| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aXd72PcvvFsIFXO2@willie-the-truck>
Date: Mon, 26 Jan 2026 14:36:08 +0000
From: Will Deacon <will@...nel.org>
To: Coiby Xu <coxu@...hat.com>
Cc: kexec@...ts.infradead.org, linux-arm-kernel@...ts.infradead.org,
Arnaud Lefebvre <arnaud.lefebvre@...ver-cloud.com>,
Baoquan he <bhe@...hat.com>, Dave Young <dyoung@...hat.com>,
Kairui Song <ryncsn@...il.com>, Pingfan Liu <kernelfans@...il.com>,
Andrew Morton <akpm@...ux-foundation.org>,
Krzysztof Kozlowski <krzk@...nel.org>,
Rob Herring <robh@...nel.org>,
Catalin Marinas <catalin.marinas@....com>,
Saravana Kannan <saravanak@...nel.org>,
open list <linux-kernel@...r.kernel.org>,
"open list:OPEN FIRMWARE AND FLATTENED DEVICE TREE" <devicetree@...r.kernel.org>
Subject: Re: [PATCH v3] arm64/kdump: pass dm-crypt keys to kdump kernel
On Fri, Jan 23, 2026 at 04:13:25PM +0800, Coiby Xu wrote:
> CONFIG_CRASH_DM_CRYPT has been introduced to support LUKS-encrypted
> device dump target by addressing two challenges [1],
> - Kdump kernel may not be able to decrypt the LUKS partition. For some
> machines, a system administrator may not have a chance to enter the
> password to decrypt the device in kdump initramfs after the 1st kernel
> crashes
>
> - LUKS2 by default use the memory-hard Argon2 key derivation function
> which is quite memory-consuming compared to the limited memory reserved
> for kdump.
>
> To also enable this feature for ARM64, we only need to add device tree
> property dmcryptkeys [2] as similar to elfcorehdr to pass the memory
> address of the stored info of dm-crypt keys to the kdump kernel. Since
> this property is only needed by the kdump kenrel, it won't be exposed to
> user space.
>
> [1] https://lore.kernel.org/all/20250502011246.99238-1-coxu@redhat.com/
> [2] https://github.com/devicetree-org/dt-schema/pull/181
>
> Cc: Arnaud Lefebvre <arnaud.lefebvre@...ver-cloud.com>
> Cc: Baoquan he <bhe@...hat.com>
> Cc: Dave Young <dyoung@...hat.com>
> Cc: Kairui Song <ryncsn@...il.com>
> Cc: Pingfan Liu <kernelfans@...il.com>
> Cc: Andrew Morton <akpm@...ux-foundation.org>
> Cc: Krzysztof Kozlowski <krzk@...nel.org>
> Cc: Rob Herring <robh@...nel.org>
> Signed-off-by: Coiby Xu <coxu@...hat.com>
> ---
> v3
> - Delete the property after reading it [Rob Herring]
>
> v2
> - Krzysztof
> - Use imperative mood for commit message
> - Add dt-schema ABI Documentation
> https://github.com/devicetree-org/dt-schema/pull/181
> - Don't print dm-crypt keys address via pr_debug
>
>
> arch/arm64/kernel/machine_kexec_file.c | 9 +++++++++
> drivers/of/fdt.c | 21 +++++++++++++++++++++
> drivers/of/kexec.c | 19 +++++++++++++++++++
> 3 files changed, 49 insertions(+)
>
> diff --git a/arch/arm64/kernel/machine_kexec_file.c b/arch/arm64/kernel/machine_kexec_file.c
> index 410060ebd86d..5f3bad8ca96d 100644
> --- a/arch/arm64/kernel/machine_kexec_file.c
> +++ b/arch/arm64/kernel/machine_kexec_file.c
> @@ -134,6 +134,15 @@ int load_other_segments(struct kimage *image,
>
> kexec_dprintk("Loaded elf core header at 0x%lx bufsz=0x%lx memsz=0x%lx\n",
> image->elf_load_addr, kbuf.bufsz, kbuf.memsz);
> +
> + ret = crash_load_dm_crypt_keys(image);
> +
> + if (ret == -ENOENT) {
> + kexec_dprintk("No dm crypt key to load\n");
> + } else if (ret) {
> + pr_err("Failed to load dm crypt keys\n");
> + goto out_err;
> + }
This looks like an unusual mixture of kexec_dprintk() and pr_err().
Stepping back a second, why do we need to print anything from the arch
code at all? It looks like crash_load_dm_crypt_keys() already prints for
the -ENOENT case so I'd be inclined just to do:
ret = crash_load_dm_crypt_keys(image);
if (ret)
goto out_err;
Will
Powered by blists - more mailing lists