From patchwork Fri Nov 4 11:29:56 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Coiby Xu X-Patchwork-Id: 13034020 X-Patchwork-Delegate: snitzer@redhat.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 1C0D6C4321E for ; Mon, 7 Nov 2022 08:40:16 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1667810415; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=ltklqOYjD/Z/Ig/BxaI2E4BJWg3wy84U+rIipbyt4C8=; b=RNuJRBrpAAWZuQL26U7itC8uCofuc1fLVLCLLdZNiQXc2ijIt6+1YPhpQhx1YxHzpBHZ70 fkygskzJfCNBHMfnrtB7b1Qmgr3+HiuBUEWv2BVAW9isvfn+ws0/unJ60EHjMUoeYvAuSL KAD1O43jjOY6/9Q6OAGy7Lfb2X2i05w= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-639-XpOoPlteNyShgY4X4h6t0Q-1; Mon, 07 Nov 2022 03:40:11 -0500 X-MC-Unique: XpOoPlteNyShgY4X4h6t0Q-1 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id C36E218ABF82; Mon, 7 Nov 2022 08:40:09 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (unknown [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id E31A639DB3; Mon, 7 Nov 2022 08:40:08 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id D8D6D1946589; Mon, 7 Nov 2022 08:40:08 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.rdu2.redhat.com [10.11.54.2]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 7DCB31946586 for ; Fri, 4 Nov 2022 11:30:21 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id D6ED040C6F73; Fri, 4 Nov 2022 11:30:21 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast03.extmail.prod.ext.rdu2.redhat.com [10.11.55.19]) by smtp.corp.redhat.com (Postfix) with ESMTPS id CFA0340C6EE9 for ; Fri, 4 Nov 2022 11:30:21 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [207.211.31.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id B46AD811E7A for ; Fri, 4 Nov 2022 11:30:21 +0000 (UTC) Received: from mail-pl1-f200.google.com (mail-pl1-f200.google.com [209.85.214.200]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_128_GCM_SHA256) id us-mta-627-sW-QlLbxN7S2MWuKb8se_A-1; Fri, 04 Nov 2022 07:30:20 -0400 X-MC-Unique: sW-QlLbxN7S2MWuKb8se_A-1 Received: by mail-pl1-f200.google.com with SMTP id n1-20020a170902f60100b00179c0a5c51fso3388433plg.7 for ; Fri, 04 Nov 2022 04:30:20 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=uJy9Oiy5cpKmClijTkDe6KXjFE6VRuxm2Fp2gVJ4PwQ=; b=KQOf1bCx09qWTT8nVKSqGUm1eQqEwLiqGKjvqhUEXobELz1fRnEuTa8PGOoluq1k6S 0FK/u3uLQNpfY1C1H3Pu/UKTocgdcGukBu7v1Kwmn0FUQ9Yr2XxweXKUtX0ld63vVP8h AET2T57Cr7HdUvC/ZeEE2nHn3LjK2adjJx0/gEB92t0H4PWgdHejdK+OjPyFsZz3gPXZ PzctT5z9U9hw2v5PGDI10r4Hv4PUg78uEzB3FJ1GemaqObWaV1J8YAAMkXZNmf9KfWpn S/TylET+UmBZ2xwcFy64TeU7YsMiDmt1AsaIqSIcCb/U4G/Uxr60ZnyIq+GShElndLix SJSQ== X-Gm-Message-State: ACrzQf3tVseVbowLLeXbtgSgY+XthNEv+tq5f1K47OmWjK0qkyKyiURI EJzGLJLUGYfC0JQYw12+t/NMqGDU65AH2YwOyJzTYVO0dkfuJ4aYT9B3QUBrktrJ5/4bAj/jcwh cllt4BaQyQhFaMNw= X-Received: by 2002:a17:902:aa46:b0:186:e220:11d4 with SMTP id c6-20020a170902aa4600b00186e22011d4mr35254827plr.163.1667561419297; Fri, 04 Nov 2022 04:30:19 -0700 (PDT) X-Google-Smtp-Source: AMsMyM5pcZ6tNaPqq0YoJX850E6WOJZ5lbYOLfvzVTVy1cDIH4ecstbrpazqOrRO+fSBQKpe6bAfZw== X-Received: by 2002:a17:902:aa46:b0:186:e220:11d4 with SMTP id c6-20020a170902aa4600b00186e22011d4mr35254808plr.163.1667561419017; Fri, 04 Nov 2022 04:30:19 -0700 (PDT) Received: from localhost ([209.132.188.80]) by smtp.gmail.com with ESMTPSA id f11-20020a170902684b00b0018855a22ccfsm2430982pln.91.2022.11.04.04.30.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 04 Nov 2022 04:30:18 -0700 (PDT) From: Coiby Xu To: kexec@lists.infradead.org Date: Fri, 4 Nov 2022 19:29:56 +0800 Message-Id: <20221104113000.487098-2-coxu@redhat.com> In-Reply-To: <20221104113000.487098-1-coxu@redhat.com> References: <20221104113000.487098-1-coxu@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.2 X-Mailman-Approved-At: Mon, 07 Nov 2022 08:40:06 +0000 Subject: [dm-devel] [RFC v2 1/5] kexec_file: allow to place kexec_buf randomly X-BeenThere: dm-devel@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: device-mapper development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Baoquan He , dm-devel@redhat.com, Pingfan Liu , linux-kernel@vger.kernel.org, Kairui Song , Eric Biederman , Jan Pazdziora , Thomas Staudt , Dave Young , Milan Broz Errors-To: dm-devel-bounces@redhat.com Sender: "dm-devel" X-Scanned-By: MIMEDefang 3.1 on 10.11.54.5 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Currently, kexec_buf is placed in order which means for the same machine, the info in the kexec_buf is always located at the same position each time the machine is booted. This may cause a risk for sensitive information like LUKS volume key. Now struct kexec_buf has a new field random which indicates it's supposed to be placed in a random position. Suggested-by: Jan Pazdziora Signed-off-by: Coiby Xu --- include/linux/kexec.h | 2 ++ kernel/kexec_file.c | 15 +++++++++++++++ 2 files changed, 17 insertions(+) diff --git a/include/linux/kexec.h b/include/linux/kexec.h index 13e6c4b58f07..c0edb64bf6c4 100644 --- a/include/linux/kexec.h +++ b/include/linux/kexec.h @@ -171,6 +171,7 @@ int kexec_image_post_load_cleanup_default(struct kimage *image); * @buf_min: The buffer can't be placed below this address. * @buf_max: The buffer can't be placed above this address. * @top_down: Allocate from top of memory. + * @random: Place the buffer at a random position. */ struct kexec_buf { struct kimage *image; @@ -182,6 +183,7 @@ struct kexec_buf { unsigned long buf_min; unsigned long buf_max; bool top_down; + bool random; }; int kexec_load_purgatory(struct kimage *image, struct kexec_buf *kbuf); diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c index a7b411c22f19..ed9fcc369312 100644 --- a/kernel/kexec_file.c +++ b/kernel/kexec_file.c @@ -25,6 +25,7 @@ #include #include #include +#include #include #include #include "kexec_internal.h" @@ -412,6 +413,16 @@ SYSCALL_DEFINE5(kexec_file_load, int, kernel_fd, int, initrd_fd, return ret; } +static unsigned long kexec_random_start(unsigned long start, unsigned long end) +{ + unsigned long temp_start; + unsigned short i; + + get_random_bytes(&i, sizeof(unsigned short)); + temp_start = start + (end - start) / USHRT_MAX * i; + return temp_start; +} + static int locate_mem_hole_top_down(unsigned long start, unsigned long end, struct kexec_buf *kbuf) { @@ -420,6 +431,8 @@ static int locate_mem_hole_top_down(unsigned long start, unsigned long end, temp_end = min(end, kbuf->buf_max); temp_start = temp_end - kbuf->memsz; + if (kbuf->random) + temp_start = kexec_random_start(temp_start, temp_end); do { /* align down start */ @@ -457,6 +470,8 @@ static int locate_mem_hole_bottom_up(unsigned long start, unsigned long end, unsigned long temp_start, temp_end; temp_start = max(start, kbuf->buf_min); + if (kbuf->random) + temp_start = kexec_random_start(temp_start, end); do { temp_start = ALIGN(temp_start, kbuf->buf_align); From patchwork Fri Nov 4 11:29:57 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Coiby Xu X-Patchwork-Id: 13034019 X-Patchwork-Delegate: snitzer@redhat.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 4F594C4332F for ; Mon, 7 Nov 2022 08:40:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1667810413; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=nrzFJuoFeBRB4vivLhKGnlh9mnwaF1M2QLyXUljHLTk=; b=Np2I8C4q0Z27VuFCbrh+tueMxSdZeM3ffn9JMBokRvu+K9Ii76vL9LOt6NetA58mW1999F Bhnu31z3u0tYKOD7P9UHxq6PSiBSsP/gGIzoHvW4iEuHoyb4GwxNtt+rfTHFfzUEJw3MXW JZjm055AcDGaX6sFvajmqFjEQIn5h9o= Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-492-ZsGQfvC1NKyAszWbnU_cFA-1; Mon, 07 Nov 2022 03:40:11 -0500 X-MC-Unique: ZsGQfvC1NKyAszWbnU_cFA-1 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.rdu2.redhat.com [10.11.54.1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id C47862804BAA; Mon, 7 Nov 2022 08:40:09 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (unknown [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id B5AAF40C2064; Mon, 7 Nov 2022 08:40:06 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id A26C61946588; Mon, 7 Nov 2022 08:40:06 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.rdu2.redhat.com [10.11.54.2]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 841FF1946586 for ; Fri, 4 Nov 2022 11:30:30 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id 67C3E40C6F73; Fri, 4 Nov 2022 11:30:30 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast03.extmail.prod.ext.rdu2.redhat.com [10.11.55.19]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 5FD2540C6EE9 for ; Fri, 4 Nov 2022 11:30:30 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-2.mimecast.com [205.139.110.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 45500811E75 for ; Fri, 4 Nov 2022 11:30:30 +0000 (UTC) Received: from mail-pl1-f200.google.com (mail-pl1-f200.google.com [209.85.214.200]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_128_GCM_SHA256) id us-mta-172-5kPhyxZmMfmgnHas1HuDHg-1; Fri, 04 Nov 2022 07:30:29 -0400 X-MC-Unique: 5kPhyxZmMfmgnHas1HuDHg-1 Received: by mail-pl1-f200.google.com with SMTP id n12-20020a170902e54c00b00188515e81a6so3420703plf.23 for ; Fri, 04 Nov 2022 04:30:29 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=s1xZ0vxushGJcgjg7hlatryVRu1/dXqezckzHs4WjGk=; b=xo7bhTWylIlEbikralM12kgu+U+GBC5nLxGgfyOb+CYlzJFxvWncnjKnvehaHsRlY6 CWf990WdhSM1uUsVPk9uujmgKNxC2n/9YgaRKAIMfQ3cVO7GBNmVdoVwawCrpnzpljYA Jul8bn78+RC8vJNAUAPd0wJQfed/oML/XVgEGQVW0XSJzJzChL4ATozQuPMZaBRjI0te Q5K17zpEI+58Hp2+xeJFOZc61gW8r1cKtthquDKw09zemqHjtyPh/mKOMQtcfnYKWJ1k p6tXIrpT1wfAwFdkl890R2HBhKdCKLlUh34YEPtxlu3E/LGveQe3ev7gkI2HDaBNiJb2 AYnQ== X-Gm-Message-State: ACrzQf18BbqncitHYxWgLrybo1W6Mouqk59vRn1aFCP2nagl5HfEtLEV roDUUTuZ72ZwrL0/2UNA6PCzdMV52+0bqiXTH0+U3jD3S5UXQhJTwbbABDflEUv8sHveZU0RCSl LWF+pZyZGsAufks8= X-Received: by 2002:a17:90b:4f8a:b0:213:48f0:296f with SMTP id qe10-20020a17090b4f8a00b0021348f0296fmr53282529pjb.140.1667561428159; Fri, 04 Nov 2022 04:30:28 -0700 (PDT) X-Google-Smtp-Source: AMsMyM6fOg7xKewtpqLLbefucY7Lfg8o27pnyZIU+pw2e82M8AAb+KPN1hlYZS75bLeAcvDS/QbLoA== X-Received: by 2002:a17:90b:4f8a:b0:213:48f0:296f with SMTP id qe10-20020a17090b4f8a00b0021348f0296fmr53282509pjb.140.1667561427911; Fri, 04 Nov 2022 04:30:27 -0700 (PDT) Received: from localhost ([209.132.188.80]) by smtp.gmail.com with ESMTPSA id p12-20020a170902a40c00b00186b1bfbe79sm2429710plq.66.2022.11.04.04.30.26 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 04 Nov 2022 04:30:27 -0700 (PDT) From: Coiby Xu To: kexec@lists.infradead.org Date: Fri, 4 Nov 2022 19:29:57 +0800 Message-Id: <20221104113000.487098-3-coxu@redhat.com> In-Reply-To: <20221104113000.487098-1-coxu@redhat.com> References: <20221104113000.487098-1-coxu@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.2 X-Mailman-Approved-At: Mon, 07 Nov 2022 08:40:06 +0000 Subject: [dm-devel] [RFC v2 2/5] crash_dump: save the LUKS volume key temporarily X-BeenThere: dm-devel@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: device-mapper development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Baoquan He , dm-devel@redhat.com, Pingfan Liu , linux-kernel@vger.kernel.org, Kairui Song , Jan Pazdziora , Thomas Staudt , Dave Young , Milan Broz , Vivek Goyal Errors-To: dm-devel-bounces@redhat.com Sender: "dm-devel" X-Scanned-By: MIMEDefang 3.1 on 10.11.54.1 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com After having the volume key, crytpsetup/systemd-cryptsetup saves the volume key as a logon key to its thread keyring and this key is destroyed immediately with the terminated thread. So a temporary copy of the volume key is needed in order to later save it to kdump reserved memory when the crash kernel is loaded later. crytpsetup/systemd-cryptsetup will write the key description to /sys/kernel/crash_luks_volume_key so the kernel will read the logon key and save a temporary copy for later user. kdump has 1 hour at maximum to get the temporary copy before the key gets wiped. And after kdump retrieves the key, the key will be wiped immediately. Signed-off-by: Coiby Xu --- include/linux/crash_core.h | 2 + kernel/crash_dump.c | 88 ++++++++++++++++++++++++++++++++++++++ kernel/ksysfs.c | 19 ++++++++ 3 files changed, 109 insertions(+) diff --git a/include/linux/crash_core.h b/include/linux/crash_core.h index de62a722431e..596d83b8f362 100644 --- a/include/linux/crash_core.h +++ b/include/linux/crash_core.h @@ -83,5 +83,7 @@ int parse_crashkernel_high(char *cmdline, unsigned long long system_ram, unsigned long long *crash_size, unsigned long long *crash_base); int parse_crashkernel_low(char *cmdline, unsigned long long system_ram, unsigned long long *crash_size, unsigned long long *crash_base); +int crash_sysfs_luks_volume_key_write(const char *key_des, size_t count); +int crash_pass_temp_luks_volume_key(void **addr, unsigned long *sz); #endif /* LINUX_CRASH_CORE_H */ diff --git a/kernel/crash_dump.c b/kernel/crash_dump.c index 92da32275af5..9c202bffbb8d 100644 --- a/kernel/crash_dump.c +++ b/kernel/crash_dump.c @@ -5,6 +5,7 @@ #include #include +#include /* * stores the physical address of elf header of crash image * @@ -39,3 +40,90 @@ static int __init setup_elfcorehdr(char *arg) return end > arg ? 0 : -EINVAL; } early_param("elfcorehdr", setup_elfcorehdr); + +static u8 *luks_volume_key; +static unsigned int luks_volume_key_size; + +void wipe_luks_volume_key(void) +{ + if (luks_volume_key) { + memset(luks_volume_key, 0, luks_volume_key_size * sizeof(u8)); + kfree(luks_volume_key); + luks_volume_key = NULL; + } +} + +static void _wipe_luks_volume_key(struct work_struct *dummy) +{ + wipe_luks_volume_key(); +} + +static DECLARE_DELAYED_WORK(wipe_luks_volume_key_work, _wipe_luks_volume_key); + +static unsigned __read_mostly wipe_key_delay = 3600; /* 1 hour */ + +static int crash_save_temp_luks_volume_key(const char *key_desc, size_t count) +{ + const struct user_key_payload *ukp; + struct key *key; + + + if (luks_volume_key) { + memset(luks_volume_key, 0, luks_volume_key_size * sizeof(u8)); + kfree(luks_volume_key); + } + + pr_debug("Requesting key %s", key_desc); + key = request_key(&key_type_logon, key_desc, NULL); + + if (IS_ERR(key)) { + pr_debug("No such key %s", key_desc); + return PTR_ERR(key); + } + + ukp = user_key_payload_locked(key); + if (!ukp) + return -EKEYREVOKED; + + luks_volume_key = kmalloc(ukp->datalen, GFP_KERNEL); + if (!luks_volume_key) + return -ENOMEM; + memcpy(luks_volume_key, ukp->data, ukp->datalen); + luks_volume_key_size = ukp->datalen; + pr_debug("LUKS master key (size=%u): %8ph\n", luks_volume_key_size, luks_volume_key); + schedule_delayed_work(&wipe_luks_volume_key_work, + round_jiffies_relative(wipe_key_delay * HZ)); + return 0; +} + +int crash_sysfs_luks_volume_key_write(const char *key_desc, size_t count) +{ + if (!is_kdump_kernel()) + return crash_save_temp_luks_volume_key(key_desc, count); + return -EINVAL; +} +EXPORT_SYMBOL(crash_sysfs_luks_volume_key_write); + +int crash_pass_temp_luks_volume_key(void **addr, unsigned long *sz) +{ + unsigned long luks_key_sz; + unsigned char *buf; + unsigned int *size_ptr; + + if (!luks_volume_key) + return -EINVAL; + + luks_key_sz = sizeof(unsigned int) + luks_volume_key_size * sizeof(u8); + + buf = vzalloc(luks_key_sz); + if (!buf) + return -ENOMEM; + + size_ptr = (unsigned int *)buf; + memcpy(size_ptr, &luks_volume_key_size, sizeof(unsigned int)); + memcpy(size_ptr + 1, luks_volume_key, luks_volume_key_size * sizeof(u8)); + *addr = buf; + *sz = luks_key_sz; + wipe_luks_volume_key(); + return 0; +} diff --git a/kernel/ksysfs.c b/kernel/ksysfs.c index b1292a57c2a5..e7a7433cb951 100644 --- a/kernel/ksysfs.c +++ b/kernel/ksysfs.c @@ -135,6 +135,24 @@ static ssize_t vmcoreinfo_show(struct kobject *kobj, } KERNEL_ATTR_RO(vmcoreinfo); +static ssize_t crash_luks_volume_key_show(struct kobject *kobj, + struct kobj_attribute *attr, + char *buf) +{ + return 0; +} + +static ssize_t crash_luks_volume_key_store(struct kobject *kobj, + struct kobj_attribute *attr, + const char *buf, size_t count) +{ + int ret; + + ret = crash_sysfs_luks_volume_key_write(buf, count); + return ret < 0 ? ret : count; +} +KERNEL_ATTR_RW(crash_luks_volume_key); + #endif /* CONFIG_CRASH_CORE */ /* whether file capabilities are enabled */ @@ -223,6 +241,7 @@ static struct attribute * kernel_attrs[] = { #endif #ifdef CONFIG_CRASH_CORE &vmcoreinfo_attr.attr, + &crash_luks_volume_key_attr.attr, #endif #ifndef CONFIG_TINY_RCU &rcu_expedited_attr.attr, From patchwork Fri Nov 4 11:29:58 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Coiby Xu X-Patchwork-Id: 13034022 X-Patchwork-Delegate: snitzer@redhat.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 94210C4167E for ; Mon, 7 Nov 2022 08:40:16 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1667810415; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=ww18CL8GrMqzmShIOBJjHX1ePdJgAIx+BSrwLhV/wKA=; b=COA8HXqIPqrNL71KMgnApv0sHGfKnYUIQfmBugYMxEF1inlbEABWC5KOikX23zp1xNmaA4 nr8MpyWa9rTx0atXpC+jP4a9e/YWietVlIKvX3RemLRKX6QUj1of0KExA/jd1/eU1fHoz8 QA95u04m+eA2tJFpYfXoYixrIdRCKm8= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-674-5ShQ1rJEMxqLUf_FlN1ZZQ-1; Mon, 07 Nov 2022 03:40:12 -0500 X-MC-Unique: 5ShQ1rJEMxqLUf_FlN1ZZQ-1 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 48C7E85A5B6; Mon, 7 Nov 2022 08:40:10 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (unknown [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id 3679F39DB3; Mon, 7 Nov 2022 08:40:10 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 7720D1946A4A; Mon, 7 Nov 2022 08:40:09 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 478821946586 for ; Fri, 4 Nov 2022 11:30:40 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id 35876112132C; Fri, 4 Nov 2022 11:30:40 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast04.extmail.prod.ext.rdu2.redhat.com [10.11.55.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 2E14E1121325 for ; Fri, 4 Nov 2022 11:30:40 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [207.211.31.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 0E19A101A528 for ; Fri, 4 Nov 2022 11:30:40 +0000 (UTC) Received: from mail-pg1-f198.google.com (mail-pg1-f198.google.com [209.85.215.198]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_128_GCM_SHA256) id us-mta-167-uITczoENN_SVx5PoLE46oA-1; Fri, 04 Nov 2022 07:30:38 -0400 X-MC-Unique: uITczoENN_SVx5PoLE46oA-1 Received: by mail-pg1-f198.google.com with SMTP id g66-20020a636b45000000b0043a256d3639so2421172pgc.12 for ; Fri, 04 Nov 2022 04:30:38 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=E9ieE4VIDGcBaiULL1C+z5L6S0lWIm/B8H9v1NRSxPo=; b=JI9Ac85tPVuQg68HaPcZWvrIgxi4HDHePmguj4sVx/AyVQFbnbJn2gfxlUlfk2hq/2 6FQOZd2LVLLKUE50x6G/ahtZ8Ctrglyiv4e7uvci3dZ8agAcuGpzKbb+MZlRJYWhmzn+ xUZXq0grAS0M6+6UeSZgUT8FeTyLGA/3W0qA3e/+2rlNPIAPUnVI193dI8JUcKq5aZQD F85FWAiKIAVFuDVx8k5psod74cwtChS7tVy6jQdGAlFx4RD+CicQl7htv+LOdM3ddxyL puc683Gl98QvDjcFhkTHDisKu3P/csF8fypPS5GAIzwYPYrza3HOa2rOkEudF8/wEnFo EZZA== X-Gm-Message-State: ACrzQf3+PDqNb0RCbqm6Kpk6LkDX2j3Ui4HwM0NHKHU+C5fMmDyaLUOg /q22butr7amxYWPvXRp9VfotdNyaTDOLMdA8Qw1IO8ofzxihfzBu1l3g11/33m/BCTPfbeme6WV 8Y/1c4AYxXzHKvrY= X-Received: by 2002:a17:902:f28b:b0:186:b069:63fc with SMTP id k11-20020a170902f28b00b00186b06963fcmr35566374plc.38.1667561437564; Fri, 04 Nov 2022 04:30:37 -0700 (PDT) X-Google-Smtp-Source: AMsMyM7qypMeRgTqbqOB76+RxKWKqrfx12CwgsfSjDZBxgJGySGlq0PpZpwe2FJNfIghklVFI91+FQ== X-Received: by 2002:a17:902:f28b:b0:186:b069:63fc with SMTP id k11-20020a170902f28b00b00186b06963fcmr35566345plc.38.1667561437294; Fri, 04 Nov 2022 04:30:37 -0700 (PDT) Received: from localhost ([209.132.188.80]) by smtp.gmail.com with ESMTPSA id k30-20020aa7999e000000b0056bcfe015c9sm2458149pfh.204.2022.11.04.04.30.