From: Coiby Xu <coxu@redhat.com>
To: kexec@lists.infradead.org, linux-arm-kernel@lists.infradead.org,
linuxppc-dev@lists.ozlabs.org, devicetree@vger.kernel.org
Cc: Arnaud Lefebvre <arnaud.lefebvre@clever-cloud.com>,
Baoquan he <bhe@redhat.com>, Dave Young <dyoung@redhat.com>,
Kairui Song <ryncsn@gmail.com>,
Pingfan Liu <kernelfans@gmail.com>,
Andrew Morton <akpm@linux-foundation.org>,
Krzysztof Kozlowski <krzk@kernel.org>,
Rob Herring <robh@kernel.org>, Thomas Staudt <tstaudt@de.ibm.com>,
Sourabh Jain <sourabhjain@linux.ibm.com>,
Will Deacon <will@kernel.org>,
Catalin Marinas <catalin.marinas@arm.com>,
Madhavan Srinivasan <maddy@linux.ibm.com>,
Michael Ellerman <mpe@ellerman.id.au>,
Nicholas Piggin <npiggin@gmail.com>,
"Christophe Leroy (CS GROUP)" <chleroy@kernel.org>,
Saravana Kannan <saravanak@kernel.org>,
linux-kernel@vger.kernel.org (open list)
Subject: [PATCH v4 2/2] arm64,ppc64le/kdump: pass dm-crypt keys to kdump kernel
Date: Wed, 11 Feb 2026 16:24:00 +0800 [thread overview]
Message-ID: <20260211082401.2407853-3-coxu@redhat.com> (raw)
In-Reply-To: <20260211082401.2407853-1-coxu@redhat.com>
CONFIG_CRASH_DM_CRYPT has been introduced to support LUKS-encrypted
device dump target by addressing two challenges [1],
- Kdump kernel may not be able to decrypt the LUKS partition. For some
machines, a system administrator may not have a chance to enter the
password to decrypt the device in kdump initramfs after the 1st kernel
crashes
- LUKS2 by default use the memory-hard Argon2 key derivation function
which is quite memory-consuming compared to the limited memory reserved
for kdump.
To also enable this feature for ARM64 and PowerPC, we only need to add
a device tree property dmcryptkeys [2] as similar to elfcorehdr to pass
the memory address of the stored info of dm-crypt keys to the kdump
kernel. Since this property is only needed by the kdump kernel, it won't
be exposed to user space.
[1] https://lore.kernel.org/all/20250502011246.99238-1-coxu@redhat.com/
[2] https://github.com/devicetree-org/dt-schema/pull/181
Cc: Arnaud Lefebvre <arnaud.lefebvre@clever-cloud.com>
Cc: Baoquan he <bhe@redhat.com>
Cc: Dave Young <dyoung@redhat.com>
Cc: Kairui Song <ryncsn@gmail.com>
Cc: Pingfan Liu <kernelfans@gmail.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Krzysztof Kozlowski <krzk@kernel.org>
Cc: Rob Herring <robh@kernel.org>
Cc: Thomas Staudt <tstaudt@de.ibm.com>
Cc: Sourabh Jain <sourabhjain@linux.ibm.com>
Cc: Will Deacon <will@kernel.org>
Signed-off-by: Coiby Xu <coxu@redhat.com>
---
arch/arm64/kernel/machine_kexec_file.c | 4 ++++
arch/powerpc/kexec/elf_64.c | 4 ++++
drivers/of/fdt.c | 21 +++++++++++++++++++++
drivers/of/kexec.c | 19 +++++++++++++++++++
4 files changed, 48 insertions(+)
diff --git a/arch/arm64/kernel/machine_kexec_file.c b/arch/arm64/kernel/machine_kexec_file.c
index 410060ebd86d..b6798bb2bb82 100644
--- a/arch/arm64/kernel/machine_kexec_file.c
+++ b/arch/arm64/kernel/machine_kexec_file.c
@@ -134,6 +134,10 @@ int load_other_segments(struct kimage *image,
kexec_dprintk("Loaded elf core header at 0x%lx bufsz=0x%lx memsz=0x%lx\n",
image->elf_load_addr, kbuf.bufsz, kbuf.memsz);
+
+ ret = crash_load_dm_crypt_keys(image);
+ if (ret)
+ goto out_err;
}
#endif
diff --git a/arch/powerpc/kexec/elf_64.c b/arch/powerpc/kexec/elf_64.c
index 5d6d616404cf..ea50a072debf 100644
--- a/arch/powerpc/kexec/elf_64.c
+++ b/arch/powerpc/kexec/elf_64.c
