From patchwork Fri Nov 4 11:29:56 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Coiby Xu X-Patchwork-Id: 15479 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:6687:0:0:0:0:0 with SMTP id l7csp341769wru; Fri, 4 Nov 2022 04:40:19 -0700 (PDT) X-Google-Smtp-Source: AMsMyM6cOluY5OH3NzLIRpqAMfIFJeSdCeSY/qrcn81d6azQVBmdbI1VTBkWBNfdDgti1ktCwgkS X-Received: by 2002:a17:907:8a17:b0:7ad:b5f1:8ff7 with SMTP id sc23-20020a1709078a1700b007adb5f18ff7mr32345251ejc.529.1667562018937; Fri, 04 Nov 2022 04:40:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1667562018; cv=none; d=google.com; s=arc-20160816; b=KnPbjflolM3MnsDCw3E03URVES4Fl7f4cqCSZapPclGwRvo/6925s1TyjqoQMQvcRr MV7dOG7fI8YJpxBSYH5sZIlaFsoUKFmMLSndQXebRr44zygCrhPjhWcTVjQ3lApnlPBZ xkryPwUj1O5u73p51TQscVFkYgx8XXki1bpqKNaVyAcGVLAPiRxWeZW82WJsDnnwg/kf erlaK2QrA/R2V/SPDwT/T22pTv1oQJNSnXVwJy8oB3lIRrqwauyYr/0z0zQpilgcBXzV UqeRrg2hRXxKqQnZC+jfxm3O6aUPXdmqLOPR3NfPomBs6sj0psLO+guDAQH6NKZ2l9Xt 1ArQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=uJy9Oiy5cpKmClijTkDe6KXjFE6VRuxm2Fp2gVJ4PwQ=; b=E+IsKVEJ8A2fFdkomm5tGcasLqAcSvR1QqYeX2ihUcJ93g0Pf1EATJCbEuu2V4fJxm tClfvqKd2jvQBtW/SkxZW7etJuKyzraCvMy6XjQTyo+rjQp8wGviOKN2XK4WR3YD8Er4 482fihFFbmLuuTg9guQjdAeAB8Ebs+Xwfe6KXAQyj4jKGqHlbXlKJBzIHn/MNUASYco6 onflrXWzhkKL8mYHWTamyoTMaOzh4RNTt2n4RijRg2Or3Zpm7pquuoBjlGUSCzPPZC/+ UlIQWLVATCvTBdnGHI5SY2PNAiwVq6LeP8EObi6CYrXIjveg/C0192ex5aXQ5iNqJQ5p dtwA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=bJqRPoj9; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id dn17-20020a17090794d100b007ae1052554esi5067346ejc.898.2022.11.04.04.39.48; Fri, 04 Nov 2022 04:40:18 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=bJqRPoj9; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230205AbiKDLbV (ORCPT + 99 others); Fri, 4 Nov 2022 07:31:21 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51990 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229637AbiKDLbT (ORCPT ); Fri, 4 Nov 2022 07:31:19 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 810A625C7B for ; Fri, 4 Nov 2022 04:30:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1667561423; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=uJy9Oiy5cpKmClijTkDe6KXjFE6VRuxm2Fp2gVJ4PwQ=; b=bJqRPoj97lfwAH3FnNZ+rWUXDiD/3fFA1GuzCGLaFnFIsTAy1aXvMHf4D9eRkI7ReTxqDy q/tyAvq2fEdXvBV1KDfk0AtQLc3pzh2bHMNh1M6TvCck4qXal14g18aMRh26nWpK6gzqzO pTZWKFXiRDJT4/BpuQVFNh6P7FR2WUQ= Received: from mail-pl1-f200.google.com (mail-pl1-f200.google.com [209.85.214.200]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_128_GCM_SHA256) id us-mta-623-yre60jxfOqymj_ahPo6OAA-1; Fri, 04 Nov 2022 07:30:20 -0400 X-MC-Unique: yre60jxfOqymj_ahPo6OAA-1 Received: by mail-pl1-f200.google.com with SMTP id x18-20020a170902ec9200b001869f20da7eso3425537plg.10 for ; Fri, 04 Nov 2022 04:30:20 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=uJy9Oiy5cpKmClijTkDe6KXjFE6VRuxm2Fp2gVJ4PwQ=; b=jSvhnX/ti1b3fC24Zs33lEVAEDAcNWa1cMzYUrl6dnBMPO8pse+kf7iAx/Lf2C3zXt 41SqcxViRrRKzJp5sq/qz/cFeZiGGzdT4/1qdcrjcKXVDM9F3PPBgsqfWD+DzcNk8lCD zcLJ0f5p7axhVxR6aqzW10oE0w6iAcjtpmmRdYIszBmc17Wue/AsFfMYFSvBYgFjiwYe ryyW68dHTbBbFQJ2JvteJfcKwPZs6lpsmI5VG86OuNvjaKqZ6jGjvl26mqBZ6wN+hE/1 a6izrOoJ+wSqJepGmL8mM8D5dXYAJxjfkullIa9cgYLhD7ppYfr1qxlq1kOTsaFzePNs rX4w== X-Gm-Message-State: ACrzQf1Mlz6A2OCHZmhf1RpA3xESKkXZQ9rVC3B153yz4glCd97FquVu 2bQ5yrqGD1BFfp3pBcDFWP4Rw1CaD1dXn2AkNnJ7TXYBDH5DKgerZiU3ibef8qBwKSeuBVP/tSX Bh3lfHyl7/ydv9OHpNjchMlMl X-Received: by 2002:a17:902:aa46:b0:186:e220:11d4 with SMTP id c6-20020a170902aa4600b00186e22011d4mr35254830plr.163.1667561419298; Fri, 04 Nov 2022 04:30:19 -0700 (PDT) X-Received: by 2002:a17:902:aa46:b0:186:e220:11d4 with SMTP id c6-20020a170902aa4600b00186e22011d4mr35254808plr.163.1667561419017; Fri, 04 Nov 2022 04:30:19 -0700 (PDT) Received: from localhost ([209.132.188.80]) by smtp.gmail.com with ESMTPSA id f11-20020a170902684b00b0018855a22ccfsm2430982pln.91.2022.11.04.04.30.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 04 Nov 2022 04:30:18 -0700 (PDT) From: Coiby Xu To: kexec@lists.infradead.org Cc: Milan Broz , Thomas Staudt , Kairui Song , dm-devel@redhat.com, Jan Pazdziora , Pingfan Liu , Baoquan He , Dave Young , linux-kernel@vger.kernel.org, Eric Biederman Subject: [RFC v2 1/5] kexec_file: allow to place kexec_buf randomly Date: Fri, 4 Nov 2022 19:29:56 +0800 Message-Id: <20221104113000.487098-2-coxu@redhat.com> X-Mailer: git-send-email 2.37.3 In-Reply-To: <20221104113000.487098-1-coxu@redhat.com> References: <20221104113000.487098-1-coxu@redhat.com> MIME-Version: 1.0 X-Spam-Status: No, score=-3.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1748565511466534819?= X-GMAIL-MSGID: =?utf-8?q?1748565511466534819?