From: Sourabh Jain <sourabhjain@linux.ibm.com>
To: Coiby Xu <coiby.xu@gmail.com>, kexec@lists.infradead.org
Cc: Andrew Morton <akpm@linux-foundation.org>,
Baoquan He <baoquan.he@linux.dev>,
Dave Young <ruirui.yang@linux.dev>,
Mike Rapoport <rppt@kernel.org>,
Pasha Tatashin <pasha.tatashin@soleen.com>,
Pratyush Yadav <pratyush@kernel.org>, Coiby Xu <coxu@redhat.com>,
open list <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH v2 4/9] crash_dump: Read the number of dm-crypt keys from reserved memory
Date: Wed, 6 May 2026 19:48:00 +0530 [thread overview]
Message-ID: <0e2328f1-a057-45d5-8889-c5c333826b45@linux.ibm.com> (raw)
In-Reply-To: <20260501234342.2518281-5-coiby.xu@gmail.com>
On 02/05/26 05:13, Coiby Xu wrote:
> In case user adds/deletes the keys by mistake, it's safer to read the
> number of keys from reserved memory.
>
> Fixes: 9ebfa8dcaea7 ("crash_dump: reuse saved dm crypt keys for CPU/memory hot-plugging")
> Reported-and-Suggested-by: Sourabh Jain <sourabhjain@linux.ibm.com>
> Signed-off-by: Coiby Xu <coiby.xu@gmail.com>
> ---
> kernel/crash_dump_dm_crypt.c | 36 +++++++++++++++++++++++-------------
> 1 file changed, 23 insertions(+), 13 deletions(-)
>
> diff --git a/kernel/crash_dump_dm_crypt.c b/kernel/crash_dump_dm_crypt.c
> index 6377ee86ec50..a3e460714d23 100644
> --- a/kernel/crash_dump_dm_crypt.c
> +++ b/kernel/crash_dump_dm_crypt.c
> @@ -88,21 +88,31 @@ static int get_keys_from_kdump_reserved_memory(void)
> {
> struct keys_header *keys_header_loaded;
> size_t keys_header_size;
> -
> - keys_header_size = get_keys_header_size(key_count);
> - keys_header = kzalloc(keys_header_size, GFP_KERNEL);
> - if (!keys_header)
> - return -ENOMEM;
> + int r = 0;
>
> arch_kexec_unprotect_crashkres();
> keys_header_loaded = kmap_local_page(pfn_to_page(
> kexec_crash_image->dm_crypt_keys_addr >> PAGE_SHIFT));
>
> + if (keys_header_loaded->total_keys <= 0 ||
> + keys_header_loaded->total_keys > KEY_NUM_MAX) {
> + pr_warn("keys_header saved to reserved memory may be corrupt\n");
> + r = -EINVAL;
> + goto kunmap;
> + }
Yes it is good to do a sanity check before using it.
- Sourabh Jain
> +
> + keys_header_size = get_keys_header_size(keys_header_loaded->total_keys);
> + keys_header = kzalloc(keys_header_size, GFP_KERNEL);
> + if (!keys_header) {
> + r = -ENOMEM;
> + goto kunmap;
> + }
> +
> memcpy(keys_header, keys_header_loaded, keys_header_size);
> +kunmap:
> kunmap_local(keys_header_loaded);
> arch_kexec_protect_crashkres();
> -
> - return 0;
> + return r;
> }
>
> static int restore_dm_crypt_keys_to_thread_keyring(void)
> @@ -431,12 +441,12 @@ int crash_load_dm_crypt_keys(struct kimage *image)
>
> mutex_lock(&config_keys_subsys.su_mutex);
>
> - if (key_count <= 0) {
> - kexec_dprintk("No dm-crypt keys\n");
> - return 0;
> - }
> -
> if (!is_dm_key_reused) {
> + if (key_count <= 0) {
> + kexec_dprintk("No dm-crypt keys\n");
> + return 0;
> + }
> +
> r = build_keys_header();
> if (r)
> goto out;
> @@ -447,7 +457,7 @@ int crash_load_dm_crypt_keys(struct kimage *image)
> * cleaned up at the end of kexec_file_load syscall
> */
> kbuf.buffer = keys_header;
> - kbuf.bufsz = get_keys_header_size(key_count);
> + kbuf.bufsz = get_keys_header_size(keys_header->total_keys);
>
> kbuf.memsz = kbuf.bufsz;
> kbuf.buf_align = ELF_CORE_HEADER_ALIGN;
next prev parent reply other threads:[~2026-05-06 14:18 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20260501234342.2518281-1-coiby.xu@gmail.com>
2026-05-01 23:43 ` [PATCH v2 1/9] crash_dump: Release reference to a keyring at correct time Coiby Xu
2026-05-01 23:43 ` [PATCH v2 2/9] crash_dump: Fix potential double free and UAF of keys_header Coiby Xu
2026-05-06 12:28 ` Sourabh Jain
2026-05-01 23:43 ` [PATCH v2 3/9] crash_dump: Disallow writing to dm-crypt configfs during kexec_file_load syscall Coiby Xu
2026-05-06 13:56 ` Sourabh Jain
2026-05-01 23:43 ` [PATCH v2 4/9] crash_dump: Read the number of dm-crypt keys from reserved memory Coiby Xu
2026-05-06 14:18 ` Sourabh Jain [this message]
2026-05-01 23:43 ` [PATCH v2 5/9] crash_dump: Free temporary dm-crypt keys_header buffer in kdump kernel Coiby Xu
2026-05-01 23:43 ` [PATCH v2 6/9] crash_dump: Only use kexec_dprintk during the kexec_file_load syscall Coiby Xu
2026-05-01 23:43 ` [PATCH v2 7/9] crash_dump: Improve readability of config_keys_restore_store Coiby Xu
2026-05-06 14:33 ` Sourabh Jain
2026-05-01 23:43 ` [PATCH v2 8/9] crash_dump: Disallow configfs/crash_dm_crypt_key/reuse if CONFIG_CRASH_HOTPLUG enabled Coiby Xu
2026-05-06 16:09 ` Sourabh Jain
2026-05-01 23:43 ` [PATCH v2 9/9] Documentation: kdump: Add arm64 and ppc64le to encrypted dump target support list Coiby Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0e2328f1-a057-45d5-8889-c5c333826b45@linux.ibm.com \
--to=sourabhjain@linux.ibm.com \
--cc=akpm@linux-foundation.org \
--cc=baoquan.he@linux.dev \
--cc=coiby.xu@gmail.com \
--cc=coxu@redhat.com \
--cc=kexec@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pasha.tatashin@soleen.com \
--cc=pratyush@kernel.org \
--cc=rppt@kernel.org \
--cc=ruirui.yang@linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox