On Tue, Jan 16, 2024 at 11:40:53AM +0100, Ondrej Kozina wrote:
On 10/01/2024 08:15, Coiby Xu wrote:User space is supposed to write the key description to /sys/kernel/crash_dm_crypt_key so the kernel will read the key and save a temporary copy for later user. User space has 2 minutes at maximum to load the kdump initrd before the key gets wiped. And after kdump retrieves the key, the key will be wiped immediately. Signed-off-by: Coiby Xu <coxu@xxxxxxxxxx> --- include/linux/crash_core.h | 7 +- include/linux/kexec.h | 4 ++ kernel/Makefile | 2 +- kernel/crash_dump_dm_crypt.c | 121 +++++++++++++++++++++++++++++++++++ kernel/ksysfs.c | 23 ++++++- 5 files changed, 153 insertions(+), 4 deletions(-) create mode 100644 kernel/crash_dump_dm_crypt.c diff --git a/include/linux/crash_core.h b/include/linux/crash_core.h index 5126a4fecb44..7078eda6418d 100644 --- a/include/linux/crash_core.h +++ b/include/linux/crash_core.h @@ -125,6 +125,12 @@ static inline void __init reserve_crashkernel_generic(char *cmdline, {} #endif +struct kimage; + +int crash_sysfs_dm_crypt_key_write(const char *key_des, size_t count); +int crash_pass_temp_dm_crypt_key(void **addr, unsigned long *sz); +int crash_load_dm_crypt_key(struct kimage *image); + /* Alignment required for elf header segment */ #define ELF_CORE_HEADER_ALIGN 4096 @@ -140,7 +146,6 @@ extern int crash_exclude_mem_range(struct crash_mem *mem, extern int crash_prepare_elf64_headers(struct crash_mem *mem, int need_kernel_map, void **addr, unsigned long *sz); -struct kimage; struct kexec_segment; #define KEXEC_CRASH_HP_NONE 0 diff --git a/include/linux/kexec.h b/include/linux/kexec.h index 6f4626490ebf..bf7ab1e927ef 100644 --- a/include/linux/kexec.h +++ b/include/linux/kexec.h @@ -366,6 +366,10 @@ struct kimage { void *elf_headers; unsigned long elf_headers_sz; unsigned long elf_load_addr; + + /* dm crypt key buffer */ + unsigned long dm_crypt_key_addr; + unsigned long dm_crypt_key_sz; }; /* kexec interface functions */ diff --git a/kernel/Makefile b/kernel/Makefile index 3947122d618b..48859bf63db5 100644 --- a/kernel/Makefile +++ b/kernel/Makefile @@ -119,7 +119,7 @@ obj-$(CONFIG_PERF_EVENTS) += events/ obj-$(CONFIG_USER_RETURN_NOTIFIER) += user-return-notifier.o obj-$(CONFIG_PADATA) += padata.o -obj-$(CONFIG_CRASH_DUMP) += crash_dump.o +obj-$(CONFIG_CRASH_DUMP) += crash_dump.o crash_dump_dm_crypt.o obj-$(CONFIG_JUMP_LABEL) += jump_label.o obj-$(CONFIG_CONTEXT_TRACKING) += context_tracking.o obj-$(CONFIG_TORTURE_TEST) += torture.o diff --git a/kernel/crash_dump_dm_crypt.c b/kernel/crash_dump_dm_crypt.c new file mode 100644 index 000000000000..3a0b0b773598 --- /dev/null +++ b/kernel/crash_dump_dm_crypt.c @@ -0,0 +1,121 @@ +// SPDX-License-Identifier: GPL-2.0-only +#include <keys/user-type.h> +#include <linux/crash_dump.h> + +static u8 *dm_crypt_key; +static unsigned int dm_crypt_key_size; + +void wipe_dm_crypt_key(void) +{ + if (dm_crypt_key) { + memset(dm_crypt_key, 0, dm_crypt_key_size * sizeof(u8)); + kfree(dm_crypt_key); + dm_crypt_key = NULL; + } +} + +static void _wipe_dm_crypt_key(struct work_struct *dummy) +{ + wipe_dm_crypt_key(); +} + +static DECLARE_DELAYED_WORK(wipe_dm_crypt_key_work, _wipe_dm_crypt_key); + +static unsigned __read_mostly wipe_key_delay = 120; /* 2 mins */ + +static int crash_save_temp_dm_crypt_key(const char *key_desc, size_t count) +{ + const struct user_key_payload *ukp; + struct key *key; + + if (dm_crypt_key) { + memset(dm_crypt_key, 0, dm_crypt_key_size * sizeof(u8)); + kfree(dm_crypt_key); + } + + pr_debug("Requesting key %s", key_desc); + key = request_key(&key_type_user, key_desc, NULL);If we don't read the key copy form userspace (my reply to top level message) you could use key_type_logon here.
I'll use key_type_logon, thanks! -- Best regards, Coiby _______________________________________________ kexec mailing list kexec@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/kexec