= Currently, kexec_buf is placed in order which means for the same machine, the info in the kexec_buf is always located at the same position each time the machine is booted. This may cause a risk for sensitive information like LUKS volume key. Now struct kexec_buf has a new field random which indicates it's supposed to be placed in a random position. Suggested-by: Jan Pazdziora Signed-off-by: Coiby Xu --- include/linux/kexec.h | 2 ++ kernel/kexec_file.c | 15 +++++++++++++++ 2 files changed, 17 insertions(+) diff --git a/include/linux/kexec.h b/include/linux/kexec.h index 13e6c4b58f07..c0edb64bf6c4 100644 --- a/include/linux/kexec.h +++ b/include/linux/kexec.h @@ -171,6 +171,7 @@ int kexec_image_post_load_cleanup_default(struct kimage *image); * @buf_min: The buffer can't be placed below this address. * @buf_max: The buffer can't be placed above this address. * @top_down: Allocate from top of memory. + * @random: Place the buffer at a random position. */ struct kexec_buf { struct kimage *image; @@ -182,6 +183,7 @@ struct kexec_buf { unsigned long buf_min; unsigned long buf_max; bool top_down; + bool random; }; int kexec_load_purgatory(struct kimage *image, struct kexec_buf *kbuf); diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c index a7b411c22f19..ed9fcc369312 100644 --- a/kernel/kexec_file.c +++ b/kernel/kexec_file.c @@ -25,6 +25,7 @@ #include #include #include +#include #include #include #include "kexec_internal.h" @@ -412,6 +413,16 @@ SYSCALL_DEFINE5(kexec_file_load, int, kernel_fd, int, initrd_fd, return ret; } +static unsigned long kexec_random_start(unsigned long start, unsigned long end) +{ + unsigned long temp_start; + unsigned short i; + + get_random_bytes(&i, sizeof(unsigned short)); + temp_start = start + (end - start) / USHRT_MAX * i; + return temp_start; +} + static int locate_mem_hole_top_down(unsigned long start, unsigned long end, struct kexec_buf *kbuf) { @@ -420,6 +431,8 @@ static int locate_mem_hole_top_down(unsigned long start, unsigned long end, temp_end = min(end, kbuf->buf_max); temp_start = temp_end - kbuf->memsz; + if (kbuf->random) + temp_start = kexec_random_start(temp_start, temp_end); do { /* align down start */ @@ -457,6 +470,8 @@ static int locate_mem_hole_bottom_up(unsigned long start, unsigned long end, unsigned long temp_start, temp_end; temp_start = max(start, kbuf->buf_min); + if (kbuf->random) + temp_start = kexec_random_start(temp_start, end); do { temp_start = ALIGN(temp_start, kbuf->buf_align); From patchwork Fri Nov 4 11:29:57 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Coiby Xu X-Patchwork-Id: 15480 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:6687:0:0:0:0:0 with SMTP id l7csp341872wru; Fri, 4 Nov 2022 04:40:31 -0700 (PDT) X-Google-Smtp-Source: AMsMyM5l7VkwF2AZie71Q5R736YZN48sJO5cUb72uVrnify0upbW1xirdMrnmGMqmTh1GX+LOzgM X-Received: by 2002:a05:6a00:2187:b0:56d:4d02:5776 with SMTP id h7-20020a056a00218700b0056d4d025776mr29278181pfi.4.1667562031136; Fri, 04 Nov 2022 04:40:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1667562031; cv=none; d=google.com; s=arc-20160816; b=J7qo7F10jafX3jefBFbVP6/JPX07vdMn4w4pP7oek+q4RGxq1tgtlfUd1TfRFjGXd0 PJGcw7Y6n3qL8ZOeqxyUd7jkrJwuNagA5eMS6+ZLdcAZvSiZkMTv7BzhlDkzH/Y5ut8A 4Bqt8ZI/Lqd98Ykssl+KrEDnRBOiHPgHpRpsfjI2lqpA3tJ27Y6UKABPNx15C4d2KxEe KZvjFrSgl4XdTnyCc2bqehUXLCc8jduGo4mbVY0Hn0EQ/ZQi014/7Y926TqSd3OHy4rz aAGNZFpFCjDoqxZKkcxsafOK+v30jLVfJAhioHxi6YOJSouuujsHdZyh3N6OeylKm2Vr XU2w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=s1xZ0vxushGJcgjg7hlatryVRu1/dXqezckzHs4WjGk=; b=HatPnSNhVujSCHO+5QDml3SvKnG6kTVH3ZtIbCXYwQ2Wqy+G8uWR7JLQ+yxvL0cR/W PkLzMtxf4qP/8JcylnRI/41DJseJZVBcA5ptbXjxpeigvP5qAjLsqdPFHksRmSJbjMFD flbBiuNh674Tjs3Rg/0+etP4V63UOIRv2TWq0gp2OsNxgLddzEN5lxYV9g5mEAx22tvA ahAT71o7mozv52Km+g67MkIU8LjmoxSD7KIw8P9NuWy1tQycSDSx8oKBqqBGAEO9zu8K Shilp3Z1fkSia3YnPI+4T4GOjIfDw6rS17gqDgcsYpRBw1meqIqrG3S1L0KIMDB++nUf 6ecA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=COW5uz0a; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id n3-20020a6546c3000000b0045750bb568asi2160408pgr.15.2022.11.04.04.40.09; Fri, 04 Nov 2022 04:40:31 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=COW5uz0a; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231540AbiKDLbn (ORCPT + 99 others); Fri, 4 Nov 2022 07:31:43 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52212 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229804AbiKDLbk (ORCPT ); Fri, 4 Nov 2022 07:31:40 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DAC822AF for ; Fri, 4 Nov 2022 04:30:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1667561446; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=s1xZ0vxushGJcgjg7hlatryVRu1/dXqezckzHs4WjGk=; b=COW5uz0ajxL5hZkFMm7LmdxJrrcernOz1LjEw1/Ht3FNNvzkahG5YpsV0qFncjoru2MukE OKM701B3t2LR7vO1/Ce7RbSI1QTwn7uYaYegx0yW6/mJg2BdUXuz3RGW6Vrk1p4Lu/1x2d sTUWQTV3V0W8oAtBIY/vEvMUsIjcIF4= Received: from mail-pl1-f198.google.com (mail-pl1-f198.google.com [209.85.214.198]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_128_GCM_SHA256) id us-mta-1-P2Eaq2iKMt-wSsMCpOVQQA-1; Fri, 04 Nov 2022 07:30:29 -0400 X-MC-Unique: P2Eaq2iKMt-wSsMCpOVQQA-1 Received: by mail-pl1-f198.google.com with SMTP id z15-20020a170903018f00b0018862d520fbso1622208plg.11 for ; Fri, 04 Nov 2022 04:30:29 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=s1xZ0vxushGJcgjg7hlatryVRu1/dXqezckzHs4WjGk=; b=ZBnHE5lnNCmnbZRO0W47nvp5qAFY4XSpZ57hqbrTlov1vCBR+vfIbameNJYxOpUGMc p6AQDKnCGFBcoNMZUb2UtYoysekbZhPP5ozK1vzt9xj/hrkHbWSsdFujZTcoZeYprm5H hJfbp5Pv99xrRo0zu8UKds+J0xsgmt6SJI9cq4hTm+OrUXKtHXN7PSZK427ujO7oHmQL jAAezF6nr3jE686lXy/GAWiys3d1+nGlhaF8tqSqjAtlmNleWPtV+ODmoRW3L4tMMFNx tISR3CRzZIEYO0pLJxocZWpjDPX1Tzr9/hzmAmv3yQVEchYVLSLraqasO/kUKUlihNEl