From: Coiby Xu <coxu@redhat.com>
To: Ondrej Kozina <okozina@redhat.com>
Cc: kexec@lists.infradead.org, "Milan Broz" <gmazyland@gmail.com>,
"Thomas Staudt" <tstaudt@de.ibm.com>,
"Daniel P . Berrangé" <berrange@redhat.com>,
"Kairui Song" <ryncsn@gmail.com>,
dm-devel@redhat.com, "Jan Pazdziora" <jpazdziora@redhat.com>,
"Pingfan Liu" <kernelfans@gmail.com>,
"Baoquan He" <bhe@redhat.com>, "Dave Young" <dyoung@redhat.com>,
linux-kernel@vger.kernel.org, x86@kernel.org,
"Dave Hansen" <dave.hansen@intel.com>,
"Vitaly Kuznetsov" <vkuznets@redhat.com>,
"Vivek Goyal" <vgoyal@redhat.com>,
"Eric Biederman" <ebiederm@xmission.com>
Subject: Re: Re: [PATCH v2 2/5] crash_dump: save the dm crypt key temporarily
Date: Wed, 17 Jan 2024 15:39:50 +0800 [thread overview]
Message-ID: <isgawrvqwuyaitkxgikkcgw3g5mxt3x3tubgpsy2kqos3t4nwr@soy5s6ypm6nt> (raw)
In-Reply-To: <750d9e17-d8b8-44c0-ba47-74a686333a01@redhat.com>
On Tue, Jan 16, 2024 at 11:40:53AM +0100, Ondrej Kozina wrote:
>On 10/01/2024 08:15, Coiby Xu wrote:
>>User space is supposed to write the key description to
>>/sys/kernel/crash_dm_crypt_key so the kernel will read the key and save
>>a temporary copy for later user. User space has 2 minutes at maximum to
>>load the kdump initrd before the key gets wiped. And after kdump
>>retrieves the key, the key will be wiped immediately.
>>
>>Signed-off-by: Coiby Xu <coxu@redhat.com>
>>---
>> include/linux/crash_core.h | 7 +-
>> include/linux/kexec.h | 4 ++
>> kernel/Makefile | 2 +-
>> kernel/crash_dump_dm_crypt.c | 121 +++++++++++++++++++++++++++++++++++
>> kernel/ksysfs.c | 23 ++++++-
>> 5 files changed, 153 insertions(+), 4 deletions(-)
>> create mode 100644 kernel/crash_dump_dm_crypt.c
>>
>>diff --git a/include/linux/crash_core.h b/include/linux/crash_core.h
>>index 5126a4fecb44..7078eda6418d 100644
>>--- a/include/linux/crash_core.h
>>+++ b/include/linux/crash_core.h
>>@@ -125,6 +125,12 @@ static inline void __init reserve_crashkernel_generic(char *cmdline,
>> {}
>> #endif
>>+struct kimage;
>>+
>>+int crash_sysfs_dm_crypt_key_write(const char *key_des, size_t count);
>>+int crash_pass_temp_dm_crypt_key(void **addr, unsigned long *sz);
>>+int crash_load_dm_crypt_key(struct kimage *image);
>>+
>> /* Alignment required for elf header segment */
>> #define ELF_CORE_HEADER_ALIGN 4096
>>@@ -140,7 +146,6 @@ extern int crash_exclude_mem_range(struct crash_mem *mem,
>> extern int crash_prepare_elf64_headers(struct crash_mem *mem, int need_kernel_map,
>> void **addr, unsigned long *sz);
>>-struct kimage;
>> struct kexec_segment;
>> #define KEXEC_CRASH_HP_NONE 0
>>diff --git a/include/linux/kexec.h b/include/linux/kexec.h
>>index 6f4626490ebf..bf7ab1e927ef 100644
>>--- a/include/linux/kexec.h
>>+++ b/include/linux/kexec.h
>>@@ -366,6 +366,10 @@ struct kimage {
>> void *elf_headers;
>> unsigned long elf_headers_sz;
>> unsigned long elf_load_addr;
>>+
>>+ /* dm crypt key buffer */
>>+ unsigned long dm_crypt_key_addr;
>>+ unsigned long dm_crypt_key_sz;
>> };
>> /* kexec interface functions */
>>diff --git a/kernel/Makefile b/kernel/Makefile
>>index 3947122d618b..48859bf63db5 100644
>>--- a/kernel/Makefile
>>+++ b/kernel/Makefile
>>@@ -119,7 +119,7 @@ obj-$(CONFIG_PERF_EVENTS) += events/
>> obj-$(CONFIG_USER_RETURN_NOTIFIER) += user-return-notifier.o
>> obj-$(CONFIG_PADATA) += padata.o
>>-obj-$(CONFIG_CRASH_DUMP) += crash_dump.o
