From nobody Wed Feb 11 12:54:45 2026
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0EEB9129A78
	for <linux-kernel@vger.kernel.org>; Thu, 23 May 2024 05:05:03 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=170.10.129.124
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1716440705; cv=none;
 b=cSWsqqoMhArLKpX9afnqECLS9kkuxkOxle2f4bwxOG7TyHmEAkS46qR1/oLXmrf+FU0HZ8slVsHrAJT8yrJvF4AA2q8jdwviLYGnaqcrVBTvafLD07HIKzyNL2z9czaYNfVN/gOWgvDR9zsKEzkRkNiMUuwy3CmvNh9PsQRaueg=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1716440705; c=relaxed/simple;
	bh=dGZmp2vLpOIfcPBTPdNO+OvC6zpXCIslEn4uygnmMgc=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=jz6Ji2YRtUC52qhjuueRPrNmL+i29VzBuyMrREPmsg4oq1t/d26kKal4Bwo7H7XI75GNproNZYH1URH2tdKtjhpd/P/hxQs2jmZ8S04tZugFTj05PEeThcwGnwmsxOSVSxyY/8rFJFbjjd7KK4M1wYCOMfOb1Vw5HnfJW7BL1Ng=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=redhat.com;
 spf=pass smtp.mailfrom=redhat.com;
 dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com
 header.b=dVmIxDqr; arc=none smtp.client-ip=170.10.129.124
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=redhat.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=redhat.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com
 header.b="dVmIxDqr"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1716440702;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=9ZynSKfZ+ldOQ3kMeJNfuvuSvRX+IwHDcGck7Xj2nRU=;
	b=dVmIxDqrPMG4VFTbMyS37OBLMSIALn63LR9l5dIOdc7gVTp5oVAJuM1iGY/9CsnhojCJWM
	nEtsGxtT4wFHDJCFJHFH/OarCdd+KkJRsbPQ7SrpUHxTyy6FLrKGKT7lZ/qpI6JkQJb1Bx
	Tk1DNLAL4S0s71xT4fA3ue0bkKYJT2w=
Received: from mail-pl1-f199.google.com (mail-pl1-f199.google.com
 [209.85.214.199]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
 us-mta-591-O_cr-IqzOBWZ_VVzACwtmg-1; Thu, 23 May 2024 01:05:00 -0400
X-MC-Unique: O_cr-IqzOBWZ_VVzACwtmg-1
Received: by mail-pl1-f199.google.com with SMTP id
 d9443c01a7336-1eec5aba2bdso130609475ad.0
        for <linux-kernel@vger.kernel.org>;
 Wed, 22 May 2024 22:05:00 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1716440699; x=1717045499;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=9ZynSKfZ+ldOQ3kMeJNfuvuSvRX+IwHDcGck7Xj2nRU=;
        b=km8bz84tTV07bVKPiLMk4OZA9RxItL+BCWVwwNTpzcrWOAfMhUAeQPuJfpmY8OpPCR
         MKyTLDK6snH4BKhBfP+Zv3xOU9DBQkojhc/1bbvfJzxcuks8cFK9iqfzUTM6tZsKuYmG
         nRQqm4QL/zksLX/seNI52wfIPV1Xt2QD2biHiweQ0XBIG+bnRTsejS47Gb257KLUoORJ
         7sUwhfIqyvrGIgd0YphBwrhhZlHLESI93UZmh8OrBfk/7ExMDINehWZOJgfAc+ce0DWs
         0cPdy9cI4o2rL5FufuWyEACDOjKAO83PYMxRBMMDns7kcZs+ojgTrmjhAvof3teUhFHN
         W+dg==
X-Forwarded-Encrypted: i=1;
 AJvYcCWZbhGG9Kbh1cUnq0WrbrwtL9sBlBK1EgnX6xhxaKPSzs3iV7gV1Ku704jJsua7e2msJwwdajjyxBLDdiNMs1BTeSIq6BSDkG2KTpre
X-Gm-Message-State: AOJu0YyGt+aWSRVAlgSwXesVLmRj3TnG/xgTsmkpH4Jh/zRw/cWrKqcl
	73/DsBOExswAxiBv7E6wJ93N7ZbHgM/6H4IVzNn7vdN2wscBwyU3miZjllcIlRx+RngzuGR1yxw
	TfESniiNeqRG+CBTkch+8yFFv/FPnxeXNN12GhMl/yn330Py3jIGcQ2Ft+bWmvA==
X-Received: by 2002:a17:902:cf04:b0:1f3:2fa7:6d7b with SMTP id
 d9443c01a7336-1f32fa76e61mr33104395ad.19.1716440699018;
        Wed, 22 May 2024 22:04:59 -0700 (PDT)
X-Google-Smtp-Source: 
 AGHT+IGw+CHnj/MZBKIkFFsXHEy8x5jL+NWT0WhFWjdQIsn/ck9Po7lLmmL2jkJ496RIELn9298gCA==
X-Received: by 2002:a17:902:cf04:b0:1f3:2fa7:6d7b with SMTP id
 d9443c01a7336-1f32fa76e61mr33104035ad.19.1716440698265;
        Wed, 22 May 2024 22:04:58 -0700 (PDT)
Received: from localhost ([43.228.180.230])
        by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-1f32d91cd9asm15943535ad.267.2024.05.22.22.04.57
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 22 May 2024 22:04:57 -0700 (PDT)
From: Coiby Xu <coxu@redhat.com>
To: kexec@lists.infradead.org
Cc: Ondrej Kozina <okozina@redhat.com>,
	Milan Broz <gmazyland@gmail.com>,
	Thomas Staudt <tstaudt@de.ibm.com>,
	=?UTF-8?q?Daniel=20P=20=2E=20Berrang=C3=A9?= <berrange@redhat.com>,
	Kairui Song <ryncsn@gmail.com>,
	Jan Pazdziora <jpazdziora@redhat.com>,
	Pingfan Liu <kernelfans@gmail.com>,
	Baoquan He <bhe@redhat.com>,
	Dave Young <dyoung@redhat.com>,
	linux-kernel@vger.kernel.org,
	x86@kernel.org,
	Dave Hansen <dave.hansen@intel.com>,
	Vitaly Kuznetsov <vkuznets@redhat.com>,
	Eric Biederman <ebiederm@xmission.com>
Subject: [PATCH v4 1/7] kexec_file: allow to place kexec_buf randomly
Date: Thu, 23 May 2024 13:04:42 +0800
Message-ID: <20240523050451.788754-2-coxu@redhat.com>
X-Mailer: git-send-email 2.45.0
In-Reply-To: <20240523050451.788754-1-coxu@redhat.com>
References: <20240523050451.788754-1-coxu@redhat.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Currently, kexec_buf is placed in order which means for the same
machine, the info in the kexec_buf is always located at the same
position each time the machine is booted. This may cause a risk for
sensitive information like LUKS volume key. Now struct kexec_buf has a
new field random which indicates it's supposed to be placed in a random
position.

Suggested-by: Jan Pazdziora <jpazdziora@redhat.com>
Signed-off-by: Coiby Xu <coxu@redhat.com>
---
 include/linux/kexec.h |  2 ++
 kernel/kexec_file.c   | 15 +++++++++++++++
 2 files changed, 17 insertions(+)

diff --git a/include/linux/kexec.h b/include/linux/kexec.h
index f0e9f8eda7a3..cc81b8a903ab 100644
--- a/include/linux/kexec.h
+++ b/include/linux/kexec.h
@@ -171,6 +171,7 @@ int kexec_image_post_load_cleanup_default(struct kimage=
 *image);
  * @buf_min:	The buffer can't be placed below this address.
  * @buf_max:	The buffer can't be placed above this address.
  * @top_down:	Allocate from top of memory.
+ * @random:	Place the buffer at a random position.
  */
 struct kexec_buf {
 	struct kimage *image;
@@ -182,6 +183,7 @@ struct kexec_buf {
 	unsigned long buf_min;
 	unsigned long buf_max;
 	bool top_down;
+	bool random;
 };
=20
 int kexec_load_purgatory(struct kimage *image, struct kexec_buf *kbuf);
diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c
index 3d64290d24c9..06b77f9ac4cc 100644
--- a/kernel/kexec_file.c
+++ b/kernel/kexec_file.c
@@ -25,6 +25,7 @@
 #include <linux/elfcore.h>
 #include <linux/kernel.h>
 #include <linux/kernel_read_file.h>
+#include <linux/prandom.h>
 #include <linux/syscalls.h>
 #include <linux/vmalloc.h>
 #include "kexec_internal.h"
@@ -437,6 +438,16 @@ SYSCALL_DEFINE5(kexec_file_load, int, kernel_fd, int, =
initrd_fd,
 	return ret;
 }
=20
+static unsigned long kexec_random_start(unsigned long start, unsigned long=
 end)
+{
+	unsigned long temp_start;
+	unsigned short i;
+
+	get_random_bytes(&i, sizeof(unsigned short));
+	temp_start =3D start + (end - start) / USHRT_MAX * i;
+	return temp_start;
+}
+
 static int locate_mem_hole_top_down(unsigned long start, unsigned long end,
 				    struct kexec_buf *kbuf)
 {
@@ -445,6 +456,8 @@ static int locate_mem_hole_top_down(unsigned long start=
, unsigned long end,
=20
 	temp_end =3D min(end, kbuf->buf_max);
 	temp_start =3D temp_end - kbuf->memsz + 1;
+	if (kbuf->random)
+		temp_start =3D kexec_random_start(temp_start, temp_end);
=20
 	do {
 		/* align down start */
@@ -482,6 +495,8 @@ static int locate_mem_hole_bottom_up(unsigned long star=
t, unsigned long end,
 	unsigned long temp_start, temp_end;
=20
 	temp_start =3D max(start, kbuf->buf_min);
+	if (kbuf->random)
+		temp_start =3D kexec_random_start(temp_start, end);
=20
 	do {
 		temp_start =3D ALIGN(temp_start, kbuf->buf_align);
--=20
2.45.0
From nobody Wed Feb 11 12:54:45 2026
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id E825F13B582
	for <linux-kernel@vger.kernel.org>; Thu, 23 May 2024 05:05:07 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=170.10.133.124
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1716440709; cv=none;
 b=X23CsNWevpvOX6GDsHR6ViU8Pqsxkh1hMcbITTpUciM0+lpbN2Cwoo52WvIKMb9V7HrUfCY052bS/X8mRC5RVduvwjBCb0mTPQckTxcvmNY7LjvTptVPvdDZFm9NShtKXk0RB2zyTpXj4SnqodpD3D+gWGonXf5WMcEpsD4dgdE=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1716440709; c=relaxed/simple;
	bh=D0idj180gacOPWClMaDPq0kP4SPZLOm9gI8dLiZ4idM=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=oZTldcBegchLslXIpY0WlvSMAXwv9jmWt/VGpxtj8GeBP5A/zL8CoUcoF+u/r/2R+AuDU2YhL2mXF4ugdUNeC4rmnADCglqxOTJONYHanLdV+BEdL1Z2r9kxrvJzO0khSYkHbeQImMrGeFYgbWMx4RIruQKnemOjaw1EqNeHSGA=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=redhat.com;
 spf=pass smtp.mailfrom=redhat.com;
 dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com
 header.b=Ck+zHe76; arc=none smtp.client-ip=170.10.133.124
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=redhat.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=redhat.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com
 header.b="Ck+zHe76"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1716440707;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=l8MpHKd2qvA1wrQz05L9+kKhzhSmxq2MJ20Kk1WvoTM=;
	b=Ck+zHe76OXx5RAghzI8Gw+WyTowXkDPo+PMBkAqjVWvGnfBgMlok0tjgEWNOsrYJHaty3g
	Pdl5i8lIS74xCDRUhrD6i+DI8661K49yKsHsTpg7vA32bNUwWYffaVC9ntPAEVebxB1cKp
	rYslAY8aT9IbC5LAfjkrxrVtqkuqr7o=
Received: from mail-pj1-f72.google.com (mail-pj1-f72.google.com
 [209.85.216.72]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
 us-mta-588-Og3AVpRFOCGDZoEKMqQs0w-1; Thu, 23 May 2024 01:05:05 -0400
X-MC-Unique: Og3AVpRFOCGDZoEKMqQs0w-1
Received: by mail-pj1-f72.google.com with SMTP id
 98e67ed59e1d1-2bdb1490ac1so771998a91.3
        for <linux-kernel@vger.kernel.org>;
 Wed, 22 May 2024 22:05:05 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1716440704; x=1717045504;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=l8MpHKd2qvA1wrQz05L9+kKhzhSmxq2MJ20Kk1WvoTM=;
        b=UMZcm4AdhheSNhcJUPkrH73NiJlK4oV4x391eh8Kcmm08mvm44RH/2eM6Yvv4BZ03e
         0aYDFQZykJjPUJdoax7m0jzw2dO4IEvD5sAH3pubLPVq0/S8a3+itj265wRF8O7un1xg
         DQESyTBoJH72VsG06ZYXyaZykMCMA3+/2DiMDxMnV2VKpt5Rq520UpaS21DIa/5p7yv5
         eGSuAQTd4LYOgwaJWAr0j1aW1/+dnULDyVZYotQiciRAVXwTPcmr9Joqmo+vRhelq6vK
         W/CeN7+Azw5gbIM4gXMeNLg71Ub6YZwA3aBso2jfDOLtAnPGwJfqFbzTOYBJmpxUHEsx
         YQow==
X-Forwarded-Encrypted: i=1;
 AJvYcCWv2KYagISlCpRi2XGDMw7EdNgYxAFDUaU9H5HjDuOkiTCkeRcd1weH+2V96oxcXYd0boXN3Te97r5MwLIvmwvG6VmSaFuuNaR8RMYH
X-Gm-Message-State: AOJu0YzNGDzhLF/wEZrUnZ87N5+ra4XkVEJju3piJcZ98I6yzg3adHbQ
	cPpvAMIkuS0WRP/tk9kBqnv7B0ogeFep+B1PgidlU2azYJr+ttUcpRn74hozFCl023dFptObTjJ
	VplDldsW4uUINunKVM+PXYYNSRbubGAZhq6GG7nS8yCECKesRu1BqXZFWkI4JGQ==
X-Received: by 2002:a17:90b:10e:b0:2b2:7e94:c62f with SMTP id
 98e67ed59e1d1-2bd9f479dc8mr4289759a91.15.1716440703722;
        Wed, 22 May 2024 22:05:03 -0700 (PDT)
X-Google-Smtp-Source: 
 AGHT+IFk1hVL79FAX1DWlXSl4OZVT3g3CW4flDiPn0h7jbGTZiTWbF9DbyM4fGyNV2dF6+9Ycg94Hg==
X-Received: by 2002:a17:90b:10e:b0:2b2:7e94:c62f with SMTP id
 98e67ed59e1d1-2bd9f479dc8mr4289721a91.15.1716440702700;
        Wed, 22 May 2024 22:05:02 -0700 (PDT)
Received: from localhost ([43.228.180.230])
        by smtp.gmail.com with ESMTPSA id
 98e67ed59e1d1-2bdd9f4e062sm684076a91.40.2024.05.22.22.05.01
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 22 May 2024 22:05:02 -0700 (PDT)
From: Coiby Xu <coxu@redhat.com>
To: kexec@lists.infradead.org
Cc: Ondrej Kozina <okozina@redhat.com>,
	Milan Broz <gmazyland@gmail.com>,
	Thomas Staudt <tstaudt@de.ibm.com>,
	=?UTF-8?q?Daniel=20P=20=2E=20Berrang=C3=A9?= <berrange@redhat.com>,
	Kairui Song <ryncsn@gmail.com>,
	Jan Pazdziora <jpazdziora@redhat.com>,
	Pingfan Liu <kernelfans@gmail.com>,
	Baoquan He <bhe@redhat.com>,
	Dave Young <dyoung@redhat.com>,
	linux-kernel@vger.kernel.org,
	x86@kernel.org,
	Dave Hansen <dave.hansen@intel.com>,
	Vitaly Kuznetsov <vkuznets@redhat.com>,
	Vivek Goyal <vgoyal@redhat.com>,
	Kees Cook <keescook@chromium.org>,
	"Gustavo A. R. Silva" <gustavoars@kernel.org>,
	linux-hardening@vger.kernel.org (open list:KERNEL HARDENING (not covered by
 other areas):Keyword:\b__counted_by\b)
Subject: [PATCH v4 2/7] crash_dump: make dm crypt keys persist for the kdump
 kernel
Date: Thu, 23 May 2024 13:04:43 +0800
Message-ID: <20240523050451.788754-3-coxu@redhat.com>
X-Mailer: git-send-email 2.45.0
In-Reply-To: <20240523050451.788754-1-coxu@redhat.com>
References: <20240523050451.788754-1-coxu@redhat.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

A sysfs /sys/kernel/crash_dm_crypt_keys is provided for user space to make
the dm crypt keys persist for the kdump kernel. User space can send the
following commands,
- "init KEY_NUM"
  Initialize needed structures
- "record KEY_DESC"
  Record a key description. The key must be a logon key.

User space can also read this API to learn about current state.

Signed-off-by: Coiby Xu <coxu@redhat.com>
---
 include/linux/crash_core.h   |   5 +-
 kernel/Kconfig.kexec         |   8 +++
 kernel/Makefile              |   1 +
 kernel/crash_dump_dm_crypt.c | 113 +++++++++++++++++++++++++++++++++++
 kernel/ksysfs.c              |  22 +++++++
 5 files changed, 148 insertions(+), 1 deletion(-)
 create mode 100644 kernel/crash_dump_dm_crypt.c

diff --git a/include/linux/crash_core.h b/include/linux/crash_core.h
index 44305336314e..6bff1c24efa3 100644
--- a/include/linux/crash_core.h
+++ b/include/linux/crash_core.h
@@ -34,7 +34,10 @@ static inline void arch_kexec_protect_crashkres(void) { }
 static inline void arch_kexec_unprotect_crashkres(void) { }
 #endif
=20
-
+#ifdef CONFIG_CRASH_DM_CRYPT
+int crash_sysfs_dm_crypt_keys_read(char *buf);
+int crash_sysfs_dm_crypt_keys_write(const char *buf, size_t count);
+#endif
=20
 #ifndef arch_crash_handle_hotplug_event
 static inline void arch_crash_handle_hotplug_event(struct kimage *image, v=
oid *arg) { }
diff --git a/kernel/Kconfig.kexec b/kernel/Kconfig.kexec
index 6c34e63c88ff..88525ad1c80a 100644
--- a/kernel/Kconfig.kexec
+++ b/kernel/Kconfig.kexec
@@ -116,6 +116,14 @@ config CRASH_DUMP
 	  For s390, this option also enables zfcpdump.
 	  See also <file:Documentation/arch/s390/zfcpdump.rst>
=20
+config CRASH_DM_CRYPT
+	bool "Support saving crash dump to dm-crypt encrypted volume"
+	depends on CRASH_DUMP
+	help
+	  With this option enabled, user space can intereact with
+	  /sys/kernel/crash_dm_crypt_keys to make the dm crypt keys
+	  persistent for the crash dump kernel.
+
 config CRASH_HOTPLUG
 	bool "Update the crash elfcorehdr on system configuration changes"
 	default y
diff --git a/kernel/Makefile b/kernel/Makefile
index 3c13240dfc9f..f2e5b3e86d12 100644
--- a/kernel/Makefile
+++ b/kernel/Makefile
@@ -72,6 +72,7 @@ obj-$(CONFIG_VMCORE_INFO) +=3D vmcore_info.o elfcorehdr.o
 obj-$(CONFIG_CRASH_RESERVE) +=3D crash_reserve.o
 obj-$(CONFIG_KEXEC_CORE) +=3D kexec_core.o
 obj-$(CONFIG_CRASH_DUMP) +=3D crash_core.o
+obj-$(CONFIG_CRASH_DM_CRYPT) +=3D crash_dump_dm_crypt.o
 obj-$(CONFIG_KEXEC) +=3D kexec.o
 obj-$(CONFIG_KEXEC_FILE) +=3D kexec_file.o
 obj-$(CONFIG_KEXEC_ELF) +=3D kexec_elf.o
diff --git a/kernel/crash_dump_dm_crypt.c b/kernel/crash_dump_dm_crypt.c
new file mode 100644
index 000000000000..78809189084a
--- /dev/null
+++ b/kernel/crash_dump_dm_crypt.c
@@ -0,0 +1,113 @@
+// SPDX-License-Identifier: GPL-2.0-only
+#include <keys/user-type.h>
+#include <linux/crash_dump.h>
+
+#define KEY_NUM_MAX 128
+#define KEY_SIZE_MAX 256
+
+// The key scription has the format: cryptsetup:UUID 11+36+1(NULL)=3D48
+#define KEY_DESC_LEN 48
+
+static char *STATE_STR[] =3D {"fresh", "initialized", "recorded", "loaded"=
};
+static enum STATE_ENUM {
+	FRESH =3D 0,
+	INITIALIZED,
+	RECORDED,
+	LOADED,
+} state;
+
+static unsigned int key_count;
+static size_t keys_header_size;
+
+struct dm_crypt_key {
+	unsigned int key_size;
+	char key_desc[KEY_DESC_LEN];
+	u8 data[KEY_SIZE_MAX];
+};
+
+static struct keys_header {
+	unsigned int key_count;
+	struct dm_crypt_key keys[] __counted_by(key_count);
+} *keys_header;
+
+static size_t get_keys_header_size(struct keys_header *keys_header,
+				   size_t key_count)
+{
+	return struct_size(keys_header, keys, key_count);
+}
+
+static int init(const char *buf)
+{
+	unsigned int total_keys;
+	char dummy[5];
+
+	if (sscanf(buf, "%4s %u", dummy, &total_keys) !=3D 2)
+		return -EINVAL;
+
+	if (key_count > KEY_NUM_MAX) {
+		pr_err("Exceed the maximum number of keys (KEY_NUM_MAX=3D%u)\n",
+		       KEY_NUM_MAX);
+		return -EINVAL;
+	}
+
+	keys_header_size =3D get_keys_header_size(keys_header, total_keys);
+	key_count =3D 0;
+
+	keys_header =3D kzalloc(keys_header_size, GFP_KERNEL);
+	if (!keys_header)
+		return -ENOMEM;
+
+	keys_header->key_count =3D total_keys;
+	state =3D INITIALIZED;
+	return 0;
+}
+
+static int record_key_desc(const char *buf, struct dm_crypt_key *dm_key)
+{
+	char key_desc[KEY_DESC_LEN];
+	char dummy[7];
+
+	if (state !=3D INITIALIZED)
+		pr_err("Please send the cmd 'init <KEY_NUM>' first\n");
+
+	if (sscanf(buf, "%6s %s", dummy, key_desc) !=3D 2)
+		return -EINVAL;
+
+	if (key_count >=3D keys_header->key_count) {
+		pr_warn("Already have %u keys", key_count);
+		return -EINVAL;
+	}
+
+	strscpy(dm_key->key_desc, key_desc, KEY_DESC_LEN);
+	pr_debug("Key%d (%s) recorded\n", key_count, dm_key->key_desc);
+	key_count++;
+
+	if (key_count =3D=3D keys_header->key_count)
+		state =3D RECORDED;
+
+	return 0;
+}
+
+static int process_cmd(const char *buf, size_t count)
+{
+	if (strncmp(buf, "init ", 5) =3D=3D 0)
+		return init(buf);
+	else if (strncmp(buf, "record ", 7) =3D=3D 0)
+		return record_key_desc(buf, &keys_header->keys[key_count]);
+
+	return -EINVAL;
+}
+
+int crash_sysfs_dm_crypt_keys_write(const char *buf, size_t count)
+{
+	if (!is_kdump_kernel())
+		return process_cmd(buf, count);
+	return -EINVAL;
+}
+EXPORT_SYMBOL(crash_sysfs_dm_crypt_keys_write);
+
+int crash_sysfs_dm_crypt_keys_read(char *buf)
+{
+	return sprintf(buf, "%s\n", STATE_STR[state]);
+}
+EXPORT_SYMBOL(crash_sysfs_dm_crypt_keys_read);
diff --git a/kernel/ksysfs.c b/kernel/ksysfs.c
index 07fb5987b42b..2ba4dcbf5816 100644
--- a/kernel/ksysfs.c
+++ b/kernel/ksysfs.c
@@ -167,6 +167,25 @@ static ssize_t vmcoreinfo_show(struct kobject *kobj,
 }
 KERNEL_ATTR_RO(vmcoreinfo);
=20
+#ifdef CONFIG_CRASH_DM_CRYPT
+static ssize_t crash_dm_crypt_keys_show(struct kobject *kobj,
+					struct kobj_attribute *attr, char *buf)
+{
+	return crash_sysfs_dm_crypt_keys_read(buf);
+}
+
+static ssize_t crash_dm_crypt_keys_store(struct kobject *kobj,
+					 struct kobj_attribute *attr,
