From patchwork Thu Jun 1 07:24:40 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Coiby Xu X-Patchwork-Id: 13264721 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 67545C7EE2F for ; Fri, 2 Jun 2023 05:39:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1685684384; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=x+dNCfD7Qs4EvAtF60xUWLz73uKOf5hqRsXMt+H3JWA=; b=bhhaMx8cgp+lYrQmEw1dc6dCIlnoG6VewYf4Kf1e9vXUs5hryLTFQ0oBqyU6nR8WYvOLgh kR6tB9M0IybOxH9m6zvumR0nu7Djxm+ZCo3zjMxk5JA/GjH5G3RkHbw4jdxfMhv0iFouBs ejhe5T2TZ5p1eHWQ4L0R83N1dWC8QGU= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-218-IyVsUqsuNv2CGgOhAtmG6w-1; Fri, 02 Jun 2023 01:39:40 -0400 X-MC-Unique: IyVsUqsuNv2CGgOhAtmG6w-1 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.rdu2.redhat.com [10.11.54.1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id ECA64858F1B; Fri, 2 Jun 2023 05:39:38 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (unknown [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id 0C36E40CFD45; Fri, 2 Jun 2023 05:39:38 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 18EBB19465B6; Fri, 2 Jun 2023 05:39:37 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id C3A2A19451E5 for ; Thu, 1 Jun 2023 07:24:56 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id A746F200AE6F; Thu, 1 Jun 2023 07:24:56 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast02.extmail.prod.ext.rdu2.redhat.com [10.11.55.18]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 9FE40202696C for ; Thu, 1 Jun 2023 07:24:56 +0000 (UTC) Received: from us-smtp-inbound-1.mimecast.com (us-smtp-2.mimecast.com [207.211.31.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 83E7E80120A for ; Thu, 1 Jun 2023 07:24:56 +0000 (UTC) Received: from mail-pl1-f197.google.com (mail-pl1-f197.google.com [209.85.214.197]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-659-Pqb3sPHJO3Gd69r0zcBL-A-1; Thu, 01 Jun 2023 03:24:53 -0400 X-MC-Unique: Pqb3sPHJO3Gd69r0zcBL-A-1 Received: by mail-pl1-f197.google.com with SMTP id d9443c01a7336-1b03cfa7602so1742195ad.3 for ; Thu, 01 Jun 2023 00:24:52 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1685604292; x=1688196292; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=AV8aUvr4ixGLZyIesmYQLsbGSBUr0/xlhliel/t7Lh8=; b=Qi0M+lfvYnOKLfFXh8l1jZYyzYhn2UjeEh9GkOfVs1cOWzGT65dqPs9LRNjbFU+4yY 3TFus3mOfTy8AplKtqWp5Ngq+h7GXJFjeFIRGYPJTRPghmMdWEZJRNBgeRGguPYbDP81 AbajywCFqurQJ4XLXx0Kr9lb0MYZqWS2Kd/Byt/gdZ7s3rh8SCcuZdmdWb6J23kDAfEM KTpMXHpXPzwedNbPQCDGOYKaL2Zs3ypFNAO1vjGihrTc81Xd19Z0NwRLGeEKDFcuFd08 LjrlNRhvdXhURBHjHvwdrMiFYB/boFqvDTh3ceQCg5zg9bfFD9It8O1abwDQ+rIxEIOY vbag== X-Gm-Message-State: AC+VfDz3nsI82C2Eqp56I+f9ltvQLLhNC2sDp5bGWxcfMw61Zmq1WzXB dakKN5ytfm5IQFWfpzvwEd3BmV+JQ5vQakIqacYatTBArg5zrPOzB7XOpkzHy0SzRF3TVrgX0nB 8JNIvTjDDvuMKQWg= X-Received: by 2002:a17:902:e811:b0:1b0:5e97:ee2e with SMTP id u17-20020a170902e81100b001b05e97ee2emr6960534plg.19.1685604291999; Thu, 01 Jun 2023 00:24:51 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ662P0lLrFIg86H16E966109yZnfDIKygWQtWOgjwFAIugqodl1XMDNcj6+cm1VNgP+uGfilg== X-Received: by 2002:a17:902:e811:b0:1b0:5e97:ee2e with SMTP id u17-20020a170902e81100b001b05e97ee2emr6960516plg.19.1685604291629; Thu, 01 Jun 2023 00:24:51 -0700 (PDT) Received: from localhost ([43.228.180.230]) by smtp.gmail.com with ESMTPSA id z15-20020a170903018f00b00199203a4fa3sm2666890plg.203.2023.06.01.00.24.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 01 Jun 2023 00:24:51 -0700 (PDT) From: Coiby Xu To: kexec@lists.infradead.org Date: Thu, 1 Jun 2023 15:24:40 +0800 Message-Id: <20230601072444.2033855-2-coxu@redhat.com> In-Reply-To: <20230601072444.2033855-1-coxu@redhat.com> References: <20230601072444.2033855-1-coxu@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.4 X-Mailman-Approved-At: Fri, 02 Jun 2023 05:39:36 +0000 Subject: [dm-devel] [PATCH 1/5] kexec_file: allow to place kexec_buf randomly X-BeenThere: dm-devel@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: device-mapper development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Baoquan He , x86@kernel.org, dm-devel@redhat.com, Pingfan Liu , linux-kernel@vger.kernel.org, Dave Hansen , Kairui Song , Eric Biederman , Jan Pazdziora , Thomas Staudt , Vitaly Kuznetsov , Dave Young , Milan Broz Errors-To: dm-devel-bounces@redhat.com Sender: "dm-devel" X-Scanned-By: MIMEDefang 3.1 on 10.11.54.1 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Currently, kexec_buf is placed in order which means for the same machine, the info in the kexec_buf is always located at the same position each time the machine is booted. This may cause a risk for sensitive information like LUKS volume key. Now struct kexec_buf has a new field random which indicates it's supposed to be placed in a random position. Suggested-by: Jan Pazdziora Signed-off-by: Coiby Xu --- include/linux/kexec.h | 2 ++ kernel/kexec_file.c | 15 +++++++++++++++ 2 files changed, 17 insertions(+) diff --git a/include/linux/kexec.h b/include/linux/kexec.h index 22b5cd24f581..5b2440444112 100644 --- a/include/linux/kexec.h +++ b/include/linux/kexec.h @@ -172,6 +172,7 @@ int kexec_image_post_load_cleanup_default(struct kimage *image); * @buf_min: The buffer can't be placed below this address. * @buf_max: The buffer can't be placed above this address. * @top_down: Allocate from top of memory. + * @random: Place the buffer at a random position. */ struct kexec_buf { struct kimage *image; @@ -183,6 +184,7 @@ struct kexec_buf { unsigned long buf_min; unsigned long buf_max; bool top_down; + bool random; }; int kexec_load_purgatory(struct kimage *image, struct kexec_buf *kbuf); diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c index f989f5f1933b..5dbfc119eb6a 100644 --- a/kernel/kexec_file.c +++ b/kernel/kexec_file.c @@ -25,6 +25,7 @@ #include #include #include +#include #include #include #include "kexec_internal.h" @@ -419,6 +420,16 @@ SYSCALL_DEFINE5(kexec_file_load, int, kernel_fd, int, initrd_fd, return ret; } +static unsigned long kexec_random_start(unsigned long start, unsigned long end) +{ + unsigned long temp_start; + unsigned short i; + + get_random_bytes(&i, sizeof(unsigned short)); + temp_start = start + (end - start) / USHRT_MAX * i; + return temp_start; +} + static int locate_mem_hole_top_down(unsigned long start, unsigned long end, struct kexec_buf *kbuf) { @@ -427,6 +438,8 @@ static int locate_mem_hole_top_down(unsigned long start, unsigned long end, temp_end = min(end, kbuf->buf_max); temp_start = temp_end - kbuf->memsz; + if (kbuf->random) + temp_start = kexec_random_start(temp_start, temp_end); do { /* align down start */ @@ -464,6 +477,8 @@ static int locate_mem_hole_bottom_up(unsigned long start, unsigned long end, unsigned long temp_start, temp_end; temp_start = max(start, kbuf->buf_min); + if (kbuf->random) + temp_start = kexec_random_start(temp_start, end); do { temp_start = ALIGN(temp_start, kbuf->buf_align); From patchwork Thu Jun 1 07:24:41 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Coiby Xu X-Patchwork-Id: 13264720 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id F1908C77B7A for ; Fri, 2 Jun 2023 05:39:44 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1685684384; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=jIiWOFe5r2TV7/Wc5ie2VjTvWigp5Q0aiqLxD3FtBA8=; b=RADc4QJweUSKnCbXmHem7sjiND8L8YT+Jy4RYi9K5CRbBz7DrEjHdwKxbOBVtee9gfi9o5 3sZS/9bynA9KS67YdTK6yYqa9yeCKHxkl9Zx1rbexCZFWgJ8ehRqnKfLfruhMLewUtw09i BBZcr+vqsYnfPllk89QC3J+xDZu2OI8= Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-417-tkWqabiUPBGjjxEHVcHZLw-1; Fri, 02 Jun 2023 01:39:40 -0400 X-MC-Unique: tkWqabiUPBGjjxEHVcHZLw-1 Received: from smtp.corp.redhat.com (int-mx10.intmail.prod.int.rdu2.redhat.com [10.11.54.10]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id EC3612A2AD5C; Fri, 2 Jun 2023 05:39:38 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (unknown [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id D3D98492B0B; Fri, 2 Jun 2023 05:39:36 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 907661946595; Fri, 2 Jun 2023 05:39:36 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id E49D319451E5 for ; Thu, 1 Jun 2023 07:24:59 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id C8AEB421C3; Thu, 1 Jun 2023 07:24:59 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast07.extmail.prod.ext.rdu2.redhat.com [10.11.55.23]) by smtp.corp.redhat.com (Postfix) with ESMTPS id C161D9D73 for ; Thu, 1 Jun 2023 07:24:59 +0000 (UTC) Received: from us-smtp-inbound-1.mimecast.com (us-smtp-delivery-1.mimecast.com [207.211.31.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id A1C443C0CEE9 for ; Thu, 1 Jun 2023 07:24:59 +0000 (UTC) Received: from mail-qt1-f197.google.com (mail-qt1-f197.google.com [209.85.160.197]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-615-uTriWEaaP5qwtvQDN_bwaw-1; Thu, 01 Jun 2023 03:24:56 -0400 X-MC-Unique: uTriWEaaP5qwtvQDN_bwaw-1 Received: by mail-qt1-f197.google.com with SMTP id d75a77b69052e-3f83058a849so5184731cf.0 for ; Thu, 01 Jun 2023 00:24:56 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1685604296; x=1688196296; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=AVNhkRwZAfrMBhKh//wi6Z59DrttLTByCXwnmuvQ7Sk=; b=iM9rzw2XVbjB3ijP3/O+DQZswl+OvrkUneoPtx5Pza1eWqgSkD+Lhi5cyG1Yi1N3fA PH6sB8HbFgq8Ff4UWgm+aWk/pHVi4h3WpoNz0Y30Gv6NrK46QIxSMzQGuY7MAYqdIOww Kyr+ryKooruZhPO5HW4jwU9djiJq9qIkZR8jeR1No0c6fu30SDWNI1UBAYWlpwBs2Nj2 oD2eSz7HrFchJ6aCZWcCQNvIyv3erSDcOZGwqzTD2tvzh00BAZPc7vSDW2b1QHMys4Nz rVQsRBFa8g7qrdTwUo/hII1NuQRhqJ1FW4orQriB16Uw91Glyf6XaIK2lfy9S7oy0s3b nGQQ== X-Gm-Message-State: AC+VfDxZjBafC4As0jAATrsXOwnqvnIQPHZVOF72LDWiVRqkQNSfmZ2v VpPwYyemxYt3wrhj2jQnWhMQ+tvoKnzRvCMRpTt8WYSCeyo4wlJ/0niPHS/CN32/3GMR66AcDT2 BIgKMdxee28Slxn4= X-Received: by 2002:a05:622a:3c7:b0:3f4:eb26:6d42 with SMTP id k7-20020a05622a03c700b003f4eb266d42mr7982588qtx.63.1685604295826; Thu, 01 Jun 2023 00:24:55 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ6UZAxm2RuiVCtGixZ0U45XGL7fm+89xCNa6kmGqARldADNGbnk+xAiazKcrMefCa2tIl3eZQ== X-Received: by 2002:a05:622a:3c7:b0:3f4:eb26:6d42 with SMTP id k7-20020a05622a03c700b003f4eb266d42mr7982558qtx.63.1685604295538; Thu, 01 