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 04 Nov 2022 04:30:36 -0700 (PDT) From: Coiby Xu To: kexec@lists.infradead.org Date: Fri, 4 Nov 2022 19:29:58 +0800 Message-Id: <20221104113000.487098-4-coxu@redhat.com> In-Reply-To: <20221104113000.487098-1-coxu@redhat.com> References: <20221104113000.487098-1-coxu@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.3 X-Mailman-Approved-At: Mon, 07 Nov 2022 08:40:06 +0000 Subject: [dm-devel] [RFC v2 3/5] x86/crash: pass the LUKS volume key to kdump kernel X-BeenThere: dm-devel@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: device-mapper development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "maintainer:X86 ARCHITECTURE 32-BIT AND 64-BIT" , "H. Peter Anvin" , Baoquan He , Dave Hansen , dm-devel@redhat.com, Pingfan Liu , linux-kernel@vger.kernel.org, Kairui Song , Ingo Molnar , Borislav Petkov , Eric Biederman , Jan Pazdziora , Thomas Staudt , Thomas Gleixner , Dave Young , Milan Broz Errors-To: dm-devel-bounces@redhat.com Sender: "dm-devel" X-Scanned-By: MIMEDefang 3.1 on 10.11.54.5 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com 1st kernel will build up the kernel command parameter luksvolumekey as similar to elfcorehdr to pass the memory address of the stored info of LUKS volume key to kdump kernel. Signed-off-by: Coiby Xu --- arch/x86/include/asm/crash.h | 1 + arch/x86/kernel/crash.c | 47 ++++++++++++++++++++++++++++++- arch/x86/kernel/kexec-bzimage64.c | 7 +++++ include/linux/kexec.h | 4 +++ 4 files changed, 58 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/asm/crash.h b/arch/x86/include/asm/crash.h index 8b6bd63530dc..485f75dce2ca 100644 --- a/arch/x86/include/asm/crash.h +++ b/arch/x86/include/asm/crash.h @@ -4,6 +4,7 @@ struct kimage; +int crash_load_luks_volume_key(struct kimage *image); int crash_load_segments(struct kimage *image); int crash_setup_memmap_entries(struct kimage *image, struct boot_params *params); diff --git a/arch/x86/kernel/crash.c b/arch/x86/kernel/crash.c index 9730c88530fc..5ceda2802482 100644 --- a/arch/x86/kernel/crash.c +++ b/arch/x86/kernel/crash.c @@ -304,6 +304,7 @@ static int memmap_exclude_ranges(struct kimage *image, struct crash_mem *cmem, unsigned long long mend) { unsigned long start, end; + int r; cmem->ranges[0].start = mstart; cmem->ranges[0].end = mend; @@ -312,7 +313,19 @@ static int memmap_exclude_ranges(struct kimage *image, struct crash_mem *cmem, /* Exclude elf header region */ start = image->elf_load_addr; end = start + image->elf_headers_sz - 1; - return crash_exclude_mem_range(cmem, start, end); + r = crash_exclude_mem_range(cmem, start, end); + + if (r) + return r; + + /* Exclude LUKS volume key region */ + if (image->luks_volume_key_addr) { + start = image->luks_volume_key_addr; + end = start + image->luks_volume_key_sz - 1; + return crash_exclude_mem_range(cmem, start, end); + } + + return r; } /* Prepare memory map for crash dump kernel */ @@ -383,6 +396,38 @@ int crash_setup_memmap_entries(struct kimage *image, struct boot_params *params) return ret; } +int crash_load_luks_volume_key(struct kimage *image) +{ + int ret; + struct kexec_buf kbuf = { + .image = image, + .buf_min = 0, + .buf_max = ULONG_MAX, + .top_down = false, + .random = true, + }; + + image->luks_volume_key_addr = 0; + ret = crash_pass_temp_luks_volume_key(&kbuf.buffer, &kbuf.bufsz); + if (ret) + return ret; + + kbuf.memsz = kbuf.bufsz; + kbuf.buf_align = ELF_CORE_HEADER_ALIGN; + kbuf.mem = KEXEC_BUF_MEM_UNKNOWN; + ret = kexec_add_buffer(&kbuf); + if (ret) { + vfree((void *)kbuf.buffer); + return ret; + } + image->luks_volume_key_addr = kbuf.mem; + image->luks_volume_key_sz = kbuf.bufsz; + pr_debug("Loaded LUKS volume key at 0x%lx bufsz=0x%lx memsz=0x%lx\n", + image->luks_volume_key_addr, kbuf.bufsz, kbuf.bufsz); + + return ret; +} + int crash_load_segments(struct kimage *image) { int ret; diff --git a/arch/x86/kernel/kexec-bzimage64.c b/arch/x86/kernel/kexec-bzimage64.c index f299b48f9c9f..e556dbf96695 100644 --- a/arch/x86/kernel/kexec-bzimage64.c +++ b/arch/x86/kernel/kexec-bzimage64.c @@ -75,6 +75,10 @@ static int setup_cmdline(struct kimage *image, struct boot_params *params, if (image->type == KEXEC_TYPE_CRASH) { len = sprintf(cmdline_ptr, "elfcorehdr=0x%lx ", image->elf_load_addr); + + if (image->luks_volume_key_addr != 0) + len += sprintf(cmdline_ptr + len, + "luksvolumekey=0x%lx ", image->luks_volume_key_addr); } memcpy(cmdline_ptr + len, cmdline, cmdline_len); cmdline_len += len; @@ -371,6 +375,9 @@ static void *bzImage64_load(struct kimage *image, char *kernel, ret = crash_load_segments(image); if (ret) return ERR_PTR(ret); + ret = crash_load_luks_volume_key(image); + if (ret) + pr_debug("Either no LUKS volume key or error to retrieve the LUKS volume key\n"); } /* diff --git a/include/linux/kexec.h b/include/linux/kexec.h index c0edb64bf6c4..ed7a0ec70129 100644 --- a/include/linux/kexec.h +++ b/include/linux/kexec.h @@ -385,6 +385,10 @@ struct kimage { void *elf_headers; unsigned long elf_headers_sz; unsigned long elf_load_addr; + + /* LUKS volume key buffer */ + unsigned long luks_volume_key_addr; + unsigned long luks_volume_key_sz; }; /* kexec interface functions */ From patchwork Fri Nov 4 11:29:59 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Coiby Xu X-Patchwork-Id: 13034021 X-Patchwork-Delegate: snitzer@redhat.