Received: by 2002:ab2:6309:0:b0:1fb:d597:ff75 with SMTP id s9csp1006283lqt; Fri, 7 Jun 2024 05:40:07 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCWmEfGDwbk4zNPoGVulFQMP6rEKNoCqCd4l4QTFAbLA/vR7HKgQq3oGXbKZvaAYBuhUnf9yXHTCCzPfm6D506zAS4tzNXCFvBwbXb0nZw== X-Google-Smtp-Source: AGHT+IGIWEcIxhCx6qjRaKTtOu3BB7GUPgrlosJjRuQCcCv048psfRWChu2OqbcOiesU3+7hYHlx X-Received: by 2002:a05:651c:b07:b0:2e9:61c7:cad3 with SMTP id 38308e7fff4ca-2eadce4d906mr26946281fa.25.1717764006961; Fri, 07 Jun 2024 05:40:06 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1717764006; cv=pass; d=google.com; s=arc-20160816; b=JCvfUMu/EDZIBmG2a84BXq1c8KSkc4UFSzA6+nzyAbjlSMTQdhZdILqIiaUp0jOHrZ pkp4zA3XNM0oxCiDgOVva8Z4zf5dEv0n6pRG2rgSkEok/IzCm0+ipSnth1TpNXqBQooA wdl83mAHiq2zrozhuYtkp8lddThVvjNFPIk7NBBrbRO4xmmBBwN3GWZJaEHO5DBcaVz1 lOvX8OlJXeDzMYzcPhboIE7jPOnRh3s/ZCb+En+JvmZ1eKj6jQNKF2jDfF/XY5duuJHL NJcP0dtIRs1J/5xpHMdCDN/6/BeaTAxdoSY+rhO/N20+3u3ED6DiAo2Y0VaL6CXoY4bI RxGQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature; bh=h/skENtQAWrkOdc+P7nTP93U1ahaXb/Psh6M3WjuH5Y=; fh=+uyxSpMqIT+nzNdSPxF7aRi/PC9DtlqTozGbmh/iXS8=; b=O5PtWbGxRuBOrJfD/8Lz7OMXcQndbfTxNWZNnrUYN6JbM7l+Qfm2g7iGOGG3UALRba Qjc8uQXncSfEKUxIccGz1Gl3sjneWT4/8Hc3t1f/CUYIsssOGhPQenyYcCTdgjdIY6IT mT3jYURlSKTCGG897b3XnoLTgwQ8Pxal8uy5dr6ML63V55jtFjG/1zWhdyB/12o5xlmd m7wav4C7gbDhnNumbO7fciW1M8t56wMcReoxa5NvNC6e0lLAzWNXGWbSxh6bfXfe86Sc jZh1RZWCV/RnOTdcaBSsdH7RzEpeMX117pr1Sp2QcDA0PrYIS0cSH1pA8Jk5cRfk9jTO W86w==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b="ZeTaM/+p"; arc=pass (i=1 spf=pass spfdomain=redhat.com dkim=pass dkdomain=redhat.com dmarc=pass fromdomain=redhat.com); spf=pass (google.com: domain of linux-kernel+bounces-206047-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-206047-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id a640c23a62f3a-a6c80728850si169494266b.813.2024.06.07.05.40.06 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 07 Jun 2024 05:40:06 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-206047-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b="ZeTaM/+p"; arc=pass (i=1 spf=pass spfdomain=redhat.com dkim=pass dkdomain=redhat.com dmarc=pass fromdomain=redhat.com); spf=pass (google.com: domain of linux-kernel+bounces-206047-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-206047-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 342601F29331 for ; Fri, 7 Jun 2024 12:31:29 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id B75771990A7; Fri, 7 Jun 2024 12:28:49 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="ZeTaM/+p" Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 73F09194AD0 for ; Fri, 7 Jun 2024 12:28:47 