a6/g== X-Gm-Message-State: ACrzQf1eWIxvnPJLxmMzAjvWzJ0A3zSP82h1esparu3e9tBJsv/1YRLK Bkm9FGU/T677rsMtfrfs0ft9WqOjtcXKuKjJDDX6QW4+Q96SPkRhJLwH0X3xJM+++pUN27gFwIY oFN6f837zfKNDAqRaVuIAfGFs X-Received: by 2002:a17:90b:4f8a:b0:213:48f0:296f with SMTP id qe10-20020a17090b4f8a00b0021348f0296fmr53282527pjb.140.1667561428157; Fri, 04 Nov 2022 04:30:28 -0700 (PDT) X-Received: by 2002:a17:90b:4f8a:b0:213:48f0:296f with SMTP id qe10-20020a17090b4f8a00b0021348f0296fmr53282509pjb.140.1667561427911; Fri, 04 Nov 2022 04:30:27 -0700 (PDT) Received: from localhost ([209.132.188.80]) by smtp.gmail.com with ESMTPSA id p12-20020a170902a40c00b00186b1bfbe79sm2429710plq.66.2022.11.04.04.30.26 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 04 Nov 2022 04:30:27 -0700 (PDT) From: Coiby Xu To: kexec@lists.infradead.org Cc: Milan Broz , Thomas Staudt , Kairui Song , dm-devel@redhat.com, Jan Pazdziora , Pingfan Liu , Baoquan He , Dave Young , linux-kernel@vger.kernel.org, Vivek Goyal Subject: [RFC v2 2/5] crash_dump: save the LUKS volume key temporarily Date: Fri, 4 Nov 2022 19:29:57 +0800 Message-Id: <20221104113000.487098-3-coxu@redhat.com> X-Mailer: git-send-email 2.37.3 In-Reply-To: <20221104113000.487098-1-coxu@redhat.com> References: <20221104113000.487098-1-coxu@redhat.com> MIME-Version: 1.0 X-Spam-Status: No, score=-3.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1748565524528022938?= X-GMAIL-MSGID: =?utf-8?q?1748565524528022938?= After having the volume key, crytpsetup/systemd-cryptsetup saves the volume key as a logon key to its thread keyring and this key is destroyed immediately with the terminated thread. So a temporary copy of the volume key is needed in order to later save it to kdump reserved memory when the crash kernel is loaded later. crytpsetup/systemd-cryptsetup will write the key description to /sys/kernel/crash_luks_volume_key so the kernel will read the logon key and save a temporary copy for later user. kdump has 1 hour at maximum to get the temporary copy before the key gets wiped. And after kdump retrieves the key, the key will be wiped immediately. Signed-off-by: Coiby Xu --- include/linux/crash_core.h | 2 + kernel/crash_dump.c | 88 ++++++++++++++++++++++++++++++++++++++ kernel/ksysfs.c | 19 ++++++++ 3 files changed, 109 insertions(+) diff --git a/include/linux/crash_core.h b/include/linux/crash_core.h index de62a722431e..596d83b8f362 100644 --- a/include/linux/crash_core.h +++ b/include/linux/crash_core.h @@ -83,5 +83,7 @@ int parse_crashkernel_high(char *cmdline, unsigned long long system_ram, unsigned long long *crash_size, unsigned long long *crash_base); int parse_crashkernel_low(char *cmdline, unsigned long long system_ram, unsigned long long *crash_size, unsigned long long *crash_base); +int crash_sysfs_luks_volume_key_write(const char *key_des, size_t count); +int crash_pass_temp_luks_volume_key(void **addr, unsigned long *sz); #endif /* LINUX_CRASH_CORE_H */ diff --git a/kernel/crash_dump.c b/kernel/crash_dump.c index 92da32275af5..9c202bffbb8d 100644 --- a/kernel/crash_dump.c +++ b/kernel/crash_dump.c @@ -5,6 +5,7 @@ #include #include +#include /* * stores the physical address of elf header of crash image * @@ -39,3 +40,90 @@ static int __init setup_elfcorehdr(char *arg) return end > arg ? 0 : -EINVAL; } early_param("elfcorehdr", setup_elfcorehdr); + +static u8 *luks_volume_key; +static unsigned int luks_volume_key_size; + +void wipe_luks_volume_key(void) +{ + if (luks_volume_key) { + memset(luks_volume_key, 0, luks_volume_key_size * sizeof(u8)); + kfree(luks_volume_key); + luks_volume_key = NULL; + } +} + +static void _wipe_luks_volume_key(struct work_struct *dummy) +{ + wipe_luks_volume_key(); +} + +static DECLARE_DELAYED_WORK(wipe_luks_volume_key_work, _wipe_luks_volume_key); + +static unsigned __read_mostly wipe_key_delay = 3600; /* 1 hour */ + +static int crash_save_temp_luks_volume_key(const char *key_desc, size_t count) +{ + const struct user_key_payload *ukp; + struct key *key; + + + if (luks_volume_key) { + memset(luks_volume_key, 0, luks_volume_key_size * sizeof(u8)); + kfree(luks_volume_key); + } + + pr_debug("Requesting key %s", key_desc); + key = request_key(&key_type_logon, key_desc, NULL); + + if (IS_ERR(key)) { + pr_debug("No such key %s", key_desc); + return PTR_ERR(key); + } + + ukp = user_key_payload_locked(key); + if (!ukp) + return -EKEYREVOKED; + + luks_volume_key = kmalloc(ukp->datalen, GFP_KERNEL); + if (!luks_volume_key) + return -ENOMEM; + memcpy(luks_volume_key, ukp->data, ukp->datalen); + luks_volume_key_size = ukp->datalen; + pr_debug("LUKS master key (size=%u): %8ph\n", luks_volume_key_size, luks_volume_key); + schedule_delayed_work(&wipe_luks_volume_key_work, + round_jiffies_relative(wipe_key_delay * HZ)); + return 0; +} + +int crash_sysfs_luks_volume_key_write(const char *key_desc, size_t count) +{ + if (!is_kdump_kernel()) + return crash_save_temp_luks_volume_key(key_desc, count); + return -EINVAL; +} +EXPORT_SYMBOL(crash_sysfs_luks_volume_key_write); + +int crash_pass_temp_luks_volume_key(void **addr, unsigned long *sz) +{ + unsigned long luks_key_sz; + unsigned char *buf; + unsigned int *size_ptr; + + if (!luks_volume_key) + return -EINVAL; + + luks_key_sz = sizeof(unsigned int) + luks_volume_key_size * sizeof(u8); + + buf = vzalloc(luks_key_sz); + if (!buf) + return -ENOMEM; + + size_ptr = (unsigned int *)buf; + memcpy(size_ptr, &luks_volume_key_size, sizeof(unsigned int)); + memcpy(size_ptr + 1, luks_volume_key, luks_volume_key_size * sizeof(u8)); + *addr = buf; + *sz = luks_key_sz; + wipe_luks_volume_key(); + return 0; +} diff --git a/kernel/ksysfs.c b/kernel/ksysfs.c index b1292a57c2a5..e7a7433cb951 100644 --- a/kernel/ksysfs.c +++ b/kernel/ksysfs.c @@ -135,6 +135,24 @@ static ssize_t vmcoreinfo_show(struct kobject *kobj, } KERNEL_ATTR_RO(vmcoreinfo); +static ssize_t crash_luks_volume_key_show(struct kobject *kobj, + struct kobj_attribute *attr, + char *buf) +{ + return 0; +} + +static ssize_t crash_luks_volume_key_store(struct kobject *kobj, + struct kobj_attribute *attr, + const char *buf, size_t count) +{ + int ret; + + ret = crash_sysfs_luks_volume_key_write(buf, count); + return ret < 0 ? ret : count; +} +KERNEL_ATTR_RW(crash_luks_volume_key); + #endif /* CONFIG_CRASH_CORE */ /* whether file capabilities are enabled */ @@ -223,6 +241,7 @@ static struct attribute * kernel_attrs[] = { #endif #ifdef CONFIG_CRASH_CORE &vmcoreinfo_attr.attr, + &crash_luks_volume_key_attr.attr, #endif #ifndef CONFIG_TINY_RCU &rcu_expedited_attr.attr, From patchwork Fri Nov 4 11:29:58 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Coiby Xu X-Patchwork-Id: 15478 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:6687:0:0:0:0:0 with SMTP id l7csp341687wru; Fri, 4 Nov 2022 04:40:05 -0700 (PDT) X-Google-Smtp-Source: AMsMyM68PhtozEN4ybk3Vbmg9wuxMynGGDcs6LZ6OiyrxzR+xBP2IoQmjb0Es6fNyMAjwDxmCvrs X-Received: by 2002:aa7:ce92:0:b0:461:78c7:dfe2 with SMTP id y18-20020aa7ce92000000b0046178c7dfe2mr36178282edv.342.1667562004983; Fri, 04 Nov 2022 04:40:04 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1667562004; cv=none; d=google.com; s=arc-20160816; b=o86QQzbVmfkxkLYRvyd5Rr3O/kyLaIGtgprybrclNntVgbt1CFKb6S+JH6okY4Mmki RomQjUYUc01HOfOAl4aggZye64+wTVDAcRkqLdR7nSwEOIMTyhHawl75Xe3mEQg3+eYI yE1/THzyijYfC8bdKJqW9s0i1HL/IKZ8sr5bDFGk5x9Q1n03ADcGiJBWp52A44XqPRei 3h/+e/Ea4qEB/pfqo9WIDFjKXnYlGpnBTbHC0/0q+Uf8W4cJIGIR1dbYx3OqH3puZoKg +f+Rl/vS+KmzRVcQHcpwcJwdEiW1Lj+sLumKKXBOGeaAzdmwA10/7BYJ9QVMS1nJuH5X TBLA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=E9ieE4VIDGcBaiULL1C+z5L6S0lWIm/B8H9v1NRSxPo=; b=yS5TseJQ5H/Kjyd3Q9N7crGDRQ/gY3yQ5ggwN8MTyFJXpZT9pd0IGHTqX6fAdcq6IQ LqX7V+UBkpX0C2kpideXDtyYjrfcVVnr90n9RaVGXerJvsWuRIcfpAUqqzgNhjdZiwOe bvG0nlGSptLefMR8u7wMtQ+O2lUQYu9J+4Ai/CwskMicpZ45v2MgPra3KWA5X1bUz9fu 8hDOQ1BqOP6PMQ9/R0eVyji0m1yFgLRBafcQAL3vVSOfPEI/BAH+ipvso/hVEh5mGStV lj2SV1ITjz7t77I8KBsq+uL3g4oGylR4x0P+QYqKM3XBQCnStfW8z/ARZbGRn7IBbbrf l3dQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=gAR02Aj8; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id z15-20020a17090655cf00b007a9d456583bsi3370231ejp.62.2022.11.04.04.39.36; Fri, 04 Nov 2022 04:40:04 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=gAR02Aj8; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231476AbiKDLbi (ORCPT + 99 others); Fri, 4 Nov 2022 07:31:38 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52190 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229637AbiKDLbg (ORCPT ); Fri, 4 Nov 2022 07:31:36 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 70697B1C4 for ; Fri, 4 Nov 2022 04:30:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1667561439; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=E9ieE4VIDGcBaiULL1C+z5L6S0lWIm/B8H9v1NRSxPo=; b=gAR02Aj8AYRUhmjLI+TOuvOa+bDU/kEgG/NAnDulhvyWd8SraunnW4oX4aDpnEJJfAZsqk /rLjlbiVA8pqWZVTXqT6JXTtZv7XyNkT1KM7SFFZmEsolnPtefNwP/CmfEfu6CTYNpxtZV Hq1Mv6Rz0Bb320aewkmAyXBzMSmQ+U0= Received: from mail-pg1-f200.google.com (mail-pg1-f200.google.com [209.85.215.200]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_128_GCM_SHA256) id us-mta-282-2zYp7OsXMkWZ78UyaOendA-1; Fri, 04 Nov 2022 07:30:38 -0400 X-MC-Unique: 2zYp7OsXMkWZ78UyaOendA-1 Received: by mail-pg1-f200.google.com with SMTP id k71-20020a63844a000000b004701e90da0dso2309333pgd.22 for ; Fri, 04 Nov 2022 04:30:38 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=E9ieE4VIDGcBaiULL1C+z5L6S0lWIm/B8H9v1NRSxPo=; b=LR0toxKy55NaIPecI2j16LdYZ+EMsixUPcVlxbNunuZgG4bXQz1L6lq2oaCyZy1rE+ OUA8/XkLOr0OvMzc/CVaBxuRLqzJEvspW8elWUp7slP2HJdyflf1bRjV7FNU+X1JMP7D sJ9qpqihn/cEuoTfeWlcUPNGmiZQIXiwoM5yC5r3hRYh+Lff7RUi3Bcxl8FKcJDY0e51 Lj4RGahAdBze7AFc4Ns4ln1aV9bTVbk97AHkCZlMWkRANwzJkh9ybMfXMICsrg5kZh7i U3lnTyNx6JD0R115QDxIKctUP6T6GiPgXPAU2eAUIdA9pvcOzbLhQ6bmnZ8XBG2+RPsn RoDw== X-Gm-Message-State: ACrzQf0lpbRYmegEFc97syZVTIK3HBL+6wP7c+GSdk73noB2bApzih0y d88JOwsGpUSpZOn4jYcpboolCg3kJY7bU9IeaIghbGI9PN5X9B+KskRXnol3LSuOPjQeCaFnV0P UagvIawz2GyArX7Azh0CZQbg3 X-Received: by 2002:a17:902:f28b:b0:186:b069:63fc with SMTP id k11-20020a170902f28b00b00186b06963fcmr35566382plc.38.1667561437565; Fri, 04 Nov 2022 04:30:37 -0700 (PDT) X-Received: by 2002:a17:902:f28b:b0:186:b069:63fc with SMTP id k11-20020a170902f28b00b00186b06963fcmr35566345plc.38.1667561437294; Fri, 04 Nov 2022 04:30:37 -0700 (PDT) Received: from localhost ([209.132.188.80]) by smtp.gmail.com with ESMTPSA id k30-20020aa7999e000000b0056bcfe015c9sm2458149pfh.204.2022.11.04.04.30.