>>+obj-$(CONFIG_CRASH_DUMP) += crash_dump.o crash_dump_dm_crypt.o
>> obj-$(CONFIG_JUMP_LABEL) += jump_label.o
>> obj-$(CONFIG_CONTEXT_TRACKING) += context_tracking.o
>> obj-$(CONFIG_TORTURE_TEST) += torture.o
>>diff --git a/kernel/crash_dump_dm_crypt.c b/kernel/crash_dump_dm_crypt.c
>>new file mode 100644
>>index 000000000000..3a0b0b773598
>>--- /dev/null
>>+++ b/kernel/crash_dump_dm_crypt.c
>>@@ -0,0 +1,121 @@
>>+// SPDX-License-Identifier: GPL-2.0-only
>>+#include <keys/user-type.h>
>>+#include <linux/crash_dump.h>
>>+
>>+static u8 *dm_crypt_key;
>>+static unsigned int dm_crypt_key_size;
>>+
>>+void wipe_dm_crypt_key(void)
>>+{
>>+ if (dm_crypt_key) {
>>+ memset(dm_crypt_key, 0, dm_crypt_key_size * sizeof(u8));
>>+ kfree(dm_crypt_key);
>>+ dm_crypt_key = NULL;
>>+ }
>>+}
>>+
>>+static void _wipe_dm_crypt_key(struct work_struct *dummy)
>>+{
>>+ wipe_dm_crypt_key();
>>+}
>>+
>>+static DECLARE_DELAYED_WORK(wipe_dm_crypt_key_work, _wipe_dm_crypt_key);
>>+
>>+static unsigned __read_mostly wipe_key_delay = 120; /* 2 mins */
>>+
>>+static int crash_save_temp_dm_crypt_key(const char *key_desc, size_t count)
>>+{
>>+ const struct user_key_payload *ukp;
>>+ struct key *key;
>>+
>>+ if (dm_crypt_key) {
>>+ memset(dm_crypt_key, 0, dm_crypt_key_size * sizeof(u8));
>>+ kfree(dm_crypt_key);
>>+ }
>>+
>>+ pr_debug("Requesting key %s", key_desc);
>>+ key = request_key(&key_type_user, key_desc, NULL);
>
>If we don't read the key copy form userspace (my reply to top level
>message) you could use key_type_logon here.
I'll use key_type_logon, thanks!
--
Best regards,
Coiby
_______________________________________________
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec
next prev parent reply other threads:[~2024-01-17 7:45 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-01-10 7:15 [PATCH v2 0/5] Support kdump with LUKS encryption by reusing LUKS volume key Coiby Xu
2024-01-10 7:15 ` [PATCH v2 1/5] kexec_file: allow to place kexec_buf randomly Coiby Xu
2024-01-10 7:15 ` [PATCH v2 2/5] crash_dump: save the dm crypt key temporarily Coiby Xu
2024-01-13 17:07 ` kernel test robot
2024-01-13 17:50 ` kernel test robot
2024-01-13 21:43 ` kernel test robot
2024-01-16 10:40 ` Ondrej Kozina
2024-01-17 7:39 ` Coiby Xu [this message]
2024-01-10 7:15 ` [PATCH v2 3/5] crash_dump: retrieve dm crypt key in kdump kernel Coiby Xu
2024-01-13 18:45 ` kernel test robot
2024-01-10 7:15 ` [PATCH v2 4/5] x86/crash: pass the dm crypt key to " Coiby Xu
2024-01-10 7:15 ` [PATCH v2 5/5] x86/crash: make the page that stores the dm crypt key inaccessible Coiby Xu
2024-01-16 10:37 ` [PATCH v2 0/5] Support kdump with LUKS encryption by reusing LUKS volume key Ondrej Kozina
2024-01-17 7:38 ` Coiby Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=isgawrvqwuyaitkxgikkcgw3g5mxt3x3tubgpsy2kqos3t4nwr@soy5s6ypm6nt \
--to=coxu@redhat.com \
--cc=berrange@redhat.com \
--cc=bhe@redhat.com \
--cc=dave.hansen@intel.com \
--cc=dm-devel@redhat.com \
--cc=dyoung@redhat.com \
--cc=ebiederm@xmission.com \
--cc=gmazyland@gmail.com \
--cc=jpazdziora@redhat.com \
--cc=kernelfans@gmail.com \
--cc=kexec@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=okozina@redhat.com \
--cc=ryncsn@gmail.com \
--cc=tstaudt@de.ibm.com \
--cc=vgoyal@redhat.com \
--cc=vkuznets@redhat.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).