From nobody Sat Feb  7 11:38:06 2026
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id CE74534405F
	for <linux-kernel@vger.kernel.org>; Fri, 23 Jan 2026 08:13:34 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=170.10.129.124
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1769156017; cv=none;
 b=MO98agsmSfhTu2RQXHMZ9lbdN1+5jrhlfyhjZ67pw9i4ikfcgFbXSATqhKB5Fk8HT3Gnf3UV8C+usjTUchETGtp6F4+YI6ZVhm3066S5pNVSQTYOk8VSWbxkej/FdpFyc+TKGcleFs6Mek6dqib763DUi8Pvgzo2z8F/1ddfC5Q=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1769156017; c=relaxed/simple;
	bh=gMn568edZylNTzFphC8lCSQTp4D4xyz2cU03rK9XmNo=;
	h=From:To:Cc:Subject:Date:Message-ID:MIME-Version;
 b=iyf8ygckSJfrTfEJVE1yxHhFyP4PJiTiL3jXvfCF9k9edEohMpOi/bhAh6mSyo5W4LIeggG4aG2DOdzragrXRzTss+nPlpxkYvT66JmT7fxH2IUh5uwlXSCmNAUxCauY9fLnE+E+l83ROGPYGk0G3Gp+z9PhghFN9TcwlO7/m9Q=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=quarantine dis=none) header.from=redhat.com;
 spf=pass smtp.mailfrom=redhat.com;
 dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com
 header.b=UYerLAhH;
 dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com
 header.b=Vl5Ov54i; arc=none smtp.client-ip=170.10.129.124
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=quarantine dis=none) header.from=redhat.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=redhat.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com
 header.b="UYerLAhH";
	dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com
 header.b="Vl5Ov54i"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1769156013;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:
	 content-transfer-encoding:content-transfer-encoding;
	bh=nA8sXD0FqzkneEAx9yV9Y9lTP0hUm1k+5svU6+Gfnes=;
	b=UYerLAhHcxdmV41sXut9S/WSK4kIeOg+55eC/v+h3Ag8KlBq3XqJu5IZdHvJeZ5O2h66zf
	30oeolzZd6W7JK5eUFz6oGa8O0M/S0UEdYe2VSAsBfNxkmmY6F4Ti3j5gtj755GuEcU2ov
	ct4zg4s4IJF4rV32+QqSz/pTMnJ2JL4=
Received: from mail-pf1-f197.google.com (mail-pf1-f197.google.com
 [209.85.210.197]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
 us-mta-569-CCQzqyK0MFqsj9V_xGW3pQ-1; Fri, 23 Jan 2026 03:13:32 -0500
X-MC-Unique: CCQzqyK0MFqsj9V_xGW3pQ-1
X-Mimecast-MFC-AGG-ID: CCQzqyK0MFqsj9V_xGW3pQ_1769156011
Received: by mail-pf1-f197.google.com with SMTP id
 d2e1a72fcca58-81f48cec0ccso1636881b3a.0
        for <linux-kernel@vger.kernel.org>;
 Fri, 23 Jan 2026 00:13:31 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=redhat.com; s=google; t=1769156011; x=1769760811;
 darn=vger.kernel.org;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:from:to:cc:subject:date:message-id:reply-to;
        bh=nA8sXD0FqzkneEAx9yV9Y9lTP0hUm1k+5svU6+Gfnes=;
        b=Vl5Ov54i1r5wHyMB1zGAA80WxnxPPkQoaTQmCFj/SNIChe0DaIYBElHnUHd1wybJNd
         sUyluNtRDfpifNnuiDnEJv5biGxqNphvKSw70xPCh2Na8hFBJjlySNfSgNrxFgc2CsoT
         JEUqRDbd8UbJ6l5KAnCxYRqYSVv7H6LaCvD1KXDtHo4Ifxp5OkMKMrg7gjw4+is09jy2
         k93apnyqvjq2H59R9oOUDuuwbPTSEnA3UF7kMJPr55hNq+c/1BpynoBKPKtEQ7wq9soY
         pAkeqNyVcKB3wLioKpmfl7wVAUEyjMubzRmPqhyn+m8x2P7m+0im+88bNtECJXSzqV/b
         LS9A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1769156011; x=1769760811;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date
         :message-id:reply-to;
        bh=nA8sXD0FqzkneEAx9yV9Y9lTP0hUm1k+5svU6+Gfnes=;
        b=Z7Mzx0SFcCzP4IgABPbcDE5iUACUpsFJqVcc2/dj/EXkfHA29yIWrkM/c4AdRrnisT
         6m8VpWLonRL9BSQ1uJ/TsToxvTI0JSu4j3SLRbiFv1a9CbbahCIkAs6+KvAFHO0wt4/A
         HfilzEsXiHgbVCmCKE+PlQsKNCToueP8VUt4DObaWA9E5A2Hvv47YGGoKKBKjuv1FLZN
         ycclkWUoh3XliQnfSC4in2mPuHy3K17RlZuqAKWKx/jWXAIVFBDAW6El7VTLpPQAWTn3
         flQ8XoRFXzv1CKb5Y8ZeJaEV//iHmANON9rWfDO7PUVOclDtrfuqU8OFqwb3T4UErIJH
         adFQ==
X-Forwarded-Encrypted: i=1;
 AJvYcCXb/XC3tKDO1CwkZ56PLy0wgv7M97d5RmfSOvgZ7uWFUnuK4f0nZLgw4j0zWomxoKXQgk3Sm2hrLpBPwJ4=@vger.kernel.org
X-Gm-Message-State: AOJu0Yxt/bpmBmoi7DRF8iwYRQKWijrXhZC/EB2VynqYhmRreJyEHO2F
	KKKUIxb9+xBvMyCxupZQF0N7M4Kc628EcGPuAyGl6cPmAHTX7wbteJg0KPedsSujSfYoBMLg9Gl
	ItAOyMzc/EqVcz+o9VgiQephNZzypU5tYzxxkGTlr/t3WXJpjxpPVJaxFq3mQx3UJ3Q==
X-Gm-Gg: AZuq6aI2KpNmfGsIs9m4kRFj6yZmgE34e0Nq+xb9HREnpvMMQWJ7Uynwj5Z9w4pWUO9
	vI/G7NdIsbNiY+A0W7vsQoErzTQuGg0pHQA22PF5LXHq5lDQuH4CQTwKsSomRTudWGbNrOWTMt0
	b0s+Vevd8sAvxJdHBDsErL1ljIgcDEYALcAlQ2WRtAFyuw3W/iuhEZNBl1VZ4jOmwwM5zmfG2Cz
	C/CJp0Peds7Pm8xHoWH8CxtYTyJS7By6tGKwKGtS4BMLtBKpzw0PNJKLmPkkikMtBiDjGMiI/Iu
	6CihmKGhz1t/UL/sSXZ6lToVz4U6eL9+sXnkNdg932xOziLEAKFNykQxYyxPiyfM5Twd4DKBORS
	h
X-Received: by 2002:a05:6a00:1885:b0:81f:46ba:1817 with SMTP id
 d2e1a72fcca58-8232178898amr325072b3a.66.1769156010898;
        Fri, 23 Jan 2026 00:13:30 -0800 (PST)
X-Received: by 2002:a05:6a00:1885:b0:81f:46ba:1817 with SMTP id
 d2e1a72fcca58-8232178898amr325043b3a.66.1769156010374;
        Fri, 23 Jan 2026 00:13:30 -0800 (PST)
Received: from localhost ([209.132.188.88])
        by smtp.gmail.com with ESMTPSA id
 d2e1a72fcca58-8231876f736sm1443202b3a.64.2026.01.23.00.13.29
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 23 Jan 2026 00:13:29 -0800 (PST)
From: Coiby Xu <coxu@redhat.com>
To: kexec@lists.infradead.org,
	linux-arm-kernel@lists.infradead.org
Cc: Arnaud Lefebvre <arnaud.lefebvre@clever-cloud.com>,
	Baoquan he <bhe@redhat.com>,
	Dave Young <dyoung@redhat.com>,
	Kairui Song <ryncsn@gmail.com>,
	Pingfan Liu <kernelfans@gmail.com>,
	Andrew Morton <akpm@linux-foundation.org>,
	Krzysztof Kozlowski <krzk@kernel.org>,
	Rob Herring <robh@kernel.org>,
	Catalin Marinas <catalin.marinas@arm.com>,
	Will Deacon <will@kernel.org>,
	Saravana Kannan <saravanak@kernel.org>,
	linux-kernel@vger.kernel.org (open list),
	devicetree@vger.kernel.org (open list:OPEN FIRMWARE AND FLATTENED DEVICE
 TREE)
Subject: [PATCH v3] arm64/kdump: pass dm-crypt keys to kdump kernel
Date: Fri, 23 Jan 2026 16:13:25 +0800
Message-ID: <20260123081326.1362666-1-coxu@redhat.com>
X-Mailer: git-send-email 2.52.0
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

