	const struct user_key_payload *ukp;
+	struct key *key;
+
+	if (dm_crypt_key) {
+		memset(dm_crypt_key, 0, dm_crypt_key_size * sizeof(u8));
+		kfree(dm_crypt_key);
+	}
+
+	pr_debug("Requesting key %s", key_desc);
+	key =3D request_key(&key_type_user, key_desc, NULL);
+
+	if (IS_ERR(key)) {
+		pr_debug("No such key %s", key_desc);
+		return PTR_ERR(key);
+	}
+
+	ukp =3D user_key_payload_locked(key);
+	if (!ukp)
+		return -EKEYREVOKED;
+
+	dm_crypt_key =3D kmalloc(ukp->datalen, GFP_KERNEL);
+	if (!dm_crypt_key)
+		return -ENOMEM;
+	memcpy(dm_crypt_key, ukp->data, ukp->datalen);
+	dm_crypt_key_size =3D ukp->datalen;
+	pr_debug("dm crypt key (size=3D%u): %8ph\n", dm_crypt_key_size, dm_crypt_=
key);
+	schedule_delayed_work(&wipe_dm_crypt_key_work,
+			      round_jiffies_relative(wipe_key_delay * HZ));
+	return 0;
+}
+
+int crash_sysfs_dm_crypt_key_write(const char *key_desc, size_t count)
+{
+	if (!is_kdump_kernel())
+		return crash_save_temp_dm_crypt_key(key_desc, count);
+	return -EINVAL;
+}
+EXPORT_SYMBOL(crash_sysfs_dm_crypt_key_write);
+
+int crash_pass_temp_dm_crypt_key(void **addr, unsigned long *sz)
+{
+	unsigned long dm_crypt_key_sz;
+	unsigned char *buf;
+	unsigned int *size_ptr;
+
+	if (!dm_crypt_key)
+		return -EINVAL;
+
+	dm_crypt_key_sz =3D sizeof(unsigned int) + dm_crypt_key_size * sizeof(u8);
+
+	buf =3D vzalloc(dm_crypt_key_sz);
+	if (!buf)
+		return -ENOMEM;
+
+	size_ptr =3D (unsigned int *)buf;
+	memcpy(size_ptr, &dm_crypt_key_size, sizeof(unsigned int));
+	memcpy(size_ptr + 1, dm_crypt_key, dm_crypt_key_size * sizeof(u8));
+	*addr =3D buf;
+	*sz =3D dm_crypt_key_sz;
+	wipe_dm_crypt_key();
+	return 0;
+}
+
+int crash_load_dm_crypt_key(struct kimage *image)
+{
+	int ret;
+	struct kexec_buf kbuf =3D {
+		.image =3D image,
+		.buf_min =3D 0,
+		.buf_max =3D ULONG_MAX,
+		.top_down =3D false,
+		.random =3D true,
+	};
+
+	image->dm_crypt_key_addr =3D 0;
+	ret =3D crash_pass_temp_dm_crypt_key(&kbuf.buffer, &kbuf.bufsz);
+	if (ret)
+		return ret;
+
+	kbuf.memsz =3D kbuf.bufsz;
+	kbuf.buf_align =3D ELF_CORE_HEADER_ALIGN;
+	kbuf.mem =3D KEXEC_BUF_MEM_UNKNOWN;
+	ret =3D kexec_add_buffer(&kbuf);
+	if (ret) {
+		vfree((void *)kbuf.buffer);
+		return ret;
+	}
+	image->dm_crypt_key_addr =3D kbuf.mem;
+	image->dm_crypt_key_sz =3D kbuf.bufsz;
+	pr_debug("Loaded dm crypt key at 0x%lx bufsz=3D0x%lx memsz=3D0x%lx\n",
+		 image->dm_crypt_key_addr, kbuf.bufsz, kbuf.bufsz);
+
+	return ret;
+}
diff --git a/kernel/ksysfs.c b/kernel/ksysfs.c
index 1d4bc493b2f4..f3bb6bc6a604 100644
--- a/kernel/ksysfs.c
+++ b/kernel/ksysfs.c
@@ -165,16 +165,34 @@ static ssize_t vmcoreinfo_show(struct kobject *kobj,
 }
 KERNEL_ATTR_RO(vmcoreinfo);
=20
+static ssize_t crash_dm_crypt_key_show(struct kobject *kobj,
+					  struct kobj_attribute *attr,
+					  char *buf)
+{
+	return 0;
+}
+
+static ssize_t crash_dm_crypt_key_store(struct kobject *kobj,
+					struct kobj_attribute *attr,
+					   const char *buf, size_t count)
