Re: [PATCH v6 4/7] crash_dump: reuse saved dm crypt keys for CPU/memory hot-plugging

[Baoquan He <bhe@redhat.com>]

On 10/29/24 at 01:52pm, Coiby Xu wrote:
> When there are CPU and memory hot un/plugs, the dm crypt keys may need
> to be reloaded again depending on the solution for crash hotplug
> support. Currently, there are two solutions. One is to utilizes udev to
> instruct user space to reload the kdump kernel image and initrd,
> elfcorehdr and etc again. The other is to only update the elfcorehdr
> segment introduced in commit 247262756121 ("crash:
> add generic infrastructure for crash hotplug support").
> 
> For the 1st solution, the dm crypt keys need to be reloaded again. The
> user space can write true to
> /sys/kernel/config/crash_dm_crypt_key/reuse so the stored keys can be
> re-used.
> 
> For the 2nd solution, the dm crypt keys don't need to be reloaded.
> Currently, only x86 supports the 2nd solution. If the 2nd solution
> gets extended to all arches, this patch can be dropped.
> 
> Signed-off-by: Coiby Xu <coxu@redhat.com>
> ---
>  kernel/crash_dump_dm_crypt.c | 52 +++++++++++++++++++++++++++++++++---
>  1 file changed, 48 insertions(+), 4 deletions(-)
> 
> diff --git a/kernel/crash_dump_dm_crypt.c b/kernel/crash_dump_dm_crypt.c
> index ec2ec2967242..51431f93fc1e 100644
> --- a/kernel/crash_dump_dm_crypt.c
> +++ b/kernel/crash_dump_dm_crypt.c
> @@ -28,6 +28,20 @@ static size_t get_keys_header_size(size_t total_keys)
>  	return struct_size(keys_header, keys, total_keys);
>  }
>  
> +static void get_keys_from_kdump_reserved_memory(void)
> +{
> +	struct keys_header *keys_header_loaded;
> +
> +	arch_kexec_unprotect_crashkres();
> +
> +	keys_header_loaded = kmap_local_page(pfn_to_page(
> +		kexec_crash_image->dm_crypt_keys_addr >> PAGE_SHIFT));
> +
> +	memcpy(keys_header, keys_header_loaded, get_keys_header_size(key_count));
> +	kunmap_local(keys_header_loaded);
> +	arch_kexec_protect_crashkres();
> +}
> +
>  static int read_key_from_user_keying(struct dm_crypt_key *dm_key)
>  {
>  	const struct user_key_payload *ukp;
> @@ -150,8 +164,36 @@ static ssize_t config_keys_count_show(struct config_item *item, char *page)
>  
>  CONFIGFS_ATTR_RO(config_keys_, count);
>  
> +static bool reuse;

Give it a meaningful name since it's a global variable, e.g
is_dm_key_reused?

> +
> +static ssize_t config_keys_reuse_show(struct config_item *item, char *page)
> +{
> +	return sprintf(page, "%d\n", reuse);
> +}
> +
> +static ssize_t config_keys_reuse_store(struct config_item *item,
> +					   const char *page, size_t count)
> +{
> +	if (!kexec_crash_image || !kexec_crash_image->dm_crypt_keys_addr) {
> +		kexec_dprintk(
> +			"dm-crypt keys haven't be saved to crash-reserved memory\n");
> +		return -EINVAL;
> +	}
> +
> +	if (kstrtobool(page, &reuse))
> +		return -EINVAL;
> +
> +	if (reuse)
> +		get_keys_from_kdump_reserved_memory();
> +
> +	return count;
> +}
> +
> +CONFIGFS_ATTR(config_keys_, reuse);
> +
>  static struct configfs_attribute *config_keys_attrs[] = {
>  	&config_keys_attr_count,
> +	&config_keys_attr_reuse,
>  	NULL,
>  };
>