From patchwork Wed Jan 10 07:15:16 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Coiby Xu X-Patchwork-Id: 186696 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7300:2411:b0:101:2151:f287 with SMTP id m17csp627168dyi; Tue, 9 Jan 2024 23:16:00 -0800 (PST) X-Google-Smtp-Source: AGHT+IGfYAD4vr+q0cqH2WlwvxMzK+nyHsvX4Uy9v/ldtJWdnUeMz+6g4+YYig6l/mFwqcn13V5v X-Received: by 2002:a17:90a:be17:b0:28d:42d3:5cde with SMTP id a23-20020a17090abe1700b0028d42d35cdemr267519pjs.68.1704870959989; Tue, 09 Jan 2024 23:15:59 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1704870959; cv=none; d=google.com; s=arc-20160816; b=MuHmTpyE4Mv1RNLvRzrJgoHTSSBCeD1HNpFGiOdH6/HJRPqc+MveI1ZXAtIHIfK+S8 RJpfbQ1Sp/OdxZqo2nNQzQfKqcghmE6bqQqkZ5+Vke9YfmWYzixaWkdJgb01qHZBoE+H kkNn9WhMTMGY3Zg7SANnPEMSnKS7WHWRgD3sqDw8eHemtxnqw2L9OlT706lkERjjiDiH Fk/aNARRiU21YKR453o5HPar5JVlBMPuLlgDVA/UUtMn98iWsCKr+fYFqoT2gOTf7qFv JHHif29SGEu/MLsH5+m3izvUiY69GPdmlir2lE6EohEWc13fjl40H/GfMk+gkRwtQSDE 9D3A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=pq0F4aFw6g681LkvfPcovxOw7gCCC2AmnjI1JKPUo/g=; fh=n4TpHMv2UvBeND+caeHEwrO4omhSw4mhmyBsolekAVo=; b=zm/KEi+6U/lLY5/+7IEtka/H54M2DWTv9YGFwGYVofiWPYlBIOQLGzgShN4q7SvpHn +3zzrcsFD0DEr84ziP6BmCBrC4Os13s413KaocJ+FbSOG00uGCnb5B9tfn90fDNaTrIE tdT5q5tB5GcHz8of2j7QrRTAz6IhcCwfW8IDmMloODt3QVCaxw84mpUf29+n9Jrhoni4 604B+DbyfsPbZwh+JB2zi8nGuV2K9xOx3rR5lSfn18iUvKEuAnK3n4mGJyqcOK9kEjLa Gfnquz5I0v9BS84kI/vbFeMtN4Qxjov1zQpQawUtGYeGE3m/FmVhuozLy/bFfl0lw3es nBtg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=Dk3zwH4z; spf=pass (google.com: domain of linux-kernel+bounces-21774-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-21774-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id ay4-20020a17090b030400b0028d65897b16si809664pjb.55.2024.01.09.23.15.59 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 Jan 2024 23:15:59 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-21774-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=Dk3zwH4z; spf=pass (google.com: domain of linux-kernel+bounces-21774-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-21774-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id BFAF92886AD for ; Wed, 10 Jan 2024 07:15:59 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 0C9233A8EE; Wed, 10 Jan 2024 07:15:38 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="Dk3zwH4z" Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8135039ADD for ; Wed, 10 Jan 2024 07:15:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1704870932; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=pq0F4aFw6g681LkvfPcovxOw7gCCC2AmnjI1JKPUo/g=; b=Dk3zwH4z7P10c1QJMPmgTBIUhvly81Pi5wyhK3+9gOuGlr0l8mNbrJ7QPIkccWBLofuBzv kc3ZQcRVOA+lxtQeKET44OwpZxR3tvt9zWhP0jhaHJRNY5UOrF9Dv3NXWGJ2At6tE/mz/e Mbwlje0VRVaIPSMi3dU+jkYgDHvwRMQ= Received: from mail-oi1-f197.google.com (mail-oi1-f197.google.com [209.85.167.197]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-27-y6DAq6wXOvaiky6pOAc7JA-1; Wed, 10 Jan 2024 02:15:30 -0500 X-MC-Unique: y6DAq6wXOvaiky6pOAc7JA-1 Received: by mail-oi1-f197.google.com with SMTP id 5614622812f47-3bbb6fd2cceso4744972b6e.2 for ; Tue, 09 Jan 2024 23:15:30 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1704870929; x=1705475729; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=pq0F4aFw6g681LkvfPcovxOw7gCCC2AmnjI1JKPUo/g=; b=nxwiWChC895Br3dxqr6VNEsd9HBeFxjNUirswX/OaZI+ZA612teq8GxVTqWkAQEvEG 1Uap3gJRMAAMagVuk/fBlMH8YM1IhXJ/KBFlIyQQS0b2WNUcTqgxsaZR8l8AQcvYGkKd bfQZ6EjiKrh/Kr1lBt5huQ7LuvopjxFvgELIg5g9D8a+CvZxvNVk3TqRjSRUqtOTfdJj K2yLDMDhgMnhvvoW+QRzksic+goVrMx1zgiIz1e5EXWZHHPv14AdOQ25tYioFd3wg7z7 BJFxW8CgZaoPArw4Ag2p9Fcvo2hfCn8GgUxF8s7I/5lee9wmrz1kZ7Bjn7R0hfW7nBYY iW1g== X-Gm-Message-State: AOJu0YxU/GiAZkauxcHUcdtDSGZEmUJyNFYW5heYiRA5XqGqscGoCFNV 9aTqziGU9/bUOwq2H7IYSiKQcIyCsEM8jGH3h1CBkkvbb7wsC1XmOjA8Wcy5mTDWL8MauH/FR2x MlWOfQoqoJMwvSUiHxPQ5nmf/MhA+IsIYhpudec8ox4+VKK6s X-Received: by 2002:a05:6808:1827:b0:3bc:4f4b:2876 with SMTP id bh39-20020a056808182700b003bc4f4b2876mr836091oib.85.1704870929452; Tue, 09 Jan 2024 23:15:29 -0800 (PST) X-Received: by 2002:a05:6808:1827:b0:3bc:4f4b:2876 with SMTP id bh39-20020a056808182700b003bc4f4b2876mr836080oib.85.1704870929172; Tue, 09 Jan 2024 23:15:29 -0800 (PST) Received: from localhost ([43.228.180.230]) by smtp.gmail.com with ESMTPSA id 5-20020a631245000000b005b92e60cf57sm2628739pgs.56.2024.01.09.23.15.28 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 Jan 2024 23:15:28 -0800 (PST) From: Coiby Xu To: kexec@lists.infradead.org Cc: Ondrej Kozina , Milan Broz , Thomas Staudt , =?utf-8?q?Daniel_P_=2E_Berrang=C3=A9?= , Kairui Song , dm-devel@redhat.com, Jan Pazdziora , Pingfan Liu , Baoquan He , Dave Young , linux-kernel@vger.kernel.org, x86@kernel.org, Dave Hansen , Vitaly Kuznetsov , Eric Biederman Subject: [PATCH v2 1/5] kexec_file: allow to place kexec_buf randomly Date: Wed, 10 Jan 2024 15:15:16 +0800 Message-ID: <20240110071522.1308935-2-coxu@redhat.