+{
+	int ret;
+
+	ret =3D crash_sysfs_dm_crypt_key_write(buf, count);
+	return ret < 0 ? ret : count;
+}
+KERNEL_ATTR_RW(crash_dm_crypt_key);
+
 #ifdef CONFIG_CRASH_HOTPLUG
 static ssize_t crash_elfcorehdr_size_show(struct kobject *kobj,
-			       struct kobj_attribute *attr, char *buf)
+					  struct kobj_attribute *attr,
+					  char *buf)
 {
 	unsigned int sz =3D crash_get_elfcorehdr_size();
=20
 	return sysfs_emit(buf, "%u\n", sz);
 }
 KERNEL_ATTR_RO(crash_elfcorehdr_size);
-
 #endif
=20
 #endif /* CONFIG_CRASH_CORE */
@@ -267,6 +285,7 @@ static struct attribute * kernel_attrs[] =3D {
 #endif
 #ifdef CONFIG_CRASH_CORE
 	&vmcoreinfo_attr.attr,
+	&crash_dm_crypt_key_attr.attr,
 #ifdef CONFIG_CRASH_HOTPLUG
 	&crash_elfcorehdr_size_attr.attr,
 #endif
--=20
2.43.0
From nobody Fri Dec 26 03:31:06 2025
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id D63433D98C
	for <linux-kernel@vger.kernel.org>; Wed, 10 Jan 2024 07:15:45 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=redhat.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=redhat.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com
 header.b="aVyzr681"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1704870944;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=m3LBEoP+OVX8UUvtwqHYPUzM09NfmAQKAOTayWOj3vA=;
	b=aVyzr681vZ4l0CeFmJsBPca0h3QuqqpnUnIBR1xgCtA6B7OfVgbpS549INK2nyjoHhTZHQ
	ubrfMvjZBTVwnny1MeCiZhM2lB3YmkeSnH2+wt2E0TOjE2eJrOp4VBKYfZNyPd6PqNpVFL
	3vChWzpTq3xcdyf4S3vW2nDihBAqxuA=
Received: from mail-pg1-f199.google.com (mail-pg1-f199.google.com
 [209.85.215.199]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
 us-mta-350-X2FAWZGzN1azlHHFzhdO9Q-1; Wed, 10 Jan 2024 02:15:38 -0500
X-MC-Unique: X2FAWZGzN1azlHHFzhdO9Q-1
Received: by mail-pg1-f199.google.com with SMTP id
 41be03b00d2f7-5ce105ddef5so1654940a12.2
        for <linux-kernel@vger.kernel.org>;
 Tue, 09 Jan 2024 23:15:38 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1704870937; x=1705475737;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=m3LBEoP+OVX8UUvtwqHYPUzM09NfmAQKAOTayWOj3vA=;
        b=WoeMVpLDeni1ImA/vaTuJSrrmmdkAFTHYDY0SrwVk0jPdAnA8cgRsFsa0wLcZB63d2
         GvH8xtyk2H7oSPg4tdXQJ57tO9KQ/pVNX9zOHEbv3kFsHW8MIt7xJsTBVe2aPcktaF7G
         td86ChP6zwaApztzJ1l34toqnnA8lblvmRZWBIv6M4HIwtsG1Zf8IeFZ11ve14mMYJL3
         N7nLcW+tts7QyLQX3GcCeFdEL2uG5pkC//UFvCVxqMKDmqrqzu2PpPyNnKZnjdOhnI2g
         6SYZSQqXULYxn3Q0+oDBMUWwf6BeA/6xLRCEAOXGTemHrxv77MfD07CxAFRK9eaok5uZ
         Nf2g==
X-Gm-Message-State: AOJu0YydB3KTaSdmY/rcuAvx9KZAOiVwHzL+I9zfrzLU4UFfcYqQWNPv
	+iStjlwPVZm5xzsd25rvCiuNDq5ZKkQHuzrmxw5jKYSheoMRl9w1T7eojVVf7JS5gHy2It6qqle
	k+uySK1UGON0zUZr0D/OzKtfHJ8XKVQ5H
X-Received: by 2002:a05:6a20:549e:b0:199:c19b:a256 with SMTP id
 i30-20020a056a20549e00b00199c19ba256mr404149pzk.48.1704870937095;
        Tue, 09 Jan 2024 23:15:37 -0800 (PST)
X-Google-Smtp-Source: 
 AGHT+IH3nLLyWzEHi8GA97DXbubxlvK/ZzzZcacj++eTqbSYnzzAxKQ7SEAvlr+1Nh2nV5RIQChmgA==
