tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

arm64,ppc64le/kdump: pass dm-crypt keys to kdump kernel

CONFIG_CRASH_DM_CRYPT has been introduced to support LUKS-encrypted
device dump target by addressing two challenges [1],
- Kdump kernel may not be able to decrypt the LUKS partition. For some
machines, a system administrator may not have a chance to enter the
password to decrypt the device in kdump initramfs after the 1st kernel
crashes

- LUKS2 by default use the memory-hard Argon2 key derivation function
which is quite memory-consuming compared to the limited memory reserved
for kdump.

To also enable this feature for ARM64 and PowerPC, the missing piece is to
let the kdump kernel know where to find the dm-crypt keys which are
randomly stored in memory reserved for kdump. Introduce a new device tree
property dmcryptkeys [2] as similar to elfcorehdr to pass the memory
address of the stored info of dm-crypt keys to the kdump kernel. Since
this property is only needed by the kdump kernel, it won't be exposed to
userspace.

Link: https://lkml.kernel.org/r/20260225060347.718905-4-coxu@redhat.com
Link: https://lore.kernel.org/all/20250502011246.99238-1-coxu@redhat.com/ [1]
Link: https://github.com/devicetree-org/dt-schema/pull/181 [2]
Signed-off-by: Coiby Xu <coxu@redhat.com>
Acked-by: Rob Herring (Arm) <robh@kernel.org>
Reviewed-by: Sourabh Jain <sourabhjain@linux.ibm.com>
Cc: Arnaud Lefebvre <arnaud.lefebvre@clever-cloud.com>
Cc: Baoquan he <bhe@redhat.com>
Cc: Dave Young <dyoung@redhat.com>
Cc: Kairui Song <ryncsn@gmail.com>
Cc: Pingfan Liu <kernelfans@gmail.com>
Cc: Krzysztof Kozlowski <krzk@kernel.org>
Cc: Thomas Staudt <tstaudt@de.ibm.com>
Cc: Will Deacon <will@kernel.org>
Cc: Christophe Leroy (CS GROUP) <chleroy@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>

authored by

Coiby Xu and committed by
Andrew Morton e3a84be1 fe74eb28

+48
+4
arch/arm64/kernel/machine_kexec_file.c
··· 134 134 135 135 kexec_dprintk("Loaded elf core header at 0x%lx bufsz=0x%lx memsz=0x%lx\n", 136 136 image->elf_load_addr, kbuf.bufsz, kbuf.memsz); 137 + 138 + ret = crash_load_dm_crypt_keys(image); 139 + if (ret) 140 + goto out_err; 137 141 } 138 142 #endif 139 143
+4
arch/powerpc/kexec/elf_64.c
··· 79 79 goto out; 80 80 } 81 81 82 + ret = crash_load_dm_crypt_keys(image); 83 + if (ret) 84 + goto out; 85 + 82 86 /* Setup cmdline for kdump kernel case */ 83 87 modified_cmdline = setup_kdump_cmdline(image, cmdline, 84 88 cmdline_len);
+21
drivers/of/fdt.c
··· 866 866 elfcorehdr_addr, elfcorehdr_size); 867 867 } 868 868 869 + static void __init early_init_dt_check_for_dmcryptkeys(unsigned long node) 870 + { 871 + const char *prop_name = "linux,dmcryptkeys"; 872 + const __be32 *prop; 873 + 874 + if (!IS_ENABLED(CONFIG_CRASH_DM_CRYPT)) 875 + return; 876 + 877 + pr_debug("Looking for dmcryptkeys property... "); 878 + 879 + prop = of_get_flat_dt_prop(node, prop_name, NULL); 880 + if (!prop) 881 + return; 882 + 883 + dm_crypt_keys_addr = dt_mem_next_cell(dt_root_addr_cells, &prop); 884 + 885 + /* Property only accessible to crash dump kernel */ 886 + fdt_delprop(initial_boot_params, node, prop_name); 887 + } 888 + 869 889 static unsigned long chosen_node_offset = -FDT_ERR_NOTFOUND; 870 890 871 891 /* ··· 1117 1097 1118 1098 early_init_dt_check_for_initrd(node); 1119 1099 early_init_dt_check_for_elfcorehdr(node); 1100 + early_init_dt_check_for_dmcryptkeys(node); 1120 1101 1121 1102 rng_seed = of_get_flat_dt_prop(node, "rng-seed", &l); 1122 1103 if (rng_seed && l > 0) {
+19
drivers/of/kexec.c
··· 423 423 if (ret) 424 424 goto out; 425 425 426 + if (image->dm_crypt_keys_addr != 0) { 427 + ret = fdt_appendprop_addrrange(fdt, 0, chosen_node, 428 + "linux,dmcryptkeys", 429 + image->dm_crypt_keys_addr, 430 + image->dm_crypt_keys_sz); 431 + 432 + if (ret) 433 + goto out; 434 + 435 + /* 436 + * Avoid dmcryptkeys from being stomped on in kdump kernel by 437 + * setting up memory reserve map. 438 + */ 439 + ret = fdt_add_mem_rsv(fdt, image->dm_crypt_keys_addr, 440 + image->dm_crypt_keys_sz); 441 + if (ret) 442 + goto out; 443 + } 444 + 426 445 #ifdef CONFIG_CRASH_DUMP 427 446 /* add linux,usable-memory-range */ 428 447 ret = fdt_appendprop_addrrange(fdt, 0, chosen_node,