| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Z1mO2wp6zlPCV6JJ@MiWiFi-R3L-srv>
Date: Wed, 11 Dec 2024 21:08:43 +0800
From: Baoquan He <bhe@...hat.com>
To: Coiby Xu <coxu@...hat.com>
Cc: kexec@...ts.infradead.org, Ondrej Kozina <okozina@...hat.com>,
Milan Broz <gmazyland@...il.com>,
Thomas Staudt <tstaudt@...ibm.com>,
Daniel P . Berrangé <berrange@...hat.com>,
Kairui Song <ryncsn@...il.com>,
Jan Pazdziora <jpazdziora@...hat.com>,
Pingfan Liu <kernelfans@...il.com>, Dave Young <dyoung@...hat.com>,
linux-kernel@...r.kernel.org, x86@...nel.org,
Dave Hansen <dave.hansen@...el.com>,
Vitaly Kuznetsov <vkuznets@...hat.com>,
Greg KH <gregkh@...uxfoundation.org>,
Vivek Goyal <vgoyal@...hat.com>
Subject: Re: [PATCH v6 4/7] crash_dump: reuse saved dm crypt keys for
CPU/memory hot-plugging
On 10/29/24 at 01:52pm, Coiby Xu wrote:
> When there are CPU and memory hot un/plugs, the dm crypt keys may need
> to be reloaded again depending on the solution for crash hotplug
> support. Currently, there are two solutions. One is to utilizes udev to
> instruct user space to reload the kdump kernel image and initrd,
> elfcorehdr and etc again. The other is to only update the elfcorehdr
> segment introduced in commit 247262756121 ("crash:
> add generic infrastructure for crash hotplug support").
>
> For the 1st solution, the dm crypt keys need to be reloaded again. The
> user space can write true to
> /sys/kernel/config/crash_dm_crypt_key/reuse so the stored keys can be
> re-used.
>
> For the 2nd solution, the dm crypt keys don't need to be reloaded.
> Currently, only x86 supports the 2nd solution. If the 2nd solution
> gets extended to all arches, this patch can be dropped.
>
> Signed-off-by: Coiby Xu <coxu@...hat.com>
> ---
> kernel/crash_dump_dm_crypt.c | 52 +++++++++++++++++++++++++++++++++---
> 1 file changed, 48 insertions(+), 4 deletions(-)
>
> diff --git a/kernel/crash_dump_dm_crypt.c b/kernel/crash_dump_dm_crypt.c
> index ec2ec2967242..51431f93fc1e 100644
> --- a/kernel/crash_dump_dm_crypt.c
> +++ b/kernel/crash_dump_dm_crypt.c
> @@ -28,6 +28,20 @@ static size_t get_keys_header_size(size_t total_keys)
> return struct_size(keys_header, keys, total_keys);
> }
>
> +static void get_keys_from_kdump_reserved_memory(void)
> +{
> + struct keys_header *keys_header_loaded;
> +
> + arch_kexec_unprotect_crashkres();
> +
> + keys_header_loaded = kmap_local_page(pfn_to_page(
> + kexec_crash_image->dm_crypt_keys_addr >> PAGE_SHIFT));
> +
> + memcpy(keys_header, keys_header_loaded, get_keys_header_size(key_count));
> + kunmap_local(keys_header_loaded);
> + arch_kexec_protect_crashkres();
> +}
> +
> static int read_key_from_user_keying(struct dm_crypt_key *dm_key)
> {
> const struct user_key_payload *ukp;
> @@ -150,8 +164,36 @@ static ssize_t config_keys_count_show(struct config_item *item, char *page)
>
> CONFIGFS_ATTR_RO(config_keys_, count);
>
> +static bool reuse;
Give it a meaningful name since it's a global variable, e.g
is_dm_key_reused?
> +
> +static ssize_t config_keys_reuse_show(struct config_item *item, char *page)
> +{
> + return sprintf(page, "%d\n", reuse);
> +}
> +
> +static ssize_t config_keys_reuse_store(struct config_item *item,
> + const char *page, size_t count)
> +{
> + if (!kexec_crash_image || !kexec_crash_image->dm_crypt_keys_addr) {
> + kexec_dprintk(
> + "dm-crypt keys haven't be saved to crash-reserved memory\n");
> + return -EINVAL;
> + }
> +
> + if (kstrtobool(page, &reuse))
> + return -EINVAL;
> +
> + if (reuse)
> + get_keys_from_kdump_reserved_memory();
> +
> + return count;
> +}
> +
> +CONFIGFS_ATTR(config_keys_, reuse);
> +
> static struct configfs_attribute *config_keys_attrs[] = {
> &config_keys_attr_count,
> + &config_keys_attr_reuse,
> NULL,
> };
>
Powered by blists - more mailing lists