X-Received: by 2002:a05:6a20:549e:b0:199:c19b:a256 with SMTP id
 i30-20020a056a20549e00b00199c19ba256mr404133pzk.48.1704870936721;
        Tue, 09 Jan 2024 23:15:36 -0800 (PST)
Received: from localhost ([43.228.180.230])
        by smtp.gmail.com with ESMTPSA id
 r2-20020a170902be0200b001d46a313b42sm2888381pls.268.2024.01.09.23.15.35
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 09 Jan 2024 23:15:36 -0800 (PST)
From: Coiby Xu <coxu@redhat.com>
To: kexec@lists.infradead.org
Cc: Ondrej Kozina <okozina@redhat.com>,
	Milan Broz <gmazyland@gmail.com>,
	Thomas Staudt <tstaudt@de.ibm.com>,
	=?UTF-8?q?Daniel=20P=20=2E=20Berrang=C3=A9?= <berrange@redhat.com>,
	Kairui Song <ryncsn@gmail.com>,
	dm-devel@redhat.com,
	Jan Pazdziora <jpazdziora@redhat.com>,
	Pingfan Liu <kernelfans@gmail.com>,
	Baoquan He <bhe@redhat.com>,
	Dave Young <dyoung@redhat.com>,
	linux-kernel@vger.kernel.org,
	x86@kernel.org,
	Dave Hansen <dave.hansen@intel.com>,
	Vitaly Kuznetsov <vkuznets@redhat.com>,
	Vivek Goyal <vgoyal@redhat.com>
Subject: [PATCH v2 3/5] crash_dump: retrieve dm crypt key in kdump kernel
Date: Wed, 10 Jan 2024 15:15:18 +0800
Message-ID: <20240110071522.1308935-4-coxu@redhat.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20240110071522.1308935-1-coxu@redhat.com>
References: <20240110071522.1308935-1-coxu@redhat.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Crash kernel will retrieve the dm crypt volume key based on the
dmcryptkey command line parameter. When user space writes the key
description to /sys/kernel/crash_dm_crypt_key, the crash kernel will
save the encryption key to the user keyring. Then user space e.g.
cryptsetup's --volume-key-keyring API can use it to unlock the encrypted
device.

Signed-off-by: Coiby Xu <coxu@redhat.com>
---
 include/linux/crash_dump.h   |   2 +
 kernel/crash_dump_dm_crypt.c | 115 ++++++++++++++++++++++++++++++++++-
 2 files changed, 116 insertions(+), 1 deletion(-)

diff --git a/include/linux/crash_dump.h b/include/linux/crash_dump.h
index acc55626afdc..b44adc3962da 100644
--- a/include/linux/crash_dump.h
+++ b/include/linux/crash_dump.h
@@ -15,6 +15,8 @@
 extern unsigned long long elfcorehdr_addr;
 extern unsigned long long elfcorehdr_size;
=20
+extern unsigned long long luks_volume_key_addr;
+
 #ifdef CONFIG_CRASH_DUMP
 extern int elfcorehdr_alloc(unsigned long long *addr, unsigned long long *=
size);
 extern void elfcorehdr_free(unsigned long long addr);
diff --git a/kernel/crash_dump_dm_crypt.c b/kernel/crash_dump_dm_crypt.c
index 3a0b0b773598..755017fa5c1b 100644
--- a/kernel/crash_dump_dm_crypt.c
+++ b/kernel/crash_dump_dm_crypt.c
@@ -1,7 +1,82 @@
 // SPDX-License-Identifier: GPL-2.0-only
+#include <linux/key.h>
+#include <linux/keyctl.h>
 #include <keys/user-type.h>
 #include <linux/crash_dump.h>
=20
+unsigned long long dm_crypt_key_addr;
+EXPORT_SYMBOL_GPL(dm_crypt_key_addr);
+
+static int __init setup_dmcryptkey(char *arg)
+{
+	char *end;
+
+	if (!arg)
+		return -EINVAL;
+	dm_crypt_key_addr =3D memparse(arg, &end);
+	if (end > arg)
+		return 0;
+
+	dm_crypt_key_addr =3D 0;
+	return -EINVAL;
+}
+
+early_param("dmcryptkey", setup_dmcryptkey);
+
+/*
+ * Architectures may override this function to read dm crypt key
+ */
+ssize_t __weak dm_crypt_key_read(char *buf, size_t count, u64 *ppos)
+{
+	struct kvec kvec =3D { .iov_base =3D buf, .iov_len =3D count };
+	struct iov_iter iter;
+
+	iov_iter_kvec(&iter, READ, &kvec, 1, count);
+	return read_from_oldmem(&iter, count, ppos, false);
+}
+
+static int retrive_kdump_dm_crypt_key(u8 *buffer, unsigned int *sz)
+{
+	unsigned int key_size;
+	size_t dm_crypt_keybuf_sz;
+	unsigned int *size_ptr;
+	char *dm_crypt_keybuf;
+	u64 addr;
+	int r;
+
+	if (dm_crypt_key_addr =3D=3D 0) {
+		pr_debug("dm crypt key memory address inaccessible");
+		return -EINVAL;
+	}
+
+	addr =3D dm_crypt_key_addr;
+
+	/* Read dm crypt key size */
+	r =3D dm_crypt_key_read((char *)&key_size, sizeof(unsigned int), &addr);
+
+	if (r < 0)
+		return r;
+
+	pr_debug("Retrieve dm crypt key: size=3D%u\n", key_size);
+	/* Read in dm cryptrkey */
+	dm_crypt_keybuf_sz =3D sizeof(unsigned int) + key_size * sizeof(u8);
+	dm_crypt_keybuf =3D (void *)__get_free_pages(GFP_KERNEL | __GFP_ZERO,
+					      get_order(dm_crypt_keybuf_sz));
+	if (!dm_crypt_keybuf)
+		return -ENOMEM;
+
+	addr =3D dm_crypt_key_addr;
+	r =3D dm_crypt_key_read((char *)dm_crypt_keybuf, dm_crypt_keybuf_sz, &add=
r);
+
+	if (r < 0)
+		return r;
+	size_ptr =3D (unsigned int *)dm_crypt_keybuf;
+	memcpy(buffer, size_ptr + 1, key_size * sizeof(u8));
+	pr_debug("Retrieve dm crypt key (size=3D%u): %48ph...\n", key_size, buffe=
r);
+	*sz =3D key_size;
+	return 0;
+}
+
 static u8 *dm_crypt_key;
 static unsigned int dm_crypt_key_size;
=20
@@ -23,6 +98,43 @@ static DECLARE_DELAYED_WORK(wipe_dm_crypt_key_work, _wip=
e_dm_crypt_key);
=20
 static unsigned __read_mostly wipe_key_delay =3D 120; /* 2 mins */
=20
+static int retore_dm_crypt_key_to_thread_keyring(const char *key_desc)
+{
+	key_ref_t keyring_ref, key_ref;
+	int ret;
+
+	/* find the target keyring (which must be writable) */
+	keyring_ref =3D lookup_user_key(KEY_SPEC_USER_KEYRING, 0x01, KEY_NEED_WRI=
TE);
+	if (IS_ERR(keyring_ref)) {
+		pr_alert("Failed to get keyring");
+		return PTR_ERR(keyring_ref);
+	}
+
+	dm_crypt_key =3D kmalloc(128, GFP_KERNEL);
+	ret =3D retrive_kdump_dm_crypt_key(dm_crypt_key, &dm_crypt_key_size);
+	if (ret) {
+		kfree(dm_crypt_key);
+		return ret;
+	}
+
+	/* create or update the requested key and add it to the target keyring */
+	key_ref =3D key_create_or_update(keyring_ref, "user", key_desc,
+				       dm_crypt_key, dm_crypt_key_size,
+				       KEY_USR_ALL, KEY_ALLOC_IN_QUOTA);
+
+	if (!IS_ERR(key_ref)) {
+		ret =3D key_ref_to_ptr(key_ref)->serial;
+		key_ref_put(key_ref);
+		pr_alert("Success adding key %s", key_desc);
+	} else {
+		ret =3D PTR_ERR(key_ref);
+		pr_alert("Error when adding key");
+	}
+
+	key_ref_put(keyring_ref);
+	return ret;
+}
+
 static int crash_save_temp_dm_crypt_key(const char *key_desc, size_t count)
 {
 	const struct user_key_payload *ukp;
@@ -60,7 +172,8 @@ int crash_sysfs_dm_crypt_key_write(const char *key_desc,=
 size_t count)
 {
 	if (!is_kdump_kernel())
 		return crash_save_temp_dm_crypt_key(key_desc, count);
-	return -EINVAL;
+	else
+		return retore_dm_crypt_key_to_thread_keyring(key_desc);
 }
 EXPORT_SYMBOL(crash_sysfs_dm_crypt_key_write);
=20
--=20
2.43.0
From nobody Fri Dec 26 03:31:06 2025
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id B92B43C46A
	for <linux-kernel@vger.kernel.org>; Wed, 10 Jan 2024 07:15:43 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=redhat.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=redhat.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com
 header.b="Dg+Yxi/0"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1704870942;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=tIMuati7cTP1ekV5ZbT9f3EKmgfJPaZbTXabrZEOoZs=;
	b=Dg+Yxi/06TuSt2mOWoR+U+FuLjCwmJcKyuk+p7yCBRJlzP+gYO8B8fjfGGVOuOKrIw2U7W
	0ut7b2KPu1/ETwzv9JvzgCvhSb0lZpvnVy8NKct0GXpgkh2/5+I4q4T7vGPIElGTU/zf/J
	5YHIWHYaW9vssqVkPRSm32W4ttZwQoU=
Received: from mail-oi1-f200.google.com (mail-oi1-f200.google.com
 [209.85.167.200]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
 us-mta-590-Vj_YWPS1NXGPaUOF6IRDww-1; Wed, 10 Jan 2024 02:15:41 -0500
X-MC-Unique: Vj_YWPS1NXGPaUOF6IRDww-1
Received: by mail-oi1-f200.google.com with SMTP id
 5614622812f47-3bbf47262ccso4677241b6e.1
        for <linux-kernel@vger.kernel.org>;
 Tue, 09 Jan 2024 23:15:41 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1704870941; x=1705475741;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=tIMuati7cTP1ekV5ZbT9f3EKmgfJPaZbTXabrZEOoZs=;
        b=wkpwOtjhU5n9U2nuPKWc3nhUdEQl93FeqDSRGPrD1BdrsiDnea7UrJ8Nk4uZDV/Jql
         aMDY7e8Ms4s6EE93Ike67St+T8kbynUjs50PZtFXq4ofeB9YK4E+X+eSTAzuOQuC9FI5
         s+7gLRzMuU8nOcNEdHod3d/KqPe3VUTnCg1u7C0ziuUg34hsVPhpw2Gsh6G1ss4ZnXgg
         lr5jVJegl/BvYZ9ZPsulh3HUXBwRkuUyeKAVRWtjdHbewOMZiGAwbooalXYf/nPjbt29
         5/k3G3KgnOzMWO5cNRpyHWdoNOlK05g0EyaAaE/dr4E/cCWkx7cqCGUqFekvuO50oGwo
         +sXw==
X-Gm-Message-State: AOJu0YwSiDSJjxSfwVnp3sj8gSM6JuWHaQUKmYwrem5wb79b0aJLmQHy
	yl5v/iLsQduZeBliDNTUNW56VmaOQ0Mr/UxZoiApHzw6USIN0K1EnblP48Xt13Rz+p1QwNUPasA
	CURajqakj+7Xufh9f0ejOQ9U837Tm87jW
X-Received: by 2002:a05:6358:1aaf:b0:170:efd3:2d03 with SMTP id
 gm47-20020a0563581aaf00b00170efd32d03mr362969rwb.24.1704870940766;
        Tue, 09 Jan 2024 23:15:40 -0800 (PST)
X-Google-Smtp-Source: 
 AGHT+IHJcFUBjKVUIJPEhGlRkafdWTlR6G4YnJSwKhOQCYafVe4/F9qJkNxmR+QYOhfzYVY6ABRGog==
X-Received: by 2002:a05:6358:1aaf:b0:170:efd3:2d03 with SMTP id
 gm47-20020a0563581aaf00b00170efd32d03mr362951rwb.24.1704870940380;
        Tue, 09 Jan 2024 23:15:40 -0800 (PST)
Received: from localhost ([43.228.180.230])
        by smtp.gmail.com with ESMTPSA id