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240110071522.1308935-1-coxu@redhat.com> References: <20240110071522.1308935-1-coxu@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1787686771636631831 X-GMAIL-MSGID: 1787686771636631831 Currently, kexec_buf is placed in order which means for the same machine, the info in the kexec_buf is always located at the same position each time the machine is booted. This may cause a risk for sensitive information like LUKS volume key. Now struct kexec_buf has a new field random which indicates it's supposed to be placed in a random position. Suggested-by: Jan Pazdziora Signed-off-by: Coiby Xu --- include/linux/kexec.h | 2 ++ kernel/kexec_file.c | 15 +++++++++++++++ 2 files changed, 17 insertions(+) diff --git a/include/linux/kexec.h b/include/linux/kexec.h index 8227455192b7..6f4626490ebf 100644 --- a/include/linux/kexec.h +++ b/include/linux/kexec.h @@ -169,6 +169,7 @@ int kexec_image_post_load_cleanup_default(struct kimage *image); * @buf_min: The buffer can't be placed below this address. * @buf_max: The buffer can't be placed above this address. * @top_down: Allocate from top of memory. + * @random: Place the buffer at a random position. */ struct kexec_buf { struct kimage *image; @@ -180,6 +181,7 @@ struct kexec_buf { unsigned long buf_min; unsigned long buf_max; bool top_down; + bool random; }; int kexec_load_purgatory(struct kimage *image, struct kexec_buf *kbuf); diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c index f9a419cd22d4..7abcfc3c8491 100644 --- a/kernel/kexec_file.c +++ b/kernel/kexec_file.c @@ -25,6 +25,7 @@ #include #include #include +#include #include #include #include "kexec_internal.h" @@ -419,6 +420,16 @@ SYSCALL_DEFINE5(kexec_file_load, int, kernel_fd, int, initrd_fd, return ret; } +static unsigned long kexec_random_start(unsigned long start, unsigned long end) +{ + unsigned long temp_start; + unsigned short i; + + get_random_bytes(&i, sizeof(unsigned short)); + temp_start = start + (end - start) / USHRT_MAX * i; + return temp_start; +} + static int locate_mem_hole_top_down(unsigned long start, unsigned long end, struct kexec_buf *kbuf) { @@ -427,6 +438,8 @@ static int locate_mem_hole_top_down(unsigned long start, unsigned long end, temp_end = min(end, kbuf->buf_max); temp_start = temp_end - kbuf->memsz; + if (kbuf->random) + temp_start = kexec_random_start(temp_start, temp_end); do { /* align down start */ @@ -464,6 +477,8 @@ static int locate_mem_hole_bottom_up(unsigned long start, unsigned long end, unsigned long temp_start, temp_end; temp_start = max(start, kbuf->buf_min); + if (kbuf->random) + temp_start = kexec_random_start(temp_start, end); do { temp_start = ALIGN(temp_start, kbuf->buf_align); From patchwork Wed Jan 10 07:15:17 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Coiby Xu X-Patchwork-Id: 186698 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7300:2411:b0:101:2151:f287 with SMTP id m17csp627370dyi; Tue, 9 Jan 2024 23:16:29 -0800 (PST) X-Google-Smtp-Source: AGHT+IHaVQr9ZaghY1DioK9WJPI2p7MNFiWEMSA4Z+3C7ipNUoQ0Hwft0zMR5hnFEK7PEbsem7vn X-Received: by 2002:a17:907:97c6:b0:a2a:a319:bc6a with SMTP id js6-20020a17090797c600b00a2aa319bc6amr406102ejc.39.1704870989511; Tue, 09 Jan 2024 23:16:29 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1704870989; cv=none; d=google.com; s=arc-20160816; b=hTkDt91GaHRab3gplHPD7RZ7nhW3GFFVmJ8GzTyYOL6as/cZloLo8C1pb0/kqVPuhi WO71+ycHgd+45/W0tXnkbybkU5wqZ/69rROyVjYw/GirBL2FE4ngruSFtUOWcKn9RVEn DzG3YuQj4eflq5UX8RVTYGXHGMvFCKjKqoqx5WXPXnGL+eSUpncYyURZWrPHSJ5SxIz8 9tEckkAoz79e6VH9UPkKH0RBRNV5Yc5xzHmqvs1mqE7Lxiiw3HGvRyYhjLq22/mfuQQD wQAcarVvs7lTXZbn9oCzKfdbvI/WfydnH+wFpPKGZIN9CAVUvEdaOHthWaBWswqX04bc HOpA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=oBE8JDxyIcX3XnD0pP2q5BqXiSX10f124bX6uMmNC58=; fh=i0J+/eztVTS9KehgeYiaPI3xibFsNabS+pYrBGbGzFo=; b=l+3CC77M2ZKG+hjyHllOpYJGyxNKcjZXeggtWQGsanupMDk4QXbe1+osdxOAIatNaO 9eCMU4hxGak8QzYY6Xpj0VvEPogQUbQuxuBGrvO5LxF1B6oQ1WQJyrUmU/zIQn7spOxG uElAYrQW2gw/09lF8veLONM8HOYAL0uLxEPIXn1Dfzr3bvLT4FCE683ohcr7zTd21pls O07YcbQ488IG+UBR9+MtcjHwHLKm6VxhER5O0Rm6AXl4Dn9fi0G4CH9rZBRyeZaLPJg7 h/ncT9ce5mROoW7WN9hYlzHAo3ZIMhdKmYLmPgZD9kWT08bmGJ8URSYD7kRYWZthy/wI DlEA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=FEXDCw4p; spf=pass (google.com: domain of linux-kernel+bounces-21775-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-21775-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id p27-20020a1709066a9b00b00a26be3c1a23si1517372ejr.870.2024.01.09.23.16.29 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 Jan 2024 23:16:29 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-21775-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=FEXDCw4p; spf=pass (google.com: domain of linux-kernel+bounces-21775-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-21775-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id C00231F26FB2 for ; Wed, 10 Jan 2024 07:16:28 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 28AA43EA71; Wed, 10 Jan 2024 07:15:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="FEXDCw4p" Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D7BA73C464 for ; Wed, 10 Jan 2024 07:15:42 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1704870941; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=oBE8JDxyIcX3XnD0pP2q5BqXiSX10f124bX6uMmNC58=; b=FEXDCw4pYW4MlRnrkEBmZqDuKaniL8ZpyzEtELwfKAnHqtJppNxrxR+yWrply/aCQ5ovCG CMaojcRFN07YC0j9hGYAs2u+tdqzxhukmNML/izEF97Lk3Oze8rBlnlAXD/F2cjYowiDL4 ktTrwwt3VhUzzDTZ0YZ9CjxtFqMp5S8= Received: from mail-pj1-f70.google.com (mail-pj1-f70.google.com [209.85.216.