From: Coiby Xu <coxu@redhat.com>
To: kexec@lists.infradead.org
Cc: Milan Broz <gmazyland@gmail.com>,
Thomas Staudt <tstaudt@de.ibm.com>,
Kairui Song <ryncsn@gmail.com>,
dm-devel@redhat.com, Mike Snitzer <snitzer@redhat.com>,
Baoquan He <bhe@redhat.com>, Dave Young <dyoung@redhat.com>,
linux-kernel@vger.kernel.org, Alasdair Kergon <agk@redhat.com>
Subject: [RFC 4/4] dm-crypt: reuse LUKS master key in kdump kernel
Date: Fri, 18 Mar 2022 18:34:23 +0800 [thread overview]
Message-ID: <20220318103423.286410-5-coxu@redhat.com> (raw)
In-Reply-To: <20220318103423.286410-1-coxu@redhat.com>
When libcryptsetup passes key string starting with ":kdump", dm-crypt
will interpret it as reusing the LUKS master key in kdump kernel.
Signed-off-by: Coiby Xu <coxu@redhat.com>
---
drivers/md/dm-crypt.c | 21 ++++++++++++++++-----
1 file changed, 16 insertions(+), 5 deletions(-)
diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c
index 41f9ca377312..f3986036ec40 100644
--- a/drivers/md/dm-crypt.c
+++ b/drivers/md/dm-crypt.c
@@ -42,6 +42,7 @@
#include <linux/device-mapper.h>
#include <linux/kexec.h>
+#include <linux/crash_dump.h>
#include "dm-audit.h"
@@ -2602,13 +2603,17 @@ static int crypt_set_key(struct crypt_config *cc, char *key)
{
int r = -EINVAL;
int key_string_len = strlen(key);
+ bool retrieve_kdump_key = false;
+
+ if (is_kdump_kernel() && !strncmp(key, ":kdump", 5))
+ retrieve_kdump_key = true;
/* Hyphen (which gives a key_size of zero) means there is no key. */
- if (!cc->key_size && strcmp(key, "-"))
+ if (!retrieve_kdump_key && !cc->key_size && strcmp(key, "-"))
goto out;
/* ':' means the key is in kernel keyring, short-circuit normal key processing */
- if (key[0] == ':') {
+ if (!retrieve_kdump_key && key[0] == ':') {
r = crypt_set_keyring_key(cc, key + 1);
goto out;
}
@@ -2620,9 +2625,15 @@ static int crypt_set_key(struct crypt_config *cc, char *key)
kfree_sensitive(cc->key_string);
cc->key_string = NULL;
- /* Decode key from its hex representation. */
- if (cc->key_size && hex2bin(cc->key, key, cc->key_size) < 0)
- goto out;
+ if (retrieve_kdump_key) {
+ r = retrive_kdump_luks_master_key(cc->key, &cc->key_size);
+ if (r < 0)
+ goto out;
+ } else {
+ /* Decode key from its hex representation. */
+ if (cc->key_size && hex2bin(cc->key, key, cc->key_size) < 0)
+ goto out;
+ }
r = crypt_setkey(cc);
if (!r)
--
2.34.1
WARNING: multiple messages have this Message-ID (diff)
From: Coiby Xu <coxu@redhat.com>
To: kexec@lists.infradead.org
Cc: Mike Snitzer <snitzer@redhat.com>, Baoquan He <bhe@redhat.com>,
dm-devel@redhat.com, linux-kernel@vger.kernel.org,
Kairui Song <ryncsn@gmail.com>,
Thomas Staudt <tstaudt@de.ibm.com>,
Dave Young <dyoung@redhat.com>, Milan Broz <gmazyland@gmail.com>,
Alasdair Kergon <agk@redhat.com>
Subject: [dm-devel] [RFC 4/4] dm-crypt: reuse LUKS master key in kdump kernel
Date: Fri, 18 Mar 2022 18:34:23 +0800 [thread overview]
Message-ID: <20220318103423.286410-5-coxu@redhat.com> (raw)
In-Reply-To: <20220318103423.286410-1-coxu@redhat.com>
When libcryptsetup passes key string starting with ":kdump", dm-crypt
will interpret it as reusing the LUKS master key in kdump kernel.