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717763328; cv=none; b=tMQ0HK17m1hzZ8N8CD0gsULEHzbpD5Dk+BV/KK5Gqz+rAYRmxYogVTqgmGxeAaEgjZtX+rKZP1vEar6S2nJEh/Xm83yR3vjOW7OozBUS6J6szoOnO+oYaWsoNl3lqF3V245trfo9UGCf3Z+0p9VighGsd9HQSjGR5EVFxsJnWYM= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717763328; c=relaxed/simple; bh=tz/dZ/FNS3ZMp61Ty1Xvh1MauF+y/w7LiHMq4c0Bjls=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=HRWCVXJbcKLRjcp8asbh7vDZXohd5tRk/Z+0jp7ffuz95d3H8XeJjK99+9b+8kp3z8MKZAFrPX9ttCbV8fRoQQYTdWJLUMKecUCBz/h3oZdi7piBJbKoRO75W+yiHm5lT8EU2NQxzJ4jqCfLWxGROhCAPLUE1ugITc8EPHxArZE= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=ZeTaM/+p; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1717763326; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=h/skENtQAWrkOdc+P7nTP93U1ahaXb/Psh6M3WjuH5Y=; b=ZeTaM/+pCyniCH8blduTiC5WjM75I0+i9VdH/TgvPHa34XcM3UR4GLhEW7baVJv7YRZTDY 6ykt8V1vaNMT1AWfJPEOBQ6CmCquLBxEyJSP/qRzq3a/8WU9fiv1GfIc8+/BbfOQsiubad iwBFa05gGWrVL7p2D01JDHMubfXwn2U= Received: from mail-pl1-f197.google.com (mail-pl1-f197.google.com [209.85.214.197]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-588-gA6DTvA-MImno4EOBzkxSg-1; Fri, 07 Jun 2024 08:28:44 -0400 X-MC-Unique: gA6DTvA-MImno4EOBzkxSg-1 Received: by mail-pl1-f197.google.com with SMTP id d9443c01a7336-1f65539265dso20609815ad.2 for ; Fri, 07 Jun 2024 05:28:44 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717763324; x=1718368124; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=h/skENtQAWrkOdc+P7nTP93U1ahaXb/Psh6M3WjuH5Y=; b=qUw/04Zgq6Fy32DntfWW/FYG2iMNbtnEOJ1+AYo/7b8M9GefOmddXGPMSH03FxnQe0 pOe362Pe0bUi3Jgu8nx/ks+wgpwq4UHpEM/sNKi4NOLdjOQVEAT+xhe72KEJstVmFa4P qhD+IXTwUgYVXmjGzf+vJiwmqIPl0sP7UpQcwtIvNkaRT3NIpFN2qsti9qkolI1JxXFq zwQklr6iGIWK72YO7i3tUTS35dsyB+ytgg5/lWeOZ1XaHVLvpe0VvVK14dxhZ3M2PaY+ x5qBUrQCQweZFbWo3rXPGbXWoPd6rovdTMkAMvJ52i0iy0vF2Ril5fmwxgNQg5PG4ZwI wjiA== X-Forwarded-Encrypted: i=1; AJvYcCXWPgsmP6BlJh3ia78PHLGwe/ofTnfcnb2mez0KbtnTa9yniB+i17T2jraUs87PXCgn7oOBYausGxHra0QpvCk+bnYJV6fLqA0w+X90 X-Gm-Message-State: AOJu0YwGb81QyYObnBZA8FobF7r0wtbhSRvGp6LEPQykmSW9idnF3Dl9 j32MGA9aVJCPGozTJtXtLI3NiBp9Ub0yF2yY5MWyZSuZ05efhdDUN1pV/wBgN0Rr+XowkCyPoeK E5K6tcD1NFD4UmgAOnPAmwqNJurMWogAhn77QvBKAU0atPKPFSncxhySDpoNSZg== X-Received: by 2002:a17:902:f548:b0:1f2:f986:595d with SMTP id d9443c01a7336-1f6d0398b8bmr31905615ad.66.1717763323526; Fri, 07 Jun 2024 05:28:43 -0700 (PDT) X-Received: by 2002:a17:902:f548:b0:1f2:f986:595d with SMTP id d9443c01a7336-1f6d0398b8bmr31905045ad.66.1717763322707; Fri, 07 Jun 2024 05:28:42 -0700 (PDT) Received: from localhost ([43.228.180.230]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-1f6bd778259sm33012775ad.117.2024.06.07.05.28.41 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 07 Jun 2024 05:28:42 -0700 (PDT) Date: Fri, 7 Jun 2024 20:27:42 +0800 From: Coiby Xu To: Baoquan He Cc: kexec@lists.infradead.org, Ondrej Kozina , Milan Broz , Thomas Staudt , Daniel P =?utf-8?B?LiBCZXJyYW5nw6k=?