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-371-5i5vkIxVNHuMCp-9eIiobw-1; Wed, 10 Jan 2024 02:15:35 -0500 X-MC-Unique: 5i5vkIxVNHuMCp-9eIiobw-1 Received: by mail-pj1-f70.google.com with SMTP id 98e67ed59e1d1-28d1199b572so2291993a91.2 for ; Tue, 09 Jan 2024 23:15:35 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1704870934; x=1705475734; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=oBE8JDxyIcX3XnD0pP2q5BqXiSX10f124bX6uMmNC58=; b=F73C7INjhkieAvE6TvSy2vUwmbGH0Hokt8Rnao1raKMptf82tkUAgKxPMQKt3WMkP+ 1OWOXmvmdR6vl1aoPy8NLzvDKsFHyQrCALzOfjHBdTFaMMKyJp0HM7LY5hO5uEGRBhrr IASNopH5dfnEeqk3FBmPVOkunnK3uHPYdcl74XSIH8Eid1Pnp0LqQFSZBDwnXpuzVVHx 3+fJ+5+NUDsaCuD/GTUxvkD1a7BMs1OKO6l+vfIV/DGVZI7OoDz0WvnsLdRJGsHVc1GY 6FIgwrt+pk68/X8NAfEkftNdVayoiMuNimUmmNNHh58YI7U0XYm/YjkFKI7g5shUWoAp Z7Nw== X-Gm-Message-State: AOJu0YzojeN1Eg/HYSNJXf5iUTVCb5kNZNbawpIJOHbTcF3cc+bQc6Oo IaWtDrqZtSPiCNEHmkU2hrKtpDJl4MT2hDAv4AhKFMW5sNREKV8X9UL/V0S2YlsUyveKP2INIDF kPPDAD6yg2KlNKdtjB75sekyfbFHOzu+Y X-Received: by 2002:a17:90b:e0c:b0:28b:e09f:58c4 with SMTP id ge12-20020a17090b0e0c00b0028be09f58c4mr242184pjb.67.1704870933983; Tue, 09 Jan 2024 23:15:33 -0800 (PST) X-Received: by 2002:a17:90b:e0c:b0:28b:e09f:58c4 with SMTP id ge12-20020a17090b0e0c00b0028be09f58c4mr242170pjb.67.1704870933631; Tue, 09 Jan 2024 23:15:33 -0800 (PST) Received: from localhost ([43.228.180.230]) by smtp.gmail.com with ESMTPSA id se3-20020a17090b518300b00274b035246esm434215pjb.1.2024.01.09.23.15.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 Jan 2024 23:15:33 -0800 (PST) From: Coiby Xu To: kexec@lists.infradead.org Cc: Ondrej Kozina , Milan Broz , Thomas Staudt , =?utf-8?q?Daniel_P_=2E_Berrang=C3=A9?= , Kairui Song , dm-devel@redhat.com, Jan Pazdziora , Pingfan Liu , Baoquan He , Dave Young , linux-kernel@vger.kernel.org, x86@kernel.org, Dave Hansen , Vitaly Kuznetsov , Vivek Goyal , Eric Biederman Subject: [PATCH v2 2/5] crash_dump: save the dm crypt key temporarily Date: Wed, 10 Jan 2024 15:15:17 +0800 Message-ID: <20240110071522.1308935-3-coxu@redhat.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240110071522.1308935-1-coxu@redhat.com> References: <20240110071522.1308935-1-coxu@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1787686802783358578 X-GMAIL-MSGID: 1787686802783358578 User space is supposed to write the key description to /sys/kernel/crash_dm_crypt_key so the kernel will read the key and save a temporary copy for later user. User space has 2 minutes at maximum to load the kdump initrd before the key gets wiped. And after kdump retrieves the key, the key will be wiped immediately. Signed-off-by: Coiby Xu --- include/linux/crash_core.h | 7 +- include/linux/kexec.h | 4 ++ kernel/Makefile | 2 +- kernel/crash_dump_dm_crypt.c | 121 +++++++++++++++++++++++++++++++++++ kernel/ksysfs.c | 23 ++++++- 5 files changed, 153 insertions(+), 4 deletions(-) create mode 100644 kernel/crash_dump_dm_crypt.c diff --git a/include/linux/crash_core.h b/include/linux/crash_core.h index 5126a4fecb44..7078eda6418d 100644 --- a/include/linux/crash_core.h +++ b/include/linux/crash_core.h @@ -125,6 +125,12 @@ static inline void __init reserve_crashkernel_generic(char *cmdline, {} #endif +struct kimage; + +int crash_sysfs_dm_crypt_key_write(const char *key_des, size_t count); +int crash_pass_temp_dm_crypt_key(void **addr, unsigned long *sz); +int crash_load_dm_crypt_key(struct kimage *image); + /* Alignment required for elf header segment */ #define ELF_CORE_HEADER_ALIGN 4096 @@ -140,7 +146,6 @@ extern int crash_exclude_mem_range(struct crash_mem *mem, extern int crash_prepare_elf64_headers(struct crash_mem *mem, int need_kernel_map, void **addr, unsigned long *sz); -struct kimage; struct kexec_segment; #define KEXEC_CRASH_HP_NONE 0 diff --git a/include/linux/kexec.h b/include/linux/kexec.h index 6f4626490ebf..bf7ab1e927ef 100644 --- a/include/linux/kexec.h +++ b/include/linux/kexec.h @@ -366,6 +366,10 @@ struct kimage { void *elf_headers; unsigned long elf_headers_sz; unsigned long elf_load_addr; + + /* dm crypt key buffer */ + unsigned long dm_crypt_key_addr; + unsigned long dm_crypt_key_sz; }; /* kexec interface functions */ diff --git a/kernel/Makefile b/kernel/Makefile index 3947122d618b..48859bf63db5 100644 --- a/kernel/Makefile +++ b/kernel/Makefile @@ -119,7 +119,7 @@ obj-$(CONFIG_PERF_EVENTS) += events/ obj-$(CONFIG_USER_RETURN_NOTIFIER) += user-return-notifier.o obj-$(CONFIG_PADATA) += padata.o -obj-$(CONFIG_CRASH_DUMP) += crash_dump.o +obj-$(CONFIG_CRASH_DUMP) += crash_dump.o crash_dump_dm_crypt.o obj-$(CONFIG_JUMP_LABEL) += jump_label.o obj-$(CONFIG_CONTEXT_TRACKING) += context_tracking.o obj-$(CONFIG_TORTURE_TEST) += torture.o diff --git a/kernel/crash_dump_dm_crypt.c b/kernel/crash_dump_dm_crypt.c new file mode 100644 index 000000000000..3a0b0b773598 --- /dev/null +++ b/kernel/crash_dump_dm_crypt.c @@ -0,0 +1,121 @@ +// SPDX-License-Identifier: GPL-2.0-only +#include +#include + +static u8 *dm_crypt_key; +static unsigned int dm_crypt_key_size; + +void wipe_dm_crypt_key(void) +{ + if (dm_crypt_key) { + memset(dm_crypt_key, 0, dm_crypt_key_size * sizeof(u8)); + kfree(dm_crypt_key); + dm_crypt_key = NULL; + } +} + +static void _wipe_dm_crypt_key(struct work_struct *dummy) +{ + wipe_dm_crypt_key(); +} + +static DECLARE_DELAYED_WORK(wipe_dm_crypt_key_work, _wipe_dm_crypt_key); + +static unsigned __read_mostly wipe_key_delay = 120; /* 2 mins */ + +static int crash_save_temp_dm_crypt_key(const char *key_desc, size_t count) +{ + const struct user_key_payload *ukp; + struct key *key; + + if (dm_crypt_key) { + memset(dm_crypt_key, 0, dm_crypt_key_size * sizeof(u8)); + kfree(dm_crypt_key); + } + + pr_debug("Requesting key %s", key_desc); + key = request_key(&key_type_user, key_desc, NULL); + + if (IS_ERR(key)) { + pr_debug("No such key %s", key_desc); + return