 q14-20020a17090ac10e00b0028d0c8c9d37sm751199pjt.22.2024.01.09.23.15.39
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 09 Jan 2024 23:15:40 -0800 (PST)
From: Coiby Xu <coxu@redhat.com>
To: kexec@lists.infradead.org
Cc: Ondrej Kozina <okozina@redhat.com>,
	Milan Broz <gmazyland@gmail.com>,
	Thomas Staudt <tstaudt@de.ibm.com>,
	=?UTF-8?q?Daniel=20P=20=2E=20Berrang=C3=A9?= <berrange@redhat.com>,
	Kairui Song <ryncsn@gmail.com>,
	dm-devel@redhat.com,
	Jan Pazdziora <jpazdziora@redhat.com>,
	Pingfan Liu <kernelfans@gmail.com>,
	Baoquan He <bhe@redhat.com>,
	Dave Young <dyoung@redhat.com>,
	linux-kernel@vger.kernel.org,
	x86@kernel.org,
	Dave Hansen <dave.hansen@intel.com>,
	Vitaly Kuznetsov <vkuznets@redhat.com>,
	Thomas Gleixner <tglx@linutronix.de>,
	Ingo Molnar <mingo@redhat.com>,
	Borislav Petkov <bp@alien8.de>,
	Dave Hansen <dave.hansen@linux.intel.com>,
	"H. Peter Anvin" <hpa@zytor.com>
Subject: [PATCH v2 4/5] x86/crash: pass the dm crypt key to kdump kernel
Date: Wed, 10 Jan 2024 15:15:19 +0800
Message-ID: <20240110071522.1308935-5-coxu@redhat.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20240110071522.1308935-1-coxu@redhat.com>
References: <20240110071522.1308935-1-coxu@redhat.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

1st kernel will build up the kernel command parameter dmcryptkey as
similar to elfcorehdr to pass the memory address of the stored info of
dm crypt key to kdump kernel.

Signed-off-by: Coiby Xu <coxu@redhat.com>
---
 arch/x86/kernel/crash.c           | 15 ++++++++++++++-
 arch/x86/kernel/kexec-bzimage64.c |  7 +++++++
 2 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/arch/x86/kernel/crash.c b/arch/x86/kernel/crash.c
index c92d88680dbf..69e1090f01bc 100644
--- a/arch/x86/kernel/crash.c
+++ b/arch/x86/kernel/crash.c
@@ -262,6 +262,7 @@ static int memmap_exclude_ranges(struct kimage *image, =
struct crash_mem *cmem,
 				 unsigned long long mend)
 {
 	unsigned long start, end;
+	int r;
=20
 	cmem->ranges[0].start =3D mstart;
 	cmem->ranges[0].end =3D mend;
@@ -270,7 +271,19 @@ static int memmap_exclude_ranges(struct kimage *image,=
 struct crash_mem *cmem,
 	/* Exclude elf header region */
 	start =3D image->elf_load_addr;
 	end =3D start + image->elf_headers_sz - 1;
-	return crash_exclude_mem_range(cmem, start, end);
+	r =3D crash_exclude_mem_range(cmem, start, end);
+
+	if (r)
+		return r;
+
+	/* Exclude dm crypt key region */
+	if (image->dm_crypt_key_addr) {
+		start =3D image->dm_crypt_key_addr;
+		end =3D start + image->dm_crypt_key_sz - 1;
+		return crash_exclude_mem_range(cmem, start, end);
+	}
+
+	return r;
 }
=20
 /* Prepare memory map for crash dump kernel */
diff --git a/arch/x86/kernel/kexec-bzimage64.c b/arch/x86/kernel/kexec-bzim=
age64.c
index a61c12c01270..6e8adfe0b417 100644
--- a/arch/x86/kernel/kexec-bzimage64.c
+++ b/arch/x86/kernel/kexec-bzimage64.c
@@ -76,6 +76,10 @@ static int setup_cmdline(struct kimage *image, struct bo=
