On Tue, Jan 16, 2024 at 11:40:53AM +0100, Ondrej Kozina wrote:
On 10/01/2024 08:15, Coiby Xu wrote:
User space is supposed to write the key description to
/sys/kernel/crash_dm_crypt_key so the kernel will read the key and save
a temporary copy for later user. User space has 2 minutes at maximum to
load the kdump initrd before the key gets wiped. And after kdump
retrieves the key, the key will be wiped immediately.
Signed-off-by: Coiby Xu <coxu@xxxxxxxxxx>
---
include/linux/crash_core.h | 7 +-
include/linux/kexec.h | 4 ++
kernel/Makefile | 2 +-
kernel/crash_dump_dm_crypt.c | 121 +++++++++++++++++++++++++++++++++++
kernel/ksysfs.c | 23 ++++++-
5 files changed, 153 insertions(+), 4 deletions(-)
create mode 100644 kernel/crash_dump_dm_crypt.c
diff --git a/include/linux/crash_core.h b/include/linux/crash_core.h
index 5126a4fecb44..7078eda6418d 100644
--- a/include/linux/crash_core.h
+++ b/include/linux/crash_core.h
@@ -125,6 +125,12 @@ static inline void __init reserve_crashkernel_generic(char *cmdline,
{}
#endif
+struct kimage;
+
+int crash_sysfs_dm_crypt_key_write(const char *key_des, size_t count);
+int crash_pass_temp_dm_crypt_key(void **addr, unsigned long *sz);
+int crash_load_dm_crypt_key(struct kimage *image);
+
/* Alignment required for elf header segment */
#define ELF_CORE_HEADER_ALIGN 4096
@@ -140,7 +146,6 @@ extern int crash_exclude_mem_range(struct crash_mem *mem,
extern int crash_prepare_elf64_headers(struct crash_mem *mem, int need_kernel_map,
void **addr, unsigned long *sz);
-struct kimage;
struct kexec_segment;
#define KEXEC_CRASH_HP_NONE 0
diff --git a/include/linux/kexec.h b/include/linux/kexec.h
index 6f4626490ebf..bf7ab1e927ef 100644
--- a/include/linux/kexec.h
+++ b/include/linux/kexec.h
@@ -366,6 +366,10 @@ struct kimage {
void *elf_headers;
unsigned long elf_headers_sz;
unsigned long elf_load_addr;
+
+ /* dm crypt key buffer */
+ unsigned long dm_crypt_key_addr;
+ unsigned long dm_crypt_key_sz;
};
/* kexec interface functions */
diff --git a/kernel/Makefile b/kernel/Makefile
index 3947122d618b..48859bf63db5 100644
--- a/kernel/Makefile
+++ b/kernel/Makefile
@@ -119,7 +119,7 @@ obj-$(CONFIG_PERF_EVENTS) += events/
obj-$(CONFIG_USER_RETURN_NOTIFIER) += user-return-notifier.o
obj-$(CONFIG_PADATA) += padata.o
-obj-$(CONFIG_CRASH_DUMP) += crash_dump.o
+obj-$(CONFIG_CRASH_DUMP) += crash_dump.o crash_dump_dm_crypt.o
obj-$(CONFIG_JUMP_LABEL) += jump_label.o
obj-$(CONFIG_CONTEXT_TRACKING) += context_tracking.o
obj-$(CONFIG_TORTURE_TEST) += torture.o
diff --git a/kernel/crash_dump_dm_crypt.c b/kernel/crash_dump_dm_crypt.c
new file mode 100644
index 000000000000..3a0b0b773598
--- /dev/null
+++ b/kernel/crash_dump_dm_crypt.c
@@ -0,0 +1,121 @@
+// SPDX-License-Identifier: GPL-2.0-only
+#include <keys/user-type.h>
+#include <linux/crash_dump.h>
+
+static u8 *dm_crypt_key;
+static unsigned int dm_crypt_key_size;
+
+void wipe_dm_crypt_key(void)
+{
+ if (dm_crypt_key) {
+ memset(dm_crypt_key, 0, dm_crypt_key_size * sizeof(u8));
+ kfree(dm_crypt_key);
+ dm_crypt_key = NULL;
+ }
+}
+
+static void _wipe_dm_crypt_key(struct work_struct *dummy)
+{
+ wipe_dm_crypt_key();
+}
+
+static DECLARE_DELAYED_WORK(wipe_dm_crypt_key_work, _wipe_dm_crypt_key);
+
+static unsigned __read_mostly wipe_key_delay = 120; /* 2 mins */
+
+static int crash_save_temp_dm_crypt_key(const char *key_desc, size_t count)
+{
+ const struct user_key_payload *ukp;
+ struct key *key;
+
+ if (dm_crypt_key) {
+ memset(dm_crypt_key, 0, dm_crypt_key_size * sizeof(u8));
+ kfree(dm_crypt_key);
+ }
+
+ pr_debug("Requesting key %s", key_desc);
+ key = request_key(&key_type_user, key_desc, NULL);
If we don't read the key copy form userspace (my reply to top level
message) you could use key_type_logon here.
I'll use key_type_logon, thanks!
--
Best regards,
Coiby
_______________________________________________
kexec mailing list
kexec@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/kexec