PTR_ERR(key); + } + + ukp = user_key_payload_locked(key); + if (!ukp) + return -EKEYREVOKED; + + dm_crypt_key = kmalloc(ukp->datalen, GFP_KERNEL); + if (!dm_crypt_key) + return -ENOMEM; + memcpy(dm_crypt_key, ukp->data, ukp->datalen); + dm_crypt_key_size = ukp->datalen; + pr_debug("dm crypt key (size=%u): %8ph\n", dm_crypt_key_size, dm_crypt_key); + schedule_delayed_work(&wipe_dm_crypt_key_work, + round_jiffies_relative(wipe_key_delay * HZ)); + return 0; +} + +int crash_sysfs_dm_crypt_key_write(const char *key_desc, size_t count) +{ + if (!is_kdump_kernel()) + return crash_save_temp_dm_crypt_key(key_desc, count); + return -EINVAL; +} +EXPORT_SYMBOL(crash_sysfs_dm_crypt_key_write); + +int crash_pass_temp_dm_crypt_key(void **addr, unsigned long *sz) +{ + unsigned long dm_crypt_key_sz; + unsigned char *buf; + unsigned int *size_ptr; + + if (!dm_crypt_key) + return -EINVAL; + + dm_crypt_key_sz = sizeof(unsigned int) + dm_crypt_key_size * sizeof(u8); + + buf = vzalloc(dm_crypt_key_sz); + if (!buf) + return -ENOMEM; + + size_ptr = (unsigned int *)buf; + memcpy(size_ptr, &dm_crypt_key_size, sizeof(unsigned int)); + memcpy(size_ptr + 1, dm_crypt_key, dm_crypt_key_size * sizeof(u8)); + *addr = buf; + *sz = dm_crypt_key_sz; + wipe_dm_crypt_key(); + return 0; +} + +int crash_load_dm_crypt_key(struct kimage *image) +{ + int ret; + struct kexec_buf kbuf = { + .image = image, + .buf_min = 0, + .buf_max = ULONG_MAX, + .top_down = false, + .random = true, + }; + + image->dm_crypt_key_addr = 0; + ret = crash_pass_temp_dm_crypt_key(&kbuf.buffer, &kbuf.bufsz); + if (ret) + return ret; + + kbuf.memsz = kbuf.bufsz; + kbuf.buf_align = ELF_CORE_HEADER_ALIGN; + kbuf.mem = KEXEC_BUF_MEM_UNKNOWN; + ret = kexec_add_buffer(&kbuf); + if (ret) { + vfree((void *)kbuf.buffer); + return ret; + } + image->dm_crypt_key_addr = kbuf.mem; + image->dm_crypt_key_sz = kbuf.bufsz; + pr_debug("Loaded dm crypt key at 0x%lx bufsz=0x%lx memsz=0x%lx\n", + image->dm_crypt_key_addr, kbuf.bufsz, kbuf.bufsz); + + return ret; +} diff --git a/kernel/ksysfs.c b/kernel/ksysfs.c index 1d4bc493b2f4..f3bb6bc6a604 100644 --- a/kernel/ksysfs.c +++ b/kernel/ksysfs.c @@ -165,16 +165,34 @@ static ssize_t vmcoreinfo_show(struct kobject *kobj, } KERNEL_ATTR_RO(vmcoreinfo); +static ssize_t crash_dm_crypt_key_show(struct kobject *kobj, + struct kobj_attribute *attr, + char *buf) +{ + return 0; +} + +static ssize_t crash_dm_crypt_key_store(struct kobject *kobj, + struct kobj_attribute *attr, + const char *buf, size_t count) +{ + int ret; + + ret = crash_sysfs_dm_crypt_key_write(buf, count); + return ret < 0 ? ret : count; +} +KERNEL_ATTR_RW(crash_dm_crypt_key); + #ifdef CONFIG_CRASH_HOTPLUG static ssize_t crash_elfcorehdr_size_show(struct kobject *kobj, - struct kobj_attribute *attr, char *buf) + struct kobj_attribute *attr, + char *buf) { unsigned int sz = crash_get_elfcorehdr_size(); return sysfs_emit(buf, "%u\n", sz); } KERNEL_ATTR_RO(crash_elfcorehdr_size); - #endif #endif /* CONFIG_CRASH_CORE */ @@ -267,6 +285,7 @@ static struct attribute * kernel_attrs[] = { #endif #ifdef CONFIG_CRASH_CORE &vmcoreinfo_attr.attr, + &crash_dm_crypt_key_attr.attr, #ifdef CONFIG_CRASH_HOTPLUG &crash_elfcorehdr_size_attr.attr, #endif From patchwork Wed Jan 10 07:15:18 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Coiby Xu X-Patchwork-Id: 186699 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7300:2411:b0:101:2151:f287 with SMTP id m17csp627436dyi; Tue, 9 Jan 2024 23:16:44 -0800 (PST) X-Google-Smtp-Source: AGHT+IEXfo/PIM1rA0P7In2ypg2KGqIYf6JAof9XFQpAKtyvvFZz/z4EIgSDkWwL/d7108zk4on/ X-Received: by 2002:a05:6a20:3ca7:b0:199:b6a9:e094 with SMTP id b39-20020a056a203ca700b00199b6a9e094mr430250pzj.43.1704871004436; Tue, 09 Jan 2024 23:16:44 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1704871004; cv=none; d=google.com; s=arc-20160816; b=RyYuB9jwixEnIvLTYm7MOFf9HsK6q374IreMUYKf/h+IC/rlGQ162lIkFM1IuZXrvN 8gxrJ1jZR1ox1nVPiQzasESldAJenm5PcnzAVRB7vZTG6dB/neiBbPhtY4ngdm4pKDax XqbQiFw5wmmGmHuyeMSolG+jyJY+whn3DesYG5vBOpy5wHK+Uy017fKr3xQjAb6ZPuK2 gf8ENZ8o8sp8w844TUJuk17S9SgrAKvbWKp72+huaGFraYhVH/4ym/xL+g3JJokgBCA9 zCq6Zy4eXQpE3bbOn3kNuYGGdH2b7eLv08klmnj3olUF7MqKHA94tzWR0xZhXDVtdGim 23xg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=m3LBEoP+OVX8UUvtwqHYPUzM09NfmAQKAOTayWOj3vA=; fh=H1Gp/GKpGIF/8fuE4QjDiK+MWi2DM3wcEtZ5ICkIQVo=; b=b3tjHlxnv5/k6ineVS6e0shfQju/glmJesfEoxpwft8m+Y/0PsRIMI/3MISyMulYX+ /yYHOIhkEq+3KLjGm0DxM/Be8bCYse7mSbCGBYVHMLeK56JdokM7DDKBO793TM/eZXrk 1V8f9BeuajoUKXaHqgguqHK1AOuvqN/FUepmH9Z0N75Urtdwf8/LXgRIo8sGE1usUcRR O00Og/+hytESWJe29v0qRdN5wILVHnxasECpmETyPP5Nb78QEXsC970v5xNDM000BSXd KINkOjXDvt1s8QPXOY9uSBM4rmzVmgeKURcE7tHiQ3J1VxvhduoR9JIqGXG5KOShg6s7 K8Zw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=aVyzr681; spf=pass (google.com: domain of linux-kernel+bounces-21777-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-21777-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [147.75.48.161]) by mx.google.com with ESMTPS id s62-20020a17090a2f4400b0028ceaec16c9si791210pjd.73.2024.01.09.23.16.44 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 Jan 2024 23:16:44 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-21777-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) client-ip=147.75.48.161; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=aVyzr681; spf=pass (google.com: domain of linux-kernel+bounces-21777-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-21777-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id 4EEB8B240D7 for ; Wed, 10 Jan 2024 07:16:43 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id A17FF3EA93; Wed, 10 Jan 2024 07:15:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="aVyzr681" Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D63433D98C for ; Wed, 10 Jan 2024 07:15:45 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1704870944; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=m3LBEoP+OVX8UUvtwqHYPUzM09NfmAQKAOTayWOj3vA=; b=aVyzr681vZ4l0CeFmJsBPca0h3QuqqpnUnIBR1xgCtA6B7OfVgbpS549INK2nyjoHhTZHQ ubrfMvjZBTVwnny1MeCiZhM2lB3YmkeSnH2+wt2E0TOjE2eJrOp4VBKYfZNyPd6PqNpVFL 3vChWzpTq3xcdyf4S3vW2nDihBAqxuA= Received: from mail-pg1-f199.google.com (mail-pg1-f199.google.com [209.85.215.199]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-350-X2FAWZGzN1azlHHFzhdO9Q-1; Wed, 10 Jan 2024 02:15:38 -0500 X-MC-Unique: X2FAWZGzN1azlHHFzhdO9Q-1 Received: by mail-pg1-f199.google.com with SMTP id 41be03b00d2f7-5ce105ddef5so1654940a12.2 for ; Tue, 09 Jan 2024 23:15:38 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1704870937; x=1705475737; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=m3LBEoP+OVX8UUvtwqHYPUzM09NfmAQKAOTayWOj3vA=; b=WoeMVpLDeni1ImA/vaTuJSrrmmdkAFTHYDY0SrwVk0jPdAnA8cgRsFsa0wLcZB63d2 GvH8xtyk2H7oSPg4tdXQJ57tO9KQ/pVNX9zOHEbv3kFsHW8MIt7xJsTBVe2aPcktaF7G td86ChP6zwaApztzJ1l34toqnnA8lblvmRZWBIv6M4HIwtsG1Zf8IeFZ11ve14mMYJL3 N7nLcW+tts7QyLQX3GcCeFdEL2uG5pkC//UFvCVxqMKDmqrqzu2PpPyNnKZnjdOhnI2g 6SYZSQqXULYxn3Q0+oDBMUWwf6BeA/6xLRCEAOXGTemHrxv77MfD07CxAFRK9eaok5uZ Nf2g== X-Gm-Message-State: AOJu0YydB3KTaSdmY/rcuAvx9KZAOiVwHzL+I9zfrzLU4UFfcYqQWNPv +iStjlwPVZm5xzsd25rvCiuNDq5ZKkQHuzrmxw5jKYSheoMRl9w1T7eojVVf7JS5gHy2It6qqle k+uySK1UGON0zUZr0D/OzKtfHJ8XKVQ5H X-Received: by 2002:a05:6a20:549e:b0:199:c19b:a256 with SMTP id i30-20020a056a20549e00b00199c19ba256mr404149pzk.48.1704870937095; Tue, 09 Jan 2024 23:15:37 -0800 (PST) X-Received: by 2002:a05:6a20:549e:b0:199:c19b:a256 with SMTP id i30-20020a056a20549e00b00199c19ba256mr404133pzk.48.1704870936721; Tue, 09 Jan 2024 23:15:36 -0800 (PST) Received: from localhost ([43.228.180.230]) by smtp.gmail.com with ESMTPSA id r2-20020a170902be0200b001d46a313b42sm2888381pls.268.2024.01.09.23.15.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 Jan 2024 23:15:36 -0800 (PST) From: Coiby Xu To: kexec@lists.infradead.org Cc: Ondrej Kozina , Milan Broz , Thomas Staudt , =?utf-8?q?Daniel_P_=2E_Berrang=C3=A9?= , Kairui Song , dm-devel@redhat.com, Jan Pazdziora , Pingfan Liu , Baoquan He , Dave Young , linux-kernel@vger.kernel.org, x86@kernel.org, Dave Hansen , Vitaly Kuznetsov , Vivek Goyal Subject: [PATCH v2 3/5] crash_dump: retrieve dm crypt key in kdump kernel Date: Wed, 10 Jan 2024 15:15:18 +0800 Message-ID: <20240110071522.1308935-4-coxu@redhat.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240110071522.1308935-1-coxu@redhat.com> References: <20240110071522.1308935-1-coxu@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1787686818198851649 X-GMAIL-MSGID: 1787686818198851649 Crash kernel will retrieve the dm crypt volume key based on the dmcryptkey command line parameter. When user space writes the key description to /sys/kernel/crash_dm_crypt_key, the crash kernel will save the encryption key to the user keyring. Then user space e.g. cryptsetup's --volume-key-keyring API can use it to unlock the encrypted device. Signed-off-by: Coiby Xu --- include/linux/crash_dump.h | 2 + kernel/crash_dump_dm_crypt.c | 115 ++++++++++++++++++++++++++++++++++- 2 files changed, 116 insertions(+), 1 deletion(-) diff --git a/include/linux/crash_dump.h b/include/linux/crash_dump.h index acc55626afdc..b44adc3962da 100644 --- a/include/linux/crash_dump.h +++ b/include/linux/crash_dump.h @@ -15,6 +15,8 @@ extern unsigned long long elfcorehdr_addr; extern unsigned long long elfcorehdr_size; +extern unsigned long long luks_volume_key_addr; + #ifdef CONFIG_CRASH_DUMP extern int elfcorehdr_alloc(unsigned long long *addr, unsigned long long *size); extern void elfcorehdr_free(unsigned long long addr); diff --git a/kernel/crash_dump_dm_crypt.c b/kernel/crash_dump_dm_crypt.c index 3a0b0b773598..755017fa5c1b 100644 --- a/kernel/crash_dump_dm_crypt.c +++ b/kernel/crash_dump_dm_crypt.c @@ -1,7 +1,82 @@ // SPDX-License-Identifier: GPL-2.0-only +#include +#include #include #include +unsigned long long dm_crypt_key_addr; +EXPORT_SYMBOL_GPL(dm_crypt_key_addr); + +static int __init setup_dmcryptkey(char *arg) +{ + char *end; + + if (!arg) + return -EINVAL; + dm_crypt_key_addr = memparse(arg, &end); + if (end > arg) + return 0; + + dm_crypt_key_addr = 0; + return -EINVAL; +} + +early_param("dmcryptkey", setup_dmcryptkey); + +/* + * Architectures may override this function to read dm crypt key + */ +ssize_t __weak dm_crypt_key_read(char *buf, size_t count, u64 *ppos) +{ + struct kvec kvec = { .iov_base = buf, .iov_len = count }; + struct iov_iter iter; + + iov_iter_kvec(&iter, READ, &kvec, 1, count); + return read_from_oldmem(&iter, count, ppos, false); +} + +static int retrive_kdump_dm_crypt_key(u8 *buffer, unsigned int *sz) +{ + unsigned int key_size; + size_t dm_crypt_keybuf_sz; + unsigned int *size_ptr; + char *dm_crypt_keybuf; + u64 addr; + int r; + + if (dm_crypt_key_addr == 0) { + pr_debug("dm crypt key memory address inaccessible"); + return -EINVAL; + } + + addr = dm_crypt_key_addr; + + /* Read dm crypt key size */ + r = dm_crypt_key_read((char *)&key_size, sizeof(unsigned int), &addr); + + if (r < 0) + return r; + + pr_debug("Retrieve dm crypt key: size=%u\n", key_size); + /* Read in dm cryptrkey */ + dm_crypt_keybuf_sz = sizeof(unsigned int) + key_size * sizeof(u8); + dm_crypt_keybuf = (void *)__get_free_pages(GFP_KERNEL | __GFP_ZERO, + get_order(dm_crypt_keybuf_sz)); + if (!dm_crypt_keybuf) + return -ENOMEM; + + addr = dm_crypt_key_addr; + r = dm_crypt_key_read((char *)dm_crypt_keybuf, dm_crypt_keybuf_sz, &addr); + + if (r < 0) + return r; + size_ptr = (unsigned int *)dm_crypt_keybuf; + memcpy(buffer, size_ptr + 1, key_size * sizeof(u8)); + pr_debug("Retrieve dm crypt key (size=%u): %48ph...