Received: by 2002:ab2:7903:0:b0:1fb:b500:807b with SMTP id a3csp1453040lqj; Tue, 4 Jun 2024 01:51:30 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCVUlJbEcW9S1rO8fnCqkbwQvtcv78OiIQ6OZdG7g1LuFEQhrxlQgUrjfIyjq0dnjIsuUJn4nsI3btPCkQOXaKhsUcJyAMY/mCcJF4zsxw== X-Google-Smtp-Source: AGHT+IF/T/6Rg0u9UvWN3g2/EXnuBF44Vd60FzmwcOcDMbuM4r0hNahURJoJgIzv0ithcxDLDsVo X-Received: by 2002:a50:d718:0:b0:570:5e7f:62cb with SMTP id 4fb4d7f45d1cf-57a36543a5amr7073112a12.29.1717491090413; Tue, 04 Jun 2024 01:51:30 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1717491090; cv=pass; d=google.com; s=arc-20160816; b=ZG/CoEIVA4TRzCwPGx2wKinInmtuQ/sI7m9inbt+pK5m0MPQsXX2F5phDI3RNmczB+ x9kSm1X7Ew1UbePkVE8Mz4VPKboP3l7I4lGDoYEzoHv+SUyAwAftnwx0LCioaf9TOYb4 Oqp2OwImJhwcVUN8daxk02wyevQx65Tp6a/dadHa2aNpsk+9T4FhhypL4BinF31s8S1U ngjAJHRFOkDJjSyfaJZturIpfrFVLcjVH8qJyNllEET2hCgTbdtSRhJ8StT3EUd5EOKT Sxr4DuIPEOsecXN4J4CEP++TFpg11igRZ9jxZFAJUuNZb1q50d0fxa8IAEVwI4kme8kc pbWg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature; bh=5z7HNV48kp54OxKkcQvGwgewNYNdSMm8024Uw3SQs94=; fh=j9nnfeBvIx3g2V21SGRFxMM4l/cnXxo00zKmU7KDkrE=; b=bXKMM/p85HkSVNWlHJ7Dz1woIlw9nPrdyfc5aabcPRK9JDal9SKKxA+s7+4DFgswoo HFzNWGG0hD7eaR3qBd9C2arORrq+Z9mdBhGGz94OCgKMkmQYwKTxZSIqoiOB9NdeB6Qc xjeyXGc2Myw2ZTW6Pn9aKuOX5ORqAYj25GGz9LLlP+O+sYqvw5mbNSR5hfWptWnrpP96 l81W3vkpwIExcXrUexxFtF6F/ySMuQbWlHediruQTVXIv6kXJOJIArMUtneNuH9hTxtv vKgk7l3ySq1aDdBtAPZd5IASuwxBLtBAeIkFMpiOeBZ2xu4TEwPcDlcwGmdzqapZjKx3 pD2g==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b="IWNdRJ/0"; arc=pass (i=1 spf=pass spfdomain=redhat.com dkim=pass dkdomain=redhat.com dmarc=pass fromdomain=redhat.com); spf=pass (google.com: domain of linux-kernel+bounces-200278-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-200278-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id 4fb4d7f45d1cf-57a31b810d5si4963375a12.91.2024.06.04.01.51.30 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 04 Jun 2024 01:51:30 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-200278-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b="IWNdRJ/0"; arc=pass (i=1 spf=pass spfdomain=redhat.com dkim=pass dkdomain=redhat.com dmarc=pass fromdomain=redhat.com); spf=pass (google.com: domain of linux-kernel+bounces-200278-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-200278-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id F3DA61F26089 for ; Tue, 4 Jun 2024 08:51:29 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 56FBB142E6C; Tue, 4 Jun 2024 08:51:24 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="IWNdRJ/0" Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9C5281411F9 for ; Tue, 4 Jun 2024 