| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Z1mL2KBcRskFlffk@MiWiFi-R3L-srv>
Date: Wed, 11 Dec 2024 20:55:52 +0800
From: Baoquan He <bhe@...hat.com>
To: Coiby Xu <coxu@...hat.com>
Cc: kexec@...ts.infradead.org, Ondrej Kozina <okozina@...hat.com>,
Milan Broz <gmazyland@...il.com>,
Thomas Staudt <tstaudt@...ibm.com>,
Daniel P . Berrangé <berrange@...hat.com>,
Kairui Song <ryncsn@...il.com>,
Jan Pazdziora <jpazdziora@...hat.com>,
Pingfan Liu <kernelfans@...il.com>, Dave Young <dyoung@...hat.com>,
linux-kernel@...r.kernel.org, x86@...nel.org,
Dave Hansen <dave.hansen@...el.com>,
Vitaly Kuznetsov <vkuznets@...hat.com>,
Greg KH <gregkh@...uxfoundation.org>,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
Dave Hansen <dave.hansen@...ux.intel.com>,
"H. Peter Anvin" <hpa@...or.com>
Subject: Re: [PATCH v6 6/7] x86/crash: pass dm crypt keys to kdump kernel
On 10/29/24 at 01:52pm, Coiby Xu wrote:
> 1st kernel will build up the kernel command parameter dmcryptkeys as
> similar to elfcorehdr to pass the memory address of the stored info of
> dm crypt key to kdump kernel.
>
> Signed-off-by: Coiby Xu <coxu@...hat.com>
> ---
> arch/x86/kernel/crash.c | 20 ++++++++++++++++++--
> arch/x86/kernel/kexec-bzimage64.c | 7 +++++++
> 2 files changed, 25 insertions(+), 2 deletions(-)
>
> diff --git a/arch/x86/kernel/crash.c b/arch/x86/kernel/crash.c
> index 340af8155658..99d50c31db02 100644
> --- a/arch/x86/kernel/crash.c
> +++ b/arch/x86/kernel/crash.c
> @@ -278,6 +278,7 @@ static int memmap_exclude_ranges(struct kimage *image, struct crash_mem *cmem,
> unsigned long long mend)
> {
> unsigned long start, end;
> + int ret;
>
> cmem->ranges[0].start = mstart;
> cmem->ranges[0].end = mend;
> @@ -286,22 +287,37 @@ static int memmap_exclude_ranges(struct kimage *image, struct crash_mem *cmem,
> /* Exclude elf header region */
> start = image->elf_load_addr;
> end = start + image->elf_headers_sz - 1;
> - return crash_exclude_mem_range(cmem, start, end);
> + ret = crash_exclude_mem_range(cmem, start, end);
> +
> + if (ret)
> + return ret;
> +
> + /* Exclude dm crypt keys region */
> + if (image->dm_crypt_keys_addr) {
> + start = image->dm_crypt_keys_addr;
> + end = start + image->dm_crypt_keys_sz - 1;
> + return crash_exclude_mem_range(cmem, start, end);
> + }
> +
> + return ret;
> }
>
> /* Prepare memory map for crash dump kernel */
> int crash_setup_memmap_entries(struct kimage *image, struct boot_params *params)
> {
> + unsigned int max_nr_ranges = 3;
Define a macro and add code comment to explain why this value is taken?
> int i, ret = 0;
> unsigned long flags;
> struct e820_entry ei;
> struct crash_memmap_data cmd;
> struct crash_mem *cmem;
>
> - cmem = vzalloc(struct_size(cmem, ranges, 1));
> + cmem = vzalloc(struct_size(cmem, ranges, max_nr_ranges));
> if (!cmem)
> return -ENOMEM;
>
> + cmem->max_nr_ranges = max_nr_ranges;
> +
> memset(&cmd, 0, sizeof(struct crash_memmap_data));
> cmd.params = params;
>
> diff --git a/arch/x86/kernel/kexec-bzimage64.c b/arch/x86/kernel/kexec-bzimage64.c
> index 68530fad05f7..9c94428927bd 100644
> --- a/arch/x86/kernel/kexec-bzimage64.c
> +++ b/arch/x86/kernel/kexec-bzimage64.c
> @@ -76,6 +76,10 @@ static int setup_cmdline(struct kimage *image, struct boot_params *params,
> if (image->type == KEXEC_TYPE_CRASH) {
> len = sprintf(cmdline_ptr,
> "elfcorehdr=0x%lx ", image->elf_load_addr);
> +
> + if (image->dm_crypt_keys_addr != 0)
> + len += sprintf(cmdline_ptr + len,
> + "dmcryptkeys=0x%lx ", image->dm_crypt_keys_addr);
> }
> memcpy(cmdline_ptr + len, cmdline, cmdline_len);
> cmdline_len += len;
> @@ -441,6 +445,9 @@ static void *bzImage64_load(struct kimage *image, char *kernel,
> ret = crash_load_segments(image);
> if (ret)
> return ERR_PTR(ret);
> + ret = crash_load_dm_crypt_keys(image);
> + if (ret)
> + pr_debug("Either no dm crypt key or error to retrieve the dm crypt key\n");
If it's error, do we need change ti to pr_debug?
> }
> #endif
>
> --
> 2.47.0
>
Powered by blists - more mailing lists