\n", key_size, buffer); + *sz = key_size; + return 0; +} + static u8 *dm_crypt_key; static unsigned int dm_crypt_key_size; @@ -23,6 +98,43 @@ static DECLARE_DELAYED_WORK(wipe_dm_crypt_key_work, _wipe_dm_crypt_key); static unsigned __read_mostly wipe_key_delay = 120; /* 2 mins */ +static int retore_dm_crypt_key_to_thread_keyring(const char *key_desc) +{ + key_ref_t keyring_ref, key_ref; + int ret; + + /* find the target keyring (which must be writable) */ + keyring_ref = lookup_user_key(KEY_SPEC_USER_KEYRING, 0x01, KEY_NEED_WRITE); + if (IS_ERR(keyring_ref)) { + pr_alert("Failed to get keyring"); + return PTR_ERR(keyring_ref); + } + + dm_crypt_key = kmalloc(128, GFP_KERNEL); + ret = retrive_kdump_dm_crypt_key(dm_crypt_key, &dm_crypt_key_size); + if (ret) { + kfree(dm_crypt_key); + return ret; + } + + /* create or update the requested key and add it to the target keyring */ + key_ref = key_create_or_update(keyring_ref, "user", key_desc, + dm_crypt_key, dm_crypt_key_size, + KEY_USR_ALL, KEY_ALLOC_IN_QUOTA); + + if (!IS_ERR(key_ref)) { + ret = key_ref_to_ptr(key_ref)->serial; + key_ref_put(key_ref); + pr_alert("Success adding key %s", key_desc); + } else { + ret = PTR_ERR(key_ref); + pr_alert("Error when adding key"); + } + + key_ref_put(keyring_ref); + return ret; +} + static int crash_save_temp_dm_crypt_key(const char *key_desc, size_t count) { const struct user_key_payload *ukp; @@ -60,7 +172,8 @@ int crash_sysfs_dm_crypt_key_write(const char *key_desc, size_t count) { if (!is_kdump_kernel()) return crash_save_temp_dm_crypt_key(key_desc, count); - return -EINVAL; + else + return retore_dm_crypt_key_to_thread_keyring(key_desc); } EXPORT_SYMBOL(crash_sysfs_dm_crypt_key_write); From patchwork Wed Jan 10 07:15:19 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Coiby Xu X-Patchwork-Id: 186697 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7300:2411:b0:101:2151:f287 with SMTP id m17csp627356dyi; Tue, 9 Jan 2024 23:16:28 -0800 (PST) X-Google-Smtp-Source: AGHT+IHTdSWAKwxyiptMlgRcOQAxxCk9QdmD8ZLyP1JHNnBYmjm0eRrHxfKGfGpd5p6jnlt2XEfN X-Received: by 2002:a0d:e28e:0:b0:5d7:1940:7d7a with SMTP id l136-20020a0de28e000000b005d719407d7amr519683ywe.81.1704870988405; Tue, 09 Jan 2024 23:16:28 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1704870988; cv=none; d=google.com; s=arc-20160816; b=uTHsMWxETmLfxnQpNg1bW9os0OvmqU9i+OV53Zzf9HH2DJVE9C3L+uJGw1MO+4KbG7 u4lN6oqEBiTVVORSaKqjPCoEbSr0mM5fh29Ft9YQdDvxZz3+f+TP0fYnIhoBW8PAF+Bm A3M3+TsdiVVYbhojNTKYIu9TqlceFCwpXQmVoOo8T2G1MXBfSxJLp6PPmzdP43O05jb/ Bmw8sbEKXzxy9OSFJJGiowOGLuYXITLlIot9r3kkdnFkXmPYYpPPkJ75QGPqz7qandxk R3UozlUs5XY4oudltmwM811pIi6mc5auxZ9882WEurDJ+pjz7EHbnLcV0dC8NM1TRTrs WN3w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=tIMuati7cTP1ekV5ZbT9f3EKmgfJPaZbTXabrZEOoZs=; fh=0CnQcBBpPPCzbO2LVNr7a4xtuL8tReXWok6+u5weL08=; b=MIp6Mkwz6iLqsfKbRDP0wz/2hjRKWldHddNJmN8T5kpN3/YgP5Mmf5cdF2NPq4EGKx l2KfsjpoheSYQe45s9v0I781dFwSHkYSz1JV/yiPj50RxuOMWhBn/hwefQ7EZsGBVOQP rwKY9i5kFXQ0u7mjR+fbxQI3i0KsfB6hWvU7WJlqhD2znSfTTyl0p7K8e2C4UCZaQr2U HQHrqeRpFBZCXWYZuzP6ykxQQp9rR0uBVZJt88RcDLWAGwV1QX5kOA3hiPePSGqaNw5E oyYoIFe/vtEj6UhlsKEDzuSq1MYFMxbQAV4MQqR9UB1dfeltJjo1SNtTWU0Ew3/MFZCa pLYg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b="Dg+Yxi/0"; spf=pass (google.com: domain of linux-kernel+bounces-21776-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-21776-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223]) by mx.google.com with ESMTPS id m7-20020a0cdb87000000b00680f6edff79si3852110qvk.335.2024.01.09.23.16.28 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 Jan 2024 23:16:28 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-21776-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b="Dg+Yxi/0"; spf=pass (google.com: domain of linux-kernel+bounces-21776-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-21776-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 368BF1C2569F for ; Wed, 10 Jan 2024 07:16:28 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 3763D3EA73; Wed, 10 Jan 2024 07:15:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="Dg+Yxi/0" Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B92B43C46A for ; Wed, 10 Jan 2024 07:15:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1704870942; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=tIMuati7cTP1ekV5ZbT9f3EKmgfJPaZbTXabrZEOoZs=; b=Dg+Yxi/06TuSt2mOWoR+U+FuLjCwmJcKyuk+p7yCBRJlzP+gYO8B8fjfGGVOuOKrIw2U7W 0ut7b2KPu1/ETwzv9JvzgCvhSb0lZpvnVy8NKct0GXpgkh2/5+I4q4T7vGPIElGTU/zf/J 5YHIWHYaW9vssqVkPRSm32W4ttZwQoU= Received: from mail-oi1-f200.google.com (mail-oi1-f200.google.com [209.85.167.200]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-590-Vj_YWPS1NXGPaUOF6IRDww-1; Wed, 10 Jan 2024 02:15:41 -0500 X-MC-Unique: Vj_YWPS1NXGPaUOF6IRDww-1 Received: by mail-oi1-f200.google.com with SMTP id 