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 04 Nov 2022 04:30:36 -0700 (PDT) From: Coiby Xu To: kexec@lists.infradead.org Cc: Milan Broz , Thomas Staudt , Kairui Song , dm-devel@redhat.com, Jan Pazdziora , Pingfan Liu , Baoquan He , Dave Young , linux-kernel@vger.kernel.org, Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org (maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT)), "H. Peter Anvin" , Eric Biederman Subject: [RFC v2 3/5] x86/crash: pass the LUKS volume key to kdump kernel Date: Fri, 4 Nov 2022 19:29:58 +0800 Message-Id: <20221104113000.487098-4-coxu@redhat.com> X-Mailer: git-send-email 2.37.3 In-Reply-To: <20221104113000.487098-1-coxu@redhat.com> References: <20221104113000.487098-1-coxu@redhat.com> MIME-Version: 1.0 X-Spam-Status: No, score=-3.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1748565496800259926?= X-GMAIL-MSGID: =?utf-8?q?1748565496800259926?= 1st kernel will build up the kernel command parameter luksvolumekey as similar to elfcorehdr to pass the memory address of the stored info of LUKS volume key to kdump kernel. Signed-off-by: Coiby Xu --- arch/x86/include/asm/crash.h | 1 + arch/x86/kernel/crash.c | 47 ++++++++++++++++++++++++++++++- arch/x86/kernel/kexec-bzimage64.c | 7 +++++ include/linux/kexec.h | 4 +++ 4 files changed, 58 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/asm/crash.h b/arch/x86/include/asm/crash.h index 8b6bd63530dc..485f75dce2ca 100644 --- a/arch/x86/include/asm/crash.h +++ b/arch/x86/include/asm/crash.h @@ -4,6 +4,7 @@ struct kimage; +int crash_load_luks_volume_key(struct kimage *image); int crash_load_segments(struct kimage *image); int crash_setup_memmap_entries(struct kimage *image, struct boot_params *params); diff --git a/arch/x86/kernel/crash.c b/arch/x86/kernel/crash.c index 9730c88530fc..5ceda2802482 100644 --- a/arch/x86/kernel/crash.c +++ b/arch/x86/kernel/crash.c @@ -304,6 +304,7 @@ static int memmap_exclude_ranges(struct kimage *image, struct crash_mem *cmem, unsigned long long mend) { unsigned long start, end; + int r; cmem->ranges[0].start = mstart; cmem->ranges[0].end = mend; @@ -312,7 +313,19 @@ static int memmap_exclude_ranges(struct kimage *image, struct crash_mem *cmem, /* Exclude elf header region */ start = image->elf_load_addr; end = start + image->elf_headers_sz - 1; - return crash_exclude_mem_range(cmem, start, end); + r = crash_exclude_mem_range(cmem, start, end); + + if (r) + return r; + + /* Exclude LUKS volume key region */ + if (image->luks_volume_key_addr) { + start = image->luks_volume_key_addr; + end = start + image->luks_volume_key_sz - 1; + return crash_exclude_mem_range(cmem, start, end); + } + + return r; } /* Prepare memory map for crash dump kernel */ @@ -383,6 +396,38 @@ int crash_setup_memmap_entries(struct kimage *image, struct boot_params *params) return ret; } +int crash_load_luks_volume_key(struct kimage *image) +{ + int ret; + struct kexec_buf kbuf = { + .image = image, + .buf_min = 0, + .buf_max = ULONG_MAX, + .top_down = false, + .random = true, + }; + + image->luks_volume_key_addr = 0; + ret = crash_pass_temp_luks_volume_key(&kbuf.buffer, &kbuf.bufsz); + if (ret) + return ret; + + kbuf.memsz = kbuf.bufsz; + kbuf.buf_align = ELF_CORE_HEADER_ALIGN; + kbuf.mem = KEXEC_BUF_MEM_UNKNOWN; + ret = kexec_add_buffer(&kbuf); + if (ret) { + vfree((void *)kbuf.buffer); + return ret; + } + image->luks_volume_key_addr = kbuf.mem; + image->luks_volume_key_sz = kbuf.bufsz; + pr_debug("Loaded LUKS volume key at 0x%lx bufsz=0x%lx memsz=0x%lx\n", + image->luks_volume_key_addr, kbuf.bufsz, kbuf.bufsz); + + return ret; +} + int crash_load_segments(struct kimage *image) { int ret; diff --git a/arch/x86/kernel/kexec-bzimage64.c b/arch/x86/kernel/kexec-bzimage64.c index f299b48f9c9f..e556dbf96695 100644 --- a/arch/x86/kernel/kexec-bzimage64.c +++ b/arch/x86/kernel/kexec-bzimage64.c @@ -75,6 +75,10 @@ static int setup_cmdline(struct kimage *image, struct boot_params *params, if (image->type == KEXEC_TYPE_CRASH) { len = sprintf(cmdline_ptr, "elfcorehdr=0x%lx ", image->elf_load_addr); + + if (image->luks_volume_key_addr != 0) + len += sprintf(cmdline_ptr + len, + "luksvolumekey=0x%lx ", image->luks_volume_key_addr); } memcpy(cmdline_ptr + len, cmdline, cmdline_len); cmdline_len += len; @@ -371,6 +375,9 @@ static void *bzImage64_load(struct kimage *image, char *kernel, ret = crash_load_segments(image); if (ret) return ERR_PTR(ret); + ret = crash_load_luks_volume_key(image); + if (ret) + pr_debug("Either no LUKS volume key or error to retrieve the LUKS volume key\n"); } /* diff --git a/include/linux/kexec.h b/include/linux/kexec.h index c0edb64bf6c4..ed7a0ec70129 100644 --- a/include/linux/kexec.h +++ b/include/linux/kexec.h @@ -385,6 +385,10 @@ struct kimage { void *elf_headers; unsigned long elf_headers_sz; unsigned long elf_load_addr; + + /* LUKS volume key buffer */ + unsigned long luks_volume_key_addr; + unsigned long luks_volume_key_sz; }; /* kexec interface functions */ From patchwork Fri Nov 4 11:29:59 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Coiby Xu X-Patchwork-Id: 15482 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:6687:0:0:0:0:0 with SMTP id l7csp342937wru; Fri, 