| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <n53jx5fhh5e42yugnegiduvbbqnyic4m6ujadppcfbwmdny43o@vg6mgxm2qpqn>
Date: Mon, 23 Dec 2024 08:41:07 +0800
From: Coiby Xu <coxu@...hat.com>
To: Baoquan He <bhe@...hat.com>
Cc: kexec@...ts.infradead.org, Ondrej Kozina <okozina@...hat.com>,
Milan Broz <gmazyland@...il.com>, Thomas Staudt <tstaudt@...ibm.com>,
Daniel P . Berrangé <berrange@...hat.com>, Kairui Song <ryncsn@...il.com>,
Jan Pazdziora <jpazdziora@...hat.com>, Pingfan Liu <kernelfans@...il.com>,
Dave Young <dyoung@...hat.com>, linux-kernel@...r.kernel.org, x86@...nel.org,
Dave Hansen <dave.hansen@...el.com>, Vitaly Kuznetsov <vkuznets@...hat.com>,
Greg KH <gregkh@...uxfoundation.org>, Vivek Goyal <vgoyal@...hat.com>
Subject: Re: [PATCH v6 4/7] crash_dump: reuse saved dm crypt keys for
CPU/memory hot-plugging
On Wed, Dec 11, 2024 at 09:08:43PM +0800, Baoquan He wrote:
>On 10/29/24 at 01:52pm, Coiby Xu wrote:
>> When there are CPU and memory hot un/plugs, the dm crypt keys may need
>> to be reloaded again depending on the solution for crash hotplug
>> support. Currently, there are two solutions. One is to utilizes udev to
>> instruct user space to reload the kdump kernel image and initrd,
>> elfcorehdr and etc again. The other is to only update the elfcorehdr
>> segment introduced in commit 247262756121 ("crash:
>> add generic infrastructure for crash hotplug support").
>>
>> For the 1st solution, the dm crypt keys need to be reloaded again. The
>> user space can write true to
>> /sys/kernel/config/crash_dm_crypt_key/reuse so the stored keys can be
>> re-used.
>>
>> For the 2nd solution, the dm crypt keys don't need to be reloaded.
>> Currently, only x86 supports the 2nd solution. If the 2nd solution
>> gets extended to all arches, this patch can be dropped.
>>
>> Signed-off-by: Coiby Xu <coxu@...hat.com>
>> ---
>> kernel/crash_dump_dm_crypt.c | 52 +++++++++++++++++++++++++++++++++---
>> 1 file changed, 48 insertions(+), 4 deletions(-)
>>
>> diff --git a/kernel/crash_dump_dm_crypt.c b/kernel/crash_dump_dm_crypt.c
>> index ec2ec2967242..51431f93fc1e 100644
>> --- a/kernel/crash_dump_dm_crypt.c
>> +++ b/kernel/crash_dump_dm_crypt.c
>> @@ -28,6 +28,20 @@ static size_t get_keys_header_size(size_t total_keys)
>> return struct_size(keys_header, keys, total_keys);
>> }
>>
>> +static void get_keys_from_kdump_reserved_memory(void)
>> +{
>> + struct keys_header *keys_header_loaded;
>> +
>> + arch_kexec_unprotect_crashkres();
>> +
>> + keys_header_loaded = kmap_local_page(pfn_to_page(
>> + kexec_crash_image->dm_crypt_keys_addr >> PAGE_SHIFT));
>> +
>> + memcpy(keys_header, keys_header_loaded, get_keys_header_size(key_count));
>> + kunmap_local(keys_header_loaded);
>> + arch_kexec_protect_crashkres();
>> +}
>> +
>> static int read_key_from_user_keying(struct dm_crypt_key *dm_key)
>> {
>> const struct user_key_payload *ukp;
>> @@ -150,8 +164,36 @@ static ssize_t config_keys_count_show(struct config_item *item, char *page)
>>
>> CONFIGFS_ATTR_RO(config_keys_, count);
>>
>> +static bool reuse;
>
>Give it a meaningful name since it's a global variable, e.g
>is_dm_key_reused?
Sure, I'll use is_dm_key_reused in next version! Thanks for the
suggestion to improve code readability!
--
Best regards,
Coiby
Powered by blists - more mailing lists