2024-06-07 12:28:59

by Coiby Xu

[permalink] [raw]
Subject: [PATCH v5 4/7] crash_dump: reuse saved dm crypt keys for CPU/memory hot-plugging

When there are CPU and memory hot un/plugs, the crash elfcorehdr which
describes CPUs and memory in the system needs to be updated for the
kdump kernel.

Currently, there are two solutions to support this case. One is to
utilizes udev to instruct user space to reload the kdump kernel image
and initrd, elfcorehdr and etc. again. The other is to only update the
elfcorehdr segment. For the 1st solution, the dm crypt keys need to be
reloaded again. The user space can write the "reuse" command to
/sys/kernel/crash_dm_crypt_key so the stored keys can be re-saved again.

Note only x86 (commit ea53ad9cf73b ("x86/crash: add x86 crash
hotplug support")) and ppc (WIP) supports the new infrastructure
(commit 247262756121 ("crash: add generic infrastructure for crash
hotplug support")). If the new infrastructure get extended to all arches,
this patch can be dropped.

Signed-off-by: Coiby Xu <[email protected]>
---
Documentation/ABI/testing/crash_dm_crypt_keys | 2 ++
kernel/crash_dump_dm_crypt.c | 32 ++++++++++++++++---
2 files changed, 30 insertions(+), 4 deletions(-)

diff --git a/Documentation/ABI/testing/crash_dm_crypt_keys b/Documentation/ABI/testing/crash_dm_crypt_keys
index e6a6f6be5a9e..7426c9d8de97 100644
--- a/Documentation/ABI/testing/crash_dm_crypt_keys
+++ b/Documentation/ABI/testing/crash_dm_crypt_keys
@@ -15,6 +15,8 @@ Description: read/write
Record a key description. For security reason, the key must be a logon
key whose payload can't be read by user space. For details, please refer
to security/keys/core.rst.
+ - "reuse"
+ Reuse the dm crypt keys stored in kdump reserved memory.

And you can also read this API to know the command eructation status,
- fresh
diff --git a/kernel/crash_dump_dm_crypt.c b/kernel/crash_dump_dm_crypt.c
index 0033152668ae..9a6bd39adf76 100644
--- a/kernel/crash_dump_dm_crypt.c
+++ b/kernel/crash_dump_dm_crypt.c
@@ -15,13 +15,15 @@ static enum STATE_ENUM {
INITIALIZED,
RECORDED,
LOADED,
+ REUSE,
} state;

static const char * const STATE_STR[] = {
[FRESH] = "fresh",
[INITIALIZED] = "initialized",
[RECORDED] = "recorded",
- [LOADED] = "loaded"
+ [LOADED] = "loaded",
+ [REUSE] = "reuse"
};

static unsigned int key_count;
@@ -107,12 +109,32 @@ static int record_key_desc(const char *buf, struct dm_crypt_key *dm_key)
return 0;
}

+static void get_keys_from_kdump_reserved_memory(void)
+{
+ struct keys_header *keys_header_loaded;
+
+ arch_kexec_unprotect_crashkres();
+
+ keys_header_loaded = kmap_local_page(pfn_to_page(
+ kexec_crash_image->dm_crypt_keys_addr >> PAGE_SHIFT));
+
+ memcpy(keys_header, keys_header_loaded, keys_header_size);
+ kunmap_local(keys_header_loaded);
+ state = RECORDED;
+ arch_kexec_protect_crashkres();
+}
+
static int process_cmd(const char *buf, size_t count)
{
if (strncmp(buf, "init ", 5) == 0)
return init(buf);
else if (strncmp(buf, "record ", 7) == 0 && count == KEY_DESC_LEN + 6)
return record_key_desc(buf, &keys_header->keys[key_count]);
+ else if (!strcmp(buf, "reuse")) {
+ state = REUSE;
+ get_keys_from_kdump_reserved_memory();
+ return 0;
+ }

return -EINVAL;
}
@@ -192,9 +214,11 @@ int crash_load_dm_crypt_keys(struct kimage *image)
}

image->dm_crypt_keys_addr = 0;
- r = build_keys_header();
- if (r)
- return r;
+ if (state != REUSE) {
+ r = build_keys_header();
+ if (r)
+ return r;
+ }

kbuf.buffer = keys_header;
kbuf.bufsz = keys_header_size;
--
2.45.1