08:51:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717491083; cv=none; b=OSA84VT9CpJ/7S9GyjWjF6sRI6Qa0Rps3/r27FPumxyS1fFNJpTRodbVLS4y8FcoIdr7FswJ1vz7dJ6JeuEqbcF6nt0pjtMVI620SAc2hPERsfyhxuinoBwPYgCvswYDLkI4pWvjug2yNRpUonpf0ZdzvQc7dpKEQ6WW/Uo//Bs= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717491083; c=relaxed/simple; bh=ndt/Lo4v6zILLmSOCPQBBlzeEH8xtV1Wk8mzZdUrUB4=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=nS2Qc6ghYnnRZmZKajUfUlvbAtLUHjOm390bPdAEuqbKFXfmqg9xWkXRDNph6oc6VfcbtzuF1vYBf6dlpLmlsZ5rfiRFIH/TJ0aQadh9m6aVxLvSxbhnAxIZ9D1ThsRMiZeB8E9V09O4d8B0bYfLyVWq4jaWKP17GE7w9Wyd/x8= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=IWNdRJ/0; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1717491079; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=5z7HNV48kp54OxKkcQvGwgewNYNdSMm8024Uw3SQs94=; b=IWNdRJ/08K1mQZRxF3q++oWmweIw8xq9nN0rb1vxWqeeAfUbpBo5WB0/Lnv3LZTpToYgMI 5MMWPkz3YozsbAa67FgmuGiFSJ3bemVRvW/nbzCoN8mwbvdfs/Gs+1m1t2s+L/58LKb9oq klSVUgfw7dtU6PdIy8c5wqSiDkrXdgE= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-99-9jUjf59UNh64OOkq7HiiZg-1; Tue, 04 Jun 2024 04:51:16 -0400 X-MC-Unique: 9jUjf59UNh64OOkq7HiiZg-1 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.rdu2.redhat.com [10.11.54.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 73FE685A5BC; Tue, 4 Jun 2024 08:51:15 +0000 (UTC) Received: from localhost (unknown [10.72.116.9]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 07F76408DA22; Tue, 4 Jun 2024 08:51:12 +0000 (UTC) Date: Tue, 4 Jun 2024 16:51:03 +0800 From: Baoquan He To: Coiby Xu Cc: kexec@lists.infradead.org, Ondrej Kozina , Milan Broz , Thomas Staudt , Daniel P =?iso-8859-1?Q?=2E_Berrang=E9?= , Kairui Song , Jan Pazdziora , Pingfan Liu , Dave Young , linux-kernel@vger.kernel.org, x86@kernel.org, Dave Hansen , Vitaly Kuznetsov , Vivek Goyal , Kees Cook , "Gustavo A. R. Silva" , "open list:KERNEL HARDENING (not covered by other areas):Keyword:b__counted_byb" Subject: Re: [PATCH v4 2/7] crash_dump: make dm crypt keys persist for the kdump kernel Message-ID: References: <20240523050451.788754-1-coxu@redhat.com> <20240523050451.788754-3-coxu@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20240523050451.788754-3-coxu@redhat.com> X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.2 Hi Coiby, On 05/23/24 at 01:04pm, Coiby Xu wrote: > A sysfs /sys/kernel/crash_dm_crypt_keys is provided for user space to make > the dm crypt keys persist for the kdump kernel. User space can send the > following commands, > - "init KEY_NUM" > Initialize needed structures > - "record KEY_DESC" > Record a key description. The key must be a logon key. > > User space can also read this API to learn about current state. From the subject, can I think the luks keys will persist forever? or only for a while? If need and can only keep it for a while, can you mention it and tell why and how it will be used. Because you add a lot of codes, but only simply mention the sysfs, that doesn't make sense. > > Signed-off-by: Coiby Xu > --- > include/linux/crash_core.h | 5 +- > kernel/Kconfig.kexec | 8 +++ > kernel/Makefile | 1 + > kernel/crash_dump_dm_crypt.c | 113 +++++++++++++++++++++++++++++++++++ > kernel/ksysfs.c | 22 +++++++ > 5 files changed, 148 insertions(+), 1 deletion(-) > create mode 100644 kernel/crash_dump_dm_crypt.c > > diff --git a/include/linux/crash_core.h b/include/linux/crash_core.h > index 44305336314e..6bff1c24efa3 