= , Kairui Song , Jan Pazdziora , Pingfan Liu , Dave Young , linux-kernel@vger.kernel.org, x86@kernel.org, Dave Hansen , Vitaly Kuznetsov , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "H. Peter Anvin" Subject: Re: [PATCH v4 7/7] x86/crash: make the page that stores the dm crypt keys inaccessible Message-ID: References: <20240523050451.788754-1-coxu@redhat.com> <20240523050451.788754-8-coxu@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline In-Reply-To: On Fri, Jun 07, 2024 at 06:00:44PM +0800, Baoquan He wrote: >On 05/23/24 at 01:04pm, Coiby Xu wrote: >> This adds an addition layer of protection for the saved copy of dm >> crypt key. Trying to access the saved copy will cause page fault. >> >> Suggested-by: Pingfan Liu >> Signed-off-by: Coiby Xu >> --- >> arch/x86/kernel/machine_kexec_64.c | 21 +++++++++++++++++++++ >> 1 file changed, 21 insertions(+) >> >> diff --git a/arch/x86/kernel/machine_kexec_64.c b/arch/x86/kernel/machine_kexec_64.c >> index b180d8e497c3..fc0a80f4254e 100644 >> --- a/arch/x86/kernel/machine_kexec_64.c >> +++ b/arch/x86/kernel/machine_kexec_64.c >> @@ -545,13 +545,34 @@ static void kexec_mark_crashkres(bool protect) >> kexec_mark_range(control, crashk_res.end, protect); >> } >> >> +static void kexec_mark_dm_crypt_keys(bool protect) >> +{ >> + unsigned long start_paddr, end_paddr; >> + unsigned int nr_pages; >> + >> + if (kexec_crash_image->dm_crypt_keys_addr) { >> + start_paddr = kexec_crash_image->dm_crypt_keys_addr; >> + end_paddr = start_paddr + kexec_crash_image->dm_crypt_keys_sz - 1; >> + nr_pages = (PAGE_ALIGN(end_paddr) - PAGE_ALIGN_DOWN(start_paddr))/PAGE_SIZE; >> + if (protect) >> + set_memory_np((unsigned long)phys_to_virt(start_paddr), nr_pages); >> + else >> + __set_memory_prot( >> + (unsigned long)phys_to_virt(start_paddr), >> + nr_pages, >> + __pgprot(_PAGE_PRESENT | _PAGE_NX | _PAGE_RW)); >> + } >> +} >> + >> void arch_kexec_protect_crashkres(void) >> { >> kexec_mark_crashkres(true); >> + kexec_mark_dm_crypt_keys(true); > >Isn't crashkernel region covering crypt keys' storing region? Do we need >mark it again specifically? Not sure if I miss anything. kexec_mark_crashkres only makes the page read-only whereas kexec_mark_dm_crypt_keys makes the memory inaccessible. I've added a comment for this function in v5 and hopefully no one will be confused by it. -- Best regards, Coiby