From nobody Thu Feb 12 20:24:37 2026 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CAC3319414E for ; Fri, 7 Jun 2024 12:26:37 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717763199; cv=none; b=ss/qZe19MFA75/UFhDIQfx/br7euliIsPDzvlwRdoQl6a/hUJ5N6yb0YO7EKS/icpapo1uMCtZ8mv/eR+FX+3zQh9MIfHRGsv52sIEncPydTODxuUSmJ81NhfH9QPiDN5Bo6oobiQ5pY3i2uwNljzujh9ddNZGke/0r7MXEJ/iw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717763199; c=relaxed/simple; bh=RFJNZU7TLgnGsVmKkHuMKPqdGs2uAqapaQ0gSTvA9Ro=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=rqRSBa1w6bGgwm9zCYFFDfdWEhRjB7c1WR5CpaqcJMT4OGtksHl1yl9ID9J//HvZ+hcm9OSzx0QCkGF4sHHN+IFuuntlV6FQ5wb/FcoX1qmD4AYVcjC8wZN4BRhgnnwVxkTkkSLJCp7u/Vp+XlbEQsQe/HEEXjZD4JR+8FSkGDE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=MmAff3dr; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="MmAff3dr" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1717763196; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=j2P/UHfuOg4ehNZSVTesGfCNw2riSEHvP0JbrY+cOcU=; b=MmAff3drcqdp8NBqxYVK/rMHkzCKNzm3EVrUAInfUN1prucnBtnCaF5IlrWBJc3cLoM0Bw 8uIuSjt8l1sudyuxToHuBn0xn6A8y89sG22nV521QMdM+H0R/8/Y5zlibz9R6XicA28pBw cF/7lw7T0Ay+93E0GEGazo8Tmn7x+kQ= Received: from mail-pl1-f199.google.com (mail-pl1-f199.google.com [209.85.214.199]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-608-X0C3hKA-Ohec7NiucwAHOw-1; Fri, 07 Jun 2024 08:26:35 -0400 X-MC-Unique: X0C3hKA-Ohec7NiucwAHOw-1 Received: by mail-pl1-f199.google.com with SMTP id d9443c01a7336-1f6174cfcf8so21277435ad.3 for ; Fri, 07 Jun 2024 05:26:35 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717763194; x=1718367994; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=j2P/UHfuOg4ehNZSVTesGfCNw2riSEHvP0JbrY+cOcU=; b=AbX6szlHwuYsT5o0F2Y6r377XAqM37owiwiFBMC2drVYUJsQ0PwCiV5oq+6lH+Nm5U jcTh+rqxfF4wJ80/oIiTnJGHpEMbAtaduUXqwts5GRic57XZUdskRsrS1F/GlQoZNRiW vJ+Yvob1njcA2jMBK1g5jTDGJsqp1Iqilf5pe3JwJ2avfvx2l8OpSUMjtmjkVUEonSFB ea6lElUK/8FYu3uc+BabcJcSjgbjSH8PSIloM5s7B4+S7lwVolHiYDZw7rpa/TICsiC6 n8om1vefm/0BALoHUEDE+oSIRUwDB1/WW72r67YuyA9GjdKy0H7YuuhH8Nr5IyB0wAOW TNNw== X-Forwarded-Encrypted: i=1; AJvYcCURYlO5PPokpVMohRzblFSuJZbnZifJ4zuFEvi4igHVj6Z/6qM+gozVpooVUqD+p073J+radcR0fSMma7h4GrhNW9jmMd+EQXG1Gi4U X-Gm-Message-State: AOJu0Yzin799BiNKfYj7bUTUXdFzB5Kze8uwaHUcseQaTn8oM25ib4HN tEyxc9L9b6P9zN49KPpvaUl63J9BnOJa7GThjjh9ldAMURQ3mI2+7IHYKqFe+92svALVQLcJ9Yc SpOegNcYkqGnwynC+TRGfVP4dWRoQ9F210K7YBmn9JY5Fb47/S9OgR6nV3/FKcg== X-Received: by 2002:a17:902:e54c:b0:1f6:5869:df53 with SMTP id d9443c01a7336-1f6d02e647amr28703855ad.20.1717763193987; Fri, 07 Jun 2024 05:26:33 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFxwy+yOhlJ8TSNGn0kZKxDg2jLx7D4xuuGL3ibcgvt+PHeSDr3Kf0fwtpAOyE6i5wHI+pohA== X-Received: by 2002:a17:902:e54c:b0:1f6:5869:df53 with SMTP id d9443c01a7336-1f6d02e647amr28703345ad.20.1717763193274; Fri, 07 Jun 2024 05:26:33 -0700 (PDT) Received: from localhost ([43.228.180.230]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-1f6bd75f45bsm33029905ad.35.2024.06.07.05.26.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 07 Jun 2024 05:26:32 -0700 (PDT) From: Coiby Xu To: kexec@lists.infradead.org Cc: Ondrej Kozina , Milan Broz , Thomas Staudt , =?UTF-8?q?Daniel=20P=20=2E=20Berrang=C3=A9?= , Kairui Song , Jan Pazdziora , Pingfan Liu , Baoquan He , Dave Young , linux-kernel@vger.kernel.org, x86@kernel.org, Dave Hansen , Vitaly Kuznetsov , Greg KH , Eric Biederman Subject: [PATCH v5 1/7] kexec_file: allow to place kexec_buf randomly Date: Fri, 7 Jun 2024 20:26:11 +0800 Message-ID: <20240607122622.167228-2-coxu@redhat.com> X-Mailer: git-send-email 2.45.1 In-Reply-To: <20240607122622.167228-1-coxu@redhat.com> References: <20240607122622.167228-1-coxu@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Currently, kexec_buf is placed in order which means for the same machine, the info in the kexec_buf is always located at the same position each time the machine is booted. This may cause a risk for sensitive information like LUKS volume key. Now struct kexec_buf has a new field random which indicates it's supposed to be placed in a random position. Suggested-by: Jan Pazdziora Signed-off-by: Coiby Xu --- include/linux/kexec.h | 4 ++++ kernel/kexec_file.c | 21 +++++++++++++++++++++ 2 files changed, 25 insertions(+) diff --git a/include/linux/kexec.h b/include/linux/kexec.h index f0e9f8eda7a3..c45bfc727737 100644 --- a/include/linux/kexec.h +++ b/include/linux/kexec.h @@ -171,6 +171,7 @@ int kexec_image_post_load_cleanup_default(struct kimage= *image); * @buf_min: The buffer can't be placed below this address. * @buf_max: The buffer can't be placed above this address. * @top_down: Allocate from top of memory. + * @random: Place the buffer at a random position. */ struct kexec_buf { struct kimage *image; @@ -182,6 +183,9 @@ struct kexec_buf { unsigned long buf_min; unsigned long buf_max; bool top_down; +#ifdef CONFIG_CRASH_DUMP + bool random; +#endif }; =20 int kexec_load_purgatory(struct kimage *image, struct kexec_buf *kbuf); diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c index 3d64290d24c9..f7538d8f67e0 100644 --- a/kernel/kexec_file.c +++ b/kernel/kexec_file.c @@ -25,6 +25,9 @@ #include #include #include +#ifdef CONFIG_CRASH_DUMP +#include +#endif #include #include #include "kexec_internal.h" @@ -437,6 +440,18 @@ SYSCALL_DEFINE5(kexec_file_load, int, kernel_fd, int, = initrd_fd, return ret; } =20 +#ifdef CONFIG_CRASH_DUMP +static unsigned long kexec_random_start(unsigned long start, unsigned long= end) +{ + unsigned long temp_start; + unsigned short i; + + get_random_bytes(&i, sizeof(unsigned short)); + temp_start =3D start + (end - start) / USHRT_MAX * i; + return temp_start; +} +#endif + static int locate_mem_hole_top_down(unsigned long start, unsigned long end, struct kexec_buf *kbuf) { @@ -445,6 +460,10 @@ static int locate_mem_hole_top_down(unsigned long star= t, unsigned long end, =20 temp_end =3D min(end, kbuf->buf_max); temp_start =3D temp_end - kbuf->memsz + 1; +#ifdef CONFIG_CRASH_DUMP + if (kbuf->random) + temp_start =3D kexec_random_start(temp_start, temp_end); +#endif =20 do { /* align down start */ @@ -482,6 +501,8 @@ static int locate_mem_hole_bottom_up(unsigned long star= t, unsigned long end, unsigned long temp_start, temp_end; =20 temp_start =3D max(start, kbuf->buf_min); + if (kbuf->random) + temp_start =3D kexec_random_start(temp_start, end); =20 do { temp_start =3D ALIGN(temp_start, kbuf->buf_align); --=20 2.45.1 From nobody Thu Feb 12 20:24:37 2026 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 75326194A44 for ; Fri, 7 Jun 2024 12:26:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717763205; cv=none; b=lmmRvDdryKbOjY4WB8W61zxaj3NMZHCrxmLfaKROdfowUjiEjNcOqozA5byG9cTYD7TSES7+AB+z7TWouz5eGIQIQFv8sEIM78wjsdFgrR0ewwBaDzbCyYhIy+4JS6A0HGXYmu6QEIMoQel6EgKqSVpB0kBKaUIbGaDdxpfLoNQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717763205; c=relaxed/simple; bh=2JrdDeJYyNLe8UV9NOnACurF+J4BNfnopXWNtHuJ7nQ=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=dTUuFwmRQZqRdkjkpbeZi3NtDmt+C8P5ZRaV4cUVNNQx5ocpuTZjIziXwvvq+ETd2SzGyCxaIpSrk1yMz4jJwzhCdcP6SjjbdSFdLiVh3L9eSQyieDrTgg1Ni5d9xyBaIQMC9/xArpllpfToyyrbYtUmT9t7DZpsOLGd/h3vDOM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=dllqicDi; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="dllqicDi" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1717763202; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=9lYCOcZIv1eEbutNfVll1yHQegSYHStXLGQ+PqX2DXc=; b=dllqicDi2q42FQ9KzHGavSGb4mdgeWU6dwPw0IZ9a94bDk2o+LP6QjnIFlOKz4svVUIgeY rNOCpyI7N7yAfgP26KbhYMLpywDZ7NcU/AIvgGqF/r7q5Gbtksmx2mdGfskgYe4ro9XMDU tbbZtZXFB+9nLpTyIx2Hpzeph5ZJw7Y= Received: from mail-pf1-f200.google.com (mail-pf1-f200.google.com [209.85.210.200]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-479-DmoM3DoTNESSbbpIfbKIxw-1; Fri, 07 Jun 2024 08:26:41 -0400 X-MC-Unique: DmoM3DoTNESSbbpIfbKIxw-1 Received: by mail-pf1-f200.google.com with SMTP id d2e1a72fcca58-70412a339dfso565590b3a.0 for ; Fri, 07 Jun 2024 05:26:41 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717763200; x=1718368000; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=9lYCOcZIv1eEbutNfVll1yHQegSYHStXLGQ+PqX2DXc=; b=msBgXED1qI2WxBN8pIa6N1w+DPPHC9r/+ZhVNDtPzYH3pm0HYgQdqrDip1PQVSp7Xq PTzU28b5DeKBDJ1khFdNwnpk7wfXriDFSfXdKnvWRSPqEcuaGgNMlkfPLjm5QMttJXoX Fjp3IcWFvTWAgh5YuHsxpuwjlYYub4qT0tDf06owyzfcWZZLIXwY/cr82/S/FoPTN4QB H9fvX/pHTUerWAC5U2DdSkjbfAoroLIfjER+yegx5oZ4TaXg9LAopcyRa25ef2QZcoVu WbvLECdHVlWIG69Wyp3obkHBmQR/rZaLDpObSx7dU1E/+JSMvVQk8VL3nPZX+fBogJve +Ujw== X-Forwarded-Encrypted: i=1; AJvYcCW0uuZcVzZcQjQBZ/ZzxM6xMCAP1t1HgrEUwZYCpIX9SSuA8fC9vHT+dEIfhXoNK9NDYQVWUMW0Gvmf2BtSu5By/WPBsedlNotLGM+W X-Gm-Message-State: AOJu0YxyujmNup6LMBIAj5E/SzRxwpqxYuk6awJS3s9P6X9koBCRJe2s MDIeiMSwXvaR86jP+HmDjxtFEN9XD1wIXkjzBkyFuBBq6bwt4f58L9Rp57KtGZ7SBtGK7epHOPX PEllfiBE1g2k14Y3JH1CYxnfzHRBE03gAB/Ji+eUva5fzamfTwalF9t0Lkxutpw== X-Received: by 2002:a05:6a00:c88:b0:6ed:cd4c:cc11 with SMTP id d2e1a72fcca58-7040c73ec1dmr2358827b3a.25.1717763199560; Fri, 07 Jun 2024 05:26:39 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGnhco1D0ghdtJ+O7Sqy/OPScV+EmrGUd2pvgQQ43NKOLM+hzohcRPpHdNqjzLZX/DrU/IS0A== X-Received: by 2002:a05:6a00:c88:b0:6ed:cd4c:cc11 with SMTP id d2e1a72fcca58-7040c73ec1dmr2358784b3a.25.1717763198596; Fri, 07 Jun 2024 05:26:38 -0700 (PDT) Received: from localhost ([43.228.180.230]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-703fd4d94acsm2485189b3a.157.2024.06.07.05.26.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 07 Jun 2024 05:26:38 -0700 (PDT) From: Coiby Xu To: kexec@lists.infradead.org Cc: Ondrej Kozina , Milan Broz , Thomas Staudt , =?UTF-8?q?Daniel=20P=20=2E=20Berrang=C3=A9?= , Kairui Song , Jan Pazdziora , Pingfan Liu , Baoquan He , Dave Young , linux-kernel@vger.kernel.org, x86@kernel.org, Dave Hansen , Vitaly Kuznetsov , Greg KH , Vivek Goyal , Kees Cook , "Gustavo A. R. Silva" , linux-hardening@vger.kernel.org (open list:KERNEL HARDENING (not covered by other areas):Keyword:\b__counted_by\b) Subject: [PATCH v5 2/7] crash_dump: make dm crypt keys persist for the kdump kernel Date: Fri, 7 Jun 2024 20:26:12 +0800 Message-ID: <20240607122622.167228-3-coxu@redhat.com> X-Mailer: git-send-email 2.45.1 In-Reply-To: <20240607122622.167228-1-coxu@redhat.com> References: <20240607122622.167228-1-coxu@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" A sysfs /sys/kernel/crash_dm_crypt_keys is provided for user space to make the dm crypt keys persist for the kdump kernel. Take the case of dumping to a LUKS-encrypted target as an example, here is the life cycle of this kdump copy of LUKS volume keys, 1. After the 1st kernel loads the initramfs during boot, systemd use an user-input passphrase or TPM-sealed key to de-crypt the LUKS volume keys and then save the volume keys to specified keyring (using the --link-vk-to-keyring API) and the key will expire within specified time. 2. A user space tool (kdump initramfs builder) writes a key description to /sys/kernel/crash_dm_crypt_keys to inform the 1st kernel to record the key while building the kdump initramfs 3. The kexec_file_load syscall read the volume keys by recorded key descriptions and then save them key to kdump reserved memory and wipe t= he copy. 4. When the 1st kernel crashes and the kdump initramfs is booted, the kdump initramfs asks the kdump kernel to create a user key using the key stor= ed in kdump reserved memory by writing to to /sys/kernel/crash_dm_crypt_keys.= Then the LUKS encrypted devide is unlocked with libcryptsetup's --volume-key-keyring API. 5. The system gets rebooted to the 1st kernel after dumping vmcore to the LUKS encrypted device is finished I assume 1) there are 128 LUKS devices at maximum to be unlocked thus MAX_KEY_NUM=3D128 2) and a key won't exceed 256 bytes thus MAX_KEY_SIZE=3D256 according to "cryptsetup benchmark". For details on usage of the API, please check the new doc file Documentation/ABI/testing/crash_dm_crypt_keys. Cc: Greg KH Signed-off-by: Coiby Xu --- Documentation/ABI/testing/crash_dm_crypt_keys | 30 ++++ include/linux/crash_core.h | 5 +- kernel/Kconfig.kexec | 9 ++ kernel/Makefile | 1 + kernel/crash_dump_dm_crypt.c | 130 ++++++++++++++++++ kernel/ksysfs.c | 24 ++++ 6 files changed, 198 insertions(+), 1 deletion(-) create mode 100644 Documentation/ABI/testing/crash_dm_crypt_keys create mode 100644 kernel/crash_dump_dm_crypt.c diff --git a/Documentation/ABI/testing/crash_dm_crypt_keys b/Documentation/= ABI/testing/crash_dm_crypt_keys new file mode 100644 index 000000000000..e6a6f6be5a9e --- /dev/null +++ b/Documentation/ABI/testing/crash_dm_crypt_keys @@ -0,0 +1,30 @@ +What: /sys/kernel/crash_dm_crypt_keys +Date: Jun 2024 +KernelVersion: 6.11 +Contact: kexec@lists.infradead.org +Description: read/write + Make dm crypt keys persistent for the kdump kernel. + + Assume the key size won't exceed 256 bytes and the maximum number of k= eys is 128. + + You can write the following commands before kexec'ing the kdump kernel, + - "init KEY_NUM" + Let the kernel know the number of dm crypt keys so it will initial= ize + needed structures. KEY_NUM=3D128 dm crypt keys at maximum. + - "record KEY_DESC" + Record a key description. For security reason, the key must be a l= ogon + key whose payload can't be read by user space. For details, please= refer + to security/keys/core.rst. + + And you can also read this API to know the command eructation status, + - fresh + Waiting for a command + - initialized + The "init KEY_NUM" command has been executed successfully + - recorded + Specified number of keys have been recorded + - loaded + the kdump kernel has been loaded with the dm crypt keys stored to = kdump + reserved memory + +User: Kdump service diff --git a/include/linux/crash_core.h b/include/linux/crash_core.h index 44305336314e..6bff1c24efa3 100644 --- a/include/linux/crash_core.h +++ b/include/linux/crash_core.h @@ -34,7 +34,10 @@ static inline void arch_kexec_protect_crashkres(void) { } static inline void arch_kexec_unprotect_crashkres(void) { } #endif =20 - +#ifdef CONFIG_CRASH_DM_CRYPT +int crash_sysfs_dm_crypt_keys_read(char *buf); +int crash_sysfs_dm_crypt_keys_write(const char *buf, size_t count); +#endif =20 #ifndef arch_crash_handle_hotplug_event static inline void arch_crash_handle_hotplug_event(struct kimage *image, v= oid *arg) { } diff --git a/kernel/Kconfig.kexec b/kernel/Kconfig.kexec index 6c34e63c88ff..d067ba252163 100644 --- a/kernel/Kconfig.kexec +++ b/kernel/Kconfig.kexec @@ -116,6 +116,15 @@ config CRASH_DUMP For s390, this option also enables zfcpdump. See also =20 +config CRASH_DM_CRYPT + bool "Support saving crash dump to dm-crypt encrypted volume" + depends on CRASH_DUMP + depends on DM_CRYPT + help + With this option enabled, user space can intereact with + /sys/kernel/crash_dm_crypt_keys to make the dm crypt keys + persistent for the crash dump kernel. + config CRASH_HOTPLUG bool "Update the crash elfcorehdr on system configuration changes" default y diff --git a/kernel/Makefile b/kernel/Makefile index 3c13240dfc9f..f2e5b3e86d12 100644 --- a/kernel/Makefile +++ b/kernel/Makefile @@ -72,6 +72,7 @@ obj-$(CONFIG_VMCORE_INFO) +=3D vmcore_info.o elfcorehdr.o obj-$(CONFIG_CRASH_RESERVE) +=3D crash_reserve.o obj-$(CONFIG_KEXEC_CORE) +=3D kexec_core.o obj-$(CONFIG_CRASH_DUMP) +=3D crash_core.o +obj-$(CONFIG_CRASH_DM_CRYPT) +=3D crash_dump_dm_crypt.o obj-$(CONFIG_KEXEC) +=3D kexec.o obj-$(CONFIG_KEXEC_FILE) +=3D kexec_file.o obj-$(CONFIG_KEXEC_ELF) +=3D kexec_elf.o diff --git a/kernel/crash_dump_dm_crypt.c b/kernel/crash_dump_dm_crypt.c new file mode 100644 index 000000000000..608bde3aaa8e --- /dev/null +++ b/kernel/crash_dump_dm_crypt.c @@ -0,0 +1,130 @@ +// SPDX-License-Identifier: GPL-2.0-only +#include +#include + +#define KEY_NUM_MAX 128 /* maximum dm crypt keys */ +#define KEY_SIZE_MAX 256 /* maximum dm crypt key size */ + +// The key scription has the format: cryptsetup:UUID 11+36+1(NULL)=3D48 +#define KEY_DESC_LEN 48 + +static enum STATE_ENUM { + FRESH =3D 0, + INITIALIZED, + RECORDED, + LOADED, +} state; + +static const char * const STATE_STR[] =3D { + [FRESH] =3D "fresh", + [INITIALIZED] =3D "initialized", + [RECORDED] =3D "recorded", + [LOADED] =3D "loaded" +}; + +static unsigned int key_count; +static size_t keys_header_size; + +struct dm_crypt_key { + unsigned int key_size; + char key_desc[KEY_DESC_LEN]; + u8 data[KEY_SIZE_MAX]; +}; + +static struct keys_header { + unsigned int total_keys; + struct dm_crypt_key keys[] __counted_by(total_keys); +} *keys_header; + +static size_t get_keys_header_size(struct keys_header *keys_header, + size_t total_keys) +{ + return struct_size(keys_header, keys, total_keys); +} + +/* + * Let the kernel know the number of dm crypt keys and allocate memory to + * initialize related structures. + */ +static int init(const char *buf) +{ + unsigned int total_keys; + + if (sscanf(buf, "init %u", &total_keys) !=3D 1) + return -EINVAL; + + if (total_keys > KEY_NUM_MAX) { + kexec_dprintk( + "Exceed the maximum number of keys (KEY_NUM_MAX=3D%u)\n", + KEY_NUM_MAX); + return -EINVAL; + } + + keys_header_size =3D get_keys_header_size(keys_header, total_keys); + key_count =3D 0; + + if (keys_header !=3D NULL) + kvfree(keys_header); + + keys_header =3D kzalloc(keys_header_size, GFP_KERNEL); + if (!keys_header) + return -ENOMEM; + + keys_header->total_keys =3D total_keys; + state =3D INITIALIZED; + return 0; +} + +/* + * Record the key description of a dm crypt key. + */ +static int record_key_desc(const char *buf, struct dm_crypt_key *dm_key) +{ + char key_desc[KEY_DESC_LEN]; + + if (state !=3D INITIALIZED) { + kexec_dprintk("Please send the cmd 'init ' first\n"); + return -EINVAL; + } + + if (sscanf(buf, "record %s", key_desc) !=3D 1) + return -EINVAL; + + if (key_count >=3D keys_header->total_keys) { + kexec_dprintk("Already have %u keys", key_count); + return -EINVAL; + } + + strscpy(dm_key->key_desc, key_desc, KEY_DESC_LEN); + kexec_dprintk("Key%d (%s) recorded\n", key_count, dm_key->key_desc); + key_count++; + + if (key_count =3D=3D keys_header->total_keys) + state =3D RECORDED; + + return 0; +} + +static int process_cmd(const char *buf, size_t count) +{ + if (strncmp(buf, "init ", 5) =3D=3D 0) + return init(buf); + else if (strncmp(buf, "record ", 7) =3D=3D 0 && count =3D=3D KEY_DESC_LEN= + 6) + return record_key_desc(buf, &keys_header->keys[key_count]); + + return -EINVAL; +} + +int crash_sysfs_dm_crypt_keys_write(const char *buf, size_t count) +{ + if (!is_kdump_kernel()) + return process_cmd(buf, count); + return -EINVAL; +} +EXPORT_SYMBOL_GPL(crash_sysfs_dm_crypt_keys_write); + +int crash_sysfs_dm_crypt_keys_read(char *buf) +{ + return sysfs_emit(buf, "%s\n", STATE_STR[state]); +} +EXPORT_SYMBOL_GPL(crash_sysfs_dm_crypt_keys_read); diff --git a/kernel/ksysfs.c b/kernel/ksysfs.c index 07fb5987b42b..ff7caef30f51 100644 --- a/kernel/ksysfs.c +++ b/kernel/ksysfs.c @@ -167,6 +167,27 @@ static ssize_t vmcoreinfo_show(struct kobject *kobj, } KERNEL_ATTR_RO(vmcoreinfo); =20 +#ifdef CONFIG_CRASH_DM_CRYPT +static ssize_t crash_dm_crypt_keys_show(struct kobject *kobj, + struct kobj_attribute *attr, char *buf) +{ + return crash_sysfs_dm_crypt_keys_read(buf); +} + +static ssize_t crash_dm_crypt_keys_store(struct kobject *kobj, + struct kobj_attribute *attr, + const char *buf, size_t count) +{ + int ret; + + ret =3D crash_sysfs_dm_crypt_keys_write(buf, count); + if (ret < 0) + return ret; + return count; +} +KERNEL_ATTR_RW(crash_dm_crypt_keys); +#endif /* CONFIG_CRASH_DM_CRYPT */ + #ifdef CONFIG_CRASH_HOTPLUG static ssize_t crash_elfcorehdr_size_show(struct kobject *kobj, struct kobj_attribute *attr, char *buf) @@ -271,6 +292,9 @@ static struct attribute * kernel_attrs[] =3D { #endif #ifdef CONFIG_VMCORE_INFO &vmcoreinfo_attr.attr, +#ifdef CONFIG_CRASH_DM_CRYPT + &crash_dm_crypt_keys_attr.attr, +#endif #ifdef CONFIG_CRASH_HOTPLUG &crash_elfcorehdr_size_attr.attr, #endif --=20 2.45.1 From nobody Thu Feb 12 20:24:37 2026 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4D605194A44 for ; Fri, 7 Jun 2024 12:26:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717763216; cv=none; b=FXW7WdCcmL9XT2WToPovyQLxLGy48w+W4G72ry+u8DkOTSrxAedOfnKBf2l3Xz2yZfIaKdHGSB4+Oj7lsGj5Pk5DA4lMZC/fE0hnT2r9E8W10wkTEOnpxbPITWT7kn4jEK+twKCZWBbNMnol1WSSXQohYxfVQrUSEOjBnitVaCM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717763216; c=relaxed/simple; bh=SbX0OWmkyiQ25VmAS101r+rK0t4HDEEZ6y+7sHI5W3E=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=D5LDKPMwksC1invN3nc1XpFLOBO6FrCvRX/erWH0XJ/FguoaAONUj3p6d8lzZ7xnJoZhUF9tHMa7G6rBrXrMqX8gQew90PH8qsBwdqzp8WAbCBzgol7GJkcWaBUc4OGURjJFaArJAngESM6qFiWSZMEJQ9bxLrxCTujQiCEstrw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=d/9WDXCT; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="d/9WDXCT" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1717763214; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=NY6MlWJnYNHj2CGE0jYmgrV3LdjseoctScg0CAsxuF4=; b=d/9WDXCTmzlz+pMy/n9CShk4AHQc8+254rgrSBmTVHWX5p11ic3SZWGYJvVNFzXwyA9OU4 XspscSdXZPxl2aIpsXkGbgQFePycAHY59UVs++DkdJtGQUQ/dEZYM/BKZuk2c7+82IOEp7 +vs3Cpv4cG/emxQ2pxe5M6FFwjNqkIw= Received: from mail-pg1-f200.google.com (mail-pg1-f200.google.com [209.85.215.200]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-466-x4UoXJ6lOAuGsjj1Cvn1Xg-1; Fri, 07 Jun 2024 08:26:46 -0400 X-MC-Unique: x4UoXJ6lOAuGsjj1Cvn1Xg-1 Received: by mail-pg1-f200.google.com with SMTP id 41be03b00d2f7-66348aafadcso1675069a12.1 for ; Fri, 07 Jun 2024 05:26:45 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717763205; x=1718368005; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=NY6MlWJnYNHj2CGE0jYmgrV3LdjseoctScg0CAsxuF4=; b=WXQ0NsBf/19hD1LuA4/ci61wrvFBuq9GWP8mo7ZEBZ4bc7F6YN3Nuksu/5hx+EaO2+ PoBMhEKo4h48nb2/iCk8Q7NjagyThTU8EMRJoLUWMhToOlHF72X5WsodY01sC/1idNSV RTKWBeL01fSSY+5WCwsL3aMQfUcaWm/5GziF4P3yhR/r931GB9VtbYnb50Xao4Jo1JOD ScRPloMNBnN87WAhLGGz0mPRsYNdnXoNOWIb/+q8IPgT2FYB0XIv5h5Vk6066mFc/D/S Lx9antzG+Z70e8r7bAV29HbhFPOCBjWtfpwRZRn/MRKW8ZePmCmZ4IEaAEkF+zEiNlHY 4QIQ== X-Forwarded-Encrypted: i=1; AJvYcCXvZr2gTm39jyVWv3VExx51IphE2xR5crRO0Nw+grys4Ypl8+0MohHHu0zC1y/maTg45qXg9erLYJuxqN6+W4x9LOvY4m6TwVPkCm7T X-Gm-Message-State: AOJu0Yzu7d/hVyrHNEC/kr/HYnZ5jqmO2c6IYC2T9elpqKuEN6Q4XjKP XWQncHpuPHtjE0evaJfR1E6rzwLE6b/eTwILzEIWfaVFORK1aw/dTsFd/35o/5F71PtaC/95LOd VagBg9fRZiT/LBmDBwb7GeFahnDmp8t+anQ2QjVnWbltZXQkYgzxIqYxqouG2sg== X-Received: by 2002:a17:903:32d2:b0:1f6:39d8:dc4f with SMTP id d9443c01a7336-1f6d02c0542mr26932975ad.10.1717763204577; Fri, 07 Jun 2024 05:26:44 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHpdAyFSQcoxBOdQJBinBNNpDMf5FnhUP8x16FFmg6d0auNXsy7A03SjZ++vuIxTUa+Qb9LFA== X-Received: by 2002:a17:903:32d2:b0:1f6:39d8:dc4f with SMTP id d9443c01a7336-1f6d02c0542mr26932625ad.10.1717763203770; Fri, 07 Jun 2024 05:26:43 -0700 (PDT) Received: from localhost ([43.228.180.230]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-1f6bd7eddf1sm33133565ad.249.2024.06.07.05.26.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 07 Jun 2024 05:26:43 -0700 (PDT) From: Coiby Xu To: kexec@lists.infradead.org Cc: Ondrej Kozina , Milan Broz , Thomas Staudt , =?UTF-8?q?Daniel=20P=20=2E=20Berrang=C3=A9?= , Kairui Song , Jan Pazdziora , Pingfan Liu , Baoquan He , Dave Young , linux-kernel@vger.kernel.org, x86@kernel.org, Dave Hansen , Vitaly Kuznetsov , Greg KH , Vivek Goyal , Eric Biederman Subject: [PATCH v5 3/7] crash_dump: store dm crypt keys in kdump reserved memory Date: Fri, 7 Jun 2024 20:26:13 +0800 Message-ID: <20240607122622.167228-4-coxu@redhat.com> X-Mailer: git-send-email 2.45.1 In-Reply-To: <20240607122622.167228-1-coxu@redhat.com> References: <20240607122622.167228-1-coxu@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" When the kdump kernel image and initrd are loaded, the dm crypts keys will be read from keyring and then stored in kdump reserved memory. Signed-off-by: Coiby Xu --- include/linux/crash_core.h | 3 ++ include/linux/crash_dump.h | 2 + include/linux/kexec.h | 4 ++ kernel/crash_dump_dm_crypt.c | 87 ++++++++++++++++++++++++++++++++++++ 4 files changed, 96 insertions(+) diff --git a/include/linux/crash_core.h b/include/linux/crash_core.h index 6bff1c24efa3..ab20829d0bc9 100644 --- a/include/linux/crash_core.h +++ b/include/linux/crash_core.h @@ -37,6 +37,9 @@ static inline void arch_kexec_unprotect_crashkres(void) {= } #ifdef CONFIG_CRASH_DM_CRYPT int crash_sysfs_dm_crypt_keys_read(char *buf); int crash_sysfs_dm_crypt_keys_write(const char *buf, size_t count); +int crash_load_dm_crypt_keys(struct kimage *image); +#else +static inline int crash_load_dm_crypt_keys(struct kimage *image) {return 0= ; } #endif =20 #ifndef arch_crash_handle_hotplug_event diff --git a/include/linux/crash_dump.h b/include/linux/crash_dump.h index acc55626afdc..dfd8e4fe6129 100644 --- a/include/linux/crash_dump.h +++ b/include/linux/crash_dump.h @@ -15,6 +15,8 @@ extern unsigned long long elfcorehdr_addr; extern unsigned long long elfcorehdr_size; =20 +extern unsigned long long dm_crypt_keys_addr; + #ifdef CONFIG_CRASH_DUMP extern int elfcorehdr_alloc(unsigned long long *addr, unsigned long long *= size); extern void elfcorehdr_free(unsigned long long addr); diff --git a/include/linux/kexec.h b/include/linux/kexec.h index c45bfc727737..cb6275928fbd 100644 --- a/include/linux/kexec.h +++ b/include/linux/kexec.h @@ -372,6 +372,10 @@ struct kimage { void *elf_headers; unsigned long elf_headers_sz; unsigned long elf_load_addr; + + /* dm crypt keys buffer */ + unsigned long dm_crypt_keys_addr; + unsigned long dm_crypt_keys_sz; }; =20 /* kexec interface functions */ diff --git a/kernel/crash_dump_dm_crypt.c b/kernel/crash_dump_dm_crypt.c index 608bde3aaa8e..0033152668ae 100644 --- a/kernel/crash_dump_dm_crypt.c +++ b/kernel/crash_dump_dm_crypt.c @@ -1,4 +1,6 @@ // SPDX-License-Identifier: GPL-2.0-only +#include +#include #include #include =20 @@ -128,3 +130,88 @@ int crash_sysfs_dm_crypt_keys_read(char *buf) return sysfs_emit(buf, "%s\n", STATE_STR[state]); } EXPORT_SYMBOL_GPL(crash_sysfs_dm_crypt_keys_read); + +static int read_key_from_user_keying(struct dm_crypt_key *dm_key) +{ + const struct user_key_payload *ukp; + struct key *key; + + kexec_dprintk("Requesting key %s", dm_key->key_desc); + key =3D request_key(&key_type_logon, dm_key->key_desc, NULL); + + if (IS_ERR(key)) { + pr_warn("No such key %s\n", dm_key->key_desc); + return PTR_ERR(key); + } + + ukp =3D user_key_payload_locked(key); + if (!ukp) + return -EKEYREVOKED; + + memcpy(dm_key->data, ukp->data, ukp->datalen); + dm_key->key_size =3D ukp->datalen; + kexec_dprintk("Get dm crypt key (size=3D%u) %s: %8ph\n", dm_key->key_size, + dm_key->key_desc, dm_key->data); + return 0; +} + +static int build_keys_header(void) +{ + int i, r; + + for (i =3D 0; i < key_count; i++) { + r =3D read_key_from_user_keying(&keys_header->keys[i]); + if (r !=3D 0) { + pr_err("Failed to read key %s\n", keys_header->keys[i].key_desc); + return r; + } + } + + return 0; +} + +int crash_load_dm_crypt_keys(struct kimage *image) +{ + struct kexec_buf kbuf =3D { + .image =3D image, + .buf_min =3D 0, + .buf_max =3D ULONG_MAX, + .top_down =3D false, + .random =3D true, + }; + + int r; + + if (state =3D=3D FRESH) + return 0; + + if (key_count !=3D keys_header->total_keys) { + kexec_dprintk("Only record %u keys (%u in total)\n", key_count, + keys_header->total_keys); + return -EINVAL; + } + + image->dm_crypt_keys_addr =3D 0; + r =3D build_keys_header(); + if (r) + return r; + + kbuf.buffer =3D keys_header; + kbuf.bufsz =3D keys_header_size; + + kbuf.memsz =3D kbuf.bufsz; + kbuf.buf_align =3D ELF_CORE_HEADER_ALIGN; + kbuf.mem =3D KEXEC_BUF_MEM_UNKNOWN; + r =3D kexec_add_buffer(&kbuf); + if (r) { + kvfree((void *)kbuf.buffer); + return r; + } + state =3D LOADED; + image->dm_crypt_keys_addr =3D kbuf.mem; + image->dm_crypt_keys_sz =3D kbuf.bufsz; + kexec_dprintk("Loaded dm crypt keys to kexec_buffer bufsz=3D0x%lx memsz= =3D0x%lx\n", + kbuf.bufsz, kbuf.bufsz); + + return r; +} --=20 2.45.1 From nobody Thu Feb 12 20:24:37 2026 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1197D193066 for ; Fri, 7 Jun 2024 12:26:53 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717763215; cv=none; b=KF+xQ1yFZoyI6LaGaupShaaFI/HjpWmB7KddLbZwu8Z/M61NBdBeWzqq/PADSaP/6MqF91VtaSc3b8RP6GOZ0aLYHql9i864Kjv3scJbjVp4FWUEgPJQTLqdS0pPSObJjn/Z4HOhJ+ociMLl3XbqJQKUlqC+ywtCk1fYajPCB/I= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717763215; c=relaxed/simple; bh=IBYPengZsz7XC1vanBmnhe17XfWTwTLjGq2J1MdC1Oo=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=YiXooct6XXyoSW7+cNpoggcxulsY8u/6+EW1GdbZwklkxO/2pbhF7smuKvX3utqWkLilrQ2y3dSyoDp9MAZI2kHEOUxY5ySJ/fn2wupRO2UEaP+BIw3vZjioxlUkYFTns7QOfNKA5Du4shXwmglQSq1PiO2EKXWl2f0Y1Ed/LJw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=daW6goiz; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="daW6goiz" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1717763213; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=vGp8yBhj1+knJlcnzRysXoXCImiASNI+KRbes2MGqNg=; b=daW6goizWE1k5G7VHuvfIK2PPqseCSXOw/Y+8NciIpw8BMChTBKooXb89mlFY7L8eVeCCm 53WpeHoh02SxMwKtqHjYjjfQTnYPbCcyvWFM7ChlKWEx+ntz/HWEXttzYnm9LYoWYlxvVa 9XQl4HHAZbBQwe7w0qqnoe+AKXy8RtM= Received: from mail-pl1-f199.google.com (mail-pl1-f199.google.com [209.85.214.199]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-643-QILmmHBUObOJFCc2tQvQcA-1; Fri, 07 Jun 2024 08:26:51 -0400 X-MC-Unique: QILmmHBUObOJFCc2tQvQcA-1 Received: by mail-pl1-f199.google.com with SMTP id d9443c01a7336-1f67a4842dfso15049025ad.1 for ; Fri, 07 Jun 2024 05:26:51 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717763210; x=1718368010; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=vGp8yBhj1+knJlcnzRysXoXCImiASNI+KRbes2MGqNg=; b=to3CkBaaVViUUv22IdjC/zMZthDNtqYdSX5OZUSt+Vd0lmIkKy7qXnR+a6UHwD2/OL bLUyg9Rd3gqvFEMm9jpdd1A9xgj5CouqfJqTwfWMuQS/qw+NsKuvTefMm31d370mPVtg /238f5FT1/klCDkrDjUIozDyEH1TIoZtEq+hdVkR5ZomVD0JkE8oVQWEFuErWV6HXx2Q HRlUrxHw/GdhTpysJ3itY/101ctWLkcIqXQqP4eNnQSg0GHvmT0/gkbk8PVvep9wlBzZ ccaPigTi9TEJXYrCeLi3BDxw8bJUWJ4qjraDqnWyanT0Mn6hNr/+o5Xb4wjIx1B1+IGh qplg== X-Forwarded-Encrypted: i=1; AJvYcCWOfYDeu/+Av9J2DsvcZD5BepB94n9vmdBNOrbVG03gyGgqB4e2vR9XSoVGHO3gZ8uWNBqAzXk4en1LEUjXlZQbk6AmRHiLJB8EeIIC X-Gm-Message-State: AOJu0YwmNM8WJR2ksT7gCTTP//LHAsQvTmZCjmxlqYQa0smY3x35OlQq OhXhITZbnPEYuGq+SLqfm/Z85o1V5a7jP6C/aL5Ar0KCtRAdwd7YnbfzBdj3y+yrd/JyB1Lrj6i KvgNfPgx9EeoTSx4pmfwsWxyStlfl5uRAsCjz8uxt0A0O4FDkTlhXoajPwtgWug== X-Received: by 2002:a17:903:950:b0:1f6:e338:348f with SMTP id d9443c01a7336-1f6e3383556mr8776735ad.3.1717763209947; Fri, 07 Jun 2024 05:26:49 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHXnqypVfmxKF1aFiPxUul2uqRYNx6AqzNM8EiDs+ZbbmDh4kF2hq/Ga42bgvJ6dM0meVp4Qg== X-Received: by 2002:a17:903:950:b0:1f6:e338:348f with SMTP id d9443c01a7336-1f6e3383556mr8776405ad.3.1717763209330; Fri, 07 Jun 2024 05:26:49 -0700 (PDT) Received: from localhost ([43.228.180.230]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-1f6bd7ccdc3sm33218575ad.131.2024.06.07.05.26.47 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 07 Jun 2024 05:26:48 -0700 (PDT) From: Coiby Xu To: kexec@lists.infradead.org Cc: Ondrej Kozina , Milan Broz , Thomas Staudt , =?UTF-8?q?Daniel=20P=20=2E=20Berrang=C3=A9?= , Kairui Song , Jan Pazdziora , Pingfan Liu , Baoquan He , Dave Young , linux-kernel@vger.kernel.org, x86@kernel.org, Dave Hansen , Vitaly Kuznetsov , Greg KH , Vivek Goyal Subject: [PATCH v5 4/7] crash_dump: reuse saved dm crypt keys for CPU/memory hot-plugging Date: Fri, 7 Jun 2024 20:26:14 +0800 Message-ID: <20240607122622.167228-5-coxu@redhat.com> X-Mailer: git-send-email 2.45.1 In-Reply-To: <20240607122622.167228-1-coxu@redhat.com> References: <20240607122622.167228-1-coxu@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" When there are CPU and memory hot un/plugs, the crash elfcorehdr which describes CPUs and memory in the system needs to be updated for the kdump kernel. Currently, there are two solutions to support this case. One is to utilizes udev to instruct user space to reload the kdump kernel image and initrd, elfcorehdr and etc. again. The other is to only update the elfcorehdr segment. For the 1st solution, the dm crypt keys need to be reloaded again. The user space can write the "reuse" command to /sys/kernel/crash_dm_crypt_key so the stored keys can be re-saved again. Note only x86 (commit ea53ad9cf73b ("x86/crash: add x86 crash hotplug support")) and ppc (WIP) supports the new infrastructure (commit 247262756121 ("crash: add generic infrastructure for crash hotplug support")). If the new infrastructure get extended to all arches, this patch can be dropped. Signed-off-by: Coiby Xu --- Documentation/ABI/testing/crash_dm_crypt_keys | 2 ++ kernel/crash_dump_dm_crypt.c | 32 ++++++++++++++++--- 2 files changed, 30 insertions(+), 4 deletions(-) diff --git a/Documentation/ABI/testing/crash_dm_crypt_keys b/Documentation/= ABI/testing/crash_dm_crypt_keys index e6a6f6be5a9e..7426c9d8de97 100644 --- a/Documentation/ABI/testing/crash_dm_crypt_keys +++ b/Documentation/ABI/testing/crash_dm_crypt_keys @@ -15,6 +15,8 @@ Description: read/write Record a key description. For security reason, the key must be a l= ogon key whose payload can't be read by user space. For details, please= refer to security/keys/core.rst. + - "reuse" + Reuse the dm crypt keys stored in kdump reserved memory. =20 And you can also read this API to know the command eructation status, - fresh diff --git a/kernel/crash_dump_dm_crypt.c b/kernel/crash_dump_dm_crypt.c index 0033152668ae..9a6bd39adf76 100644 --- a/kernel/crash_dump_dm_crypt.c +++ b/kernel/crash_dump_dm_crypt.c @@ -15,13 +15,15 @@ static enum STATE_ENUM { INITIALIZED, RECORDED, LOADED, + REUSE, } state; =20 static const char * const STATE_STR[] =3D { [FRESH] =3D "fresh", [INITIALIZED] =3D "initialized", [RECORDED] =3D "recorded", - [LOADED] =3D "loaded" + [LOADED] =3D "loaded", + [REUSE] =3D "reuse" }; =20 static unsigned int key_count; @@ -107,12 +109,32 @@ static int record_key_desc(const char *buf, struct dm= _crypt_key *dm_key) return 0; } =20 +static void get_keys_from_kdump_reserved_memory(void) +{ + struct keys_header *keys_header_loaded; + + arch_kexec_unprotect_crashkres(); + + keys_header_loaded =3D kmap_local_page(pfn_to_page( + kexec_crash_image->dm_crypt_keys_addr >> PAGE_SHIFT)); + + memcpy(keys_header, keys_header_loaded, keys_header_size); + kunmap_local(keys_header_loaded); + state =3D RECORDED; + arch_kexec_protect_crashkres(); +} + static int process_cmd(const char *buf, size_t count) { if (strncmp(buf, "init ", 5) =3D=3D 0) return init(buf); else if (strncmp(buf, "record ", 7) =3D=3D 0 && count =3D=3D KEY_DESC_LEN= + 6) return record_key_desc(buf, &keys_header->keys[key_count]); + else if (!strcmp(buf, "reuse")) { + state =3D REUSE; + get_keys_from_kdump_reserved_memory(); + return 0; + } =20 return -EINVAL; } @@ -192,9 +214,11 @@ int crash_load_dm_crypt_keys(struct kimage *image) } =20 image->dm_crypt_keys_addr =3D 0; - r =3D build_keys_header(); - if (r) - return r; + if (state !=3D REUSE) { + r =3D build_keys_header(); + if (r) + return r; + } =20 kbuf.buffer =3D keys_header; kbuf.bufsz =3D keys_header_size; --=20 2.45.1 From nobody Thu Feb 12 20:24:37 2026 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9BEA4194C79 for ; Fri, 7 Jun 2024 12:26:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717763220; cv=none; b=Doch5x8oekm7mEpDqj0YWZvClAd55dLR9cDMxztea4O+GVl8F4tAdqF7Rwl6p2gUZfBPhGqP18r7AwbJx26hCcN02FzUs4GRrajn5ls2KO4JyQhn7pG2AvENT99U21YLU3wNUQAdq/1Ixo3EwaqR4zU4GHO+gtKzcrfgKVoMoz8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717763220; c=relaxed/simple; bh=xldUFfQCLaHrWyRsZ3+WqfDxiKs8c6FyPyEYApGXNho=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=YQv+Tyv7m2RW1l5qGalhkw9SVQtLy7QEfKk1CL2XlklZxeYapXbwTTKVxSr5AUhye7mxL2tb5c1axOWvEzLKYRu/D7XxvyKlpUy7JiXknsTkd2PvisJk8AeGjZkCQIaN3OUy4kuI/7bNBzZbK+uACwlupoC1nqBOjmxFwoZxfwo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=A7lTZuiJ; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="A7lTZuiJ" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1717763217; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=PnrGjun192AtksvBWoEeo2xFayBkQDU9eM35Zfke7SA=; b=A7lTZuiJMeJUmON1183D1aW+0UYNZxPtPUqv12nqxUKAbPYIWsdBX2+UiY9IbSAMEyizVL /5l9RJ8qwvOVMyWSYK2vd6GtKrbUj2ILuw7BV0d7AEYfV0Df7C9ttt6M+NlTlbZtwMZLkt X1aYqdLpYHO/Lev2m4umDN3SLGQSDWg= Received: from mail-pj1-f69.google.com (mail-pj1-f69.google.com [209.85.216.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-500-cHoI0TsNNKCrlYYabjyqMA-1; Fri, 07 Jun 2024 08:26:56 -0400 X-MC-Unique: cHoI0TsNNKCrlYYabjyqMA-1 Received: by mail-pj1-f69.google.com with SMTP id 98e67ed59e1d1-2c1e9951604so1765215a91.3 for ; Fri, 07 Jun 2024 05:26:56 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717763215; x=1718368015; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=PnrGjun192AtksvBWoEeo2xFayBkQDU9eM35Zfke7SA=; b=MJkO2Y0MujKpNfkeAprcX0OSBmXPaNxq8Zt3SMf5mVH7bCBooMXWZbM3OCZvjF1mfH sM11tdVLd37Nk10MgLeSk9l3mx73Dqo7HyiyhTrJS9myVLJwij/xMRgvqjqF4GQ4wyR0 1T+95SOYMQSeo1Y7ZrRQ2E4gQDb5FtAq3NNpX29+bbNhB+YriCMwyHg2+33xVahVXc/b 9A1gExTSow8o9zVZ04WTa1msLvRa5BJQQ0maaaHc+QHWPHPAF5Sm3vJXwLnN3aqlI7Xw AQoiJzcTztzZmEoW2aMjGAkTvawlgK2R+Adywhu6swgRAvtzD2j3CHVDWoBkKwI8FvIX KxKA== X-Forwarded-Encrypted: i=1; AJvYcCW7+nX7GqUAta7HrGwEWbGfi5z2ADlDzN1abuUUjP96pU7RYT9hrl4YS9xMmDv7iLJlcYtAtHNVQRWD2uzCnasglyW43drybyKsWSOo X-Gm-Message-State: AOJu0Yxq74kZawuMn7Bg7a3UbZl5Tj7A0+LHSJiqILIVtnqVdZWYTRcs ShBxKp81SeJDlEY5ytA167QbTqKKNZO7xrG8j5ZLoIhxirlzQVdt68MwcF0ThejpqS3XAsHLet2 L7m11lYf/Ufotstyyz0aNcRBi9S1rHGqNmlLXHhOrPHoeLpd71z3AzvQeYQjILQ== X-Received: by 2002:a17:90a:ce8d:b0:2c2:d442:aa10 with SMTP id 98e67ed59e1d1-2c2d442ab77mr88245a91.45.1717763215025; Fri, 07 Jun 2024 05:26:55 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGVjl4mp00EGKOz+YDE5MMuMdnmKS1XOHdz89KRwxto50YFnqTs7CRYSuimTnD6kBsJW/UMEA== X-Received: by 2002:a17:90a:ce8d:b0:2c2:d442:aa10 with SMTP id 98e67ed59e1d1-2c2d442ab77mr88213a91.45.1717763214227; Fri, 07 Jun 2024 05:26:54 -0700 (PDT) Received: from localhost ([43.228.180.230]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-2c2c5c05208sm1129893a91.16.2024.06.07.05.26.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 07 Jun 2024 05:26:53 -0700 (PDT) From: Coiby Xu To: kexec@lists.infradead.org Cc: Ondrej Kozina , Milan Broz , Thomas Staudt , =?UTF-8?q?Daniel=20P=20=2E=20Berrang=C3=A9?= , Kairui Song , Jan Pazdziora , Pingfan Liu , Baoquan He , Dave Young , linux-kernel@vger.kernel.org, x86@kernel.org, Dave Hansen , Vitaly Kuznetsov , Greg KH , Vivek Goyal Subject: [PATCH v5 5/7] crash_dump: retrieve dm crypt keys in kdump kernel Date: Fri, 7 Jun 2024 20:26:15 +0800 Message-ID: <20240607122622.167228-6-coxu@redhat.com> X-Mailer: git-send-email 2.45.1 In-Reply-To: <20240607122622.167228-1-coxu@redhat.com> References: <20240607122622.167228-1-coxu@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Crash kernel will retrieve the dm crypt keys based on the dmcryptkeys command line parameter. When user space writes the key description to /sys/kernel/crash_dm_crypt_key, the crash kernel will save the encryption keys to the user keyring. Then user space e.g. cryptsetup's --volume-key-keyring API can use it to unlock the encrypted device. Signed-off-by: Coiby Xu --- Documentation/ABI/testing/crash_dm_crypt_keys | 3 + include/linux/crash_core.h | 1 + kernel/crash_dump_dm_crypt.c | 101 +++++++++++++++++- 3 files changed, 103 insertions(+), 2 deletions(-) diff --git a/Documentation/ABI/testing/crash_dm_crypt_keys b/Documentation/= ABI/testing/crash_dm_crypt_keys index 7426c9d8de97..56a4b878a4dd 100644 --- a/Documentation/ABI/testing/crash_dm_crypt_keys +++ b/Documentation/ABI/testing/crash_dm_crypt_keys @@ -29,4 +29,7 @@ Description: read/write the kdump kernel has been loaded with the dm crypt keys stored to = kdump reserved memory =20 + After the kdump kernel gets booted, user space can write anything to t= his API + so the dm crypt keys can be restored to the keyring. + User: Kdump service diff --git a/include/linux/crash_core.h b/include/linux/crash_core.h index ab20829d0bc9..d7308b6e83f4 100644 --- a/include/linux/crash_core.h +++ b/include/linux/crash_core.h @@ -38,6 +38,7 @@ static inline void arch_kexec_unprotect_crashkres(void) {= } int crash_sysfs_dm_crypt_keys_read(char *buf); int crash_sysfs_dm_crypt_keys_write(const char *buf, size_t count); int crash_load_dm_crypt_keys(struct kimage *image); +ssize_t dm_crypt_keys_read(char *buf, size_t count, u64 *ppos); #else static inline int crash_load_dm_crypt_keys(struct kimage *image) {return 0= ; } #endif diff --git a/kernel/crash_dump_dm_crypt.c b/kernel/crash_dump_dm_crypt.c index 9a6bd39adf76..00223343473b 100644 --- a/kernel/crash_dump_dm_crypt.c +++ b/kernel/crash_dump_dm_crypt.c @@ -40,12 +40,67 @@ static struct keys_header { struct dm_crypt_key keys[] __counted_by(total_keys); } *keys_header; =20 +unsigned long long dm_crypt_keys_addr; +EXPORT_SYMBOL_GPL(dm_crypt_keys_addr); + +static int __init setup_dmcryptkeys(char *arg) +{ + char *end; + + if (!arg) + return -EINVAL; + dm_crypt_keys_addr =3D memparse(arg, &end); + if (end > arg) + return 0; + + dm_crypt_keys_addr =3D 0; + return -EINVAL; +} + +early_param("dmcryptkeys", setup_dmcryptkeys); + static size_t get_keys_header_size(struct keys_header *keys_header, size_t total_keys) { return struct_size(keys_header, keys, total_keys); } =20 +/* + * Architectures may override this function to read dm crypt keys + */ +ssize_t __weak dm_crypt_keys_read(char *buf, size_t count, u64 *ppos) +{ + struct kvec kvec =3D { .iov_base =3D buf, .iov_len =3D count }; + struct iov_iter iter; + + iov_iter_kvec(&iter, READ, &kvec, 1, count); + return read_from_oldmem(&iter, count, ppos, false); +} + +static int add_key_to_keyring(struct dm_crypt_key *dm_key, + key_ref_t keyring_ref) +{ + key_ref_t key_ref; + int r; + + /* create or update the requested key and add it to the target keyring */ + key_ref =3D key_create_or_update(keyring_ref, "user", dm_key->key_desc, + dm_key->data, dm_key->key_size, + KEY_USR_ALL, KEY_ALLOC_IN_QUOTA); + + if (!IS_ERR(key_ref)) { + r =3D key_ref_to_ptr(key_ref)->serial; + key_ref_put(key_ref); + kexec_dprintk("Success adding key %s", dm_key->key_desc); + } else { + r =3D PTR_ERR(key_ref); + kexec_dprintk("Error when adding key"); + } + + key_ref_put(keyring_ref); + return r; +} + /* * Let the kernel know the number of dm crypt keys and allocate memory to * initialize related structures. @@ -139,11 +194,53 @@ static int process_cmd(const char *buf, size_t count) return -EINVAL; } =20 +static int restore_dm_crypt_keys_to_thread_keyring(const char *key_desc) +{ + struct dm_crypt_key *key; + key_ref_t keyring_ref; + u64 addr; + + /* find the target keyring (which must be writable) */ + keyring_ref =3D + lookup_user_key(KEY_SPEC_USER_KEYRING, 0x01, KEY_NEED_WRITE); + if (IS_ERR(keyring_ref)) { + kexec_dprintk("Failed to get keyring %s\n", key_desc); + return PTR_ERR(keyring_ref); + } + + addr =3D dm_crypt_keys_addr; + dm_crypt_keys_read((char *)&key_count, sizeof(key_count), &addr); + if (key_count < 0 || key_count > KEY_NUM_MAX) { + pr_info("Failed to read the number of dm_crypt keys\n"); + return -1; + } + + kexec_dprintk("There are %u keys\n", key_count); + addr =3D dm_crypt_keys_addr; + + keys_header_size =3D get_keys_header_size(keys_header, key_count); + + keys_header =3D kzalloc(keys_header_size, GFP_KERNEL); + if (!keys_header) + return -ENOMEM; + + dm_crypt_keys_read((char *)keys_header, keys_header_size, &addr); + + for (int i =3D 0; i < keys_header->total_keys; i++) { + key =3D &keys_header->keys[i]; + kexec_dprintk("Get key (size=3D%u)\n", key->key_size); + add_key_to_keyring(key, keyring_ref); + } + + return 0; +} + int crash_sysfs_dm_crypt_keys_write(const char *buf, size_t count) { if (!is_kdump_kernel()) return process_cmd(buf, count); - return -EINVAL; + else + return restore_dm_crypt_keys_to_thread_keyring(buf); } EXPORT_SYMBOL_GPL(crash_sysfs_dm_crypt_keys_write); =20 @@ -184,7 +281,7 @@ static int build_keys_header(void) for (i =3D 0; i < key_count; i++) { r =3D read_key_from_user_keying(&keys_header->keys[i]); if (r !=3D 0) { - pr_err("Failed to read key %s\n", keys_header->keys[i].key_desc); + kexec_dprintk("Failed to read key %s\n", keys_header->keys[i].key_desc); return r; } } --=20 2.45.1 From nobody Thu Feb 12 20:24:37 2026 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B7FD4195FF2 for ; Fri, 7 Jun 2024 12:27:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717763229; cv=none; b=rXTKCbNfIevkxNuMf1MZUqezNCBgp0ueQ/ocqIK+qHLjhUDKv+S03oVdyhvtZBRsd84msxB+Xhw/P9PM3Gwi+NcVI27JGS+lrzag84IvLGcfglR0YKSvLzUCRoyz+rn2p6sRQg+/wK/DJMXWyFd8QzIITKEIkXP4EruYvM3Ap64= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717763229; c=relaxed/simple; bh=ijm0GPn/zaSIhGjFfkIwc3vF+unFOLisQCItbhyQnT0=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=s17la/004vWdAx4qsB2N3QQlBanh15Q/p7tUUyn4fRZCel6aslJ8jO5GwQqjw3JvLJ120rGMdEO7Zrq17+2UIxbEf4ZovJYM7y4zOkIwRTYFxNelTV49UkBqws1z23Kbe3TdHMrOCPWF0vq0r8My3HBZovcrAL2n4+2pRjSTIvw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=a6uvZMA3; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="a6uvZMA3" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1717763226; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=r8eSDPJOHg5XX+C6EnMgGjbvp60roI+VIhJqlmfxAK0=; b=a6uvZMA35XEzA353ewNPEItbdyzFyyK8SLmabu33RQWuXJQaYDT9KONsUiRJCvmWGsTVgj hOawZwGsksS1fw1GZz9zXRgmrRr81KRljUEg06cNbTHjPnybXInI2iIgFIc/JN2XsqWaRt ZG1f+AjTdfUbXyzYg0FKGnWw23OxN2A= Received: from mail-pj1-f70.google.com (mail-pj1-f70.google.com [209.85.216.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-330-_srFBKt2MY6fPtJK5GGq8g-1; Fri, 07 Jun 2024 08:27:04 -0400 X-MC-Unique: _srFBKt2MY6fPtJK5GGq8g-1 Received: by mail-pj1-f70.google.com with SMTP id 98e67ed59e1d1-2c1a23d1382so2006651a91.0 for ; Fri, 07 Jun 2024 05:27:03 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717763220; x=1718368020; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=r8eSDPJOHg5XX+C6EnMgGjbvp60roI+VIhJqlmfxAK0=; b=Ax4R2fgSg38HQp/6sDyVZSjsYO7+VxlNXBtz2YYiQ4yHMFgeskKbotnVm6OiUJ1cBv xy/j9WP8G/CabJUvGf3BTUyryPQ8B8wthk+7+8EGoe0zNsAwvRAAG3enZ5NsL1H5a89S L24ZGp4cNzy/Sro09QNxq+3iiqsCvNeHspnbvC75zGKSUXcGFu7fDn6WVGhvLxTqX153 iLD2D0gLpvhW6On11fQZ94d2+WAPRNOtt10Zyzwi7Ao+3c4QNTenp1bO8nkrTubYOqTg PZ5Z2oOpgkV/72026MKiKFeZjMV/5Bmsbi8e86WCMBiqQrFTfTAsrvs6jwuHKaRQx4R3 4iXQ== X-Forwarded-Encrypted: i=1; AJvYcCWy3rZ8mpvoY/wJUIuQTiAX49Y7nILLRNHCfyxDFlKxxdmm77BtGxxT6lRymBtzFYdF+3GSjffAMgKWubx6P/hI+Bteh3NStLJgY/Cp X-Gm-Message-State: AOJu0YxE3V/mh7zsfrMqnv2/iKejZfvpLOMHP1fEV0g1eo6lZtuAQ/aB Rkt/J2S25ihz/zdRpdR/UOPwdQ+5OZ9f5hUB3Cgt88F1F6mgDLXOvc3Sne63n0/n/DNaq4eRchw 4yR5H/Mv75+s5YeX9xFPlEJFa3bZVng8RkpM9Ut5mURUp3RdQNaW9qUL4119+oDBwm7jUXShAz6 It8g== X-Received: by 2002:a17:90a:c68a:b0:2c2:d294:4b37 with SMTP id 98e67ed59e1d1-2c2d2944e21mr159152a91.16.1717763219595; Fri, 07 Jun 2024 05:26:59 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGw9d3+j4Qxyr3iy7YrPWSmR+eC0E/vLf1RLdGhWBQep6818IZh3UHaedUhxP520TTrHOJycQ== X-Received: by 2002:a17:90a:c68a:b0:2c2:d294:4b37 with SMTP id 98e67ed59e1d1-2c2d2944e21mr159112a91.16.1717763218929; Fri, 07 Jun 2024 05:26:58 -0700 (PDT) Received: from localhost ([43.228.180.230]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-2c2806cfa57sm5342060a91.49.2024.06.07.05.26.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 07 Jun 2024 05:26:58 -0700 (PDT) From: Coiby Xu To: kexec@lists.infradead.org Cc: Ondrej Kozina , Milan Broz , Thomas Staudt , =?UTF-8?q?Daniel=20P=20=2E=20Berrang=C3=A9?= , Kairui Song , Jan Pazdziora , Pingfan Liu , Baoquan He , Dave Young , linux-kernel@vger.kernel.org, x86@kernel.org, Dave Hansen , Vitaly Kuznetsov , Greg KH , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "H. Peter Anvin" Subject: [PATCH v5 6/7] x86/crash: pass dm crypt keys to kdump kernel Date: Fri, 7 Jun 2024 20:26:16 +0800 Message-ID: <20240607122622.167228-7-coxu@redhat.com> X-Mailer: git-send-email 2.45.1 In-Reply-To: <20240607122622.167228-1-coxu@redhat.com> References: <20240607122622.167228-1-coxu@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" 1st kernel will build up the kernel command parameter dmcryptkeys as similar to elfcorehdr to pass the memory address of the stored info of dm crypt key to kdump kernel. Signed-off-by: Coiby Xu --- arch/x86/kernel/crash.c | 20 ++++++++++++++++++-- arch/x86/kernel/kexec-bzimage64.c | 7 +++++++ 2 files changed, 25 insertions(+), 2 deletions(-) diff --git a/arch/x86/kernel/crash.c b/arch/x86/kernel/crash.c index f06501445cd9..ca7f7d44a433 100644 --- a/arch/x86/kernel/crash.c +++ b/arch/x86/kernel/crash.c @@ -266,6 +266,7 @@ static int memmap_exclude_ranges(struct kimage *image, = struct crash_mem *cmem, unsigned long long mend) { unsigned long start, end; + int ret; =20 cmem->ranges[0].start =3D mstart; cmem->ranges[0].end =3D mend; @@ -274,22 +275,37 @@ static int memmap_exclude_ranges(struct kimage *image= , struct crash_mem *cmem, /* Exclude elf header region */ start =3D image->elf_load_addr; end =3D start + image->elf_headers_sz - 1; - return crash_exclude_mem_range(cmem, start, end); + ret =3D crash_exclude_mem_range(cmem, start, end); + + if (ret) + return ret; + + /* Exclude dm crypt keys region */ + if (image->dm_crypt_keys_addr) { + start =3D image->dm_crypt_keys_addr; + end =3D start + image->dm_crypt_keys_sz - 1; + return crash_exclude_mem_range(cmem, start, end); + } + + return ret; } =20 /* Prepare memory map for crash dump kernel */ int crash_setup_memmap_entries(struct kimage *image, struct boot_params *p= arams) { + unsigned int max_nr_ranges =3D 3; int i, ret =3D 0; unsigned long flags; struct e820_entry ei; struct crash_memmap_data cmd; struct crash_mem *cmem; =20 - cmem =3D vzalloc(struct_size(cmem, ranges, 1)); + cmem =3D vzalloc(struct_size(cmem, ranges, max_nr_ranges)); if (!cmem) return -ENOMEM; =20 + cmem->max_nr_ranges =3D max_nr_ranges; + memset(&cmd, 0, sizeof(struct crash_memmap_data)); cmd.params =3D params; =20 diff --git a/arch/x86/kernel/kexec-bzimage64.c b/arch/x86/kernel/kexec-bzim= age64.c index 68530fad05f7..9c94428927bd 100644 --- a/arch/x86/kernel/kexec-bzimage64.c +++ b/arch/x86/kernel/kexec-bzimage64.c @@ -76,6 +76,10 @@ static int setup_cmdline(struct kimage *image, struct bo= ot_params *params, if (image->type =3D=3D KEXEC_TYPE_CRASH) { len =3D sprintf(cmdline_ptr, "elfcorehdr=3D0x%lx ", image->elf_load_addr); + + if (image->dm_crypt_keys_addr !=3D 0) + len +=3D sprintf(cmdline_ptr + len, + "dmcryptkeys=3D0x%lx ", image->dm_crypt_keys_addr); } memcpy(cmdline_ptr + len, cmdline, cmdline_len); cmdline_len +=3D len; @@ -441,6 +445,9 @@ static void *bzImage64_load(struct kimage *image, char = *kernel, ret =3D crash_load_segments(image); if (ret) return ERR_PTR(ret); + ret =3D crash_load_dm_crypt_keys(image); + if (ret) + pr_debug("Either no dm crypt key or error to retrieve the dm crypt key\= n"); } #endif =20 --=20 2.45.1 From nobody Thu Feb 12 20:24:37 2026 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E542F194C79 for ; Fri, 7 Jun 2024 12:27:08 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717763230; cv=none; b=rD0qTuY4VI921ffjOS8UQkHpwM+yaomNUAjSwpP16pFpYGyqr3Exs1ofSkhRGxrevfJoULURmrWmJHGBX46RvdHENVO3N5tmW+tzUb32dESugxeEYUMw7qAe2TDcpZKBX0Mmv1aUGVQtkc6hm6jUjjvDorW9NNsi+fo2UBNNsSE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717763230; c=relaxed/simple; bh=P6k/4n5U39byFzD6jzSNBEigVT6mMplCDkSAxVn4NZg=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=ijmnHBfDYL0prZqJpTmTznVfBY4RJj12phKFmupIBRvxujWBlsuu+pVPgSphpGV6rhgz46yiQDllTREemsp0iNAlu8b5f0dEy+Dievddx5SmqITdyZITQGL8iD0e5OC4OULaPqE0LnJj1IbfeLTVY7iAzHYcxxzky0HiFkHCOAA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=FVFo9jbD; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="FVFo9jbD" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1717763228; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=W4ZPJMKNqAKs+WSkD3sNi4S4EfGxm9XkiKd+CksFrl0=; b=FVFo9jbDx8/SWQ6vlzNnHE3LK80SPqRjSlSYEvgbfuWh6q2wtAXtQofFIVxEySEgOPdL6q dzlI5L8oVpXxxEzt5Lfts2wFk/P+FbMoxeZOJ5BaJ2dfNREnMiZ6Pb9FJZi9rTfJChd6CI AYkQfqmDNPIhXZVO2e4W54rfN1G38d0= Received: from mail-il1-f200.google.com (mail-il1-f200.google.com [209.85.166.200]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-568-1TUaR7ivODeX6ebTvadgkA-1; Fri, 07 Jun 2024 08:27:06 -0400 X-MC-Unique: 1TUaR7ivODeX6ebTvadgkA-1 Received: by mail-il1-f200.google.com with SMTP id e9e14a558f8ab-3738732f988so19796875ab.0 for ; Fri, 07 Jun 2024 05:27:06 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717763226; x=1718368026; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=W4ZPJMKNqAKs+WSkD3sNi4S4EfGxm9XkiKd+CksFrl0=; b=HAbmTCMnWxx3/dq+bd9IjPyTJuKy/S7MS23xvyVfVGIeM3iaaGNyw86r5sp6J4J28v zoqM23ZkkREMuWxy9P/TvxDjIy/w3XUUpmOkBJMThed8jIwIfwf68W/Xkty43ZvQUQiA R1HXGxRXlIWvEhmnCexEaSqjY8yvHyo9Qnl2Cviw4M4dk5fsqzZE2kKxL5KI3YXwGQ35 N9U69hvZD5IzrNz+zDg+7jyMAO0jCWODseHcjUfGE1UXK1QkBDZDT47AGVatlbtgbg3c HkHSw/xuEsKNRKv9xuhTmVCQFRTzSxIbbUDAc4AGeP2yz3igaLi7uaspe2XsE1W6fTLJ 2VeA== X-Forwarded-Encrypted: i=1; AJvYcCWWlRxLSWIGTWGHpLykE3UvklZRsZd58ISEht+KICTJVrztmYAPRaikLAPRpmWknNsdPz5Geb0XbB2C/bajLanJjdqiI9UxB7udBPlY X-Gm-Message-State: AOJu0YykJ/t1T1ECYfos/zIxzE5ckPxDfRZOvMLqSyAfsHYCGOYiFr8i WwJo473ARyirSkIJz3MyLbmKQaSjcX/TeYoHM6BQd/x1THHAF5Xp+sI9MlszTWrIKXfDtz+Tli+ iI2PAFpOkFtjh3ycznOGqNto1qM8/VPWDasL8yWRZXvuH9UeUiepEGL2yEHdU7g== X-Received: by 2002:a05:6e02:1b0f:b0:374:a738:818c with SMTP id e9e14a558f8ab-3758030b7a4mr31967565ab.12.1717763225500; Fri, 07 Jun 2024 05:27:05 -0700 (PDT) X-Google-Smtp-Source: AGHT+IG8pU+tOy6cV80EfkDwgc4VbW/L5pJTETaDXD3l4vJiIFc665Y5KIiucld1brAK/XJ5qcivgQ== X-Received: by 2002:a05:6e02:1b0f:b0:374:a738:818c with SMTP id e9e14a558f8ab-3758030b7a4mr31967195ab.12.1717763224612; Fri, 07 Jun 2024 05:27:04 -0700 (PDT) Received: from localhost ([43.228.180.230]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-6e4d8db18c2sm397294a12.29.2024.06.07.05.27.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 07 Jun 2024 05:27:04 -0700 (PDT) From: Coiby Xu To: kexec@lists.infradead.org Cc: Ondrej Kozina , Milan Broz , Thomas Staudt , =?UTF-8?q?Daniel=20P=20=2E=20Berrang=C3=A9?= , Kairui Song , Jan Pazdziora , Pingfan Liu , Baoquan He , Dave Young , linux-kernel@vger.kernel.org, x86@kernel.org, Dave Hansen , Vitaly Kuznetsov , Greg KH , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "H. Peter Anvin" Subject: [PATCH v5 7/7] x86/crash: make the page that stores the dm crypt keys inaccessible Date: Fri, 7 Jun 2024 20:26:17 +0800 Message-ID: <20240607122622.167228-8-coxu@redhat.com> X-Mailer: git-send-email 2.45.1 In-Reply-To: <20240607122622.167228-1-coxu@redhat.com> References: <20240607122622.167228-1-coxu@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" This adds an addition layer of protection for the saved copy of dm crypt key. Trying to access the saved copy will cause page fault. Suggested-by: Pingfan Liu Signed-off-by: Coiby Xu --- arch/x86/kernel/machine_kexec_64.c | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/arch/x86/kernel/machine_kexec_64.c b/arch/x86/kernel/machine_k= exec_64.c index b180d8e497c3..aba50ec641e6 100644 --- a/arch/x86/kernel/machine_kexec_64.c +++ b/arch/x86/kernel/machine_kexec_64.c @@ -545,13 +545,35 @@ static void kexec_mark_crashkres(bool protect) kexec_mark_range(control, crashk_res.end, protect); } =20 +/* make the memory storing dm crypt keys in/accessible */ +static void kexec_mark_dm_crypt_keys(bool protect) +{ + unsigned long start_paddr, end_paddr; + unsigned int nr_pages; + + if (kexec_crash_image->dm_crypt_keys_addr) { + start_paddr =3D kexec_crash_image->dm_crypt_keys_addr; + end_paddr =3D start_paddr + kexec_crash_image->dm_crypt_keys_sz - 1; + nr_pages =3D (PAGE_ALIGN(end_paddr) - PAGE_ALIGN_DOWN(start_paddr))/PAGE= _SIZE; + if (protect) + set_memory_np((unsigned long)phys_to_virt(start_paddr), nr_pages); + else + __set_memory_prot( + (unsigned long)phys_to_virt(start_paddr), + nr_pages, + __pgprot(_PAGE_PRESENT | _PAGE_NX | _PAGE_RW)); + } +} + void arch_kexec_protect_crashkres(void) { kexec_mark_crashkres(true); + kexec_mark_dm_crypt_keys(true); } =20 void arch_kexec_unprotect_crashkres(void) { + kexec_mark_dm_crypt_keys(false); kexec_mark_crashkres(false); } #endif --=20 2.45.1