100644 > --- a/include/linux/crash_core.h > +++ b/include/linux/crash_core.h > @@ -34,7 +34,10 @@ static inline void arch_kexec_protect_crashkres(void) { } > static inline void arch_kexec_unprotect_crashkres(void) { } > #endif > > - > +#ifdef CONFIG_CRASH_DM_CRYPT > +int crash_sysfs_dm_crypt_keys_read(char *buf); > +int crash_sysfs_dm_crypt_keys_write(const char *buf, size_t count); > +#endif > > #ifndef arch_crash_handle_hotplug_event > static inline void arch_crash_handle_hotplug_event(struct kimage *image, void *arg) { } > diff --git a/kernel/Kconfig.kexec b/kernel/Kconfig.kexec > index 6c34e63c88ff..88525ad1c80a 100644 > --- a/kernel/Kconfig.kexec > +++ b/kernel/Kconfig.kexec > @@ -116,6 +116,14 @@ config CRASH_DUMP > For s390, this option also enables zfcpdump. > See also > > +config CRASH_DM_CRYPT > + bool "Support saving crash dump to dm-crypt encrypted volume" > + depends on CRASH_DUMP > + help > + With this option enabled, user space can intereact with > + /sys/kernel/crash_dm_crypt_keys to make the dm crypt keys > + persistent for the crash dump kernel. > + > config CRASH_HOTPLUG > bool "Update the crash elfcorehdr on system configuration changes" > default y > diff --git a/kernel/Makefile b/kernel/Makefile > index 3c13240dfc9f..f2e5b3e86d12 100644 > --- a/kernel/Makefile > +++ b/kernel/Makefile > @@ -72,6 +72,7 @@ obj-$(CONFIG_VMCORE_INFO) += vmcore_info.o elfcorehdr.o > obj-$(CONFIG_CRASH_RESERVE) += crash_reserve.o > obj-$(CONFIG_KEXEC_CORE) += kexec_core.o > obj-$(CONFIG_CRASH_DUMP) += crash_core.o > +obj-$(CONFIG_CRASH_DM_CRYPT) += crash_dump_dm_crypt.o > obj-$(CONFIG_KEXEC) += kexec.o > obj-$(CONFIG_KEXEC_FILE) += kexec_file.o > obj-$(CONFIG_KEXEC_ELF) += kexec_elf.o > diff --git a/kernel/crash_dump_dm_crypt.c b/kernel/crash_dump_dm_crypt.c > new file mode 100644 > index 000000000000..78809189084a > --- /dev/null > +++ b/kernel/crash_dump_dm_crypt.c > @@ -0,0 +1,113 @@ > +// SPDX-License-Identifier: GPL-2.0-only > +#include > +#include > + > +#define KEY_NUM_MAX 128 > +#define KEY_SIZE_MAX 256 > + > +// The key scription has the format: cryptsetup:UUID 11+36+1(NULL)=48 > +#define KEY_DESC_LEN 48 > + > +static char *STATE_STR[] = {"fresh", "initialized", "recorded", "loaded"}; > +static enum STATE_ENUM { > + FRESH = 0, > + INITIALIZED, > + RECORDED, > + LOADED, > +} state; > + > +static unsigned int key_count; > +static size_t keys_header_size; > + > +struct dm_crypt_key { > + unsigned int key_size; > + char key_desc[KEY_DESC_LEN]; > + u8 data[KEY_SIZE_MAX]; > +}; > + > +static struct keys_header { > + unsigned int key_count; > + struct dm_crypt_key keys[] __counted_by(key_count); > +} *keys_header; > + > +static size_t get_keys_header_size(struct keys_header *keys_header, > + size_t key_count) > +{ > + return struct_size(keys_header, keys, key_count); > +} > + > +static int init(const char *buf) ~~~~ A more interesting name with more description? > +{ > + unsigned int total_keys; > + char dummy[5]; > + > + if (sscanf(buf, "%4s %u", dummy, &total_keys) != 