4 Nov 2022 04:42:48 -0700 (PDT) X-Google-Smtp-Source: AMsMyM7YZOOfRhNitXCgRooxuekT348iqdxD5DrRBzwyHxa/be3kyes07ZOkv601dojm+R3tr65J X-Received: by 2002:aa7:dcd5:0:b0:461:5fad:4215 with SMTP id w21-20020aa7dcd5000000b004615fad4215mr36857343edu.332.1667562168673; Fri, 04 Nov 2022 04:42:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1667562168; cv=none; d=google.com; s=arc-20160816; b=t5dmTWCd/yvdcHHlWixplVh9wLCzcgHmkPzuyy1BFKo/h0HnKq8JawCW8lZk42It78 43+Phe/tFYQ4NaaTEdfZ09e8IgS0ltv4VB1YnlE/ynCd9Ny/Hojow01hPJWNQk2YkuTy A8i8Njg3kXtIQj2vhw397XF9lljlknoM6aUKkRJ5v8sudH9VsipcTQKmY1lc2g4HIUJa OREm2uXKcplSLfi5ZDjGn9G+BCTvJrYn3wgYc/IeLA/7MInPGfUTqUWcXZIGQdTE4aUM n5p81KsD5VHncjkHn6HcjubCoLRGJyHTr3wvjP3T4m4pQcXrgydj8KvpUPRjOQIr0/bf /Hbg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=RevsFdiPw/fb8SaWA4i0OScuHjqawmx3PhXyedjj5ck=; b=YtUrfqTT2fYN4AsUw78YrAR52Pc7B0AALTBhjxDZ1wVl47kwJ7iRLdmJDAHRf6+eKQ CyT3zh+KYTaXQL7x51BEFPf6mGs0NelF04hVa6Nub4Rt2JvtoLw6ub+oxfOYTL5qXRo/ 3XqvmwFmM+v7lWzsXHrZaHsiLMKvk4u/bGSIPllcJxDmHsOzmT5qWShwP4MiLCrWwa8S sIm+44MR0Ob0AgaQEQ02nEAwZEt396OnFWZNXnj4yMUOdNl2yKb8VzcA1DWCoOlZtRL9 Tv40OmbKYOeXqo/+RnFOApSqtd/OBp25ZbE7i66RSCjstmJkx+AdfiDj1VO4TYGpU4hf ZU2Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=PasuLHhZ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id qb5-20020a1709077e8500b0073fc8e72882si4848371ejc.28.2022.11.04.04.42.23; Fri, 04 Nov 2022 04:42:48 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=PasuLHhZ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231358AbiKDLcH (ORCPT + 99 others); Fri, 4 Nov 2022 07:32:07 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52220 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231689AbiKDLbu (ORCPT ); Fri, 4 Nov 2022 07:31:50 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2936F25C77 for ; Fri, 4 Nov 2022 04:30:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1667561450; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=RevsFdiPw/fb8SaWA4i0OScuHjqawmx3PhXyedjj5ck=; b=PasuLHhZ5wWoFvZd9dKacp8HT+tQgmNnTf0JDe0kzzJgP9XVvRss8a/jZZK3qf0/i24j+Z F0eu7RVcS1K/73k2xTgWFot6tS8F6XqieGfNv4Xos7OZov2ktTBi59LNG9xWSvyXby7EuB UW3IQYDXRuc3xxq7FuzEp39bWdgbOMA= Received: from mail-pl1-f197.google.com (mail-pl1-f197.google.com [209.85.214.197]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_128_GCM_SHA256) id us-mta-240-vfqosuPYM1ih1a8_K5f1BQ-1; Fri, 04 Nov 2022 07:30:46 -0400 X-MC-Unique: vfqosuPYM1ih1a8_K5f1BQ-1 Received: by mail-pl1-f197.google.com with SMTP id a6-20020a170902ecc600b00186f035ed74so3409701plh.12 for ; Fri, 04 Nov 2022 04:30:46 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=RevsFdiPw/fb8SaWA4i0OScuHjqawmx3PhXyedjj5ck=; b=X5LljYiUcY/Ybg8r62sn9hUfBgVbdYb//La/+oA0XF70ibJtJAmzXaRHWJee8fvpeA BJ1asoh/uQ7ZhvaT2OsdWmi7dYHrANHV3FEpLRw44QtQBjczO5ZVMCSRiSrgFpce4Grg qKoNFMs+B6M4bbmXRvxCHONR+FZPJjEcAmyTsqTdwTx5j/chrsLHbFGOE0Rs3L/RJOjO 6qD41DJRwhfzGDzuzwznDeui/NEOVccpUGqVm7NJi050sJ9FS4rNEsZYTb+hojJP8Xst mD3qQow4+g30G0fmAHJjJ6VIALxLZCctLBUuIXQKc7xHuYxhpw+bgjX/yFQKCsMDUui8 qw8g== X-Gm-Message-State: ACrzQf0jGaMq1JPbntgWzUWhHv8vAG43WPT1biIzdwPJthdWh+80kTwD AxMoxKAO/EBzQ1m5qHPiLRuFfa1fvozDY2pFVZBmQqPbq1GGAntQVzS7L+Fg2cCDiE+4n9qolS3 OvmkTTQLrvvL0aYTPBYh0Rajy X-Received: by 2002:a17:90a:6d22:b0:213:7e1e:9be0 with SMTP id z31-20020a17090a6d2200b002137e1e9be0mr35804895pjj.17.1667561445708; Fri, 04 Nov 2022 04:30:45 -0700 (PDT) X-Received: by 2002:a17:90a:6d22:b0:213:7e1e:9be0 with SMTP id z31-20020a17090a6d2200b002137e1e9be0mr35804871pjj.17.1667561445499; Fri, 04 Nov 2022 04:30:45 -0700 (PDT) Received: from localhost ([209.132.188.80]) by smtp.gmail.com with ESMTPSA id c5-20020a056a00008500b005629b6a8b53sm2609597pfj.15.2022.11.04.04.30.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 04 Nov 2022 04:30:45 -0700 (PDT) From: Coiby Xu To: kexec@lists.infradead.org Cc: Milan Broz , Thomas Staudt , Kairui Song , dm-devel@redhat.com, Jan Pazdziora , Pingfan Liu , Baoquan He , Dave Young , linux-kernel@vger.kernel.org, Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org (maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT)), "H. Peter Anvin" Subject: [RFC v2 4/5] x86/crash: make the page that stores the LUKS volume key inaccessible Date: Fri, 4 Nov 2022 19:29:59 +0800 Message-Id: <20221104113000.487098-5-coxu@redhat.com> X-Mailer: git-send-email 2.37.3 In-Reply-To: <20221104113000.487098-1-coxu@redhat.com> References: <20221104113000.487098-1-coxu@redhat.com> MIME-Version: 1.0 X-Spam-Status: No, score=-3.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1748565668380451453?= X-GMAIL-MSGID: =?utf-8?q?1748565668380451453?= This adds an addition layer of protection for the saved copy of LUKS volume key. Trying to access the saved copy will cause page fault. Suggested-by: Pingfan Liu Signed-off-by: Coiby Xu --- arch/x86/kernel/machine_kexec_64.