Signed-off-by: Coiby Xu <coxu@redhat.com>
---
drivers/md/dm-crypt.c | 21 ++++++++++++++++-----
1 file changed, 16 insertions(+), 5 deletions(-)
diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c
index 41f9ca377312..f3986036ec40 100644
--- a/drivers/md/dm-crypt.c
+++ b/drivers/md/dm-crypt.c
@@ -42,6 +42,7 @@
#include <linux/device-mapper.h>
#include <linux/kexec.h>
+#include <linux/crash_dump.h>
#include "dm-audit.h"
@@ -2602,13 +2603,17 @@ static int crypt_set_key(struct crypt_config *cc, char *key)
{
int r = -EINVAL;
int key_string_len = strlen(key);
+ bool retrieve_kdump_key = false;
+
+ if (is_kdump_kernel() && !strncmp(key, ":kdump", 5))
+ retrieve_kdump_key = true;
/* Hyphen (which gives a key_size of zero) means there is no key. */
- if (!cc->key_size && strcmp(key, "-"))
+ if (!retrieve_kdump_key && !cc->key_size && strcmp(key, "-"))
goto out;
/* ':' means the key is in kernel keyring, short-circuit normal key processing */
- if (key[0] == ':') {
+ if (!retrieve_kdump_key && key[0] == ':') {
r = crypt_set_keyring_key(cc, key + 1);
goto out;
}
@@ -2620,9 +2625,15 @@ static int crypt_set_key(struct crypt_config *cc, char *key)
kfree_sensitive(cc->key_string);
cc->key_string = NULL;
- /* Decode key from its hex representation. */
- if (cc->key_size && hex2bin(cc->key, key, cc->key_size) < 0)
- goto out;
+ if (retrieve_kdump_key) {
+ r = retrive_kdump_luks_master_key(cc->key, &cc->key_size);
+ if (r < 0)
+ goto out;
+ } else {
+ /* Decode key from its hex representation. */
+ if (cc->key_size && hex2bin(cc->key, key, cc->key_size) < 0)
+ goto out;
+ }
r = crypt_setkey(cc);
if (!r)
--
2.34.1
--
dm-devel mailing list
dm-devel@redhat.com
https://listman.redhat.com/mailman/listinfo/dm-devel
WARNING: multiple messages have this Message-ID (diff)
From: Coiby Xu <coxu@redhat.com>
To: kexec@lists.infradead.org
Subject: [RFC 4/4] dm-crypt: reuse LUKS master key in kdump kernel
Date: Fri, 18 Mar 2022 18:34:23 +0800 [thread overview]
Message-ID: <20220318103423.286410-5-coxu@redhat.com> (raw)
In-Reply-To: <20220318103423.286410-1-coxu@redhat.com>
When libcryptsetup passes key string starting with ":kdump", dm-crypt
will interpret it as reusing the LUKS master key in kdump kernel.