2) > + return -EINVAL; > + > + if (key_count > KEY_NUM_MAX) { > + pr_err("Exceed the maximum number of keys (KEY_NUM_MAX=%u)\n", > + KEY_NUM_MAX); > + return -EINVAL; > + } > + > + keys_header_size = get_keys_header_size(keys_header, total_keys); > + key_count = 0; > + > + keys_header = kzalloc(keys_header_size, GFP_KERNEL); > + if (!keys_header) > + return -ENOMEM; > + > + keys_header->key_count = total_keys; > + state = INITIALIZED; > + return 0; > +} > + > +static int record_key_desc(const char *buf, struct dm_crypt_key *dm_key) > +{ > + char key_desc[KEY_DESC_LEN]; > + char dummy[7]; > + > + if (state != INITIALIZED) > + pr_err("Please send the cmd 'init ' first\n"); > + > + if (sscanf(buf, "%6s %s", dummy, key_desc) != 2) > + return -EINVAL; > + > + if (key_count >= keys_header->key_count) { > + pr_warn("Already have %u keys", key_count); > + return -EINVAL; > + } > + > + strscpy(dm_key->key_desc, key_desc, KEY_DESC_LEN); > + pr_debug("Key%d (%s) recorded\n", key_count, dm_key->key_desc); > + key_count++; > + > + if (key_count == keys_header->key_count) > + state = RECORDED; > + > + return 0; > +} > + > +static int process_cmd(const char *buf, size_t count) ~~~~ If nobody use the count, why do you add it? > +{ > + if (strncmp(buf, "init ", 5) == 0) > + return init(buf); > + else if (strncmp(buf, "record ", 7) == 0) > + return record_key_desc(buf, &keys_header->keys[key_count]); > + > + return -EINVAL; > +} > + > +int crash_sysfs_dm_crypt_keys_write(const char *buf, size_t count) > +{ > + if (!is_kdump_kernel()) > + return process_cmd(buf, count); > + return -EINVAL; > +} > +EXPORT_SYMBOL(crash_sysfs_dm_crypt_keys_write); > + > +int crash_sysfs_dm_crypt_keys_read(char *buf) > +{ > + return sprintf(buf, "%s\n", STATE_STR[state]); > +} > +EXPORT_SYMBOL(crash_sysfs_dm_crypt_keys_read); > diff --git a/kernel/ksysfs.c b/kernel/ksysfs.c > index 07fb5987b42b..2ba4dcbf5816 100644 > --- a/kernel/ksysfs.c > +++ b/kernel/ksysfs.c > @@ -167,6 +167,25 @@ static ssize_t vmcoreinfo_show(struct kobject *kobj, > } > KERNEL_ATTR_RO(vmcoreinfo); > > +#ifdef CONFIG_CRASH_DM_CRYPT > +static ssize_t crash_dm_crypt_keys_show(struct kobject *kobj, > + struct kobj_attribute *attr, char *buf) > +{ > + return crash_sysfs_dm_crypt_keys_read(buf); > +} > + > +static ssize_t crash_dm_crypt_keys_store(struct kobject *kobj, > + struct kobj_attribute *attr, > + const char *buf, size_t count) > +{ > + int ret; > + > + ret = crash_sysfs_dm_crypt_keys_write(buf, count); > + return ret < 0 ? ret : count; > +} > +KERNEL_ATTR_RW(crash_dm_crypt_keys); > +#endif /* CONFIG_CRASH_DM_CRYPT */ > + > #ifdef CONFIG_CRASH_HOTPLUG > static ssize_t crash_elfcorehdr_size_show(struct kobject *kobj, > struct kobj_attribute *attr, char *buf) > @@ -271,6 +290,9 @@ static struct attribute * kernel_attrs[] = { > #endif > #ifdef CONFIG_VMCORE_INFO > &vmcoreinfo_attr.attr, > +#ifdef CONFIG_CRASH_DM_CRYPT > + &crash_dm_crypt_keys_attr.attr, > +#endif > #ifdef CONFIG_CRASH_HOTPLUG > &crash_elfcorehdr_size_attr.attr, > #endif > -- > 2.45.0 >