From: Baoquan He <bhe@redhat.com>
To: Coiby Xu <coxu@redhat.com>
Cc: kexec@lists.infradead.org, "Ondrej Kozina" <okozina@redhat.com>,
"Milan Broz" <gmazyland@gmail.com>,
"Thomas Staudt" <tstaudt@de.ibm.com>,
"Daniel P . Berrangé" <berrange@redhat.com>,
"Kairui Song" <ryncsn@gmail.com>,
"Jan Pazdziora" <jpazdziora@redhat.com>,
"Pingfan Liu" <kernelfans@gmail.com>,
"Dave Young" <dyoung@redhat.com>,
linux-kernel@vger.kernel.org, x86@kernel.org,
"Dave Hansen" <dave.hansen@intel.com>,
"Vitaly Kuznetsov" <vkuznets@redhat.com>,
"Greg KH" <gregkh@linuxfoundation.org>,
"Vivek Goyal" <vgoyal@redhat.com>
Subject: Re: [PATCH v6 4/7] crash_dump: reuse saved dm crypt keys for CPU/memory hot-plugging
Date: Wed, 11 Dec 2024 21:08:43 +0800 [thread overview]
Message-ID: <Z1mO2wp6zlPCV6JJ@MiWiFi-R3L-srv> (raw)
In-Reply-To: <20241029055223.210039-5-coxu@redhat.com>
On 10/29/24 at 01:52pm, Coiby Xu wrote:
> When there are CPU and memory hot un/plugs, the dm crypt keys may need
> to be reloaded again depending on the solution for crash hotplug
> support. Currently, there are two solutions. One is to utilizes udev to
> instruct user space to reload the kdump kernel image and initrd,
> elfcorehdr and etc again. The other is to only update the elfcorehdr
> segment introduced in commit 247262756121 ("crash:
> add generic infrastructure for crash hotplug support").
>
> For the 1st solution, the dm crypt keys need to be reloaded again. The
> user space can write true to
> /sys/kernel/config/crash_dm_crypt_key/reuse so the stored keys can be
> re-used.
>
> For the 2nd solution, the dm crypt keys don't need to be reloaded.
> Currently, only x86 supports the 2nd solution. If the 2nd solution
> gets extended to all arches, this patch can be dropped.
>
> Signed-off-by: Coiby Xu <coxu@redhat.com>
> ---
> kernel/crash_dump_dm_crypt.c | 52 +++++++++++++++++++++++++++++++++---
> 1 file changed, 48 insertions(+), 4 deletions(-)
>
> diff --git a/kernel/crash_dump_dm_crypt.c b/kernel/crash_dump_dm_crypt.c
> index ec2ec2967242..51431f93fc1e 100644
> --- a/kernel/crash_dump_dm_crypt.c
> +++ b/kernel/crash_dump_dm_crypt.c
> @@ -28,6 +28,20 @@ static size_t get_keys_header_size(size_t total_keys)
> return struct_size(keys_header, keys, total_keys);
> }
>
> +static void get_keys_from_kdump_reserved_memory(void)
> +{
> + struct keys_header *keys_header_loaded;
> +
> + arch_kexec_unprotect_crashkres();
> +
> + keys_header_loaded = kmap_local_page(pfn_to_page(
> + kexec_crash_image->dm_crypt_keys_addr >> PAGE_SHIFT));
> +
> + memcpy(keys_header, keys_header_loaded, get_keys_header_size(key_count));
> + kunmap_local(keys_header_loaded);
> + arch_kexec_protect_crashkres();
> +}
> +
> static int read_key_from_user_keying(struct dm_crypt_key *dm_key)
> {
> const struct user_key_payload *ukp;
> @@ -150,8 +164,36 @@ static ssize_t config_keys_count_show(struct config_item *item, char *page)
>
> CONFIGFS_ATTR_RO(config_keys_, count);
>
> +static bool reuse;
Give it a meaningful name since it's a global variable, e.g
is_dm_key_reused?