Jun 2023 00:24:55 -0700 (PDT) Received: from localhost ([43.228.180.230]) by smtp.gmail.com with ESMTPSA id i28-20020a63541c000000b0053efb8fae02sm2465297pgb.24.2023.06.01.00.24.54 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 01 Jun 2023 00:24:55 -0700 (PDT) From: Coiby Xu To: kexec@lists.infradead.org Date: Thu, 1 Jun 2023 15:24:41 +0800 Message-Id: <20230601072444.2033855-3-coxu@redhat.com> In-Reply-To: <20230601072444.2033855-1-coxu@redhat.com> References: <20230601072444.2033855-1-coxu@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.5 X-Mailman-Approved-At: Fri, 02 Jun 2023 05:39:36 +0000 Subject: [dm-devel] [PATCH 2/5] crash_dump: save the LUKS volume key temporarily X-BeenThere: dm-devel@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: device-mapper development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Baoquan He , x86@kernel.org, dm-devel@redhat.com, Pingfan Liu , linux-kernel@vger.kernel.org, Dave Hansen , Kairui Song , Jan Pazdziora , Thomas Staudt , Vitaly Kuznetsov , Dave Young , Milan Broz , Vivek Goyal Errors-To: dm-devel-bounces@redhat.com Sender: "dm-devel" X-Scanned-By: MIMEDefang 3.1 on 10.11.54.10 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com After having the volume key, crytpsetup/systemd-cryptsetup saves the volume key as a logon key to its thread keyring and this key is destroyed immediately with the terminated thread. So a temporary copy of the volume key is needed in order to later save it to kdump reserved memory when the crash kernel is loaded later. crytpsetup/systemd-cryptsetup will write the key description to /sys/kernel/crash_luks_volume_key so the kernel will read the logon key and save a temporary copy for later user. kdump has 1 hour at maximum to get the temporary copy before the key gets wiped. And after kdump retrieves the key, the key will be wiped immediately. Signed-off-by: Coiby Xu --- include/linux/crash_core.h | 2 + kernel/Makefile | 2 +- kernel/crash_dump_luks.c | 90 ++++++++++++++++++++++++++++++++++++++ kernel/ksysfs.c | 19 ++++++++ 4 files changed, 112 insertions(+), 1 deletion(-) create mode 100644 kernel/crash_dump_luks.c diff --git a/include/linux/crash_core.h b/include/linux/crash_core.h index de62a722431e..596d83b8f362 100644 --- a/include/linux/crash_core.h +++ b/include/linux/crash_core.h @@ -83,5 +83,7 @@ int parse_crashkernel_high(char *cmdline, unsigned long long system_ram, unsigned long long *crash_size, unsigned long long *crash_base); int parse_crashkernel_low(char *cmdline, unsigned long long system_ram, unsigned long long *crash_size, unsigned long long *crash_base); +int crash_sysfs_luks_volume_key_write(const char *key_des, size_t count); +int crash_pass_temp_luks_volume_key(void **addr, unsigned long *sz); #endif /* LINUX_CRASH_CORE_H */ diff --git a/kernel/Makefile b/kernel/Makefile index b69c95315480..8412afa4a9f0 100644 --- a/kernel/Makefile +++ b/kernel/Makefile @@ -118,7 +118,7 @@ obj-$(CONFIG_PERF_EVENTS) += events/ obj-$(CONFIG_USER_RETURN_NOTIFIER) += user-return-notifier.o obj-$(CONFIG_PADATA) += padata.o -obj-$(CONFIG_CRASH_DUMP) += crash_dump.o +obj-$(CONFIG_CRASH_DUMP) += crash_dump.o crash_dump_luks.o obj-$(CONFIG_JUMP_LABEL) += jump_label.o obj-$(CONFIG_CONTEXT_TRACKING) += context_tracking.o obj-$(CONFIG_TORTURE_TEST) += torture.o diff --git a/kernel/crash_dump_luks.c b/kernel/crash_dump_luks.c new file mode 100644 index 000000000000..2d88b77a93f8 --- /dev/null +++ b/kernel/crash_dump_luks.c @@ -0,0 +1,90 @@ +// SPDX-License-Identifier: GPL-2.0-only +#include +#include + +static u8 *luks_volume_key; +static unsigned int luks_volume_key_size; + +void wipe_luks_volume_key(void) +{ + if (luks_volume_key) { + memset(luks_volume_key, 0, luks_volume_key_size * sizeof(u8)); + kfree(luks_volume_key); + luks_volume_key = NULL; + } +} + +static void _wipe_luks_volume_key(struct work_struct *dummy) +{ + wipe_luks_volume_key(); +} + +static DECLARE_DELAYED_WORK(wipe_luks_volume_key_work, _wipe_luks_volume_key); + +static unsigned __read_mostly wipe_key_delay = 3600; /* 1 hour */ + +static int crash_save_temp_luks_volume_key(const char *key_desc, size_t count) +{ + const struct user_key_payload *ukp; + struct key *key; + + + if (luks_volume_key) { + memset(luks_volume_key, 0, luks_volume_key_size * sizeof(u8)); + kfree(luks_volume_key); + } + + pr_debug("Requesting key %s", key_desc); + key = request_key(&key_type_logon, key_desc, NULL); + + if (IS_ERR(key)) { + pr_debug("No such key %s", key_desc); + return PTR_ERR(key); + } + + ukp = user_key_payload_locked(key); + if (!ukp) + return -EKEYREVOKED; + + luks_volume_key = kmalloc(ukp->datalen, GFP_KERNEL); + if (!luks_volume_key) + return -ENOMEM; + memcpy(luks_volume_key, ukp->data, ukp->datalen); + luks_volume_key_size = ukp->datalen; + pr_debug("LUKS master key (size=%u): %8ph\n", luks_volume_key_size, luks_volume_key); + schedule_delayed_work(&wipe_luks_volume_key_work, + round_jiffies_relative(wipe_key_delay * HZ)); + return 0; +} + +int crash_sysfs_luks_volume_key_write(const char *key_desc, size_t count) +{ + if (!is_kdump_kernel()) + return crash_save_temp_luks_volume_key(key_desc, count); + return -EINVAL; +} +EXPORT_SYMBOL(crash_sysfs_luks_volume_key_write); + +int crash_pass_temp_luks_volume_key(void **addr, unsigned long *sz) +{ + unsigned long luks_key_sz; + unsigned char *buf; + unsigned int *size_ptr; + + if (!luks_volume_key) + return -EINVAL; + + luks_key_sz = sizeof(unsigned int) + luks_volume_key_size * sizeof(u8); + + buf = vzalloc(luks_key_sz); + if (!buf) + return -ENOMEM; + + size_ptr = (unsigned int *)buf; + memcpy(size_ptr, &luks_volume_key_size, sizeof(unsigned int)); + memcpy(size_ptr + 1, luks_volume_key, luks_volume_key_size * sizeof(u8)); + *addr = buf; + *sz = luks_key_sz; + wipe_luks_volume_key(); + return 0; +} diff --git a/kernel/ksysfs.c b/kernel/ksysfs.c index aad7a3bfd846..cc64a895c334 100644 --- a/kernel/ksysfs.c +++ b/kernel/ksysfs.c @@ -165,6 +165,24 @@ static ssize_t vmcoreinfo_show(struct kobject *kobj, } KERNEL_ATTR_RO(vmcoreinfo); +static ssize_t crash_luks_volume_key_show(struct kobject *kobj, + struct kobj_attribute *attr, + char *buf) +{ + return 0; +} + +static ssize_t crash_luks_volume_key_store(struct kobject *kobj, + struct kobj_attribute *attr, + const char *buf, size_t count) +{ + int ret; + + ret = crash_sysfs_luks_volume_key_write(buf, count); + return ret < 0 ? ret : count; +} +KERNEL_ATTR_RW(crash_luks_volume_key); + #endif /* CONFIG_CRASH_CORE */ /* whether file capabilities are enabled */ @@ -255,6 +273,7 @@ static struct attribute * kernel_attrs[] = { #endif #ifdef CONFIG_CRASH_CORE &vmcoreinfo_attr.attr, + &crash_luks_volume_key_attr.attr, #endif #ifndef CONFIG_TINY_RCU &rcu_expedited_attr.attr, From patchwork Thu Jun 1 07:24:42 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Coiby Xu X-Patchwork-Id: 13264717 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id E33AEC7EE2D for ; Fri, 2 Jun 2023 05:39:42 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1685684381; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=jJr0BKhJD7NKurgXBm95SmDzb0kHkswOk8A9Y+AkY0w=; b=F7Dl0gbm0pA5qyiXJrfXAQT88YO2TKJh63YGJ50KMjXYc9e2EKyLfcwwGI3SMihOJtqa3H q9NeFdspgxuToejCJGzrEn1RfONrvyvG6BAsP5UbfUlh2uf9I7DfvrvJO+guEI5mhZNr8s CEuLLkr68cwvLLHOjglEkgOKlElkLUE= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-505-VGSe6qd6Pg-VpWRpNogt2A-1; Fri, 02 Jun 2023 01:39:40 -0400 X-MC-Unique: VGSe6qd6Pg-VpWRpNogt2A-1 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id ED3B1185A797; Fri, 2 Jun 2023 05:39:38 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (unknown [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id 765C72166B27; Fri, 2 Jun 2023 05:39:38 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 426A01946A41; Fri, 2 Jun 2023 05:39:37 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.rdu2.redhat.com [10.11.54.7]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 284C419451E5 for ; Thu, 1 Jun 2023 07:25:03 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id 09194140E964; Thu, 1 Jun 2023 07:25:03 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast09.extmail.prod.ext.rdu2.redhat.com [10.11.55.25]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 01402140E962 for ; Thu, 1 Jun 2023 07:25:02 +0000 (UTC) Received: from us-smtp-inbound-1.mimecast.com (us-smtp-delivery-1.mimecast.com [207.211.31.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id D0B302800C20 for ; Thu, 1 Jun 2023 07:25:02 +0000 (UTC) Received: from mail-pf1-f198.google.com (mail-pf1-f198.google.com [209.85.210.198]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-625-fP13d_1wOJqrfZixyKgLaA-1; Thu, 01 Jun 2023 03:25:01 -0400 X-MC-Unique: fP13d_1wOJqrfZixyKgLaA-1 Received: by mail-pf1-f198.google.com with SMTP id d2e1a72fcca58-64d24df4852so254243b3a.2 for ; Thu, 01 Jun 2023 00:25:01 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1685604300; x=1688196300; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=BSdEOOvVOvBHgbxdtA0aSxX16fM93R7Xrib46N4HMRQ=; b=lfroMYhZr0nzil8qfMPjmyM49gEWF0zfmQZ1cMIYbbj1FjiW1umsMmQo9ZJmu9uV4K NyhgzX6bigmFkzwV9jZFP/9MRKq+0BRxFWkoBWALnIj6FPe2+F2zJBQ0HguUweSvWtis MAQMccNDYcQZGqcmChaz+msXTBzqdPbDnCXLeIR+cvTdx37t3Kfs28VzsTNIkOfV4TKP LBOWt+Hm+1YTKN1XEcgRNwj17mP6zRYCj5linakHVdZryTTDavjhCxBdDmW74ntGYhXe hMGXncmhcoJnCIkA9ZCtRR1drCqdfqgX7eLfCb7WCYfTIHmf695K4GfwUYpUNEfBy3q8 nQsA== X-Gm-Message-State: AC+VfDyq/hxHf/kviT9ddVkYH3MTjnFD3nT2CJx+QddGMYZLv6pjo2dd T06fJB4mBe41Eruy34RIMfWBmHhaec5sQcxUgns+m5xmdOSrJoNVVzq/26NDPWBuxoB6+YydwrI eiQANJcYpeMo+FA0= X-Received: by 2002:a05:6a00:1a51:b0:63b:5496:7af5 with SMTP id h17-20020a056a001a5100b0063b54967af5mr7757655pfv.1.1685604300243; Thu, 01 Jun 2023 00:25:00 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ7dvgVyrzGCsjuOATzcCkMb2NCswn1qLkQ0iET/24u8jgUcZoCb8ABgYZHVIPusFMkwCuiucw== X-Received: by 2002:a05:6a00:1a51:b0:63b:5496:7af5 with SMTP id h17-20020a056a001a5100b0063b54967af5mr7757634pfv.1.1685604299873; Thu, 01 Jun 2023 00:24:59 -0700 (PDT) Received: from localhost ([43.228.180.230]) by smtp.gmail.com with ESMTPSA id f18-20020aa78b12000000b0064d27a28451sm4433388pfd.100.2023.06.01.00.24.