lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <isgawrvqwuyaitkxgikkcgw3g5mxt3x3tubgpsy2kqos3t4nwr@soy5s6ypm6nt>
Date: Wed, 17 Jan 2024 15:39:50 +0800
From: Coiby Xu <coxu@...hat.com>
To: Ondrej Kozina <okozina@...hat.com>
Cc: kexec@...ts.infradead.org, Milan Broz <gmazyland@...il.com>, 
	Thomas Staudt <tstaudt@...ibm.com>, Daniel P . Berrangé <berrange@...hat.com>, 
	Kairui Song <ryncsn@...il.com>, dm-devel@...hat.com, Jan Pazdziora <jpazdziora@...hat.com>, 
	Pingfan Liu <kernelfans@...il.com>, Baoquan He <bhe@...hat.com>, Dave Young <dyoung@...hat.com>, 
	linux-kernel@...r.kernel.org, x86@...nel.org, Dave Hansen <dave.hansen@...el.com>, 
	Vitaly Kuznetsov <vkuznets@...hat.com>, Vivek Goyal <vgoyal@...hat.com>, 
	Eric Biederman <ebiederm@...ssion.com>
Subject: Re: Re: [PATCH v2 2/5] crash_dump: save the dm crypt key temporarily

On Tue, Jan 16, 2024 at 11:40:53AM +0100, Ondrej Kozina wrote:
>On 10/01/2024 08:15, Coiby Xu wrote:
>>User space is supposed to write the key description to
>>/sys/kernel/crash_dm_crypt_key so the kernel will read the key and save
>>a temporary copy for later user. User space has 2 minutes at maximum to
>>load the kdump initrd before the key gets wiped. And after kdump
>>retrieves the key, the key will be wiped immediately.
>>
>>Signed-off-by: Coiby Xu <coxu@...hat.com>
>>---
>>  include/linux/crash_core.h   |   7 +-
>>  include/linux/kexec.h        |   4 ++
>>  kernel/Makefile              |   2 +-
>>  kernel/crash_dump_dm_crypt.c | 121 +++++++++++++++++++++++++++++++++++
>>  kernel/ksysfs.c              |  23 ++++++-
>>  5 files changed, 153 insertions(+), 4 deletions(-)
>>  create mode 100644 kernel/crash_dump_dm_crypt.c
>>
>>diff --git a/include/linux/crash_core.h b/include/linux/crash_core.h
>>index 5126a4fecb44..7078eda6418d 100644
>>--- a/include/linux/crash_core.h
>>+++ b/include/linux/crash_core.h
>>@@ -125,6 +125,12 @@ static inline void __init reserve_crashkernel_generic(char *cmdline,
>>  {}
>>  #endif
>>+struct kimage;
>>+
>>+int crash_sysfs_dm_crypt_key_write(const char *key_des, size_t count);
>>+int crash_pass_temp_dm_crypt_key(void **addr, unsigned long *sz);
>>+int crash_load_dm_crypt_key(struct kimage *image);
>>+
>>  /* Alignment required for elf header segment */
>>  #define ELF_CORE_HEADER_ALIGN   4096
>>@@ -140,7 +146,6 @@ extern int crash_exclude_mem_range(struct crash_mem *mem,
>>  extern int crash_prepare_elf64_headers(struct crash_mem *mem, int need_kernel_map,
>>  				       void **addr, unsigned long *sz);
>>-struct kimage;
>>  struct kexec_segment;
>>  #define KEXEC_CRASH_HP_NONE			0
>>diff --git a/include/linux/kexec.h b/include/linux/kexec.h
>>index 6f4626490ebf..bf7ab1e927ef 100644
>>--- a/include/linux/kexec.h
>>+++ b/include/linux/kexec.h
>>@@ -366,6 +366,10 @@ struct kimage {
>>  	void *elf_headers;
>>  	unsigned long elf_headers_sz;
>>  	unsigned long elf_load_addr;
>>+
>>+	/* dm crypt key buffer */
>>+	unsigned long dm_crypt_key_addr;
>>+	unsigned long dm_crypt_key_sz;
>>  };
>>  /* kexec interface functions */
>>diff --git a/kernel/Makefile b/kernel/Makefile
>>index 3947122d618b..48859bf63db5 100644
>>--- a/kernel/Makefile
>>+++ b/kernel/Makefile
>>@@ -119,7 +119,7 @@ obj-$(CONFIG_PERF_EVENTS) += events/
>>  obj-$(CONFIG_USER_RETURN_NOTIFIER) += user-return-notifier.o
>>  obj-$(CONFIG_PADATA) += padata.o
>>-obj-$(CONFIG_CRASH_DUMP) += crash_dump.o
>>+obj-$(CONFIG_CRASH_DUMP) += crash_dump.o crash_dump_dm_crypt.o
>>  obj-$(CONFIG_JUMP_LABEL) += jump_label.o
>>  obj-$(CONFIG_CONTEXT_TRACKING) += context_tracking.o
>>  obj-$(CONFIG_TORTURE_TEST) += torture.o
>>diff --git a/kernel/crash_dump_dm_crypt.c b/kernel/crash_dump_dm_crypt.c
>>new file mode 100644
>>index 000000000000..3a0b0b773598
>>--- /dev/null
>>+++ b/kernel/crash_dump_dm_crypt.c
>>@@ -0,0 +1,121 @@
>>+// SPDX-License-Identifier: GPL-2.0-only
>>+#include <keys/user-type.h>
>>+#include <linux/crash_dump.h>
>>+
>>+static u8 *dm_crypt_key;
>>+static unsigned int dm_crypt_key_size;
>>+
>>+void wipe_dm_crypt_key(void)
>>+{
>>+	if (dm_crypt_key) {
>>+		memset(dm_crypt_key, 0, dm_crypt_key_size * sizeof(u8));
>>+		kfree(dm_crypt_key);
>>+		dm_crypt_key = NULL;
>>+	}
>>+}
>>+
>>+static void _wipe_dm_crypt_key(struct work_struct *dummy)
>>+{
>>+	wipe_dm_crypt_key();
>>+}
>>+
>>+static DECLARE_DELAYED_WORK(wipe_dm_crypt_key_work, _wipe_dm_crypt_key);
>>+
>>+static unsigned __read_mostly wipe_key_delay = 120; /* 2 mins */
>>+
>>+static int crash_save_temp_dm_crypt_key(const char *key_desc, size_t count)
>>+{
>>+	const struct user_key_payload *ukp;
>>+	struct key *key;
>>+
>>+	if (dm_crypt_key) {
>>+		memset(dm_crypt_key, 0, dm_crypt_key_size * sizeof(u8));
>>+		kfree(dm_crypt_key);
>>+	}
>>+
>>+	pr_debug("Requesting key %s", key_desc);
>>+	key = request_key(&key_type_user, key_desc, NULL);
>
>If we don't read the key copy form userspace (my reply to top level 
>message) you could use key_type_logon here.

I'll use key_type_logon, thanks!

-- 
Best regards,
Coiby

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