+					 const char *buf, size_t count)
+{
+	int ret;
+
+	ret =3D crash_sysfs_dm_crypt_keys_write(buf, count);
+	return ret < 0 ? ret : count;
+}
+KERNEL_ATTR_RW(crash_dm_crypt_keys);
+#endif /* CONFIG_CRASH_DM_CRYPT */
+
 #ifdef CONFIG_CRASH_HOTPLUG
 static ssize_t crash_elfcorehdr_size_show(struct kobject *kobj,
 			       struct kobj_attribute *attr, char *buf)
@@ -271,6 +290,9 @@ static struct attribute * kernel_attrs[] =3D {
 #endif
 #ifdef CONFIG_VMCORE_INFO
 	&vmcoreinfo_attr.attr,
+#ifdef CONFIG_CRASH_DM_CRYPT
+	&crash_dm_crypt_keys_attr.attr,
+#endif
 #ifdef CONFIG_CRASH_HOTPLUG
 	&crash_elfcorehdr_size_attr.attr,
 #endif
--=20
2.45.0
From nobody Wed Feb 11 12:54:45 2026
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1687113B59A
	for <linux-kernel@vger.kernel.org>; Thu, 23 May 2024 05:05:11 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=170.10.133.124
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1716440713; cv=none;
 b=Pdj0cwgvlXn9f/KvqU9wJis10Qno0QirkU+m/RPnf8yQwRFGZMksOtL2d+BtRDGIVLs/ebtbsdpsJRAKTnMTrNni2ZCzRxmN2LObouoPadLCdEPg4v/l9L0nJS0ayvH7ES8gKD4tOOHr+V7B+XMwxj9l97f316KjEBrFB9b1fYY=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1716440713; c=relaxed/simple;
	bh=X6sZr2fT7RV3LOGsviKdoHFeDJZA0N4rJIfYh0VRjPE=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=TbydFju6qE/MUTEaQh7cGQOeIYDR0J4y+cqpaVVeQ1H2KlvlHQAzT/L5dYOQJIwnnsu4EZ5dD2QbgBKw+N7fvVDOSQjn+2D9xQmiGaULa1dc7ewIi/0yKQ1K7saN7Rmx1sCYdaG22y4UrrNy+lU+hpOLvqsL5MgR3dwWaXk6iQ4=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=redhat.com;
 spf=pass smtp.mailfrom=redhat.com;
 dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com
 header.b=OKAbZAlW; arc=none smtp.client-ip=170.10.133.124
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=redhat.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=redhat.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com
 header.b="OKAbZAlW"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1716440710;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=18YOd0+Wa5jPqylPxPMlv7Y+0C4u9S8TvIRTMzUpGf0=;
	b=OKAbZAlW5cXOgokJ3gbxocU88QZzj4yfWL5PyM1ZKmEmMM4zLGqyBGuaennSBY/doIrdVQ
	JG5ccJueXuOvl9fAfUHtvOz2Fl7UG0I5/MHHyRWG7BLDl50FOo4Y9r9OEIOUo8ndAmwyXp
	w1N04hxj+GuxGUtmHFE3JVAC//4Bhrk=
Received: from mail-pl1-f199.google.com (mail-pl1-f199.google.com
 [209.85.214.199]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
 us-mta-562-BGn624C4MpO0es6TEjC2Tg-1; Thu, 23 May 2024 01:05:08 -0400
X-MC-Unique: BGn624C4MpO0es6TEjC2Tg-1
Received: by mail-pl1-f199.google.com with SMTP id
 d9443c01a7336-1f31943bee9so18000805ad.0
        for <linux-kernel@vger.kernel.org>;
 Wed, 22 May 2024 22:05:08 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1716440707; x=1717045507;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=18YOd0+Wa5jPqylPxPMlv7Y+0C4u9S8TvIRTMzUpGf0=;
        b=sNQXMtaIrpKu1kDXulrRFF91Z1otVEdmAVdSZL5gyw2tTAVLpLnq0gb2aQFoDoYA65
         GKYwoDHJBrrvrenhueSCWanEVIGMIii1MlN578UZG+/2eG0r3njjlxo4e6NRPi4/WrOj
         Zx/zo+EQ3LZmad3Jd3kF3ZnlQMPSVmocYkW6UWugstYrDvlbJ0eWcq7d5CTVSedl8YV/
         6bQrAsYzRMa8vlEXnRrH7QMxBkF/R3B5OilpKRAGe7Bl7ZH7TdghUxzMyiCaAIdiJub4
         Tk1JPJ2t/6pQSzjx19yIMxALrdIYg3kIn145XK30rCxvCeQjnt5yg5pegnO9vlRWDzCY
         cJOQ==
X-Forwarded-Encrypted: i=1;
 AJvYcCX+FwrntZVxoBsC5xDLsvnk2RCQ627J7deHpa1SLN9LNfpKTf6jb1eKyOV0stzQ8HdU0tJ0/s9FWhh7z5zaxSv7JzwdRxpoFkWixR0h
X-Gm-Message-State: AOJu0YwdtSfAP5gWbaGp867hbElBMNI87R5cOLDuGzRapdRwIl6+4rN/
	+D83b9JstojOy/yqsXkMGt/6pasjsY31AG+Yl+cHLp9UQ3VosZGsKFNmUGONpftmEp8UlWHF1yx
	83cxqNty5VbgHGuh6XS27B53ZOJMBm21rdAXYhkDYT06Fw8VhibRe8SWxAgl7bg==
X-Received: by 2002:a17:902:db11:b0:1f3:39d9:b2c3 with SMTP id
 d9443c01a7336-1f339d9b4d2mr17003675ad.50.1716440707024;
        Wed, 22 May 2024 22:05:07 -0700 (PDT)
X-Google-Smtp-Source: 
 AGHT+IGRzZMAyDpsUmfR6YQ3M3Cp6U7ziKK4PidDnLj0rz4oSMtKMe54QBcMLcgMyZ5mWzKqYrss7g==
X-Received: by 2002:a17:902:db11:b0:1f3:39d9:b2c3 with SMTP id
 d9443c01a7336-1f339d9b4d2mr17003275ad.50.1716440706265;
        Wed, 22 May 2024 22:05:06 -0700 (PDT)
Received: from localhost ([43.228.180.230])
        by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-1f34076df6asm3603595ad.37.2024.05.22.22.05.05
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 22 May 2024 22:05:05 -0700 (PDT)
From: Coiby Xu <coxu@redhat.com>
To: kexec@lists.infradead.org
Cc: Ondrej Kozina <okozina@redhat.com>,
	Milan Broz <gmazyland@gmail.com>,
	Thomas Staudt <tstaudt@de.ibm.com>,
	=?UTF-8?q?Daniel=20P=20=2E=20Berrang=C3=A9?= <berrange@redhat.com>,
	Kairui Song <ryncsn@gmail.com>,
	Jan Pazdziora <jpazdziora@redhat.com>,
	Pingfan Liu <kernelfans@gmail.com>,
	Baoquan He <bhe@redhat.com>,
	Dave Young <dyoung@redhat.com>,
	linux-kernel@vger.kernel.org,
	x86@kernel.org,
	Dave Hansen <dave.hansen@intel.com>,
	Vitaly Kuznetsov <vkuznets@redhat.com>,
	Vivek Goyal <vgoyal@redhat.com>,
	Eric Biederman <ebiederm@xmission.com>
Subject: [PATCH v4 3/7] crash_dump: store dm keys in kdump reserved memory
Date: Thu, 23 May 2024 13:04:44 +0800
Message-ID: <20240523050451.788754-4-coxu@redhat.com>
X-Mailer: git-send-email 2.45.0
In-Reply-To: <20240523050451.788754-1-coxu@redhat.com>
References: <20240523050451.788754-1-coxu@redhat.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

When the kdump kernel image and initrd are loaded, the dm crypts keys
will be read from keyring and then stored in kdump reserved memory.

Signed-off-by: Coiby Xu <coxu@redhat.com>
---
 include/linux/crash_core.h   |  3 ++
 include/linux/crash_dump.h   |  2 +
 include/linux/kexec.h        |  4 ++
 kernel/crash_dump_dm_crypt.c | 87 ++++++++++++++++++++++++++++++++++++
 4 files changed, 96 insertions(+)

diff --git a/include/linux/crash_core.h b/include/linux/crash_core.h
index 6bff1c24efa3..ab20829d0bc9 100644
--- a/include/linux/crash_core.h
+++ b/include/linux/crash_core.h
@@ -37,6 +37,9 @@ static inline void arch_kexec_unprotect_crashkres(void) {=
 }
 #ifdef CONFIG_CRASH_DM_CRYPT
 int crash_sysfs_dm_crypt_keys_read(char *buf);
 int crash_sysfs_dm_crypt_keys_write(const char *buf, size_t count);
+int crash_load_dm_crypt_keys(struct kimage *image);
+#else
+static inline int crash_load_dm_crypt_keys(struct kimage *image) {return 0=
; }
 #endif
=20
 #ifndef arch_crash_handle_hotplug_event
diff --git a/include/linux/crash_dump.h b/include/linux/crash_dump.h
index acc55626afdc..dfd8e4fe6129 100644
--- a/include/linux/crash_dump.h
+++ b/include/linux/crash_dump.h
@@ -15,6 +15,8 @@
 extern unsigned long long elfcorehdr_addr;
 extern unsigned long long elfcorehdr_size;
=20
+extern unsigned long long dm_crypt_keys_addr;
+
 #ifdef CONFIG_CRASH_DUMP
 extern int elfcorehdr_alloc(unsigned long long *addr, unsigned long long *=
size);
 extern void elfcorehdr_free(unsigned long long addr);
diff --git a/include/linux/kexec.h b/include/linux/kexec.h
index cc81b8a903ab..bd40f4208e1f 100644
--- a/include/linux/kexec.h
+++ b/include/linux/kexec.h
@@ -370,6 +370,10 @@ struct kimage {
 	void *elf_headers;
 	unsigned long elf_headers_sz;
 	unsigned long elf_load_addr;
+
+	/* dm crypt keys buffer */
+	unsigned long dm_crypt_keys_addr;
+	unsigned long dm_crypt_keys_sz;
 };
=20
 /* kexec interface functions */
diff --git a/kernel/crash_dump_dm_crypt.c b/kernel/crash_dump_dm_crypt.c
index 78809189084a..89fec768fba8 100644
--- a/kernel/crash_dump_dm_crypt.c
+++ b/kernel/crash_dump_dm_crypt.c
@@ -1,4 +1,6 @@
 // SPDX-License-Identifier: GPL-2.0-only
+#include <linux/key.h>
+#include <linux/keyctl.h>
 #include <keys/user-type.h>
 #include <linux/crash_dump.h>
=20
@@ -111,3 +113,88 @@ int crash_sysfs_dm_crypt_keys_read(char *buf)
 	return sprintf(buf, "%s\n", STATE_STR[state]);
 }
 EXPORT_SYMBOL(crash_sysfs_dm_crypt_keys_read);
+
+static int read_key_from_user_keying(struct dm_crypt_key *dm_key)
+{
+	const struct user_key_payload *ukp;
+	struct key *key;
+
+	pr_debug("Requesting key %s", dm_key->key_desc);
+	key =3D request_key(&key_type_logon, dm_key->key_desc, NULL);
+
+	if (IS_ERR(key)) {
+		pr_warn("No such key %s\n", dm_key->key_desc);
+		return PTR_ERR(key);
+	}
+
+	ukp =3D user_key_payload_locked(key);
+	if (!ukp)
+		return -EKEYREVOKED;
+
+	memcpy(dm_key->data, ukp->data, ukp->datalen);
+	dm_key->key_size =3D ukp->datalen;
+	pr_debug("Get dm crypt key (size=3D%u) %s: %8ph\n", dm_key->key_size,
+		 dm_key->key_desc, dm_key->data);
+	return 0;
+}
+
+static int build_keys_header(void)
+{
+	int i, r;
+
+	for (i =3D 0; i < key_count; i++) {
+		r =3D read_key_from_user_keying(&keys_header->keys[i]);
+		if (r !=3D 0) {
+			pr_err("Failed to read key %s\n", keys_header->keys[i].key_desc);
+			return r;
+		}
+	}
+
+	return 0;
+}
+
+int crash_load_dm_crypt_keys(struct kimage *image)
+{
+	struct kexec_buf kbuf =3D {
+		.image =3D image,
+		.buf_min =3D 0,
+		.buf_max =3D ULONG_MAX,
+		.top_down =3D false,
+		.random =3D true,
+	};
+
+	int r;
+
+	if (state =3D=3D FRESH)
+		return 0;
+
+	if (key_count !=3D keys_header->key_count) {
+		pr_err("Only record %u keys (%u in total)\n", key_count,
+		       keys_header->key_count);
+		return -EINVAL;
+	}
+
+	image->dm_crypt_keys_addr =3D 0;
+	r =3D build_keys_header();
+	if (r)
+		return r;
+
+	kbuf.buffer =3D keys_header;
+	kbuf.bufsz =3D keys_header_size;
+
+	kbuf.memsz =3D kbuf.bufsz;
+	kbuf.buf_align =3D ELF_CORE_HEADER_ALIGN;
+	kbuf.mem =3D KEXEC_BUF_MEM_UNKNOWN;
+	r =3D kexec_add_buffer(&kbuf);
+	if (r) {
+		kvfree((void *)kbuf.buffer);
+		return r;
+	}
+	state =3D LOADED;
+	image->dm_crypt_keys_addr =3D kbuf.mem;
+	image->dm_crypt_keys_sz =3D kbuf.bufsz;
+	pr_debug("Loaded dm crypt keys at 0x%lx bufsz=3D0x%lx memsz=3D0x%lx\n",
+		 image->dm_crypt_keys_addr, kbuf.bufsz, kbuf.bufsz);
+
+	return r;
+}
--=20
2.45.0
From nobody Wed Feb 11 12:54:45 2026
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 364B813A88D
	for <linux-kernel@vger.kernel.org>; Thu, 23 May 2024 05:05:17 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=170.10.133.124
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1716440718; cv=none;
 b=icvi95dsrHGA26arMmCwx88pSmGhYaqiQ6GNlqD6qeHyYGnMta3SlVoVR2V6I2cWagOrQH8Sy/m30B3Bq64lMhzN7M9IKVXENbIfmpWK1AYVLvtmEwfWg6aIkX9ZjaXJcstriUWEWOjhwQLOBSRHAvyq0AdHsFFEez6Tj0dCbqo=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1716440718; c=relaxed/simple;
	bh=XRaf5EmI1n/9OcNzHgkmeUNkMvJvx+1lwOXtc8o86LU=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=u5R/PGqGeR3HrWGeHV4fLRnVsouj/TqXdHaGyJhnko7q6tKaFuPokRgXW0kmudm1POtYcPaCH84yHcVR3wjxh3CJi/fxY4wxE7N6DIjiDn6Fmz6siGsEzVTh6PIi3pV8efLN2bX0Ui9AE47vk3y2yPqKIQEEP4CiX2BQ67wgFYQ=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=redhat.com;
 spf=pass smtp.mailfrom=redhat.com;
 dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com
 header.b=F43lQ9IO; arc=none smtp.client-ip=170.10.133.124
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=redhat.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=redhat.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com
 header.b="F43lQ9IO"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1716440716;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=KwcExXXLPYnBFndSXcLNg5IgaO4KxZIIlwgUQB+aV8U=;
	b=F43lQ9IOneaQlxvac2Ul0f9qCkSdK8gK1/5C9ut+J6hGmAbcizDPTWWyyZf5zk2zBWcxm5
	8beZ5M3nEUcVFdyNeLl1rQJbJQSx++4NtYkH8hiNnArYG2TpP0jc2OOzeLrvlWLs6k7My2
	evQbInEeBKc/1whL6ocU24NCeVXYRAU=
Received: from mail-pj1-f69.google.com (mail-pj1-f69.google.com
 [209.85.216.69]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
 us-mta-142-dd9hD7RJNcy2LWssmGZMEQ-1; Thu, 23 May 2024 01:05:13 -0400
X-MC-Unique: dd9hD7RJNcy2LWssmGZMEQ-1
Received: by mail-pj1-f69.google.com with SMTP id
 98e67ed59e1d1-2b8700329e6so845707a91.1
        for <linux-kernel@vger.kernel.org>;
 Wed, 22 May 2024 22:05:13 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1716440712; x=1717045512;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=KwcExXXLPYnBFndSXcLNg5IgaO4KxZIIlwgUQB+aV8U=;
        b=tFCJ+wAlNy4znC5o8ekIEqY0xgg+i4ChYmU6y75GI7cmUm6n55sOoyKDp5fnLxug7H
         fk3LXZ3jkk8DEHLT9F8R+a/L9VQ4o8sjslHsLVQJHbpfq/u38Ff3QTRH6MzgTJqy8m18
         VRKHp4vCBBRUekaY0jPFihbw9sS9zxxTMDMjOUWIk99z5VecAIsh5k1S7PXHTo4/+tht
         7Qzj8Fee5coLWicYv6nDWAKNzj1YNkP+vpG1ErRgY3p5HAvOIznTKBsYNDQ5iGGJv1Gz
         kaIm+SliqQf8chkSOrfIk1DF8mZgjCLMW61KYTQ0s0qEQ7srvEvJ2JNLpfdYx1wGId9L
         zamQ==
X-Forwarded-Encrypted: i=1;
 AJvYcCWrxY6CWfv+UHBCFII8OvMalq3meV6K5sJnWKFKxqaxGP5f/GtPgsPCG7VgYQFtKfmpmCVMGTHFSwFO4dinoqHeI9Ap7cQiIbqH234Q
X-Gm-Message-State: AOJu0Yzev/uJUa7IRhT71DGbP574YTMjbBAgBhVRbrTqjuaaTHVs1qUV
	BpIv3jhLelO0mR2Fdw12wK9/J+xUP0Q0vgX4VcA6H7Z9rHL3xihDMk9qQVidztkQkeQKHxEJojH
	X09dcMD0Ekb9pD2VaVJRI5pLiG7qaaqGSUh2LcMa6NNVIZOH1y4EeGoIHdDy8Io4iRtU6DdUOpQ
	I=
X-Received: by 2002:a17:90b:3002:b0:2bd:ec55:9f38 with SMTP id
 98e67ed59e1d1-2bdec559fbfmr284161a91.29.1716440711846;
        Wed, 22 May 2024 22:05:11 -0700 (PDT)
X-Google-Smtp-Source: 
 AGHT+IFRR+6oMpSEO77P0mkaAygN4BkX2R/W8hIA3+G2zdrDxCovM2XxnoMXOUOMXl6NUFojPYs4MQ==
X-Received: by 2002:a17:90b:3002:b0:2bd:ec55:9f38 with SMTP id
 98e67ed59e1d1-2bdec559fbfmr284127a91.29.1716440711222;
        Wed, 22 May 2024 22:05:11 -0700 (PDT)
Received: from localhost ([43.228.180.230])
        by smtp.gmail.com with ESMTPSA id
 98e67ed59e1d1-2bdd9ee2460sm681073a91.1.2024.05.22.22.05.10
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 22 May 2024 22:05:10 -0700 (PDT)
From: Coiby Xu <coxu@redhat.com>
To: kexec@lists.infradead.org
Cc: Ondrej Kozina <okozina@redhat.com>,
	Milan Broz <gmazyland@gmail.com>,
	Thomas Staudt <tstaudt@de.ibm.com>,
	=?UTF-8?q?Daniel=20P=20=2E=20Berrang=C3=A9?= <berrange@redhat.com>,
	Kairui Song <ryncsn@gmail.com>,
	Jan Pazdziora <jpazdziora@redhat.com>,
	Pingfan Liu <kernelfans@gmail.com>,
	Baoquan He <bhe@redhat.com>,
	Dave Young <dyoung@redhat.com>,
	linux-kernel@vger.kernel.org,
	x86@kernel.org,
	Dave Hansen <dave.hansen@intel.com>,
	Vitaly Kuznetsov <vkuznets@redhat.com>,
	Vivek Goyal <vgoyal@redhat.com>
Subject: [PATCH v4 4/7] crash_dump: reuse saved dm crypt keys for CPU/memory
 hot-plugging
Date: Thu, 23 May 2024 13:04:45 +0800
Message-ID: <20240523050451.788754-5-coxu@redhat.com>
X-Mailer: git-send-email 2.45.0
In-Reply-To: <20240523050451.788754-1-coxu@redhat.com>
References: <20240523050451.788754-1-coxu@redhat.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