ot_params *params,
 	if (image->type =3D=3D KEXEC_TYPE_CRASH) {
 		len =3D sprintf(cmdline_ptr,
 			"elfcorehdr=3D0x%lx ", image->elf_load_addr);
+
+		if (image->dm_crypt_key_addr !=3D 0)
+			len +=3D sprintf(cmdline_ptr + len,
+					"dmcryptkey=3D0x%lx ", image->dm_crypt_key_addr);
 	}
 	memcpy(cmdline_ptr + len, cmdline, cmdline_len);
 	cmdline_len +=3D len;
@@ -433,6 +437,9 @@ static void *bzImage64_load(struct kimage *image, char =
*kernel,
 		ret =3D crash_load_segments(image);
 		if (ret)
 			return ERR_PTR(ret);
+		ret =3D crash_load_dm_crypt_key(image);
+		if (ret)
+			pr_debug("Either no dm crypt key or error to retrieve the dm crypt key\=
n");
 	}
=20
 	/*
--=20
2.43.0
From nobody Fri Dec 26 03:31:06 2025
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id D36863EA96
	for <linux-kernel@vger.kernel.org>; Wed, 10 Jan 2024 07:15:50 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=redhat.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=redhat.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com
 header.b="GbY/pXwc"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1704870950;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=PudTy4UMKikLIiXUIiw3l2EC2dKIPcn2JPVx++F8WCw=;
	b=GbY/pXwcySk3cdIJCpO4ZMEOMvkwxxVZxGE99/GcZPAwf1AqtdVdsaeG50cAIoGwqNbjwU
	ElmLqqlOzjTr6YhR5TcxbzIDtmR2+v1tBvx1RmBSqguvBc5wIVWzB6Qxji641cgZUR9I5B
	SxtFiGfj/YoEaFmEu0K7IWxwcmYHkzo=
Received: from mail-pg1-f197.google.com (mail-pg1-f197.google.com
 [209.85.215.197]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
 us-mta-662-ATLLaRc3P7qOyehsFcR_8g-1; Wed, 10 Jan 2024 02:15:46 -0500
X-MC-Unique: ATLLaRc3P7qOyehsFcR_8g-1
Received: by mail-pg1-f197.google.com with SMTP id
 41be03b00d2f7-5ca5b61c841so1126754a12.3
        for <linux-kernel@vger.kernel.org>;
 Tue, 09 Jan 2024 23:15:46 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1704870946; x=1705475746;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=PudTy4UMKikLIiXUIiw3l2EC2dKIPcn2JPVx++F8WCw=;
        b=fFWntteoTKWpyahbciKJDAXIRjeDyXY7o/sXJPH2R6bA58E2mv4jvmn59/mSvBAxVC
         BCtznCXUV8dU77WWn2yQMep3o3taQqWodXdDiJWJeo4y4m92BDJ0NLFHPRiYXbNkfImj
         UV5UJgHPuOvSArm3STKRV9b2PwGPmXz+4lZ0Ash8M6ZuQpdFgct7w3uLiJdmTNWmsBZ0
         ayx+CtxATw3k16M69w/63z1m/9JDe9Bx/lMWpIMMnsfKeZv2tBUpZei/fDWKe1V7DxlJ
         ghlSCUzGl1iuiVFm1YNJRkV515dFTfkcx/pZG16wOskJBQ0EQcJle9iPSpwWpv91Pc1Y
         YlNg==
X-Gm-Message-State: AOJu0YwLOE62tFl6Zy3LZZ+ZwwMwVwfaUc//UbcezttzcCFGO+nj7bIg
	mgnY9iuhtMwVWz0Vd+eezfC0nUqUjXEzb+5xGqKkb1oSPMyeoGSUjhnwFPpytNJDWCMD40P0D7G
	C0HHIZOdbo3uXKNKFHB5+mv4x8ExhQ5lX
X-Received: by 2002:a17:903:230a:b0:1d5:6b59:bc9e with SMTP id
 d10-20020a170903230a00b001d56b59bc9emr548214plh.113.1704870945695;
        Tue, 09 Jan 2024 23:15:45 -0800 (PST)
X-Google-Smtp-Source: 
 AGHT+IGswbCFzBG9UMiPV/9Dz8iVcTS6B/kBunqAERbzsPjXLLiiVVLr67UttS61AMPcGr+g+Ep+Yg==
X-Received: by 2002:a17:903:230a:b0:1d5:6b59:bc9e with SMTP id
 d10-20020a170903230a00b001d56b59bc9emr548193plh.113.1704870945323;
        Tue, 09 Jan 2024 23:15:45 -0800 (PST)
Received: from localhost ([43.228.180.230])
        by smtp.gmail.com with ESMTPSA id
 m5-20020a170902db8500b001d4c955cc00sm2906719pld.271.2024.01.09.23.15.43
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 09 Jan 2024 23:15:45 -0800 (PST)
From: Coiby Xu <coxu@redhat.com>
To: kexec@lists.infradead.org
Cc: Ondrej Kozina <okozina@redhat.com>,
	Milan Broz <gmazyland@gmail.com>,
	Thomas Staudt <tstaudt@de.ibm.com>,
	=?UTF-8?q?Daniel=20P=20=2E=20Berrang=C3=A9?= <berrange@redhat.com>,
	Kairui Song <ryncsn@gmail.com>,
	dm-devel@redhat.com,
	Jan Pazdziora <jpazdziora@redhat.com>,
	Pingfan Liu <kernelfans@gmail.com>,
	Baoquan He <bhe@redhat.com>,
	Dave Young <dyoung@redhat.com>,
	linux-kernel@vger.kernel.org,
	x86@kernel.org,
	Dave Hansen <dave.hansen@intel.com>,
	Vitaly Kuznetsov <vkuznets@redhat.com>,
	Thomas Gleixner <tglx@linutronix.de>,
	Ingo Molnar <mingo@redhat.com>,
	Borislav Petkov <bp@alien8.de>,
	Dave Hansen <dave.hansen@linux.intel.com>,
	"H. Peter Anvin" <hpa@zytor.com>
Subject: [PATCH v2 5/5] x86/crash: make the page that stores the dm crypt key
 inaccessible
Date: Wed, 10 Jan 2024 15:15:20 +0800
Message-ID: <20240110071522.1308935-6-coxu@redhat.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20240110071522.1308935-1-coxu@redhat.com>
References: <20240110071522.1308935-1-coxu@redhat.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

This adds an addition layer of protection for the saved copy of dm
crypt key. Trying to access the saved copy will cause page fault.

Suggested-by: Pingfan Liu <kernelfans@gmail.com>
Signed-off-by: Coiby Xu <coxu@redhat.com>
---
 arch/x86/kernel/machine_kexec_64.c | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/arch/x86/kernel/machine_kexec_64.c b/arch/x86/kernel/machine_k=
exec_64.c
index 1a3e2c05a8a5..c9c814b934b8 100644
--- a/arch/x86/kernel/machine_kexec_64.c
+++ b/arch/x86/kernel/machine_kexec_64.c
@@ -546,14 +546,32 @@ static void kexec_mark_crashkres(bool protect)
 	kexec_mark_range(control, crashk_res.end, protect);
 }
=20
+static void kexec_mark_dm_crypt_key(bool protect)
+{
+	unsigned long start_paddr, end_paddr;
+	unsigned int nr_pages;
+
+	if (kexec_crash_image->dm_crypt_key_addr) {
+		start_paddr =3D kexec_crash_image->dm_crypt_key_addr;
+		end_paddr =3D start_paddr + kexec_crash_image->dm_crypt_key_sz - 1;
+		nr_pages =3D (PAGE_ALIGN(end_paddr) - PAGE_ALIGN_DOWN(start_paddr))/PAGE=
_SIZE;
+		if (protect)
+			set_memory_np((unsigned long)phys_to_virt(start_paddr), nr_pages);
+		else
+			set_memory_rw((unsigned long)phys_to_virt(start_paddr), nr_pages);
+	}
+}
+
 void arch_kexec_protect_crashkres(void)
 {
 	kexec_mark_crashkres(true);
+	kexec_mark_dm_crypt_key(true);
 }
=20
 void arch_kexec_unprotect_crashkres(void)
 {
 	kexec_mark_crashkres(false);
+	kexec_mark_dm_crypt_key(false);
 }
=20
 /*
--=20
2.43.0