> +
> +static ssize_t config_keys_reuse_show(struct config_item *item, char *page)
> +{
> + return sprintf(page, "%d\n", reuse);
> +}
> +
> +static ssize_t config_keys_reuse_store(struct config_item *item,
> + const char *page, size_t count)
> +{
> + if (!kexec_crash_image || !kexec_crash_image->dm_crypt_keys_addr) {
> + kexec_dprintk(
> + "dm-crypt keys haven't be saved to crash-reserved memory\n");
> + return -EINVAL;
> + }
> +
> + if (kstrtobool(page, &reuse))
> + return -EINVAL;
> +
> + if (reuse)
> + get_keys_from_kdump_reserved_memory();
> +
> + return count;
> +}
> +
> +CONFIGFS_ATTR(config_keys_, reuse);
> +
> static struct configfs_attribute *config_keys_attrs[] = {
> &config_keys_attr_count,
> + &config_keys_attr_reuse,
> NULL,
> };
>
next prev parent reply other threads:[~2024-12-11 13:09 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-29 5:52 [PATCH v6 0/7] Support kdump with LUKS encryption by reusing LUKS volume keys Coiby Xu
2024-10-29 5:52 ` Coiby Xu
2024-10-29 5:52 ` [PATCH v6 1/7] kexec_file: allow to place kexec_buf randomly Coiby Xu
2024-10-29 5:52 ` Coiby Xu
2024-11-29 1:38 ` Baoquan He
2024-12-02 10:04 ` Coiby Xu
2024-10-29 5:52 ` [PATCH v6 2/7] crash_dump: make dm crypt keys persist for the kdump kernel Coiby Xu
2024-10-29 5:52 ` Coiby Xu
2024-10-29 5:52 ` [PATCH v6 3/7] crash_dump: store dm crypt keys in kdump reserved memory Coiby Xu
2024-10-29 5:52 ` Coiby Xu
2024-10-29 14:41 ` kernel test robot
2024-10-29 14:41 ` kernel test robot
2024-11-01 7:16 ` Coiby Xu
2024-11-01 7:16 ` Coiby Xu
2024-12-11 12:58 ` Baoquan He
2024-12-23 1:05 ` Coiby Xu
2024-10-29 5:52 ` [PATCH v6 4/7] crash_dump: reuse saved dm crypt keys for CPU/memory hot-plugging Coiby Xu
2024-10-29 5:52 ` Coiby Xu
2024-12-11 13:08 ` Baoquan He [this message]
2024-12-23 0:41 ` Coiby Xu
2024-10-29 5:52 ` [PATCH v6 5/7] crash_dump: retrieve dm crypt keys in kdump kernel Coiby Xu
2024-10-29 5:52 ` Coiby Xu
2024-10-29 5:52 ` [PATCH v6 6/7] x86/crash: pass dm crypt keys to " Coiby Xu
2024-10-29 5:52 ` Coiby Xu
2024-12-11 12:55 ` Baoquan He
2024-12-23 1:16 ` Coiby Xu
2024-12-26 3:48 ` Baoquan He
2025-01-03 2:24 ` Coiby Xu
2024-10-29 5:52 ` [PATCH v6 7/7] x86/crash: make the page that stores the dm crypt keys inaccessible Coiby Xu
2024-10-29 5:52 ` Coiby Xu
2024-11-04 6:17 ` [PATCH v6 0/7] Support kdump with LUKS encryption by reusing LUKS volume keys Baoquan He
2024-11-04 6:17 ` Baoquan He
2024-12-03 17:53 ` David Woodhouse
2024-12-11 1:33 ` Baoquan He
2024-12-14 2:24 ` Baoquan He
2024-12-23 1:19 ` Coiby Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Z1mO2wp6zlPCV6JJ@MiWiFi-R3L-srv \
--to=bhe@redhat.com \
--cc=berrange@redhat.com \
--cc=coxu@redhat.com \
--cc=dave.hansen@intel.com \
--cc=dyoung@redhat.com \
--cc=gmazyland@gmail.com \
--cc=gregkh@linuxfoundation.org \
--cc=jpazdziora@redhat.com \
--cc=kernelfans@gmail.com \
--cc=kexec@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=okozina@redhat.com \
--cc=ryncsn@gmail.com \
--cc=tstaudt@de.ibm.com \
--cc=vgoyal@redhat.com \
--cc=vkuznets@redhat.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.