@@ -79,6 +79,10 @@ static void *elf64_load(struct kimage *image, char *kernel_buf,
goto out;
}
+ ret = crash_load_dm_crypt_keys(image);
+ if (ret)
+ goto out;
+
/* Setup cmdline for kdump kernel case */
modified_cmdline = setup_kdump_cmdline(image, cmdline,
cmdline_len);
diff --git a/drivers/of/fdt.c b/drivers/of/fdt.c
index 331646d667b9..2967e4aff807 100644
--- a/drivers/of/fdt.c
+++ b/drivers/of/fdt.c
@@ -866,6 +866,26 @@ static void __init early_init_dt_check_for_elfcorehdr(unsigned long node)
elfcorehdr_addr, elfcorehdr_size);
}
+static void __init early_init_dt_check_for_dmcryptkeys(unsigned long node)
+{
+ const char *prop_name = "linux,dmcryptkeys";
+ const __be32 *prop;
+
+ if (!IS_ENABLED(CONFIG_CRASH_DM_CRYPT))
+ return;
+
+ pr_debug("Looking for dmcryptkeys property... ");
+
+ prop = of_get_flat_dt_prop(node, prop_name, NULL);
+ if (!prop)
+ return;
+
+ dm_crypt_keys_addr = dt_mem_next_cell(dt_root_addr_cells, &prop);
+
+ /* Property only accessible to crash dump kernel */
+ fdt_delprop(initial_boot_params, node, prop_name);
+}
+
static unsigned long chosen_node_offset = -FDT_ERR_NOTFOUND;
/*
@@ -1097,6 +1117,7 @@ int __init early_init_dt_scan_chosen(char *cmdline)
early_init_dt_check_for_initrd(node);
early_init_dt_check_for_elfcorehdr(node);
+ early_init_dt_check_for_dmcryptkeys(node);
rng_seed = of_get_flat_dt_prop(node, "rng-seed", &l);
if (rng_seed && l > 0) {
diff --git a/drivers/of/kexec.c b/drivers/of/kexec.c
index 1ee2d31816ae..4bfb1ea5744e 100644
--- a/drivers/of/kexec.c
+++ b/drivers/of/kexec.c
@@ -432,6 +432,25 @@ void *of_kexec_alloc_and_setup_fdt(const struct kimage *image,
if (ret)
goto out;
+ if (image->dm_crypt_keys_addr != 0) {
+ ret = fdt_appendprop_addrrange(fdt, 0, chosen_node,
+ "linux,dmcryptkeys",
+ image->dm_crypt_keys_addr,
+ image->dm_crypt_keys_sz);
+
+ if (ret)
+ goto out;
+
+ /*
+ * Avoid dmcryptkeys from being stomped on in kdump kernel by
+ * setting up memory reserve map.
+ */
+ ret = fdt_add_mem_rsv(fdt, image->dm_crypt_keys_addr,
+ image->dm_crypt_keys_sz);
+ if (ret)
+ goto out;
+ }
+
#ifdef CONFIG_CRASH_DUMP
/* add linux,usable-memory-range */
ret = fdt_appendprop_addrrange(fdt, 0, chosen_node,
--
2.53.0
next prev parent reply other threads:[~2026-02-11 8:24 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-11 8:23 [PATCH v4 0/2] kdump: Enable LUKS-encrypted dump target support in ARM64 and PowerPC Coiby Xu
2026-02-11 8:23 ` [PATCH v4 1/2] crash_dump/dm-crypt: Don't print in arch-specific code Coiby Xu
2026-02-11 8:24 ` Coiby Xu [this message]
2026-02-11 9:55 ` [PATCH v4 2/2] arm64,ppc64le/kdump: pass dm-crypt keys to kdump kernel Christophe Leroy (CS GROUP)
2026-02-12 2:01 ` Coiby Xu
2026-02-11 22:35 ` kernel test robot
2026-02-12 2:22 ` Coiby Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260211082401.2407853-3-coxu@redhat.com \
--to=coxu@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=arnaud.lefebvre@clever-cloud.com \
--cc=bhe@redhat.com \
--cc=catalin.marinas@arm.com \
--cc=chleroy@kernel.org \
--cc=devicetree@vger.kernel.org \
--cc=dyoung@redhat.com \
--cc=kernelfans@gmail.com \
--cc=kexec@lists.infradead.org \
--cc=krzk@kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=maddy@linux.ibm.com \
--cc=mpe@ellerman.id.au \
--cc=npiggin@gmail.com \
--cc=robh@kernel.org \
--cc=ryncsn@gmail.com \
--cc=saravanak@kernel.org \
--cc=sourabhjain@linux.ibm.com \
--cc=tstaudt@de.ibm.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox