From nobody Sun Dec 14 21:36:38 2025 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 29F3213AA38 for ; Thu, 16 Jan 2025 07:31:00 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737012664; cv=none; b=Zxlv8aNjtR4ai92HIj9WscT3TOgphsncSh3JpTeabkq9/0QdcQHS43N2aNySG8nU2apzCHVmWq8u2/rxGLGnJAOoD3sirnX4wMKHxYFhYk9pYhPNSvMTs9dEGoONB979i7BiwRXSO/xalOjD7lVZOjqsoMH15HvnX/rb+lo6j0g= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737012664; c=relaxed/simple; bh=RP9HogcZw/sWNsSOpTqj7w6ztdG6MlxQKFyARtdx4Q0=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=T4xPYZRbRNXVXHOwOAJchbc36CKv687MzvB7aE2Q1cxKvlLZ2vZ8zS5/9m6B8r0MRqdbW8DJEMtWU+L0PJahqhSrM1/DkApZc/erYtCQnpMdUE1EmuuF3o9rZmWM7lC33sDHW4tgBCt2s3nyO8I1HfbzsMZramyvx9ZX/4d28bU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=MfLfMnUc; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="MfLfMnUc" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1737012659; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=aHQUprvYUxpGchCCyLRuJWs5QUXLD5ilgW79Ys2jOQY=; b=MfLfMnUcEyCbgHGUR+56AcmcUmmp/MY3aWWXPssdUlbq9moI13nMzDezqz3yD6JO70Kjx3 HsQ94iyOk/v3K/JUTZgknNFE0LaYqxssNQWbXSKWJ84bKuClmPJqJowzS2sApsCbCzjhpT bwjjhPRVPwbujKheXfVIq0y/HJU7az8= Received: from mail-pj1-f72.google.com (mail-pj1-f72.google.com [209.85.216.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-101-kicIXkqYMMaxtS1arFfQWA-1; Thu, 16 Jan 2025 02:30:58 -0500 X-MC-Unique: kicIXkqYMMaxtS1arFfQWA-1 X-Mimecast-MFC-AGG-ID: kicIXkqYMMaxtS1arFfQWA Received: by mail-pj1-f72.google.com with SMTP id 98e67ed59e1d1-2ef775ec883so1442578a91.1 for ; Wed, 15 Jan 2025 23:30:58 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1737012657; x=1737617457; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=aHQUprvYUxpGchCCyLRuJWs5QUXLD5ilgW79Ys2jOQY=; b=ijTZouoVvZ2V8UiblZr/WmDh/kn1zTGPh1OVOKAKbZ6zNiE57Iv+CYlB4hXzn64U6W aEt4swcWLiJh4alpqgKXeXBDU7BNL2HhQ0YglHIIUN7jAucw/k5VDhvEMuYZHpPqnyxQ cKffz3XG1bLemDSnmFpieQxq8VvTwhQ7P9VCoJRrhZi0lnJqARyxLxAdaVIMH3v1KInX 85iX0Zb25mzWSG8ls2X/03AF/qSbkxQZs42mqDxi1p9hDFqnh0QnjuH0yA6LnRjVebky ZBeLvBHYsSiSTx7t64LT4phbGG93os/keDJCfKHNeYwwaZy5PKZ5uYblpbyS4CBWSG8t Z63Q== X-Forwarded-Encrypted: i=1; AJvYcCVwcOM2su2O8hstZUBKZ89XnKYhcJCROVH5AMsxD+88RANXScPu/cmxzMJwJqtT+teOtxjVuIxUMemdmUg=@vger.kernel.org X-Gm-Message-State: AOJu0YwueaDGd8cHnAS6uLd8PegvfuhY8G0110wjeSHuZVg5hcTMXYwp oH22bb6B4Gku0r6raDgI8NbxHKcchgFtM1JfF1Cpz49LMCuO92NleRGMCLQZXTGbX5SZT6pYSM7 ONd1UijJ1lvPtL+ReJsro/oq4ihIkf2j4A1lBTB3vfx/8YNKUXI8yiHrPLyy5nA== X-Gm-Gg: ASbGncs2p6P8S3evyoqD1H4wp39OUSEOtjFf84rI+zuG46+uOg7ihetyCbKMrJVuslg 7y53Umt9ZqFdHratsTUx2KaRDIe1JuJ+sCL/Uhx4utBauOoh0cqRvUH6oukXBxcdjT99+77FVld QGnG5dCTB2qgwkFqEcdzSgz89hA2yGOjKfxqlZ49OYlJSDbMdJXOTjvxTlS1yAhCGrpX7Q/WN7+ WillCrQsiXwIYuBoY6bwnvdrLbMpgct6lZ/mMRXOw5b0Pdf X-Received: by 2002:a05:6a00:230a:b0:725:90f9:daf9 with SMTP id d2e1a72fcca58-72d21f650a1mr43969905b3a.15.1737012657118; Wed, 15 Jan 2025 23:30:57 -0800 (PST) X-Google-Smtp-Source: AGHT+IGWDRrztzuIkg9Q5tBVV6pQohQ2pViv+9rbr1S07QCHNZTPnu4LF6hxA89i8/UG0IYrbzHiVg== X-Received: by 2002:a05:6a00:230a:b0:725:90f9:daf9 with SMTP id d2e1a72fcca58-72d21f650a1mr43969860b3a.15.1737012656652; Wed, 15 Jan 2025 23:30:56 -0800 (PST) Received: from localhost ([43.228.180.230]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-72d405493basm10334829b3a.27.2025.01.15.23.30.55 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 15 Jan 2025 23:30:56 -0800 (PST) From: Coiby Xu To: kexec@lists.infradead.org Cc: Ondrej Kozina , Milan Broz , Thomas Staudt , =?UTF-8?q?Daniel=20P=20=2E=20Berrang=C3=A9?= , Kairui Song , Pingfan Liu , Baoquan He , Dave Young , linux-kernel@vger.kernel.org, x86@kernel.org, Dave Hansen , Vitaly Kuznetsov , Vivek Goyal , Jonathan Corbet , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "H. Peter Anvin" , linux-doc@vger.kernel.org (open list:DOCUMENTATION) Subject: [PATCH v7 6/7] x86/crash: pass dm crypt keys to kdump kernel Date: Thu, 16 Jan 2025 15:30:52 +0800 Message-ID: <20250116073053.1043873-1-coxu@redhat.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250116065825.1041558-1-coxu@redhat.com> References: <20250116065825.1041558-1-coxu@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" 1st kernel will build up the kernel command parameter dmcryptkeys as similar to elfcorehdr to pass the memory address of the stored info of dm crypt key to kdump kernel. Signed-off-by: Coiby Xu --- Documentation/admin-guide/kdump/kdump.rst | 4 ++-- arch/x86/kernel/crash.c | 26 +++++++++++++++++++++-- arch/x86/kernel/kexec-bzimage64.c | 11 ++++++++++ 3 files changed, 37 insertions(+), 4 deletions(-) diff --git a/Documentation/admin-guide/kdump/kdump.rst b/Documentation/admi= n-guide/kdump/kdump.rst index cecfa5d34f01..c4bd6ecb6ab7 100644 --- a/Documentation/admin-guide/kdump/kdump.rst +++ b/Documentation/admin-guide/kdump/kdump.rst @@ -555,8 +555,8 @@ Write the dump file to encrypted disk volume =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =20 CONFIG_CRASH_DM_CRYPT can be enabled to support saving the dump file to -encrypted disk volume. User space can interact with -/sys/kernel/config/crash_dm_crypt_keys for setup, +encrypted disk volume (only x86_64 supported for now). User space can inte= ract +with /sys/kernel/config/crash_dm_crypt_keys for setup, =20 1. Tell the 1st kernel what keys are needed to unlock the disk volumes, # Add key #1 diff --git a/arch/x86/kernel/crash.c b/arch/x86/kernel/crash.c index 340af8155658..a525ee639b63 100644 --- a/arch/x86/kernel/crash.c +++ b/arch/x86/kernel/crash.c @@ -278,6 +278,7 @@ static int memmap_exclude_ranges(struct kimage *image, = struct crash_mem *cmem, unsigned long long mend) { unsigned long start, end; + int ret; =20 cmem->ranges[0].start =3D mstart; cmem->ranges[0].end =3D mend; @@ -286,22 +287,43 @@ static int memmap_exclude_ranges(struct kimage *image= , struct crash_mem *cmem, /* Exclude elf header region */ start =3D image->elf_load_addr; end =3D start + image->elf_headers_sz - 1; - return crash_exclude_mem_range(cmem, start, end); + ret =3D crash_exclude_mem_range(cmem, start, end); + + if (ret) + return ret; + + /* Exclude dm crypt keys region */ + if (image->dm_crypt_keys_addr) { + start =3D image->dm_crypt_keys_addr; + end =3D start + image->dm_crypt_keys_sz - 1; + return crash_exclude_mem_range(cmem, start, end); + } + + return ret; } =20 /* Prepare memory map for crash dump kernel */ int crash_setup_memmap_entries(struct kimage *image, struct boot_params *p= arams) { + unsigned int nr_ranges =3D 0; int i, ret =3D 0; unsigned long flags; struct e820_entry ei; struct crash_memmap_data cmd; struct crash_mem *cmem; =20 - cmem =3D vzalloc(struct_size(cmem, ranges, 1)); + /* + * Using random kexec_buf for passing dm crypt keys may cause a range + * split. So use two slots here. + */ + nr_ranges =3D 2; + cmem =3D vzalloc(struct_size(cmem, ranges, nr_ranges)); if (!cmem) return -ENOMEM; =20 + cmem->max_nr_ranges =3D nr_ranges; + cmem->nr_ranges =3D 0; + memset(&cmd, 0, sizeof(struct crash_memmap_data)); cmd.params =3D params; =20 diff --git a/arch/x86/kernel/kexec-bzimage64.c b/arch/x86/kernel/kexec-bzim= age64.c index 68530fad05f7..5604a5109858 100644 --- a/arch/x86/kernel/kexec-bzimage64.c +++ b/arch/x86/kernel/kexec-bzimage64.c @@ -76,6 +76,10 @@ static int setup_cmdline(struct kimage *image, struct bo= ot_params *params, if (image->type =3D=3D KEXEC_TYPE_CRASH) { len =3D sprintf(cmdline_ptr, "elfcorehdr=3D0x%lx ", image->elf_load_addr); + + if (image->dm_crypt_keys_addr !=3D 0) + len +=3D sprintf(cmdline_ptr + len, + "dmcryptkeys=3D0x%lx ", image->dm_crypt_keys_addr); } memcpy(cmdline_ptr + len, cmdline, cmdline_len); cmdline_len +=3D len; @@ -441,6 +445,13 @@ static void *bzImage64_load(struct kimage *image, char= *kernel, ret =3D crash_load_segments(image); if (ret) return ERR_PTR(ret); + ret =3D crash_load_dm_crypt_keys(image); + if (ret =3D=3D -ENOENT) { + kexec_dprintk("No dm crypt key to load\n"); + } else if (ret) { + pr_err("Failed to load dm crypt keys\n"); + return ERR_PTR(ret); + } } #endif =20 --=20 2.47.1