5614622812f47-3bbf47262ccso4677241b6e.1 for ; Tue, 09 Jan 2024 23:15:41 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1704870941; x=1705475741; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=tIMuati7cTP1ekV5ZbT9f3EKmgfJPaZbTXabrZEOoZs=; b=wkpwOtjhU5n9U2nuPKWc3nhUdEQl93FeqDSRGPrD1BdrsiDnea7UrJ8Nk4uZDV/Jql aMDY7e8Ms4s6EE93Ike67St+T8kbynUjs50PZtFXq4ofeB9YK4E+X+eSTAzuOQuC9FI5 s+7gLRzMuU8nOcNEdHod3d/KqPe3VUTnCg1u7C0ziuUg34hsVPhpw2Gsh6G1ss4ZnXgg lr5jVJegl/BvYZ9ZPsulh3HUXBwRkuUyeKAVRWtjdHbewOMZiGAwbooalXYf/nPjbt29 5/k3G3KgnOzMWO5cNRpyHWdoNOlK05g0EyaAaE/dr4E/cCWkx7cqCGUqFekvuO50oGwo +sXw== X-Gm-Message-State: AOJu0YwSiDSJjxSfwVnp3sj8gSM6JuWHaQUKmYwrem5wb79b0aJLmQHy yl5v/iLsQduZeBliDNTUNW56VmaOQ0Mr/UxZoiApHzw6USIN0K1EnblP48Xt13Rz+p1QwNUPasA CURajqakj+7Xufh9f0ejOQ9U837Tm87jW X-Received: by 2002:a05:6358:1aaf:b0:170:efd3:2d03 with SMTP id gm47-20020a0563581aaf00b00170efd32d03mr362969rwb.24.1704870940766; Tue, 09 Jan 2024 23:15:40 -0800 (PST) X-Received: by 2002:a05:6358:1aaf:b0:170:efd3:2d03 with SMTP id gm47-20020a0563581aaf00b00170efd32d03mr362951rwb.24.1704870940380; Tue, 09 Jan 2024 23:15:40 -0800 (PST) Received: from localhost ([43.228.180.230]) by smtp.gmail.com with ESMTPSA id q14-20020a17090ac10e00b0028d0c8c9d37sm751199pjt.22.2024.01.09.23.15.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 Jan 2024 23:15:40 -0800 (PST) From: Coiby Xu To: kexec@lists.infradead.org Cc: Ondrej Kozina , Milan Broz , Thomas Staudt , =?utf-8?q?Daniel_P_=2E_Berrang=C3=A9?= , Kairui Song , dm-devel@redhat.com, Jan Pazdziora , Pingfan Liu , Baoquan He , Dave Young , linux-kernel@vger.kernel.org, x86@kernel.org, Dave Hansen , Vitaly Kuznetsov , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "H. Peter Anvin" Subject: [PATCH v2 4/5] x86/crash: pass the dm crypt key to kdump kernel Date: Wed, 10 Jan 2024 15:15:19 +0800 Message-ID: <20240110071522.1308935-5-coxu@redhat.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240110071522.1308935-1-coxu@redhat.com> References: <20240110071522.1308935-1-coxu@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1787686801832651011 X-GMAIL-MSGID: 1787686801832651011 1st kernel will build up the kernel command parameter dmcryptkey as similar to elfcorehdr to pass the memory address of the stored info of dm crypt key to kdump kernel. Signed-off-by: Coiby Xu --- arch/x86/kernel/crash.c | 15 ++++++++++++++- arch/x86/kernel/kexec-bzimage64.c | 7 +++++++ 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/arch/x86/kernel/crash.c b/arch/x86/kernel/crash.c index c92d88680dbf..69e1090f01bc 100644 --- a/arch/x86/kernel/crash.c +++ b/arch/x86/kernel/crash.c @@ -262,6 +262,7 @@ static int memmap_exclude_ranges(struct kimage *image, struct crash_mem *cmem, unsigned long long mend) { unsigned long start, end; + int r; cmem->ranges[0].start = mstart; cmem->ranges[0].end = mend; @@ -270,7 +271,19 @@ static int memmap_exclude_ranges(struct kimage *image, struct crash_mem *cmem, /* Exclude elf header region */ start = image->elf_load_addr; end = start + image->elf_headers_sz - 1; - return crash_exclude_mem_range(cmem, start, end); + r = crash_exclude_mem_range(cmem, start, end); + + if (r) + return r; + + /* Exclude dm crypt key region */ + if (image->dm_crypt_key_addr) { + start = image->dm_crypt_key_addr; + end = start + image->dm_crypt_key_sz - 1; + return crash_exclude_mem_range(cmem, start, end); + } + + return r; } /* Prepare memory map for crash dump kernel */ diff --git a/arch/x86/kernel/kexec-bzimage64.c b/arch/x86/kernel/kexec-bzimage64.c index a61c12c01270..6e8adfe0b417 100644 --- a/arch/x86/kernel/kexec-bzimage64.c +++ b/arch/x86/kernel/kexec-bzimage64.c @@ -76,6 +76,10 @@ static int setup_cmdline(struct kimage *image, struct boot_params *params, if (image->type == KEXEC_TYPE_CRASH) { len = sprintf(cmdline_ptr, "elfcorehdr=0x%lx ", image->elf_load_addr); + + if (image->dm_crypt_key_addr != 0) + len += sprintf(cmdline_ptr + len, + "dmcryptkey=0x%lx ", image->dm_crypt_key_addr); } memcpy(cmdline_ptr + len, cmdline, cmdline_len); cmdline_len += len; @@ -433,6 +437,9 @@ static void *bzImage64_load(struct kimage *image, char *kernel, ret = crash_load_segments(image); if (ret) return ERR_PTR(ret); + ret = crash_load_dm_crypt_key(image); + if (ret) + pr_debug("Either no dm crypt key or error to retrieve the dm crypt key\n"); } /* From patchwork Wed Jan 10 07:15:20 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Coiby Xu X-Patchwork-Id: 186700 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7300:2411:b0:101:2151:f287 with SMTP id m17csp627521dyi; Tue, 9 Jan 2024 23:16:56 -0800 (PST) X-Google-Smtp-Source: AGHT+IE0pfmpQ+o/qMDsAhUOcPBnDF2kw42zT/wy8IWXFLMuZTB0jECEAPdRY/2m7sEPgYA3ie9Z X-Received: by 2002:a05:6870:b14c:b0:205:dd93:45a5 with SMTP id a12-20020a056870b14c00b00205dd9345a5mr310951oal.70.1704871016271; Tue, 09 Jan 2024 23:16:56 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1704871016; cv=none; d=google.com; s=arc-20160816; b=xjstZguHWm9l1xRDUnNbJ196WBPSqH9rvKjY1WEcx6JoukjSOI1Abm8W9+JB3h60Z2 i+G6/AqyT1ZDkwk3a9GdH57FzzqM5P4BpS3WzbDqC2z0Yc3LOL47oTExbRhF6Ae2AXjq OJoZbY7m3GyMZaua18Mu+WMBcgbqaUjGwAR3DRW2y/OvIfdPrGkxgvpdLIcgF+8V1ngD tXBx9TjIhzfICQkKpTJihOWpxvOviXi/2Qm9/xXkrKe2XVexG4Flu2fTjp3QcLMZISB8 l+g8OAwJnKPCIQjM1IUKOtrIFgEf7Tu4dC2kqak/iiO89WSHDDAIt2RRONrJ62mhVbLV 6QjQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=PudTy4UMKikLIiXUIiw3l2EC2dKIPcn2JPVx++F8WCw=; fh=0CnQcBBpPPCzbO2LVNr7a4xtuL8tReXWok6+u5weL08=; b=0H1+lzTn+CEy/OhOaDR4pYJpwJW6U0mWP53HyYNsr/QXsZ/Y49jtumhZS0ns9disMw VIJ7uVKb+LjfGX8FOq1aVI7UG7O1sMB13jOJ/N6D38EduRD3IFrPmZkPPakzdAn+CLpg eoo3GEV4pcD54tQPUnPJADXM6pEq1hI6EpBiWA3MCou6ckt132hAx7T0/bcMTnfhv4nH Wyi5JwKmXNnOCtFUa9e7oS5tHqnRGXw44PMWD5gAn3wssWVbVReO2sptQLymUX2X+MMm Ty7VYMq8gPvfEtSjBQ/fphLnhr4IfCSq8+qx+JZDrXSpG1M/EG5xDxWMNDZ8nbyX2yQp hR2g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b="GbY/pXwc"; spf=pass (google.com: domain of linux-kernel+bounces-21778-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-21778-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id bs186-20020a6328c3000000b005cdc2cc9a16si2820835pgb.804.2024.01.09.23.16.56 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 Jan 2024 23:16:56 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-21778-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b="GbY/pXwc"; spf=pass (google.com: domain of linux-kernel+bounces-21778-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-21778-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 0BA35288A52 for ; Wed, 10 Jan 2024 07:16:56 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id DBDF43F8E1; Wed, 10 Jan 2024 07:15:54 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="GbY/pXwc" Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D36863EA96 for ; Wed, 10 Jan 2024 07:15:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1704870950; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=PudTy4UMKikLIiXUIiw3l2EC2dKIPcn2JPVx++F8WCw=; b=GbY/pXwcySk3cdIJCpO4ZMEOMvkwxxVZxGE99/GcZPAwf1AqtdVdsaeG50cAIoGwqNbjwU ElmLqqlOzjTr6YhR5TcxbzIDtmR2+v1tBvx1RmBSqguvBc5wIVWzB6Qxji641cgZUR9I5B SxtFiGfj/YoEaFmEu0K7IWxwcmYHkzo= Received: from mail-pg1-f197.google.com (mail-pg1-f197.google.com [209.85.215.197]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-662-ATLLaRc3P7qOyehsFcR_8g-1; Wed, 10 Jan 2024 02:15:46 -0500 X-MC-Unique: ATLLaRc3P7qOyehsFcR_8g-1 Received: by mail-pg1-f197.google.com with SMTP id 41be03b00d2f7-5ca5b61c841so1126754a12.3 for ; Tue, 09 Jan 2024 23:15:46 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1704870946; x=1705475746; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=PudTy4UMKikLIiXUIiw3l2EC2dKIPcn2JPVx++F8WCw=; b=fFWntteoTKWpyahbciKJDAXIRjeDyXY7o/sXJPH2R6bA58E2mv4jvmn59/mSvBAxVC BCtznCXUV8dU77WWn2yQMep3o3taQqWodXdDiJWJeo4y4m92BDJ0NLFHPRiYXbNkfImj UV5UJgHPuOvSArm3STKRV9b2PwGPmXz+4lZ0Ash8M6ZuQpdFgct7w3uLiJdmTNWmsBZ0 ayx+CtxATw3k16M69w/63z1m/9JDe9Bx/lMWpIMMnsfKeZv2tBUpZei/fDWKe1V7DxlJ ghlSCUzGl1iuiVFm1YNJRkV515dFTfkcx/pZG16wOskJBQ0EQcJle9iPSpwWpv91Pc1Y YlNg== X-Gm-Message-State: AOJu0YwLOE62tFl6Zy3LZZ+ZwwMwVwfaUc//UbcezttzcCFGO+nj7bIg mgnY9iuhtMwVWz0Vd+eezfC0nUqUjXEzb+5xGqKkb1oSPMyeoGSUjhnwFPpytNJDWCMD40P0D7G C0HHIZOdbo3uXKNKFHB5+mv4x8ExhQ5lX X-Received: by 2002:a17:903:230a:b0:1d5:6b59:bc9e with SMTP id d10-20020a170903230a00b001d56b59bc9emr548214plh.113.1704870945695; Tue, 09 Jan 2024 23:15:45 -0800 (PST) X-Received: by 2002:a17:903:230a:b0:1d5:6b59:bc9e with SMTP id d10-20020a170903230a00b001d56b59bc9emr548193plh.113.1704870945323; Tue, 09 Jan 2024 23:15:45 -0800 (PST) Received: from localhost ([43.228.180.230]) by smtp.gmail.com with ESMTPSA id m5-20020a170902db8500b001d4c955cc00sm2906719pld.271.2024.01.09.23.15.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 Jan 2024 23:15:45 -0800 (PST) From: Coiby Xu To: kexec@lists.infradead.org Cc: Ondrej Kozina , Milan Broz , Thomas Staudt , =?utf-8?q?Daniel_P_=2E_Berrang=C3=A9?= , Kairui Song , dm-devel@redhat.com, Jan Pazdziora , Pingfan Liu , Baoquan He , Dave Young , linux-kernel@vger.kernel.org, x86@kernel.org, Dave Hansen , Vitaly Kuznetsov , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "H. Peter Anvin" Subject: [PATCH v2 5/5] x86/crash: make the page that stores the dm crypt key inaccessible Date: Wed, 10 Jan 2024 15:15:20 +0800 Message-ID: <20240110071522.1308935-6-coxu@redhat.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240110071522.1308935-1-coxu@redhat.com> References: <20240110071522.1308935-1-coxu@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1787686830707478763 X-GMAIL-MSGID: 1787686830707478763 This adds an addition layer of protection for the saved copy of dm crypt key. Trying to access the saved copy will cause page fault. Suggested-by: Pingfan Liu Signed-off-by: Coiby Xu --- arch/x86/kernel/machine_kexec_64.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/arch/x86/kernel/machine_kexec_64.c b/arch/x86/kernel/machine_kexec_64.c index 1a3e2c05a8a5..c9c814b934b8 100644 --- a/arch/x86/kernel/machine_kexec_64.c +++ b/arch/x86/kernel/machine_kexec_64.c @@ -546,14 +546,32 @@ static void kexec_mark_crashkres(bool protect) kexec_mark_range(control, crashk_res.end, protect); } +static void kexec_mark_dm_crypt_key(bool protect) +{ + unsigned long start_paddr, end_paddr; + unsigned int nr_pages; + + if (kexec_crash_image->dm_crypt_key_addr) { + start_paddr = kexec_crash_image->dm_crypt_key_addr; + end_paddr = start_paddr + kexec_crash_image->dm_crypt_key_sz - 1; + nr_pages = (PAGE_ALIGN(end_paddr) - PAGE_ALIGN_DOWN(start_paddr))/PAGE_SIZE; + if (protect) + set_memory_np((unsigned long)phys_to_virt(start_paddr), nr_pages); + else + set_memory_rw((unsigned long)phys_to_virt(start_paddr), nr_pages); + } +} + void arch_kexec_protect_crashkres(void) { kexec_mark_crashkres(true); + kexec_mark_dm_crypt_key(true); } void arch_kexec_unprotect_crashkres(void) { kexec_mark_crashkres(false); + kexec_mark_dm_crypt_key(false); } /*