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 01 Jun 2023 00:24:59 -0700 (PDT) From: Coiby Xu To: kexec@lists.infradead.org Date: Thu, 1 Jun 2023 15:24:42 +0800 Message-Id: <20230601072444.2033855-4-coxu@redhat.com> In-Reply-To: <20230601072444.2033855-1-coxu@redhat.com> References: <20230601072444.2033855-1-coxu@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.7 X-Mailman-Approved-At: Fri, 02 Jun 2023 05:39:36 +0000 Subject: [dm-devel] [PATCH 3/5] crash_dump: retrieve LUKS volume key in kdump kernel X-BeenThere: dm-devel@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: device-mapper development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Baoquan He , x86@kernel.org, dm-devel@redhat.com, Pingfan Liu , linux-kernel@vger.kernel.org, Dave Hansen , Kairui Song , Jan Pazdziora , Thomas Staudt , Vitaly Kuznetsov , Dave Young , Milan Broz , Vivek Goyal Errors-To: dm-devel-bounces@redhat.com Sender: "dm-devel" X-Scanned-By: MIMEDefang 3.1 on 10.11.54.6 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Crash kernel will retrieve the LUKS volume key based on the luksvolumekey command line parameter. When libcryptsetup writes the key description to /sys/kernel/crash_luks_volume_key, crash kernel will create a thread keyring and add a logon key. Signed-off-by: Coiby Xu --- include/linux/crash_dump.h | 2 + kernel/crash_dump_luks.c | 116 ++++++++++++++++++++++++++++++++++++- 2 files changed, 116 insertions(+), 2 deletions(-) diff --git a/include/linux/crash_dump.h b/include/linux/crash_dump.h index 0f3a656293b0..bc848e058c64 100644 --- a/include/linux/crash_dump.h +++ b/include/linux/crash_dump.h @@ -15,6 +15,8 @@ extern unsigned long long elfcorehdr_addr; extern unsigned long long elfcorehdr_size; +extern unsigned long long luks_volume_key_addr; + #ifdef CONFIG_CRASH_DUMP extern int elfcorehdr_alloc(unsigned long long *addr, unsigned long long *size); extern void elfcorehdr_free(unsigned long long addr); diff --git a/kernel/crash_dump_luks.c b/kernel/crash_dump_luks.c index 2d88b77a93f8..63718db318c3 100644 --- a/kernel/crash_dump_luks.c +++ b/kernel/crash_dump_luks.c @@ -1,7 +1,82 @@ // SPDX-License-Identifier: GPL-2.0-only +#include +#include #include #include +unsigned long long luks_volume_key_addr; +EXPORT_SYMBOL_GPL(luks_volume_key_addr); + +static int __init setup_luksvolumekey(char *arg) +{ + char *end; + + if (!arg) + return -EINVAL; + luks_volume_key_addr = memparse(arg, &end); + if (end > arg) + return 0; + + luks_volume_key_addr = 0; + return -EINVAL; +} + +early_param("luksvolumekey", setup_luksvolumekey); + +/* + * Architectures may override this function to read LUKS master key + */ +ssize_t __weak luks_key_read(char *buf, size_t count, u64 *ppos) +{ + struct kvec kvec = { .iov_base = buf, .iov_len = count }; + struct iov_iter iter; + + iov_iter_kvec(&iter, READ, &kvec, 1, count); + return read_from_oldmem(&iter, count, ppos, false); +} + +static int retrive_kdump_luks_volume_key(u8 *buffer, unsigned int *sz) +{ + unsigned int key_size; + size_t lukskeybuf_sz; + unsigned int *size_ptr; + char *lukskeybuf; + u64 addr; + int r; + + if (luks_volume_key_addr == 0) { + pr_debug("LUKS master key memory address inaccessible"); + return -EINVAL; + } + + addr = luks_volume_key_addr; + + /* Read LUKS master key size */ + r = luks_key_read((char *)&key_size, sizeof(unsigned int), &addr); + + if (r < 0) + return r; + + pr_debug("Retrieve LUKS master key: size=%u\n", key_size); + /* Read in LUKS maste rkey */ + lukskeybuf_sz = sizeof(unsigned int) + key_size * sizeof(u8); + lukskeybuf = (void *)__get_free_pages(GFP_KERNEL | __GFP_ZERO, + get_order(lukskeybuf_sz)); + if (!lukskeybuf) + return -ENOMEM; + + addr = luks_volume_key_addr; + r = luks_key_read((char *)lukskeybuf, lukskeybuf_sz, &addr); + + if (r < 0) + return r; + size_ptr = (unsigned int *)lukskeybuf; + memcpy(buffer, size_ptr + 1, key_size * sizeof(u8)); + pr_debug("Retrieve LUKS master key (size=%u): %48ph...\n", key_size, buffer); + *sz = key_size; + return 0; +} + static u8 *luks_volume_key; static unsigned int luks_volume_key_size; @@ -23,12 +98,48 @@ static DECLARE_DELAYED_WORK(wipe_luks_volume_key_work, _wipe_luks_volume_key); static unsigned __read_mostly wipe_key_delay = 3600; /* 1 hour */ +static int retore_luks_volume_key_to_thread_keyring(const char *key_desc) +{ + key_ref_t keyring_ref, key_ref; + int ret; + + /* find the target keyring (which must be writable) */ + keyring_ref = lookup_user_key(KEY_SPEC_THREAD_KEYRING, 0x01, KEY_NEED_WRITE); + if (IS_ERR(keyring_ref)) { + pr_alert("Failed to get keyring"); + return PTR_ERR(keyring_ref); + } + + luks_volume_key = kmalloc(128, GFP_KERNEL); + ret = retrive_kdump_luks_volume_key(luks_volume_key, &luks_volume_key_size); + if (ret) { + kfree(luks_volume_key); + return ret; + } + + /* create or update the requested key and add it to the target keyring */ + key_ref = key_create_or_update(keyring_ref, "logon", key_desc, + luks_volume_key, luks_volume_key_size, + KEY_PERM_UNDEF, KEY_ALLOC_IN_QUOTA); + + if (!IS_ERR(key_ref)) { + ret = key_ref_to_ptr(key_ref)->serial; + key_ref_put(key_ref); + pr_alert("Success adding key %s", key_desc); + } else { + ret = PTR_ERR(key_ref); + pr_alert("Error when adding key"); + } + + key_ref_put(keyring_ref); + return ret; +} + static int crash_save_temp_luks_volume_key(const char *key_desc, size_t count) { const struct user_key_payload *ukp; struct key *key; - if (luks_volume_key) { memset(luks_volume_key, 0, luks_volume_key_size * sizeof(u8)); kfree(luks_volume_key); @@ -61,7 +172,8 @@ int crash_sysfs_luks_volume_key_write(const char *key_desc, size_t count) { if (!is_kdump_kernel()) return crash_save_temp_luks_volume_key(key_desc, count); - return -EINVAL; + else + return retore_luks_volume_key_to_thread_keyring(key_desc); } EXPORT_SYMBOL(crash_sysfs_luks_volume_key_write); From patchwork Thu Jun 1 07:24:43 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Coiby Xu X-Patchwork-Id: 13264718 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id DFC82C7EE24 for ; Fri, 2 Jun 2023 05:39:42 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1685684381; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=BIGVCs4p465Q9RmqAogVxRSyCloXsoncy/0ShjcEZzs=; b=EfAIvnRkhX+5MEIz1mRyMGUJkdJCx1JJBUeL/HsRlJQZ4PA9ER46TanB7g+BAUnwZrJQcp qsuwMzDtC2FCW+Bu0plXtEjude8x9yuWOkcIxVxEoTkbfzV+eppT70KLJpzVk5T3WF1Wdo WXFqpfSoKYPYDLLxqNuDCR5JfzH3lfU= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-505--DjZsUDWMdu8KR5oJjCNGA-1; Fri, 02 Jun 2023 01:39:40 -0400 X-MC-Unique: -DjZsUDWMdu8KR5oJjCNGA-1 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.rdu2.redhat.com [10.11.54.2]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id F3E0A101A5C5; Fri, 2 Jun 2023 05:39:38 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (unknown [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id E3F9D40C6CD7; Fri, 2 Jun 2023 05:39:38 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id BC87819465A2; Fri, 2 Jun 2023 05:39:37 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx09.intmail.prod.int.rdu2.redhat.com [10.11.54.9]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 78CD919451E5 for ; Thu, 1 Jun 2023 07:25:06 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id 664B040BAEE; Thu, 1 Jun 2023 07:25:06 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast09.extmail.prod.ext.rdu2.redhat.com [10.11.55.25]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 5EC74492B00 for ; Thu, 1 Jun 2023 07:25:06 +0000 (UTC) Received: from us-smtp-inbound-1.mimecast.com (us-smtp-delivery-1.mimecast.com [205.139.110.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 42F242800C20 for ; Thu, 1 Jun 2023 07:25:06 +0000 (UTC) Received: from mail-pj1-f70.google.com (mail-pj1-f70.google.com [209.85.216.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-492-6a68YFHlN2CMGLFd81OMOA-1; Thu, 01 Jun 2023 03:25:05 -0400 X-MC-Unique: 6a68YFHlN2CMGLFd81OMOA-1 Received: by mail-pj1-f70.google.com with SMTP id 98e67ed59e1d1-2568caac092so105323a91.1 for ; Thu, 01 Jun 2023 00:25:04 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1685604304; x=1688196304; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=AgH6lkMBE6SH6kwKQ2OLQdShNDxo5U5zIXrPWoXTrzY=; b=hKEk90N8A6Xbq2RPbdrESUuJiow2sB/6rLxhYg5IBgb+Lnlj9BhGLl5IbjqsEZ0g6c DzA75XG/4st+Z8pnt/JVGy/f7OM55qXqXbDQJVCiCpKtPp2xoPKTbXm6ca80t1tbYgi6 +2dmkVnOIBae1y3aMEBEXEkhh3jZ7/dI7mmQFsdmB78uE33QYbVxkdqYprq3AlrjP4hN gpUVYhRpgl13NzMIOC/Hz4QJJII8EQjAuWDWZdwUroLahTfaEjFYtmSxd+XSuv7ZuZzy kmb4zQl8KwCq4+L0UF1db9Ds+UmgRuc6joPJhuBdLhH9hHlFw8HXL6xK2p5gJdfd0w56 x49Q== X-Gm-Message-State: AC+VfDxuNauGlRT5u9y+MndeoHkPmQgXRbSpqfiB9utYp9tXm/3f/smw rcOuetEj/ErgQgX7fI0qqwsQNMPBkCd/rK9IdkWy86Vm4juNq5biiVNe6OUHHJjP579eN5sAvhx MnPsDBBMwaIvo/bc= X-Received: by 2002:a17:90a:1d5:b0:258:ad44:1881 with SMTP id 21-20020a17090a01d500b00258ad441881mr348558pjd.11.1685604303892; Thu, 01 Jun 2023 00:25:03 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ7xgKGdx+9FIXW6GTYR3P3F8V57UwAyR9jIH88D5P2XGZN+XYlgvqnsqFZh+mlMZMuhp1bt/w== X-Received: by 2002:a17:90a:1d5:b0:258:ad44:1881 with SMTP id 21-20020a17090a01d500b00258ad441881mr348543pjd.11.1685604303582; Thu, 01 Jun 2023 00:25:03 -0700 (PDT) Received: from localhost ([43.228.180.230]) by smtp.gmail.com with ESMTPSA id o11-20020a17090a4e8b00b00256799877ffsm702466pjh.47.2023.06.01.00.25.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 01 Jun 2023 00:25:03 -0700 (PDT) From: Coiby Xu To: kexec@lists.infradead.org Date: Thu, 1 Jun 2023 15:24:43 +0800 Message-Id: <20230601072444.2033855-5-coxu@redhat.com> In-Reply-To: <20230601072444.2033855-1-coxu@redhat.com> References: <20230601072444.2033855-1-coxu@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.9 X-Mailman-Approved-At: Fri, 02 Jun 2023 05:39:36 +0000 Subject: [dm-devel] [PATCH 4/5] x86/crash: pass the LUKS volume key to kdump kernel X-BeenThere: dm-devel@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: device-mapper development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Dave Hansen , "H. Peter Anvin" , Baoquan He , x86@kernel.org, dm-devel@redhat.com, Pingfan Liu , linux-kernel@vger.kernel.org, Dave Hansen , Kairui Song , Ingo Molnar , Thomas Gleixner , Eric Biederman , Jan Pazdziora , Thomas Staudt , Borislav Petkov , Vitaly Kuznetsov , Dave Young , Milan Broz Errors-To: dm-devel-bounces@redhat.com Sender: "dm-devel" X-Scanned-By: MIMEDefang 3.1 on 10.11.54.2 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com 1st kernel will build up the kernel command parameter luksvolumekey as similar to elfcorehdr to pass the memory address of the stored info of LUKS volume key to kdump kernel. Signed-off-by: Coiby Xu --- arch/x86/include/asm/crash.h | 1 + arch/x86/kernel/crash.c | 47 ++++++++++++++++++++++++++++++- arch/x86/kernel/kexec-bzimage64.c | 7 +++++ include/linux/kexec.h | 4 +++ 4 files changed, 58 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/asm/crash.h b/arch/x86/include/asm/crash.h index 8b6bd63530dc..485f75dce2ca 100644 --- a/arch/x86/include/asm/crash.h +++ b/arch/x86/include/asm/crash.h @@ -4,6 +4,7 @@ struct kimage; +int crash_load_luks_volume_key(struct kimage *image); int crash_load_segments(struct kimage *image); int crash_setup_memmap_entries(struct kimage *image, struct boot_params *params); diff --git a/arch/x86/kernel/crash.c b/arch/x86/kernel/crash.c index cdd92ab43cda..32d4a9e3badf 100644 --- a/arch/x86/kernel/crash.c +++ b/arch/x86/kernel/crash.c @@ -289,6 +289,7 @@ static int memmap_exclude_ranges(struct kimage *image, struct crash_mem *cmem, unsigned long long mend) { unsigned long start, end; + int r; cmem->ranges[0].start = mstart; cmem->ranges[0].end = mend; @@ -297,7 +298,19 @@ static int memmap_exclude_ranges(struct kimage *image, struct crash_mem *cmem, /* Exclude elf header region */ start = image->elf_load_addr; end = start + image->elf_headers_sz - 1; - return crash_exclude_mem_range(cmem, start, end); + r = crash_exclude_mem_range(cmem, start, end); + + if (r) + return r; + + /* Exclude LUKS volume key region */ + if (image->luks_volume_key_addr) { + start = image->luks_volume_key_addr; + end = start + image->luks_volume_key_sz - 1; + return crash_exclude_mem_range(cmem, start, end); + } + + return r; } /* Prepare memory map for crash dump kernel */ @@ -368,6 +381,38 @@ int crash_setup_memmap_entries(struct kimage *image, struct boot_params *params) return ret; } +int crash_load_luks_volume_key(struct kimage *image) +{ + int ret; + struct kexec_buf kbuf = { + .image = image, + .buf_min = 0, + .buf_max = ULONG_MAX, + .top_down = false, + .random = true, + }; + + image->luks_volume_key_addr = 0; + ret = crash_pass_temp_luks_volume_key(&kbuf.buffer, &kbuf.bufsz); + if (ret) + return ret; + + kbuf.memsz = kbuf.bufsz; + kbuf.buf_align = ELF_CORE_HEADER_ALIGN; + kbuf.mem = KEXEC_BUF_MEM_UNKNOWN; + ret = kexec_add_buffer(&kbuf); + if (ret) { + vfree((void *)kbuf.buffer); + return ret; + } + image->luks_volume_key_addr = kbuf.mem; + image->luks_volume_key_sz = kbuf.bufsz; + pr_debug("Loaded LUKS volume key at 0x%lx bufsz=0x%lx memsz=0x%lx\n", + image->luks_volume_key_addr, kbuf.bufsz, kbuf.bufsz); + + return ret; +} + int crash_load_segments(struct kimage *image) { int ret; diff --git a/arch/x86/kernel/kexec-bzimage64.c b/arch/x86/kernel/kexec-bzimage64.c index a61c12c01270..a859e9e5c876 100644 --- a/arch/x86/kernel/kexec-bzimage64.c +++ b/arch/x86/kernel/kexec-bzimage64.c @@ -76,6 +76,10 @@ static int setup_cmdline(struct kimage *image, struct boot_params *params, if (image->type == KEXEC_TYPE_CRASH) { len = sprintf(cmdline_ptr, "elfcorehdr=0x%lx ", image->elf_load_addr); + + if (image->luks_volume_key_addr != 0) + len += sprintf(cmdline_ptr + len, + "luksvolumekey=0x%lx ", image->luks_volume_key_addr); } memcpy(cmdline_ptr + len, cmdline, cmdline_len); cmdline_len += len; @@ -433,6 +437,9 @@ static void *bzImage64_load(struct kimage *image, char *kernel, ret = crash_load_segments(image); if (ret) return ERR_PTR(ret); + ret = crash_load_luks_volume_key(image); + if (ret) + pr_debug("Either no LUKS volume key or error to retrieve the LUKS volume key\n"); } /* diff --git a/include/linux/kexec.h b/include/linux/kexec.h index 5b2440444112..20d213076e46 100644 --- a/include/linux/kexec.h +++ b/include/linux/kexec.h @@ -374,6 +374,10 @@ struct kimage { void *elf_headers; unsigned long elf_headers_sz; unsigned long elf_load_addr; + + /* LUKS volume key buffer */ + unsigned long luks_volume_key_addr; + unsigned long luks_volume_key_sz; }; /* kexec interface functions */ From patchwork Thu Jun 1 07:24:44 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Coiby Xu X-Patchwork-Id: 13264719 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 82BD1C7EE31 for ; Fri, 2 Jun 2023 05:39:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1685684384; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=Ok4va3Ld1DNBD021zi3vA00cYgp7m1f9sk9MYtCiDf0=; b=RZR41pwmsx25x98y1k3l9tZjHrFPbY9qqQxfpCU7Q3H7ZOuA/BgtdTfeQxlSLGH/nanxEu pY0hKwXUKkjC7MTkxWXn8OomAZ8ruQ+SOb8GTCChm8Yyz//e7/LBtLkM3vS9V37NLN7+3U V0di5WIrrqQxi/Y2mED+24cg7v133eg= Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-487-ewzCYfqENruItpi4i7tw9A-1; Fri, 02 Jun 2023 01:39:41 -0400 X-MC-Unique: ewzCYfqENruItpi4i7tw9A-1 Received: from smtp.corp.redhat.com (int-mx10.intmail.prod.int.rdu2.redhat.com [10.11.54.10]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 60E882A2AD51; Fri, 2 Jun 2023 05:39:39 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (unknown [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id 50E2D492B0A; Fri, 2 Jun 2023 05:39:39 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id E62ED19465A0; Fri, 2 Jun 2023 05:39:38 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 6934D194343F for ; Thu, 1 Jun 2023 07:25:10 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id 4B84E112132D; Thu, 1 Jun 2023 07:25:10 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast05.extmail.prod.ext.rdu2.redhat.com [10.11.55.