When there is CPU/memory hot-plugging, the kdump kernel image and initrd
will be reloaded. The user space can write the "reuse" command to
/sys/kernel/crash_dm_crypt_key so the stored keys can be re-saved again.

Note currently only x86 (commit ea53ad9cf73b ("x86/crash: add x86 crash
hotplug support")) and ppc (WIP) supports the new infrastructure
(commit 247262756121 ("crash: add generic infrastructure for crash
hotplug support")). If the new infrastructure get extended to all arches,
this patch can be dropped.

Signed-off-by: Coiby Xu <coxu@redhat.com>
---
 kernel/crash_dump_dm_crypt.c | 30 ++++++++++++++++++++++++++----
 1 file changed, 26 insertions(+), 4 deletions(-)

diff --git a/kernel/crash_dump_dm_crypt.c b/kernel/crash_dump_dm_crypt.c
index 89fec768fba8..b4dc881cc867 100644
--- a/kernel/crash_dump_dm_crypt.c
+++ b/kernel/crash_dump_dm_crypt.c
@@ -10,12 +10,13 @@
 // The key scription has the format: cryptsetup:UUID 11+36+1(NULL)=3D48
 #define KEY_DESC_LEN 48
=20
-static char *STATE_STR[] =3D {"fresh", "initialized", "recorded", "loaded"=
};
+static char *STATE_STR[] =3D {"fresh", "initialized", "recorded", "loaded"=
, "reuse"};
 static enum STATE_ENUM {
 	FRESH =3D 0,
 	INITIALIZED,
 	RECORDED,
 	LOADED,
+	REUSE,
 } state;
=20
 static unsigned int key_count;
@@ -90,12 +91,31 @@ static int record_key_desc(const char *buf, struct dm_c=
rypt_key *dm_key)
 	return 0;
 }
=20
+static void get_keys_from_kdump_reserved_memory(void)
+{
+	struct keys_header *keys_header_loaded;
+
+	arch_kexec_unprotect_crashkres();
+
+	keys_header_loaded =3D kmap_local_page(pfn_to_page(
+		kexec_crash_image->dm_crypt_keys_addr >> PAGE_SHIFT));
+
+	memcpy(keys_header, keys_header_loaded, keys_header_size);
+	kunmap_local(keys_header_loaded);
+	state =3D RECORDED;
+}
+
 static int process_cmd(const char *buf, size_t count)
 {
 	if (strncmp(buf, "init ", 5) =3D=3D 0)
 		return init(buf);
 	else if (strncmp(buf, "record ", 7) =3D=3D 0)
 		return record_key_desc(buf, &keys_header->keys[key_count]);
+	else if (!strcmp(buf, "reuse")) {
+		state =3D REUSE;
+		get_keys_from_kdump_reserved_memory();
+		return 0;
+	}
=20
 	return -EINVAL;
 }
@@ -175,9 +195,11 @@ int crash_load_dm_crypt_keys(struct kimage *image)
 	}
=20
 	image->dm_crypt_keys_addr =3D 0;
-	r =3D build_keys_header();
-	if (r)
-		return r;
+	if (state !=3D REUSE) {
+		r =3D build_keys_header();
+		if (r)
+			return r;
+	}
=20
 	kbuf.buffer =3D keys_header;
 	kbuf.bufsz =3D keys_header_size;
--=20
2.45.0
From nobody Wed Feb 11 12:54:45 2026
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id D36BC13AD3E
	for <linux-kernel@vger.kernel.org>; Thu, 23 May 2024 05:05:18 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=170.10.133.124
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1716440720; cv=none;
 b=GYk+2huhTBJZXQhPmziR/iZmP1dm5ehdYuRdyuxBXzTrUZ7WLGYW7T6wmfNdjC9h16RMAaiorkP+bhgs2mmP5V+/vykxbXIJcIA1Op6/nsHhkI2RghxS/ktZ0UcH6RFYenNMQNJuf8maWsNXjEIOt5b7Q1+YLnhM5PKe1flVoX4=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1716440720; c=relaxed/simple;
	bh=mRkvD1MTPK2PgSmvjbHdBMgWLQtsN1Xd8k5RmXh9UMw=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=fTF3+DMGAWBH72gvSlYIjeDLhYFEShlBQr+wEtxmRSYzoLreoSTnIehxm3KvTE1p/FI5ErZ3YR3wCd0PD/FS8S7dnPd3iuT1p4d7M7EjSMhivlTwaoE33COqfhqeV10dcw6bOzxIcSZL81eP7c4p47GNv9rFCNO1OGoTY+J8Pj4=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=redhat.com;
 spf=pass smtp.mailfrom=redhat.com;
 dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com
 header.b=K49Ezcyn; arc=none smtp.client-ip=170.10.133.124
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=redhat.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=redhat.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com
 header.b="K49Ezcyn"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1716440718;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=fa72I6mP4bkKPgXlioSXRQnIrhjQErXvO71QcCop5iA=;
	b=K49EzcynPQ5QWmcVqTEOZKUkcMij6pAyTw9c6Gd0siB+MX3gtW9Sbw8fMqU707UvpYPebS
	UVQf44DL8SlmI2mxvpr67iP/OFYt46/yrNfqQGUrLIVd+E4SHmAMgSANPa7Qkq50X+JJE5
	teNIgAu0TrmKTfRA8SFJW6GmzR81VqY=
Received: from mail-pl1-f200.google.com (mail-pl1-f200.google.com
 [209.85.214.200]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
 us-mta-680-Zkh4evz-O8G29H9WSwixJg-1; Thu, 23 May 2024 01:05:16 -0400
X-MC-Unique: Zkh4evz-O8G29H9WSwixJg-1
Received: by mail-pl1-f200.google.com with SMTP id
 d9443c01a7336-1ed90e91d3cso146589835ad.3
        for <linux-kernel@vger.kernel.org>;
 Wed, 22 May 2024 22:05:16 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1716440715; x=1717045515;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=fa72I6mP4bkKPgXlioSXRQnIrhjQErXvO71QcCop5iA=;
        b=oySwe/Oj/eZkdrJCOLS6fm3eAABLwDYKQmdd///Z6wbR1OSQqu5cUzNS9g6XPROo0u
         WoEGS4Sv8+LwDokq7S66A5SL1tM9YL8bQ6hD0RfLvx5VSMBP+T/B3PtoFxKK8P3lq56E
         QNuxR3GkBSfx8aguNoJH2GW48yEEq4yXFD8GELDyuKFEbBf/CRvIGNFAt/ZVJdn2u1KU
         p1L1pL2AAuZoGtvFQ73+wbXaMLG+C2JShxFIAMWIHgRPeAqEK1/DA2fktCRtn+6xUluQ
         C+Rif2aSl6jhhniHLxhanYvoO4/YyoOF8ipZUZhg2Lj61DI4M9/u1XClhGaHrlQop109
         GFDw==
X-Forwarded-Encrypted: i=1;
 AJvYcCUi9VCaHyCXxTrEJphB7wPj+sLc9eGVjfpnvk2jB3EZCAxtvGQXlfr8pjYGBred+vwsSWt4f2YZ5a3gqyFwTfL5K+S5AtU+k1ZCB3Ah
X-Gm-Message-State: AOJu0YzyIjyY/eog4DyOxzD0GXp831l163lZMkgDeCmTwTQzXdxDceaL
	YSUV/a72d41z2APvPePjo+GtA9JsHHvo9xYQfg4vw6iw+IxO0GI9HLIrKQagazFDiNwiXfntvUm
	jUwv7q+pkK860+AVlbFeKxw1aLpEZpLpZLpQj3WZhZrDo5TqnjSHVQnm/5XIGfg==
X-Received: by 2002:a17:902:ff0a:b0:1ee:a09e:c7b0 with SMTP id
 d9443c01a7336-1f31c98db57mr32586285ad.37.1716440715014;
        Wed, 22 May 2024 22:05:15 -0700 (PDT)
X-Google-Smtp-Source: 
 AGHT+IHesrH0cqL5v8PGClCEwXynBSxt1oIPal3K2H0JK1dua8ax6gHHJh4QCElpHvpZJQCyMDnSkw==
X-Received: by 2002:a17:902:ff0a:b0:1ee:a09e:c7b0 with SMTP id
 d9443c01a7336-1f31c98db57mr32586005ad.37.1716440714356;
        Wed, 22 May 2024 22:05:14 -0700 (PDT)
Received: from localhost ([43.228.180.230])
        by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-1f336103357sm7676865ad.128.2024.05.22.22.05.13
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 22 May 2024 22:05:13 -0700 (PDT)
From: Coiby Xu <coxu@redhat.com>
To: kexec@lists.infradead.org
Cc: Ondrej Kozina <okozina@redhat.com>,
	Milan Broz <gmazyland@gmail.com>,
	Thomas Staudt <tstaudt@de.ibm.com>,
	=?UTF-8?q?Daniel=20P=20=2E=20Berrang=C3=A9?= <berrange@redhat.com>,
	Kairui Song <ryncsn@gmail.com>,
	Jan Pazdziora <jpazdziora@redhat.com>,
	Pingfan Liu <kernelfans@gmail.com>,
	Baoquan He <bhe@redhat.com>,
	Dave Young <dyoung@redhat.com>,
	linux-kernel@vger.kernel.org,
	x86@kernel.org,
	Dave Hansen <dave.hansen@intel.com>,
	Vitaly Kuznetsov <vkuznets@redhat.com>,
	Vivek Goyal <vgoyal@redhat.com>
Subject: [PATCH v4 5/7] crash_dump: retrieve dm crypt keys in kdump kernel
Date: Thu, 23 May 2024 13:04:46 +0800
Message-ID: <20240523050451.788754-6-coxu@redhat.com>
X-Mailer: git-send-email 2.45.0
In-Reply-To: <20240523050451.788754-1-coxu@redhat.com>
References: <20240523050451.788754-1-coxu@redhat.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Crash kernel will retrieve the dm crypt keys based on the dmcryptkeys
command line parameter. When user space writes the key description to
/sys/kernel/crash_dm_crypt_key, the crash kernel will save the
encryption keys to the user keyring. Then user space e.g. cryptsetup's
--volume-key-keyring API can use it to unlock the encrypted device.

Signed-off-by: Coiby Xu <coxu@redhat.com>
---
 include/linux/crash_core.h   |  1 +
 kernel/crash_dump_dm_crypt.c | 99 +++++++++++++++++++++++++++++++++++-
 2 files changed, 99 insertions(+), 1 deletion(-)