Signed-off-by: Coiby Xu <coxu@redhat.com>
---
drivers/md/dm-crypt.c | 21 ++++++++++++++++-----
1 file changed, 16 insertions(+), 5 deletions(-)
diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c
index 41f9ca377312..f3986036ec40 100644
--- a/drivers/md/dm-crypt.c
+++ b/drivers/md/dm-crypt.c
@@ -42,6 +42,7 @@
#include <linux/device-mapper.h>
#include <linux/kexec.h>
+#include <linux/crash_dump.h>
#include "dm-audit.h"
@@ -2602,13 +2603,17 @@ static int crypt_set_key(struct crypt_config *cc, char *key)
{
int r = -EINVAL;
int key_string_len = strlen(key);
+ bool retrieve_kdump_key = false;
+
+ if (is_kdump_kernel() && !strncmp(key, ":kdump", 5))
+ retrieve_kdump_key = true;
/* Hyphen (which gives a key_size of zero) means there is no key. */
- if (!cc->key_size && strcmp(key, "-"))
+ if (!retrieve_kdump_key && !cc->key_size && strcmp(key, "-"))
goto out;
/* ':' means the key is in kernel keyring, short-circuit normal key processing */
- if (key[0] == ':') {
+ if (!retrieve_kdump_key && key[0] == ':') {
r = crypt_set_keyring_key(cc, key + 1);
goto out;
}
@@ -2620,9 +2625,15 @@ static int crypt_set_key(struct crypt_config *cc, char *key)
kfree_sensitive(cc->key_string);
cc->key_string = NULL;
- /* Decode key from its hex representation. */
- if (cc->key_size && hex2bin(cc->key, key, cc->key_size) < 0)
- goto out;
+ if (retrieve_kdump_key) {
+ r = retrive_kdump_luks_master_key(cc->key, &cc->key_size);
+ if (r < 0)
+ goto out;
+ } else {
+ /* Decode key from its hex representation. */
+ if (cc->key_size && hex2bin(cc->key, key, cc->key_size) < 0)
+ goto out;
+ }
r = crypt_setkey(cc);
if (!r)
--
2.34.1
next prev parent reply other threads:[~2022-03-18 10:35 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-18 10:34 [RFC 0/4] Support kdump with LUKS encryption by reusing LUKS master key Coiby Xu
2022-03-18 10:34 ` Coiby Xu
2022-03-18 10:34 ` [dm-devel] " Coiby Xu
2022-03-18 10:34 ` [RFC 1/4] kexec, dm-crypt: receive LUKS master key from dm-crypt and pass it to kdump Coiby Xu
2022-03-18 10:34 ` Coiby Xu
2022-03-18 10:34 ` [dm-devel] " Coiby Xu
2022-03-18 10:34 ` [RFC 2/4] kdump, x86: pass the LUKS master key to kdump kernel using a kernel command line parameter luksmasterkey Coiby Xu
2022-03-18 10:34 ` Coiby Xu
2022-03-18 10:34 ` [dm-devel] " Coiby Xu
2022-03-18 10:34 ` [RFC 3/4] crash_dump: retrieve LUKS master key in kdump kernel Coiby Xu
2022-03-18 10:34 ` Coiby Xu
2022-03-18 10:34 ` [dm-devel] " Coiby Xu
2022-03-18 10:34 ` Coiby Xu [this message]
2022-03-18 10:34 ` [RFC 4/4] dm-crypt: reuse " Coiby Xu
2022-03-18 10:34 ` [dm-devel] " Coiby Xu
2022-03-18 11:29 ` [RFC 0/4] Support kdump with LUKS encryption by reusing LUKS master key Milan Broz
2022-03-18 11:29 ` Milan Broz
2022-03-18 11:29 ` [dm-devel] " Milan Broz
2022-03-18 12:21 ` Coiby Xu
2022-03-18 12:21 ` Coiby Xu
2022-03-18 12:21 ` [dm-devel] " Coiby Xu
2022-03-18 13:53 ` Milan Broz
2022-03-18 13:53 ` Milan Broz
2022-03-18 13:53 ` [dm-devel] " Milan Broz
2022-03-19 1:41 ` Coiby Xu
2022-03-19 1:41 ` Coiby Xu
2022-03-19 1:41 ` [dm-devel] " Coiby Xu
2022-03-19 20:13 ` Guilherme G. Piccoli
2022-03-19 20:13 ` Guilherme G. Piccoli
2022-03-19 20:13 ` [dm-devel] " Guilherme G. Piccoli
2022-03-21 1:41 ` Coiby Xu
2022-03-21 1:41 ` Coiby Xu
2022-03-21 1:41 ` [dm-devel] " Coiby Xu
2022-03-21 12:28 ` Guilherme G. Piccoli
2022-03-21 12:28 ` Guilherme G. Piccoli
2022-03-21 12:28 ` [dm-devel] " Guilherme G. Piccoli
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220318103423.286410-5-coxu@redhat.com \
--to=coxu@redhat.com \
--cc=agk@redhat.com \
--cc=bhe@redhat.com \
--cc=dm-devel@redhat.com \
--cc=dyoung@redhat.com \
--cc=gmazyland@gmail.com \
--cc=kexec@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=ryncsn@gmail.com \
--cc=snitzer@redhat.com \
--cc=tstaudt@de.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.