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 43FD1112132C for ; Thu, 1 Jun 2023 07:25:09 +0000 (UTC) Received: from us-smtp-inbound-1.mimecast.com (us-smtp-delivery-1.mimecast.com [205.139.110.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 911C58032EF for ; Thu, 1 Jun 2023 07:25:09 +0000 (UTC) Received: from mail-pg1-f197.google.com (mail-pg1-f197.google.com [209.85.215.197]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-480-8-1C3WkKOBmzBT6PKatJsg-1; Thu, 01 Jun 2023 03:25:08 -0400 X-MC-Unique: 8-1C3WkKOBmzBT6PKatJsg-1 Received: by mail-pg1-f197.google.com with SMTP id 41be03b00d2f7-53450fa3a18so579707a12.0 for ; Thu, 01 Jun 2023 00:25:08 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1685604307; x=1688196307; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=aefU4VwU8oFOQYKmAqFmOKJxhlCYs6WtVK98Xo9Ylw8=; b=kPghHeyYkBMreDXgwdTHI+5y1H3rW7r3Jwsq9J66ChET3OHIxUNzyKzkmCWUIjC4rp EftaZX3WOCR6brHFn7ToNgUB/aeivglcGVugBHJRE2T+tH2Quktltl4WIqLOSXXUTXcY NS+YLtSdA1e4TVNh3d2UV4PpwVtPi7goPsCo2+pLqylFEjGPl6TY6Y65YH7sBvYFz/O8 RB+KQbvzarznHSmINUEMdqFYrMRPbWsgMH1Ei7mtNwvn5IkkJ72nezn5lzpQevMkBQiq YEOfNOeA7GyMN+2JisoJ6IZ7MFarJkSvPAyG4hYD2yPJNXE+s5silqM8g/QJ8Lt9ate5 nE3A== X-Gm-Message-State: AC+VfDw2bvin5LhKKuaTFsanw3wTqBT7QroEmKYQzkyCDOTj6wC2tEDt iTunOOxfFYldfGR7e2c4GpG0310BVkKpDje7A8SnHbElBpkJkDqTvIgLfi0R7skwu6Iwzgoh2P0 wTSJFP3oIGXx9At8= X-Received: by 2002:a05:6a21:998c:b0:10c:37ed:3e88 with SMTP id ve12-20020a056a21998c00b0010c37ed3e88mr8900720pzb.23.1685604307400; Thu, 01 Jun 2023 00:25:07 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ63I95P8dhhdJ7s5jrMayaANp/DzsGmHfYS5azIKGpulSOOXmtAzsGrmoW2rz/wazIGcv1tqA== X-Received: by 2002:a05:6a21:998c:b0:10c:37ed:3e88 with SMTP id ve12-20020a056a21998c00b0010c37ed3e88mr8900696pzb.23.1685604307121; Thu, 01 Jun 2023 00:25:07 -0700 (PDT) Received: from localhost ([43.228.180.230]) by smtp.gmail.com with ESMTPSA id y15-20020a17090322cf00b001ac5896e96esm2644901plg.207.2023.06.01.00.25.06 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 01 Jun 2023 00:25:06 -0700 (PDT) From: Coiby Xu To: kexec@lists.infradead.org Date: Thu, 1 Jun 2023 15:24:44 +0800 Message-Id: <20230601072444.2033855-6-coxu@redhat.com> In-Reply-To: <20230601072444.2033855-1-coxu@redhat.com> References: <20230601072444.2033855-1-coxu@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.3 X-Mailman-Approved-At: Fri, 02 Jun 2023 05:39:36 +0000 Subject: [dm-devel] [PATCH 5/5] x86/crash: make the page that stores the LUKS volume key inaccessible X-BeenThere: dm-devel@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: device-mapper development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Dave Hansen , "H. Peter Anvin" , Baoquan He , x86@kernel.org, dm-devel@redhat.com, Pingfan Liu , linux-kernel@vger.kernel.org, Dave Hansen , Kairui Song , Ingo Molnar , Thomas Gleixner , Jan Pazdziora , Thomas Staudt , Borislav Petkov , Vitaly Kuznetsov , Dave Young , Milan Broz Errors-To: dm-devel-bounces@redhat.com Sender: "dm-devel" X-Scanned-By: MIMEDefang 3.1 on 10.11.54.10 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com This adds an addition layer of protection for the saved copy of LUKS volume key. Trying to access the saved copy will cause page fault. Suggested-by: Pingfan Liu Signed-off-by: Coiby Xu --- arch/x86/kernel/machine_kexec_64.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/arch/x86/kernel/machine_kexec_64.c b/arch/x86/kernel/machine_kexec_64.c index 1a3e2c05a8a5..82d1ecb35827 100644 --- a/arch/x86/kernel/machine_kexec_64.c +++ b/arch/x86/kernel/machine_kexec_64.c @@ -546,9 +546,23 @@ static void kexec_mark_crashkres(bool protect) kexec_mark_range(control, crashk_res.end, protect); } +static void kexec_mark_luks_volume_key_inaccessible(void) +{ + unsigned long start_paddr, end_paddr; + unsigned int nr_pages; + + if (kexec_crash_image->luks_volume_key_addr) { + start_paddr = kexec_crash_image->luks_volume_key_addr; + end_paddr = start_paddr + kexec_crash_image->luks_volume_key_sz - 1; + nr_pages = (PAGE_ALIGN(end_paddr) - PAGE_ALIGN_DOWN(start_paddr))/PAGE_SIZE; + set_memory_np((unsigned long)phys_to_virt(start_paddr), nr_pages); + } +} + void arch_kexec_protect_crashkres(void) { kexec_mark_crashkres(true); + kexec_mark_luks_volume_key_inaccessible(); } void arch_kexec_unprotect_crashkres(void)