diff --git a/include/linux/crash_core.h b/include/linux/crash_core.h
index ab20829d0bc9..d7308b6e83f4 100644
--- a/include/linux/crash_core.h
+++ b/include/linux/crash_core.h
@@ -38,6 +38,7 @@ static inline void arch_kexec_unprotect_crashkres(void) {=
 }
 int crash_sysfs_dm_crypt_keys_read(char *buf);
 int crash_sysfs_dm_crypt_keys_write(const char *buf, size_t count);
 int crash_load_dm_crypt_keys(struct kimage *image);
+ssize_t dm_crypt_keys_read(char *buf, size_t count, u64 *ppos);
 #else
 static inline int crash_load_dm_crypt_keys(struct kimage *image) {return 0=
; }
 #endif
diff --git a/kernel/crash_dump_dm_crypt.c b/kernel/crash_dump_dm_crypt.c
index b4dc881cc867..dd818581858b 100644
--- a/kernel/crash_dump_dm_crypt.c
+++ b/kernel/crash_dump_dm_crypt.c
@@ -33,12 +33,67 @@ static struct keys_header {
 	struct dm_crypt_key keys[] __counted_by(key_count);
 } *keys_header;
=20
+unsigned long long dm_crypt_keys_addr;
+EXPORT_SYMBOL_GPL(dm_crypt_keys_addr);
+
+static int __init setup_dmcryptkeys(char *arg)
+{
+	char *end;
+
+	if (!arg)
+		return -EINVAL;
+	dm_crypt_keys_addr =3D memparse(arg, &end);
+	if (end > arg)
+		return 0;
+
+	dm_crypt_keys_addr =3D 0;
+	return -EINVAL;
+}
+
+early_param("dmcryptkeys", setup_dmcryptkeys);
+
 static size_t get_keys_header_size(struct keys_header *keys_header,
 				   size_t key_count)
 {
 	return struct_size(keys_header, keys, key_count);
 }
=20
+/*
+ * Architectures may override this function to read dm crypt key
+ */
+ssize_t __weak dm_crypt_keys_read(char *buf, size_t count, u64 *ppos)
+{
+	struct kvec kvec =3D { .iov_base =3D buf, .iov_len =3D count };
+	struct iov_iter iter;
+
+	iov_iter_kvec(&iter, READ, &kvec, 1, count);
+	return read_from_oldmem(&iter, count, ppos, false);
+}
+
+static int add_key_to_keyring(struct dm_crypt_key *dm_key,
+			      key_ref_t keyring_ref)
+{
+	key_ref_t key_ref;
+	int r;
+
+	/* create or update the requested key and add it to the target keyring */
+	key_ref =3D key_create_or_update(keyring_ref, "user", dm_key->key_desc,
+				       dm_key->data, dm_key->key_size,
+				       KEY_USR_ALL, KEY_ALLOC_IN_QUOTA);
+
+	if (!IS_ERR(key_ref)) {
+		r =3D key_ref_to_ptr(key_ref)->serial;
+		key_ref_put(key_ref);
+		pr_alert("Success adding key %s", dm_key->key_desc);
+	} else {
+		r =3D PTR_ERR(key_ref);
+		pr_alert("Error when adding key");
+	}
+
+	key_ref_put(keyring_ref);
+	return r;
+}
+
 static int init(const char *buf)
 {
 	unsigned int total_keys;
@@ -120,11 +175,53 @@ static int process_cmd(const char *buf, size_t count)
 	return -EINVAL;
 }
=20
+static int restore_dm_crypt_keys_to_thread_keyring(const char *key_desc)
+{
+	struct dm_crypt_key *key;
+	key_ref_t keyring_ref;
+	u64 addr;
+
+	/* find the target keyring (which must be writable) */
+	keyring_ref =3D
+		lookup_user_key(KEY_SPEC_USER_KEYRING, 0x01, KEY_NEED_WRITE);
+	if (IS_ERR(keyring_ref)) {
+		pr_alert("Failed to get keyring");
+		return PTR_ERR(keyring_ref);
+	}
+
+	addr =3D dm_crypt_keys_addr;
+	dm_crypt_keys_read((char *)&key_count, sizeof(key_count), &addr);
+	if (key_count < 0 || key_count > KEY_NUM_MAX) {
+		pr_info("Failed to the number of dm_crypt keys\n");
+		return -1;
+	}
+
+	pr_debug("There are %u keys\n", key_count);
+	addr =3D dm_crypt_keys_addr;
+
+	keys_header_size =3D get_keys_header_size(keys_header, key_count);
+
+	keys_header =3D kzalloc(keys_header_size, GFP_KERNEL);
+	if (!keys_header)
+		return -ENOMEM;
+
+	dm_crypt_keys_read((char *)keys_header, keys_header_size, &addr);
+
+	for (int i =3D 0; i < keys_header->key_count; i++) {
+		key =3D &keys_header->keys[i];
+		pr_alert("Get key (size=3D%u): %8ph...\n", key->key_size, key->data);
+		add_key_to_keyring(key, keyring_ref);
+	}
+
+	return 0;
+}
+
 int crash_sysfs_dm_crypt_keys_write(const char *buf, size_t count)
 {
 	if (!is_kdump_kernel())
 		return process_cmd(buf, count);
-	return -EINVAL;
+	else
+		return restore_dm_crypt_keys_to_thread_keyring(buf);
 }
 EXPORT_SYMBOL(crash_sysfs_dm_crypt_keys_write);
=20
--=20
2.45.0
From nobody Wed Feb 11 12:54:45 2026
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1C64213BAD5
	for <linux-kernel@vger.kernel.org>; Thu, 23 May 2024 05:05:22 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=170.10.133.124
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1716440724; cv=none;
 b=Q5tgiPpxQmbus4hxPVDmo0y9nNH8UFsI7xhXSzSzctI+Xh3CziWoRZM0kbCABay7qlvfRtv7fKjoEas2ZV2bB5B+F4vF+rJ4BaAX+3E+LW11e5vgi9IOwdC3Fk8b0LvDwjtTGb+vgMQd7RH3FSqSAMIr7NBgD36VhF+I0xPkn/s=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1716440724; c=relaxed/simple;
	bh=KrGpaMekyTRuOSDlmtTjCMBOb9Ydu/BZISecKqMIkbQ=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=K/QjR9J4eYSMjFK8i1AyU1a8DCM5bGtfkoa0FGq7b+EP4+9Y4FQtUhKfGhD9UfEQBs0FcQjKm4tsZTJDelGEkZOcQmvNGApavwARNQC/WRHsmW7UtUAhV/CuvUOTl++dw1CoYABGHeGPE7gRTKT71qe7SByC39MJHTGRO7sid8Y=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=redhat.com;
 spf=pass smtp.mailfrom=redhat.com;
 dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com
 header.b=UugR7HhO; arc=none smtp.client-ip=170.10.133.124
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=redhat.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=redhat.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com
 header.b="UugR7HhO"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1716440722;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=iXqG8tM8YcaI9rGWt1KJ0lfMUtcaUoa1T7IYtFP1N5A=;
	b=UugR7HhOJ9XUY6AbI+hmgEdo2rlQfNGuHsxNQn11PmmUfSdnzrx4ojzD1/yA8/d1y5s1U7
	m0qIKoLsuUONFeGCuBJRy5IJVEn0HWau7nZMe3zVb472m82/mBS0mXcSrIy8NZeGPx3QJl
	4TFvxGjGhqp4LHiTn/tnrCRC+eWtP60=
Received: from mail-ot1-f71.google.com (mail-ot1-f71.google.com
 [209.85.210.71]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
 us-mta-646-fn22c9HnMG63SF5ut5hIjw-1; Thu, 23 May 2024 01:05:20 -0400
X-MC-Unique: fn22c9HnMG63SF5ut5hIjw-1
Received: by mail-ot1-f71.google.com with SMTP id
 46e09a7af769-6f0ff1a4fddso955448a34.3
        for <linux-kernel@vger.kernel.org>;
 Wed, 22 May 2024 22:05:20 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1716440719; x=1717045519;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=iXqG8tM8YcaI9rGWt1KJ0lfMUtcaUoa1T7IYtFP1N5A=;
        b=uFIY+kXCHxl5xLO1TX8D4+KHBjh+QFtfwX5GXZyjy6OMIx04Suz3+ZMYB8rV5NTi2T
         XokFB7TmQYVkgn4p5qZ+SyPa+5KPHhfWsgEynpjLOq6CNjgZI6Gt69pJw4GRmFiPR6xv
         p+y/jJaSEWcPizQ0N3078/QQshIbzMLv8L3fN19zbcut+XyMzftqp8cdVUeKHz/ymC6e
         ggQ/xC1zbFG5HkJGMmmqXAxcv2lZJPNNJcs+E9Mt3EX/4x/z9Y2cKnmM0Fhgj8w6jzjq
         UUvf6ZZ9/s2U4u3xNdZEuYINsmZ5+F8HnPw06I0TFwzBawbUftXKSbfS1IIKHLg/6156
         lazg==
X-Forwarded-Encrypted: i=1;
 AJvYcCWMC3LT8k3hUqMzLB8wldBeuCGfLrSYhpJtpHMVF7eImKVaqAKv+HIyewXRLiFbxvdpfXhYDsE8nZRP1M7eruvEoJ6eRi7LT41N+YI+
X-Gm-Message-State: AOJu0YwmxPH13qDSw/Pbj7ejz67F4VV3J8fAZoZ1l/8L+XIktX0Yhkn9
	J0QKYrElXS2OxQYQhuT5ERepKPbT9x90NWmoERIly5aJMcQAABUCLD+S4nM9P9M2uE3MfcaO/KZ
	qrFgmwGcXEFHifsZ83vpIktPZ3Kai7jFWqiarv2V1RsKEQc5VrRneH8IP2+8Htg==
X-Received: by 2002:a05:6830:10cd:b0:6f0:bf65:9c42 with SMTP id
 46e09a7af769-6f666f7914bmr3888022a34.15.1716440719371;
        Wed, 22 May 2024 22:05:19 -0700 (PDT)
X-Google-Smtp-Source: 
 AGHT+IEWQA1xavODDuyHNmo2P3AvBsnEdbuteghicukf23qUMHJD1rGUHnEt8+t2eLKuyEOwcoEKaA==
X-Received: by 2002:a05:6830:10cd:b0:6f0:bf65:9c42 with SMTP id
 46e09a7af769-6f666f7914bmr3888000a34.15.1716440718826;
        Wed, 22 May 2024 22:05:18 -0700 (PDT)
Received: from localhost ([43.228.180.230])
        by smtp.gmail.com with ESMTPSA id
 41be03b00d2f7-63a917264d6sm20539102a12.73.2024.05.22.22.05.17
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 22 May 2024 22:05:18 -0700 (PDT)
From: Coiby Xu <coxu@redhat.com>
To: kexec@lists.infradead.org
Cc: Ondrej Kozina <okozina@redhat.com>,
	Milan Broz <gmazyland@gmail.com>,
	Thomas Staudt <tstaudt@de.ibm.com>,
	=?UTF-8?q?Daniel=20P=20=2E=20Berrang=C3=A9?= <berrange@redhat.com>,
	Kairui Song <ryncsn@gmail.com>,
	Jan Pazdziora <jpazdziora@redhat.com>,
	Pingfan Liu <kernelfans@gmail.com>,
	Baoquan He <bhe@redhat.com>,
	Dave Young <dyoung@redhat.com>,
	linux-kernel@vger.kernel.org,
	x86@kernel.org,
	Dave Hansen <dave.hansen@intel.com>,
	Vitaly Kuznetsov <vkuznets@redhat.com>,
	Thomas Gleixner <tglx@linutronix.de>,
	Ingo Molnar <mingo@redhat.com>,
	Borislav Petkov <bp@alien8.de>,
	Dave Hansen <dave.hansen@linux.intel.com>,
	"H. Peter Anvin" <hpa@zytor.com>
Subject: [PATCH v4 6/7] x86/crash: pass dm crypt keys to kdump kernel
Date: Thu, 23 May 2024 13:04:47 +0800
Message-ID: <20240523050451.788754-7-coxu@redhat.com>
X-Mailer: git-send-email 2.45.0
In-Reply-To: <20240523050451.788754-1-coxu@redhat.com>
References: <20240523050451.788754-1-coxu@redhat.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

1st kernel will build up the kernel command parameter dmcryptkeys as
similar to elfcorehdr to pass the memory address of the stored info of
dm crypt key to kdump kernel.

Signed-off-by: Coiby Xu <coxu@redhat.com>
---
 arch/x86/kernel/crash.c           | 15 ++++++++++++++-
 arch/x86/kernel/kexec-bzimage64.c |  7 +++++++
 2 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/arch/x86/kernel/crash.c b/arch/x86/kernel/crash.c
index f06501445cd9..74b3844ae53c 100644
--- a/arch/x86/kernel/crash.c
+++ b/arch/x86/kernel/crash.c
@@ -266,6 +266,7 @@ static int memmap_exclude_ranges(struct kimage *image, =
struct crash_mem *cmem,
 				 unsigned long long mend)
 {
 	unsigned long start, end;
+	int r;
=20
 	cmem->ranges[0].start =3D mstart;
 	cmem->ranges[0].end =3D mend;
@@ -274,7 +275,19 @@ static int memmap_exclude_ranges(struct kimage *image,=
 struct crash_mem *cmem,
 	/* Exclude elf header region */
 	start =3D image->elf_load_addr;
 	end =3D start + image->elf_headers_sz - 1;
-	return crash_exclude_mem_range(cmem, start, end);
+	r =3D crash_exclude_mem_range(cmem, start, end);
+
+	if (r)
+		return r;
+
+	/* Exclude dm crypt keys region */
+	if (image->dm_crypt_keys_addr) {
+		start =3D image->dm_crypt_keys_addr;
+		end =3D start + image->dm_crypt_keys_sz - 1;
+		return crash_exclude_mem_range(cmem, start, end);
+	}
+
+	return r;
 }
=20
 /* Prepare memory map for crash dump kernel */
diff --git a/arch/x86/kernel/kexec-bzimage64.c b/arch/x86/kernel/kexec-bzim=
age64.c
index 68530fad05f7..9c94428927bd 100644
--- a/arch/x86/kernel/kexec-bzimage64.c
+++ b/arch/x86/kernel/kexec-bzimage64.c
@@ -76,6 +76,10 @@ static int setup_cmdline(struct kimage *image, struct bo=
ot_params *params,
 	if (image->type =3D=3D KEXEC_TYPE_CRASH) {
 		len =3D sprintf(cmdline_ptr,
 			"elfcorehdr=3D0x%lx ", image->elf_load_addr);
+
+		if (image->dm_crypt_keys_addr !=3D 0)
+			len +=3D sprintf(cmdline_ptr + len,
+					"dmcryptkeys=3D0x%lx ", image->dm_crypt_keys_addr);
 	}
 	memcpy(cmdline_ptr + len, cmdline, cmdline_len);
 	cmdline_len +=3D len;
@@ -441,6 +445,9 @@ static void *bzImage64_load(struct kimage *image, char =
*kernel,
 		ret =3D crash_load_segments(image);
 		if (ret)
 			return ERR_PTR(ret);
+		ret =3D crash_load_dm_crypt_keys(image);
+		if (ret)
+			pr_debug("Either no dm crypt key or error to retrieve the dm crypt key\=
n");
 	}
 #endif
=20
--=20
2.45.0
From nobody Wed Feb 11 12:54:45 2026
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id C0F9413B585
	for <linux-kernel@vger.kernel.org>; Thu, 23 May 2024 05:05:29 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=170.10.129.124
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1716440731; cv=none;
 b=UVxrWVwbjbgae+KNQAVbr6K1lgH38oueqTvRX1YRoj+6DMvx0NNSYdjUTvxOC/uM7TRVZZRkaqqjqGPSXOi3gCP2FRkTJrfrJKaB+8adClrVUbTSji0VKm6hi3l8okE7G27yztIqf7U+luaRA7U3Ap5uU2uGE5Spby4lh81CIQw=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1716440731; c=relaxed/simple;
	bh=iSl7KS3PS3+oGvrAX46xbBGgBquJcY7x8oR/0G0ZIdc=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=dzBwy7u3+NMBpSbzwaOpTi3FG1h2rMSoxDCHKCcHhx4PnBMACj4GVE8wTOzX2hd3M3wC3C+IkDQrDJHI0bLr8j8MnF8gqQHxCyMHw9Rjid9sj4XXzsZo1YZIuez7/GveZOWveWOk9txyX90SGLpI/rfzbVi5qUpyna+3In2ozUY=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=redhat.com;
 spf=pass smtp.mailfrom=redhat.com;
 dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com
 header.b=e+sfbEyR; arc=none smtp.client-ip=170.10.129.124
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=redhat.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=redhat.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com
 header.b="e+sfbEyR"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1716440728;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=rgyDYqAPwEwrwLxe8ILuedZgvx3RZsbJnZUXSZSXc28=;
	b=e+sfbEyRePB04i4pD3UvlGylmHTu7I+kl1SKcPPTF4QcPoQZGQLoTv++CGxwHK2lMovkle
	dA5aP5sh4jvn+hgtfy0XsgLrmfo2NNd8+Eh819FZLLb+M6HTKh3m2bUKyQ7F2Y4/YyFElJ
	bLjV5la934awv7jzFf3DmwiUIgEVZg8=
Received: from mail-pg1-f199.google.com (mail-pg1-f199.google.com
 [209.85.215.199]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
 us-mta-153-IeYNd67fMiqA4HgWR1rO7g-1; Thu, 23 May 2024 01:05:27 -0400
X-MC-Unique: IeYNd67fMiqA4HgWR1rO7g-1
Received: by mail-pg1-f199.google.com with SMTP id
 41be03b00d2f7-65e7c88cb40so742395a12.0
        for <linux-kernel@vger.kernel.org>;
 Wed, 22 May 2024 22:05:26 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1716440726; x=1717045526;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=rgyDYqAPwEwrwLxe8ILuedZgvx3RZsbJnZUXSZSXc28=;
        b=ZusonY8jFTi5zNV7c+Etx4VEaKGaADATdPETmaX+sIS0NIasYx4Rwb4czBbUQ4Zf53
         BrDktWiQP1qaOqleN+FH11/2jY2C+HDH909HStmcjqillgpwbyKzw1mzEkzpMvjkwc/H
         kqgAe0Z4uutzDxAo4Q5HbN/TYyogYtbGZU9vB2jnYigZy3pypZPHk8cPrJymAHCUTh88
         0a0byMouuO/U+Mw0UYC7OuCgtZmR8ZcL6+MElN2oHUmLJs+FhOVcJQSb1FeoF4FuSOVP
         +DzYxh8Fi8zfgARfy3Rm4ULcX4R+u+97dchXsPHHaUzwRhFbXqUa9X3mRzDiiUVtc8wT
         kKhA==
X-Forwarded-Encrypted: i=1;
 AJvYcCXnIemmO9UXzDlpcmWJ71TRtGe8u5f853lVVqdWj8GJkyYB1ix+kAe4Fto6QE6KEpktejq90fcPyHd4w53e9ZqmYXjO3VW1ONJkyEua
X-Gm-Message-State: AOJu0Yz91mCb0kIL/YGKXOjTqSECQ4M7EOdq6ZAWmFi9SMdpPAxJFFu/
	M20pRJUDDuZzxJTi7TwPQX6Tr5HP7ZuQGrWmCRa0ym7aUio2BLHiWqaS6T8JcQSmWUl6fWD5+fA
	JzHEvBRTB3uhY6V9i/rdGKAFSiuLodSEYuvI+tDVz8wt1nJ0upphQ7Oi0FFgQgg==
X-Received: by 2002:a05:6a21:2792:b0:1b1:ea57:d6ac with SMTP id
 adf61e73a8af0-1b1f8a749c2mr3773802637.51.1716440725499;
        Wed, 22 May 2024 22:05:25 -0700 (PDT)
X-Google-Smtp-Source: 
 AGHT+IHPjibNNUlzkGUbJC55LkT4ayzeyD3K0jDKK0WT1v3T+lpkRCBTbOfygRm48CKMedkbGJzihQ==
X-Received: by 2002:a05:6a21:2792:b0:1b1:ea57:d6ac with SMTP id
 adf61e73a8af0-1b1f8a749c2mr3773771637.51.1716440724853;
        Wed, 22 May 2024 22:05:24 -0700 (PDT)
Received: from localhost ([43.228.180.230])
        by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-1ef0c036272sm247051165ad.188.2024.05.22.22.05.23
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 22 May 2024 22:05:24 -0700 (PDT)
From: Coiby Xu <coxu@redhat.com>
To: kexec@lists.infradead.org
Cc: Ondrej Kozina <okozina@redhat.com>,
	Milan Broz <gmazyland@gmail.com>,
	Thomas Staudt <tstaudt@de.ibm.com>,
	=?UTF-8?q?Daniel=20P=20=2E=20Berrang=C3=A9?= <berrange@redhat.com>,
	Kairui Song <ryncsn@gmail.com>,
	Jan Pazdziora <jpazdziora@redhat.com>,
	Pingfan Liu <kernelfans@gmail.com>,
	Baoquan He <bhe@redhat.com>,
	Dave Young <dyoung@redhat.com>,
	linux-kernel@vger.kernel.org,
	x86@kernel.org,
	Dave Hansen <dave.hansen@intel.com>,
	Vitaly Kuznetsov <vkuznets@redhat.com>,
	Thomas Gleixner <tglx@linutronix.de>,
	Ingo Molnar <mingo@redhat.com>,
	Borislav Petkov <bp@alien8.de>,
	Dave Hansen <dave.hansen@linux.intel.com>,
	"H. Peter Anvin" <hpa@zytor.com>
Subject: [PATCH v4 7/7] x86/crash: make the page that stores the dm crypt keys
 inaccessible
Date: Thu, 23 May 2024 13:04:48 +0800
Message-ID: <20240523050451.788754-8-coxu@redhat.com>
X-Mailer: git-send-email 2.45.0
In-Reply-To: <20240523050451.788754-1-coxu@redhat.com>
References: <20240523050451.788754-1-coxu@redhat.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

This adds an addition layer of protection for the saved copy of dm
crypt key. Trying to access the saved copy will cause page fault.

Suggested-by: Pingfan Liu <kernelfans@gmail.com>
Signed-off-by: Coiby Xu <coxu@redhat.com>
---
 arch/x86/kernel/machine_kexec_64.c | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/arch/x86/kernel/machine_kexec_64.c b/arch/x86/kernel/machine_k=
exec_64.c
index b180d8e497c3..fc0a80f4254e 100644
--- a/arch/x86/kernel/machine_kexec_64.c
+++ b/arch/x86/kernel/machine_kexec_64.c
@@ -545,13 +545,34 @@ static void kexec_mark_crashkres(bool protect)
 	kexec_mark_range(control, crashk_res.end, protect);
 }
=20
+static void kexec_mark_dm_crypt_keys(bool protect)
+{
+	unsigned long start_paddr, end_paddr;
+	unsigned int nr_pages;
+
+	if (kexec_crash_image->dm_crypt_keys_addr) {
+		start_paddr =3D kexec_crash_image->dm_crypt_keys_addr;
+		end_paddr =3D start_paddr + kexec_crash_image->dm_crypt_keys_sz - 1;
+		nr_pages =3D (PAGE_ALIGN(end_paddr) - PAGE_ALIGN_DOWN(start_paddr))/PAGE=
_SIZE;
+		if (protect)
+			set_memory_np((unsigned long)phys_to_virt(start_paddr), nr_pages);
+		else
+			__set_memory_prot(
+				(unsigned long)phys_to_virt(start_paddr),
+				nr_pages,
+				__pgprot(_PAGE_PRESENT | _PAGE_NX | _PAGE_RW));
+	}
+}
+
 void arch_kexec_protect_crashkres(void)
 {
 	kexec_mark_crashkres(true);
+	kexec_mark_dm_crypt_keys(true);
 }
=20
 void arch_kexec_unprotect_crashkres(void)
 {
+	kexec_mark_dm_crypt_keys(false);
 	kexec_mark_crashkres(false);
 }
 #endif
--=20
2.45.0