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/arch/x86/kernel/machine_kexec_64.c b/arch/x86/kernel/machine_kexec_64.c index 0611fd83858e..f3d51c38a1c9 100644 --- a/arch/x86/kernel/machine_kexec_64.c +++ b/arch/x86/kernel/machine_kexec_64.c @@ -557,9 +557,25 @@ static void kexec_mark_crashkres(bool protect) kexec_mark_range(control, crashk_res.end, protect); } +static void kexec_mark_luks_volume_key_inaccessible(void) +{ + unsigned long start, end; + struct page *page; + unsigned int nr_pages; + + if (kexec_crash_image->luks_volume_key_addr) { + start = kexec_crash_image->luks_volume_key_addr; + end = start + kexec_crash_image->luks_volume_key_sz - 1; + page = pfn_to_page(start >> PAGE_SHIFT); + nr_pages = (end >> PAGE_SHIFT) - (start >> PAGE_SHIFT) + 1; + set_memory_np((unsigned long)page_address(page), nr_pages); + } +} + void arch_kexec_protect_crashkres(void) { kexec_mark_crashkres(true); + kexec_mark_luks_volume_key_inaccessible(); } void arch_kexec_unprotect_crashkres(void) From patchwork Fri Nov 4 11:30:00 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Coiby Xu X-Patchwork-Id: 15481 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:6687:0:0:0:0:0 with SMTP id l7csp342075wru; Fri, 4 Nov 2022 04:40:59 -0700 (PDT) X-Google-Smtp-Source: AMsMyM6aqq1WAnB7OS1O/MbfEt1j/aePKNxllpzruGkHUROMjqlrC8KDFWWv4NA4Vu9l7hVZbTpn X-Received: by 2002:a17:907:75f1:b0:78a:f935:647d with SMTP id jz17-20020a17090775f100b0078af935647dmr33594326ejc.587.1667562059636; Fri, 04 Nov 2022 04:40:59 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1667562059; cv=none; d=google.com; s=arc-20160816; b=Ed5RnASn9+Dffh9Qr2XEALpRau1Mkzo4KA3afJh2iuXyNu6LxF+2aZSkjYzQHr66u1 76USYUu9JZgWqBKc3Jp56FrG+lL2la0S2dBl7pJyZHxriebwFGIwIk11EPnnqzgwHRu9 AfSzfuM56+fuRs6ZAZZUSbwwOHv6gZnE/gSNFtE4+CPCxQ79zrVDav0gYPyqFv/hoGGk UcbIDtpGv5R2HD3GqNmr6mmlLSM5YpfFYuHbiP3ylNF7Pb34uNrJHL0VjS7l5tiEkAx9 /DIGV0skWeMyiUDOLcCH465emHjMzcMXnj9bHRy51yjfkfRb+JE/2iuaCG6R4ZsGpk2j 2CLA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=tChygk51qSEpKRajoEIhCZC1g4gkmcKbQyIR3WZ7WJ0=; b=gh+ytjUzL7MZOYGX/YD009Y3H9BXJ1DAd7O3IbNksobRDcqvxYd7+CFHM8TTIzpv/N XBFMLciXCNOY6zGFy6YSi64YhmiQ8LJmhGFzWO9mTC1nig/izrK05GNfIQONtUM/R2ya a9feK2JZaZB7a4JHqXtzEC0E5W+7CNb0NZkHty5/kVIc5sDyDQ80UdQOwbGjsUvONxi3 wSt6X4LXHRf58nENoYhjPgCl/Pz5DO0QoC0vx8qa5RvI2SvazSc4S31BsriVjpc3ZJsq 8xVe1TlJTlf3QOdc8vaktPIM39QutvRppeZr6ifcX79lV+KkmCyHiIaw2CSAOdxeNnmw G9PQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=dcF+UL2P; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id jg39-20020a170907972700b007abafd4d7d0si2726471ejc.702.2022.11.04.04.40.25; Fri, 04 Nov 2022 04:40:59 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=dcF+UL2P; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231154AbiKDLcK (ORCPT + 99 others); Fri, 4 Nov 2022 07:32:10 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52226 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231795AbiKDLb6 (ORCPT ); Fri, 4 Nov 2022 07:31:58 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3786A25C7A for ; Fri, 4 Nov 2022 04:30:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1667561457; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=tChygk51qSEpKRajoEIhCZC1g4gkmcKbQyIR3WZ7WJ0=; b=dcF+UL2P5nCXwo0ot/00Mv/qf5kfYUpVejnG8KUFgpWKZYqLgFnUX9fIPO9LVM50eOFGw0 1vibVVCSZPx1MX08p07ahDThBvZv0tHS48Bqhczq2ioskBq3Mkbs84/YnbPy6khhLqS/F/ /TJkv13gaCPSDD+7jDUOwZ21BHFbVKY= Received: from mail-pj1-f71.google.com (mail-pj1-f71.google.com [209.85.216.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_128_GCM_SHA256) id us-mta-670-7ZKJU8moOMiwfrUNU4MnHQ-1; Fri, 04 Nov 2022 07:30:55 -0400 X-MC-Unique: 7ZKJU8moOMiwfrUNU4MnHQ-1 Received: by mail-pj1-f71.google.com with SMTP id q1-20020a17090aa00100b002139a592adbso5430142pjp.1 for ; Fri, 04 Nov 2022 04:30:54 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=tChygk51qSEpKRajoEIhCZC1g4gkmcKbQyIR3WZ7WJ0=; b=YxWvzygzYV/IbGd8tZaTFRSGWAL4i3vx8Jsk3bT+gERa8zchozDAKubkV1D59l0BzU CN/kMvoof7Vny4dgZsig60f5uF4/WOUSOrff+VM5O3edMKdtYJIuIllddseW6bTbcL5s vni4jk5TPqGyM2d//ZIrHf6XGLEvL9RUTize6b3AUEGKNGBGRSvfo+bkEyFVkHCKwNtR wSPI+vKtTHcUgZW1DZLtAVFkYqDm8saBUSJTKRvbKm7Ac9nqESeP5xymt9rYvgmZc1ZR tomjrfr8Y0lcyoZnXAWr8RnAf22350+If69KPSoXGurWcMbUdaV18XTk52rxO7PqMfuM 1jQQ== X-Gm-Message-State: ACrzQf3VxyRYLjIASg37YjPteq+BExnw2YuWPhpFN5BDppXUgA5zfT22 nukYFXO2Nf38OC7WbeAuYdxwGZwdTuW/I5HYOHXdHL+BhefaCZ3JGSyh0PIPvjKP6jAEflOgeg6 hhUfMrp9AgxR0oub1AmjrR5tH X-Received: by 2002:a05:6a00:3698:b0:56d:3180:e88f with SMTP id dw24-20020a056a00369800b0056d3180e88fmr32007698pfb.66.1667561454068; Fri, 04 Nov 2022 04:30:54 -0700 (PDT) X-Received: by 2002:a05:6a00:3698:b0:56d:3180:e88f with SMTP id dw24-20020a056a00369800b0056d3180e88fmr32007679pfb.66.1667561453799; Fri, 04 Nov 2022 04:30:53 -0700 (PDT) Received: from localhost ([209.132.188.80]) by smtp.gmail.com with ESMTPSA id ca8-20020a17090af30800b0020669c8bd87sm1483003pjb.36.2022.11.04.04.30.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 04 Nov 2022 04:30:53 -0700 (PDT) From: Coiby Xu To: kexec@lists.infradead.org Cc: Milan Broz , Thomas Staudt , Kairui Song , dm-devel@redhat.com, Jan Pazdziora , Pingfan Liu , Baoquan He , Dave Young , linux-kernel@vger.kernel.org, Vivek Goyal Subject: [RFC v2 5/5] crash_dump: retrieve LUKS volume key in kdump kernel Date: Fri, 4 Nov 2022 19:30:00 +0800 Message-Id: <20221104113000.487098-6-coxu@redhat.com> X-Mailer: git-send-email 2.37.3 In-Reply-To: <20221104113000.487098-1-coxu@redhat.com> References: <20221104113000.487098-1-coxu@redhat.com> MIME-Version: 1.0 X-Spam-Status: No, score=-3.