CONFIG_CRASH_DM_CRYPT has been introduced to support LUKS-encrypted
device dump target by addressing two challenges [1],
 - Kdump kernel may not be able to decrypt the LUKS partition. For some
   machines, a system administrator may not have a chance to enter the
   password to decrypt the device in kdump initramfs after the 1st kernel
   crashes

 - LUKS2 by default use the memory-hard Argon2 key derivation function
   which is quite memory-consuming compared to the limited memory reserved
   for kdump.

To also enable this feature for ARM64, we only need to add device tree
property dmcryptkeys [2] as similar to elfcorehdr to pass the memory
address of the stored info of dm-crypt keys to the kdump kernel. Since
this property is only needed by the kdump kenrel, it won't be exposed to
user space.

[1] https://lore.kernel.org/all/20250502011246.99238-1-coxu@redhat.com/
[2] https://github.com/devicetree-org/dt-schema/pull/181

Cc: Arnaud Lefebvre <arnaud.lefebvre@clever-cloud.com>
Cc: Baoquan he <bhe@redhat.com>
Cc: Dave Young <dyoung@redhat.com>
Cc: Kairui Song <ryncsn@gmail.com>
Cc: Pingfan Liu <kernelfans@gmail.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Krzysztof Kozlowski <krzk@kernel.org>
Cc: Rob Herring <robh@kernel.org>
Signed-off-by: Coiby Xu <coxu@redhat.com>
---
v3
- Delete the property after reading it [Rob Herring]

v2
- Krzysztof
  - Use imperative mood for commit message
  - Add dt-schema ABI Documentation=20
    https://github.com/devicetree-org/dt-schema/pull/181
- Don't print dm-crypt keys address via pr_debug


 arch/arm64/kernel/machine_kexec_file.c |  9 +++++++++
 drivers/of/fdt.c                       | 21 +++++++++++++++++++++
 drivers/of/kexec.c                     | 19 +++++++++++++++++++
 3 files changed, 49 insertions(+)

diff --git a/arch/arm64/kernel/machine_kexec_file.c b/arch/arm64/kernel/mac=
hine_kexec_file.c
index 410060ebd86d..5f3bad8ca96d 100644
--- a/arch/arm64/kernel/machine_kexec_file.c
+++ b/arch/arm64/kernel/machine_kexec_file.c
@@ -134,6 +134,15 @@ int load_other_segments(struct kimage *image,
=20
 		kexec_dprintk("Loaded elf core header at 0x%lx bufsz=3D0x%lx memsz=3D0x%=
lx\n",
 			      image->elf_load_addr, kbuf.bufsz, kbuf.memsz);
+
+		ret =3D crash_load_dm_crypt_keys(image);
+
+		if (ret =3D=3D -ENOENT) {
+			kexec_dprintk("No dm crypt key to load\n");
+		} else if (ret) {
+			pr_err("Failed to load dm crypt keys\n");
+			goto out_err;
+		}
 	}
 #endif
=20
diff --git a/drivers/of/fdt.c b/drivers/of/fdt.c
index 331646d667b9..2967e4aff807 100644
--- a/drivers/of/fdt.c
+++ b/drivers/of/fdt.c
@@ -866,6 +866,26 @@ static void __init early_init_dt_check_for_elfcorehdr(=
unsigned long node)
 		 elfcorehdr_addr, elfcorehdr_size);
 }
=20
+static void __init early_init_dt_check_for_dmcryptkeys(unsigned long node)
+{
+	const char *prop_name =3D "linux,dmcryptkeys";
+	const __be32 *prop;
+
+	if (!IS_ENABLED(CONFIG_CRASH_DM_CRYPT))
+		return;
+
+	pr_debug("Looking for dmcryptkeys property... ");
+
+	prop =3D of_get_flat_dt_prop(node, prop_name, NULL);
+	if (!prop)
+		return;
+
+	dm_crypt_keys_addr =3D dt_mem_next_cell(dt_root_addr_cells, &prop);
+
+	/* Property only accessible to crash dump kernel */
+	fdt_delprop(initial_boot_params, node, prop_name);
+}
+
 static unsigned long chosen_node_offset =3D -FDT_ERR_NOTFOUND;
=20
 /*
@@ -1097,6 +1117,7 @@ int __init early_init_dt_scan_chosen(char *cmdline)
=20
 	early_init_dt_check_for_initrd(node);
 	early_init_dt_check_for_elfcorehdr(node);
+	early_init_dt_check_for_dmcryptkeys(node);
=20
 	rng_seed =3D of_get_flat_dt_prop(node, "rng-seed", &l);
 	if (rng_seed && l > 0) {
diff --git a/drivers/of/kexec.c b/drivers/of/kexec.c
index 1ee2d31816ae..4bfb1ea5744e 100644
--- a/drivers/of/kexec.c
+++ b/drivers/of/kexec.c
@@ -432,6 +432,25 @@ void *of_kexec_alloc_and_setup_fdt(const struct kimage=
 *image,
 		if (ret)
 			goto out;
=20
+		if (image->dm_crypt_keys_addr !=3D 0) {
+			ret =3D fdt_appendprop_addrrange(fdt, 0, chosen_node,
+						       "linux,dmcryptkeys",
+						       image->dm_crypt_keys_addr,
+						       image->dm_crypt_keys_sz);
+
+			if (ret)
+				goto out;
+
+			/*
+			 * Avoid dmcryptkeys from being stomped on in kdump kernel by
+			 * setting up memory reserve map.
+			 */
+			ret =3D fdt_add_mem_rsv(fdt, image->dm_crypt_keys_addr,
+					      image->dm_crypt_keys_sz);
+			if (ret)
+				goto out;
+		}
+
 #ifdef CONFIG_CRASH_DUMP
 		/* add linux,usable-memory-range */
 		ret =3D fdt_appendprop_addrrange(fdt, 0, chosen_node,

base-commit: c072629f05d7bca1148ab17690d7922a31423984
--=20
2.52.0