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id B34A5C43219 for ; Mon, 7 Nov 2022 08:40:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1667810413; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=+ziVCiOeRctKEvGFfAvbtrFskAyxTsmn0FWOeYsOV18=; b=OUUREX4WQBpZ4ovG1xdS7CsgDEA5bODUCtWutjN2pLZ7aZFge4tJCkMfhpxB8OjDZebMcB YWRYdrNeWYrdgue8RyP+Qzq2Aph5W9SgkrodQl/bf+fBv+OUWjZs4aRd1WZ/kk+Pye7tL2 mlhhUQ+0giexA9kTVIcrYTaA1pEPU1Q= Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-617-sP6_NPLMOyyRL3Sih6c2dg-1; Mon, 07 Nov 2022 03:40:12 -0500 X-MC-Unique: sP6_NPLMOyyRL3Sih6c2dg-1 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 186072804BAE; Mon, 7 Nov 2022 08:40:10 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (unknown [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id 077162166B29; Mon, 7 Nov 2022 08:40:10 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 46D0A1946A44; Mon, 7 Nov 2022 08:40:09 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 206C61946586 for ; Fri, 4 Nov 2022 11:30:48 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id 02A52206400B; Fri, 4 Nov 2022 11:30:48 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast01.extmail.prod.ext.rdu2.redhat.com [10.11.55.17]) by smtp.corp.redhat.com (Postfix) with ESMTPS id EFADB2064009 for ; Fri, 4 Nov 2022 11:30:47 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-1.mimecast.com [205.139.110.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id D0CE685A59D for ; Fri, 4 Nov 2022 11:30:47 +0000 (UTC) Received: from mail-pj1-f70.google.com (mail-pj1-f70.google.com [209.85.216.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_128_GCM_SHA256) id us-mta-284-3bFGrqJAMc-V3AMx5r_j3w-1; Fri, 04 Nov 2022 07:30:46 -0400 X-MC-Unique: 3bFGrqJAMc-V3AMx5r_j3w-1 Received: by mail-pj1-f70.google.com with SMTP id pa16-20020a17090b265000b0020a71040b4cso2233893pjb.6 for ; Fri, 04 Nov 2022 04:30:46 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=RevsFdiPw/fb8SaWA4i0OScuHjqawmx3PhXyedjj5ck=; b=q47yhu8mkuKEU722O4KSemm5KT2QehCVU+ap409/YNE4lkgTgiFzAjb2the0xeekET ZJ4d4nVJSbndlqHrKRQQ8tpLhJ3777ohyS5gvcEGor5dcoIZdvbPXvCgwZygeuTSYk34 IzGwNcNeXomNpYOeZzcvP2RcaB5q7ZCMMtpiK8/Zpv0gOowF0h+SkynfKoKX99bmVTok Fy2a+f3LuWyLvHJmz1QsHhkudEKhty+m4pNk/MadZyWe/ZchgVTxCkMjLwc5UVEmEg1N zsuIDSIJSr7bf7SauHIQWsHj4bFfyFjwT9pO1BgxJrWY4oV2qeSdVdAnE/3klsspV62T 9VNg== X-Gm-Message-State: ACrzQf3Hjunodsvq+D0VJeI3idDBmQdHP6NEssSHtBygSgff8oQW2BR5 zo+IbF8wGoafVy4kemTxZf57ZE5aT0XTqRih5jpbFoy1DGDkH/4lAeP+A4hjsldzfoUFbqEpocY lzqIhQAKaSrG7rCU= X-Received: by 2002:a17:90a:6d22:b0:213:7e1e:9be0 with SMTP id z31-20020a17090a6d2200b002137e1e9be0mr35804892pjj.17.1667561445707; Fri, 04 Nov 2022 04:30:45 -0700 (PDT) X-Google-Smtp-Source: AMsMyM51CDYLEqWginckV/rN0elEiAXD4s8pR8U6DdMP+NZPO37JWjN6xDUyvoO9upVjiEVTkeoywQ== X-Received: by 2002:a17:90a:6d22:b0:213:7e1e:9be0 with SMTP id z31-20020a17090a6d2200b002137e1e9be0mr35804871pjj.17.1667561445499; Fri, 04 Nov 2022 04:30:45 -0700 (PDT) Received: from localhost ([209.132.188.80]) by smtp.gmail.com with ESMTPSA id c5-20020a056a00008500b005629b6a8b53sm2609597pfj.15.2022.11.04.04.30.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 04 Nov 2022 04:30:45 -0700 (PDT) From: Coiby Xu To: kexec@lists.infradead.org Date: Fri, 4 Nov 2022 19:29:59 +0800 Message-Id: <20221104113000.487098-5-coxu@redhat.com> In-Reply-To: <20221104113000.487098-1-coxu@redhat.com> References: <20221104113000.487098-1-coxu@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.4 X-Mailman-Approved-At: Mon, 07 Nov 2022 08:40:06 +0000 Subject: [dm-devel] [RFC v2 4/5] x86/crash: make the page that stores the LUKS volume key inaccessible X-BeenThere: dm-devel@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: device-mapper development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "maintainer:X86 ARCHITECTURE 32-BIT AND 64-BIT" , "H. Peter Anvin" , Baoquan He , Dave Hansen , dm-devel@redhat.com, Pingfan Liu , linux-kernel@vger.kernel.org, Kairui Song , Ingo Molnar , Borislav Petkov , Jan Pazdziora , Thomas Staudt , Thomas Gleixner , Dave Young , Milan Broz Errors-To: dm-devel-bounces@redhat.com Sender: "dm-devel" X-Scanned-By: MIMEDefang 3.1 on 10.11.54.6 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com This adds an addition layer of protection for the saved copy of LUKS volume key. Trying to access the saved copy will cause page fault. Suggested-by: Pingfan Liu Signed-off-by: Coiby Xu --- arch/x86/kernel/machine_kexec_64.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/arch/x86/kernel/machine_kexec_64.c b/arch/x86/kernel/machine_kexec_64.c index 0611fd83858e..f3d51c38a1c9 100644 --- a/arch/x86/kernel/machine_kexec_64.c +++ b/arch/x86/kernel/machine_kexec_64.c @@ -557,9 +557,25 @@ static void kexec_mark_crashkres(bool protect) kexec_mark_range(control, crashk_res.end, protect); } +static void kexec_mark_luks_volume_key_inaccessible(void) +{ + unsigned long start, end; + struct page *page; + unsigned int nr_pages; + + if (kexec_crash_image->luks_volume_key_addr) { + start = kexec_crash_image->luks_volume_key_addr; + end = start + kexec_crash_image->luks_volume_key_sz - 1; + page = pfn_to_page(start >> PAGE_SHIFT); + nr_pages = (end >> PAGE_SHIFT) - (start >> PAGE_SHIFT) + 1; + set_memory_np((unsigned long)page_address(page), nr_pages); + } +} + void arch_kexec_protect_crashkres(void) { kexec_mark_crashkres(true); + kexec_mark_luks_volume_key_inaccessible(); } void arch_kexec_unprotect_crashkres(void) From patchwork Fri Nov 4 11:30:00 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Coiby Xu X-Patchwork-Id: 13034023 X-Patchwork-Delegate: snitzer@redhat.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id AEE98C4167D for ; Mon, 7 Nov 2022 08:40:17 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1667810416; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=TbUcssmFtrJsI2ftrR0QuGTY91njWp8EekhZOnzvk4k=; b=Yib/1ZCSYMMnT7mLbhb8rOYAQojRj2jP1Y5L7DOF5Nj1mLadXSi6m/JjT1pN/CAtPudXbX I0s4HX70cjjcbKtkXEznFobYFX7bVf0cj6sf3rpsiIXos1g10OL9AyV8StNTuwMWyiK1lG A544XX1QbKyj76FPjwiKj/pARfAYsAk= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-665-VBJpUHHhMe2S2tk8JKy05A-1; Mon, 07 Nov 2022 03:40:13 -0500 X-MC-Unique: VBJpUHHhMe2S2tk8JKy05A-1 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id B568518ABF83; Mon, 7 Nov 2022 08:40:10 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (unknown [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id 9F6042166B34; Mon, 7 Nov 2022 08:40:10 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id AA27A1946A67; Mon, 7 Nov 2022 08:40:09 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx10.intmail.prod.int.rdu2.redhat.com [10.11.54.10]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 90E5C1946586 for ; Fri, 4 Nov 2022 11:30:58 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id 85DBF49BB9A; Fri, 4 Nov 2022 11:30:58 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast08.extmail.prod.ext.rdu2.redhat.com [10.11.55.24]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 7E85D403161 for ; Fri, 4 Nov 2022 11:30:58 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [207.211.31.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 62C07380406B for ; Fri, 4 Nov 2022 11:30:58 +0000 (UTC) Received: from mail-pj1-f70.google.com (mail-pj1-f70.google.com [209.85.216.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_128_GCM_SHA256) id us-mta-605-ko_ZFL4-Os-tBMcpfe42cw-1; Fri, 04 Nov 2022 07:30:55 -0400 X-MC-Unique: ko_ZFL4-Os-tBMcpfe42cw-1 Received: by mail-pj1-f70.google.com with SMTP id my9-20020a17090b4c8900b002130d29fd7cso5411664pjb.7 for ; Fri, 04 Nov 2022 04:30:54 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=tChygk51qSEpKRajoEIhCZC1g4gkmcKbQyIR3WZ7WJ0=; b=C8dHXR8/Y6lVUs2TtAekyi6QxHEJliCtZkNejtbVUUY4WcWeT8TQ5+zlbukuJBLLeG uFBIYqZkiIgvq3l22agfjggzdM0vZWTWj9gCBIrfsU9grp5CNzv7pflQX+MrTmWVOFZ8 TCsrdMrf1xy7edI47nRDohTee+WIyoSOhWb1mukQsXe0cPln1K1hxh+EO0i5sYCyAp1M 7bXri0Ywv4VbfYG9UjzlWmESgZkZpEIsT/mUJBranyJ+M1wlRqOrC0qCZfoI4d9mtPQw yL2ojyYSRI2dqdN0e0a6B88h3XdFblngxQ2eR4VPt6aCtpXjtAFjVDd20VI5Rk4c4yzl +idg== X-Gm-Message-State: ACrzQf24Pd5d5gACmh0OccBBDwtW4rdO9XWChUwUw+xUjLOdxyhBcJA7 rrwPlDJd6CXqf89z1fpc7r3LZ5Ooe470dTHeHr8HAWU829a4ROFNbgCtR6AE6zeZzUVV4TuD0S3 Zi3vR8tNFa5EmvTE= X-Received: by 2002:a05:6a00:3698:b0:56d:3180:e88f with SMTP id dw24-20020a056a00369800b0056d3180e88fmr32007699pfb.66.1667561454069; Fri, 04 Nov 2022 04:30:54 -0700 (PDT) X-Google-Smtp-Source: AMsMyM6/YFb404UDQuedNToGLAqLTqEInClQiUntzz+pWfWaKxI00OswIw7b6D7Q0zuVJH1Lqg4s3g== X-Received: by 2002:a05:6a00:3698:b0:56d:3180:e88f with SMTP id dw24-20020a056a00369800b0056d3180e88fmr32007679pfb.66.1667561453799; Fri, 04 Nov 2022 04:30:53 -0700 (PDT) Received: from localhost ([209.132.188.80]) by smtp.gmail.com with ESMTPSA id ca8-20020a17090af30800b0020669c8bd87sm1483003pjb.36.2022.11.04.04.30.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 04 Nov 2022 04:30:53 -0700 (PDT) From: Coiby Xu To: kexec@lists.infradead.org Date: Fri, 4 Nov 2022 19:30:00 +0800 Message-Id: <20221104113000.487098-6-coxu@redhat.com> In-Reply-To: <20221104113000.487098-1-coxu@redhat.com> References: <20221104113000.487098-1-coxu@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.10 X-Mailman-Approved-At: Mon, 07 Nov 2022 08:40:06 +0000 Subject: [dm-devel] [RFC v2 5/5] crash_dump: retrieve LUKS volume key in kdump kernel X-BeenThere: dm-devel@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: device-mapper development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Baoquan He , dm-devel@redhat.com, Pingfan Liu , linux-kernel@vger.kernel.org, Kairui Song , Jan Pazdziora , Thomas Staudt , Dave Young , Milan Broz , Vivek Goyal Errors-To: dm-devel-bounces@redhat.com Sender: "dm-devel" X-Scanned-By: MIMEDefang 3.1 on 10.11.54.6 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Crash kernel will retrieve the LUKS volume key based on the luksvolumekey command line parameter. When libcryptsetup writes the key description to /sys/kernel/crash_luks_volume_key, crash kernel will create a thread keyring and add a logon key. Signed-off-by: Coiby Xu --- include/linux/crash_dump.h | 2 + kernel/crash_dump.c | 116 ++++++++++++++++++++++++++++++++++++- 2 files changed, 116 insertions(+), 2 deletions(-) diff --git a/include/linux/crash_dump.h b/include/linux/crash_dump.h index 0f3a656293b0..bc848e058c64 100644 --- a/include/linux/crash_dump.h +++ b/include/linux/crash_dump.h @@ -15,6 +15,8 @@ extern unsigned long long elfcorehdr_addr; extern unsigned long long elfcorehdr_size; +extern unsigned long long luks_volume_key_addr; + #ifdef CONFIG_CRASH_DUMP extern int elfcorehdr_alloc(unsigned long long *addr, unsigned long long *size); extern void elfcorehdr_free(unsigned long long addr); diff --git a/kernel/crash_dump.c b/kernel/crash_dump.c index 9c202bffbb8d..77a6b84415e8 100644 --- a/kernel/crash_dump.c +++ b/kernel/crash_dump.c @@ -5,7 +5,10 @@ #include #include +#include +#include #include + /* * stores the physical address of elf header of crash image * @@ -16,6 +19,8 @@ unsigned long long elfcorehdr_addr = ELFCORE_ADDR_MAX; EXPORT_SYMBOL_GPL(elfcorehdr_addr); +unsigned long long luks_volume_key_addr; +EXPORT_SYMBOL_GPL(luks_volume_key_addr); /* * stores the size of elf header of crash image */ @@ -41,6 +46,76 @@ static int __init setup_elfcorehdr(char *arg) } early_param("elfcorehdr", setup_elfcorehdr); +static int __init setup_luksvolumekey(char *arg) +{ + char *end; + + if (!arg) + return -EINVAL; + luks_volume_key_addr = memparse(arg, &end); + if (end > arg) + return 0; + + luks_volume_key_addr = 0; + return -EINVAL; +} + +early_param("luksvolumekey", setup_luksvolumekey); + +/* + * Architectures may override this function to read LUKS master key + */ +ssize_t __weak luks_key_read(char *buf, size_t count, u64 *ppos) +{ + struct kvec kvec = { .iov_base = buf, .iov_len = count }; + struct iov_iter iter; + + iov_iter_kvec(&iter, READ, &kvec, 1, count); + return read_from_oldmem(&iter, count, ppos, false); +} + +static int retrive_kdump_luks_volume_key(u8 *buffer, unsigned int *sz) +{ + unsigned int key_size; + size_t lukskeybuf_sz; + unsigned int *size_ptr; + char *lukskeybuf; + u64 addr; + int r; + + if (luks_volume_key_addr == 0) { + pr_debug("LUKS master key memory address inaccessible"); + return -EINVAL; + } + + addr = luks_volume_key_addr; + + /* Read LUKS master key size */ + r = luks_key_read((char *)&key_size, sizeof(unsigned int), &addr); + + if (r < 0) + return r; + + pr_debug("Retrieve LUKS master key: size=%u\n", key_size); + /* Read in LUKS maste rkey */ + lukskeybuf_sz = sizeof(unsigned int) + key_size * sizeof(u8); + lukskeybuf = (void *)__get_free_pages(GFP_KERNEL | __GFP_ZERO, + get_order(lukskeybuf_sz)); + if (!lukskeybuf) + return -ENOMEM; + + addr = luks_volume_key_addr; + r = luks_key_read((char *)lukskeybuf, lukskeybuf_sz, &addr); + + if (r < 0) + return r; + size_ptr = (unsigned int *)lukskeybuf; + memcpy(buffer, size_ptr + 1, key_size * sizeof(u8)); + pr_debug("Retrieve LUKS master key (size=%u): %48ph...\n", key_size, buffer); + *sz = key_size; + return 0; +} + static u8 *luks_volume_key; static unsigned int luks_volume_key_size; @@ -62,12 +137,48 @@ static DECLARE_DELAYED_WORK(wipe_luks_volume_key_work, _wipe_luks_volume_key); static unsigned __read_mostly wipe_key_delay = 3600; /* 1 hour */ +static int retore_luks_volume_key_to_thread_keyring(const char *key_desc) +{ + key_ref_t keyring_ref, key_ref; + int ret; + + /* find the target keyring (which must be writable) */ + keyring_ref = lookup_user_key(KEY_SPEC_THREAD_KEYRING, 0x01, KEY_NEED_WRITE); + if (IS_ERR(keyring_ref)) { + pr_alert("Failed to get keyring"); + return PTR_ERR(keyring_ref); + } + + luks_volume_key = kmalloc(128, GFP_KERNEL); + ret = retrive_kdump_luks_volume_key(luks_volume_key, &luks_volume_key_size); + if (ret) { + kfree(luks_volume_key); + return ret; + } + + /* create or update the requested key and add it to the target keyring */ + key_ref = key_create_or_update(keyring_ref, "logon", key_desc, + luks_volume_key, luks_volume_key_size, + KEY_PERM_UNDEF, KEY_ALLOC_IN_QUOTA); + + if (!IS_ERR(key_ref)) { + ret = key_ref_to_ptr(key_ref)->serial; + key_ref_put(key_ref); + pr_alert("Success adding key %s", key_desc); + } else { + ret = PTR_ERR(key_ref); + pr_alert("Error when adding key"); + } + + key_ref_put(keyring_ref); + return ret; +} + static int crash_save_temp_luks_volume_key(const char *key_desc, size_t count) { const struct user_key_payload *ukp; struct key *key; - if (luks_volume_key) { memset(luks_volume_key, 0, luks_volume_key_size * sizeof(u8)); kfree(luks_volume_key); @@ -100,7 +211,8 @@ int crash_sysfs_luks_volume_key_write(const char *key_desc, size_t count) { if (!is_kdump_kernel()) return crash_save_temp_luks_volume_key(key_desc, count); - return -EINVAL; + else + return retore_luks_volume_key_to_thread_keyring(key_desc); } EXPORT_SYMBOL(crash_sysfs_luks_volume_key_write);