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1748565554334348462?= X-GMAIL-MSGID: =?utf-8?q?1748565554334348462?= Crash kernel will retrieve the LUKS volume key based on the luksvolumekey command line parameter. When libcryptsetup writes the key description to /sys/kernel/crash_luks_volume_key, crash kernel will create a thread keyring and add a logon key. Signed-off-by: Coiby Xu --- include/linux/crash_dump.h | 2 + kernel/crash_dump.c | 116 ++++++++++++++++++++++++++++++++++++- 2 files changed, 116 insertions(+), 2 deletions(-) diff --git a/include/linux/crash_dump.h b/include/linux/crash_dump.h index 0f3a656293b0..bc848e058c64 100644 --- a/include/linux/crash_dump.h +++ b/include/linux/crash_dump.h @@ -15,6 +15,8 @@ extern unsigned long long elfcorehdr_addr; extern unsigned long long elfcorehdr_size; +extern unsigned long long luks_volume_key_addr; + #ifdef CONFIG_CRASH_DUMP extern int elfcorehdr_alloc(unsigned long long *addr, unsigned long long *size); extern void elfcorehdr_free(unsigned long long addr); diff --git a/kernel/crash_dump.c b/kernel/crash_dump.c index 9c202bffbb8d..77a6b84415e8 100644 --- a/kernel/crash_dump.c +++ b/kernel/crash_dump.c @@ -5,7 +5,10 @@ #include #include +#include +#include #include + /* * stores the physical address of elf header of crash image * @@ -16,6 +19,8 @@ unsigned long long elfcorehdr_addr = ELFCORE_ADDR_MAX; EXPORT_SYMBOL_GPL(elfcorehdr_addr); +unsigned long long luks_volume_key_addr; +EXPORT_SYMBOL_GPL(luks_volume_key_addr); /* * stores the size of elf header of crash image */ @@ -41,6 +46,76 @@ static int __init setup_elfcorehdr(char *arg) } early_param("elfcorehdr", setup_elfcorehdr); +static int __init setup_luksvolumekey(char *arg) +{ + char *end; + + if (!arg) + return -EINVAL; + luks_volume_key_addr = memparse(arg, &end); + if (end > arg) + return 0; + + luks_volume_key_addr = 0; + return -EINVAL; +} + +early_param("luksvolumekey", setup_luksvolumekey); + +/* + * Architectures may override this function to read LUKS master key + */ +ssize_t __weak luks_key_read(char *buf, size_t count, u64 *ppos) +{ + struct kvec kvec = { .iov_base = buf, .iov_len = count }; + struct iov_iter iter; + + iov_iter_kvec(&iter, READ, &kvec, 1, count); + return read_from_oldmem(&iter, count, ppos, false); +} + +static int retrive_kdump_luks_volume_key(u8 *buffer, unsigned int *sz) +{ + unsigned int key_size; + size_t lukskeybuf_sz; + unsigned int *size_ptr; + char *lukskeybuf; + u64 addr; + int r; + + if (luks_volume_key_addr == 0) { + pr_debug("LUKS master key memory address inaccessible"); + return -EINVAL; + } + + addr = luks_volume_key_addr; + + /* Read LUKS master key size */ + r = luks_key_read((char *)&key_size, sizeof(unsigned int), &addr); + + if (r < 0) + return r; + + pr_debug("Retrieve LUKS master key: size=%u\n", key_size); + /* Read in LUKS maste rkey */ + lukskeybuf_sz = sizeof(unsigned int) + key_size * sizeof(u8); + lukskeybuf = (void *)__get_free_pages(GFP_KERNEL | __GFP_ZERO, + get_order(lukskeybuf_sz)); + if (!lukskeybuf) + return -ENOMEM; + + addr = luks_volume_key_addr; + r = luks_key_read((char *)lukskeybuf, lukskeybuf_sz, &addr); + + if (r < 0) + return r; + size_ptr = (unsigned int *)lukskeybuf; + memcpy(buffer, size_ptr + 1, key_size * sizeof(u8)); + pr_debug("Retrieve LUKS master key (size=%u): %48ph...\n", key_size, buffer); + *sz = key_size; + return 0; +} + static u8 *luks_volume_key; static unsigned int luks_volume_key_size; @@ -62,12 +137,48 @@ static DECLARE_DELAYED_WORK(wipe_luks_volume_key_work, _wipe_luks_volume_key); static unsigned __read_mostly wipe_key_delay = 3600; /* 1 hour */ +static int retore_luks_volume_key_to_thread_keyring(const char *key_desc) +{ + key_ref_t keyring_ref, key_ref; + int ret; + + /* find the target keyring (which must be writable) */ + keyring_ref = lookup_user_key(KEY_SPEC_THREAD_KEYRING, 0x01, KEY_NEED_WRITE); + if (IS_ERR(keyring_ref)) { + pr_alert("Failed to get keyring"); + return PTR_ERR(keyring_ref); + } + + luks_volume_key = kmalloc(128, GFP_KERNEL); + ret = retrive_kdump_luks_volume_key(luks_volume_key, &luks_volume_key_size); + if (ret) { + kfree(luks_volume_key); + return ret; + } + + /* create or update the requested key and add it to the target keyring */ + key_ref = key_create_or_update(keyring_ref, "logon", key_desc, + luks_volume_key, luks_volume_key_size, + KEY_PERM_UNDEF, KEY_ALLOC_IN_QUOTA); + + if (!IS_ERR(key_ref)) { + ret = key_ref_to_ptr(key_ref)->serial; + key_ref_put(key_ref); + pr_alert("Success adding key %s", key_desc); + } else { + ret = PTR_ERR(key_ref); + pr_alert("Error when adding key"); + } + + key_ref_put(keyring_ref); + return ret; +} + static int crash_save_temp_luks_volume_key(const char *key_desc, size_t count) { const struct user_key_payload *ukp; struct key *key; - if (luks_volume_key) { memset(luks_volume_key, 0, luks_volume_key_size * sizeof(u8)); kfree(luks_volume_key); @@ -100,7 +211,8 @@ int crash_sysfs_luks_volume_key_write(const char *key_desc, size_t count) { if (!is_kdump_kernel()) return crash_save_temp_luks_volume_key(key_desc, count); - return -EINVAL; + else + return retore_luks_volume_key_to_thread_keyring(key_desc); } EXPORT_SYMBOL(crash_sysfs_luks_volume_key_write);