crash_dump: reuse saved dm crypt keys for CPU/memory hot-plugging

When there are CPU and memory hot un/plugs, the dm crypt keys may need to
be reloaded again depending on the solution for crash hotplug support.
Currently, there are two solutions.  One is to utilizes udev to instruct
user space to reload the kdump kernel image and initrd, elfcorehdr and etc
again.  The other is to only update the elfcorehdr segment introduced in
commit 247262756121 ("crash: add generic infrastructure for crash hotplug
support").

For the 1st solution, the dm crypt keys need to be reloaded again.  The
user space can write true to /sys/kernel/config/crash_dm_crypt_key/reuse
so the stored keys can be re-used.

For the 2nd solution, the dm crypt keys don't need to be reloaded.
Currently, only x86 supports the 2nd solution.  If the 2nd solution gets
extended to all arches, this patch can be dropped.

Link: https://lkml.kernel.org/r/20250502011246.99238-5-coxu@redhat.com
Signed-off-by: Coiby Xu <coxu@redhat.com>
Acked-by: Baoquan He <bhe@redhat.com>
Cc: "Daniel P. Berrange" <berrange@redhat.com>
Cc: Dave Hansen <dave.hansen@intel.com>
Cc: Dave Young <dyoung@redhat.com>
Cc: Jan Pazdziora <jpazdziora@redhat.com>
Cc: Liu Pingfan <kernelfans@gmail.com>
Cc: Milan Broz <gmazyland@gmail.com>
Cc: Ondrej Kozina <okozina@redhat.com>
Cc: Vitaly Kuznetsov <vkuznets@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>

diff --git a/Documentation/admin-guide/kdump/kdump.rst b/Documentation/admin-guide/kdump/kdump.rst
index b74d3bed8fff40c4d3e9c39dbdc7e47d92df9afd..e25edaa8e5332b295adcbdb05650e2c04dfaaafc 100644 (file)
--- a/Documentation/admin-guide/kdump/kdump.rst
+++ b/Documentation/admin-guide/kdump/kdump.rst
@@ -570,6 +570,10 @@ encrypted disk volume. User space can interact with
     cat /sys/kernel/config/crash_dm_crypt_keys/count
     2
 
+    # To support CPU/memory hot-plugging, re-use keys already saved to reserved
+    # memory
+    echo true > /sys/kernel/config/crash_dm_crypt_key/reuse
+
 2. Load the dump-capture kernel
 
 3. After the dump-capture kerne get booted, restore the keys to user keyring

diff --git a/kernel/crash_dump_dm_crypt.c b/kernel/crash_dump_dm_crypt.c
index fb25f55f1512eb8e9a8065fd48a1d9f503e13d9e..5f4a623891507fa09c0cad9457a7fab1e68cf517 100644 (file)
--- a/kernel/crash_dump_dm_crypt.c
+++ b/kernel/crash_dump_dm_crypt.c
@@ -28,6 +28,20 @@ static size_t get_keys_header_size(size_t total_keys)
        return struct_size(keys_header, keys, total_keys);
 }
 
+static void get_keys_from_kdump_reserved_memory(void)
+{
+       struct keys_header *keys_header_loaded;
+
+       arch_kexec_unprotect_crashkres();
+
+       keys_header_loaded = kmap_local_page(pfn_to_page(
+               kexec_crash_image->dm_crypt_keys_addr >> PAGE_SHIFT));
+
+       memcpy(keys_header, keys_header_loaded, get_keys_header_size(key_count));
+       kunmap_local(keys_header_loaded);
+       arch_kexec_protect_crashkres();
+}
+
 static int read_key_from_user_keying(struct dm_crypt_key *dm_key)
 {
        const struct user_key_payload *ukp;
@@ -150,8 +164,36 @@ static ssize_t config_keys_count_show(struct config_item *item, char *page)
 
 CONFIGFS_ATTR_RO(config_keys_, count);
 
+static bool is_dm_key_reused;
+
+static ssize_t config_keys_reuse_show(struct config_item *item, char *page)
+{
+       return sprintf(page, "%d\n", is_dm_key_reused);
+}
+
+static ssize_t config_keys_reuse_store(struct config_item *item,
+                                          const char *page, size_t count)
+{
+       if (!kexec_crash_image || !kexec_crash_image->dm_crypt_keys_addr) {
+               kexec_dprintk(
+                       "dm-crypt keys haven't be saved to crash-reserved memory\n");
+               return -EINVAL;
+       }
+
+       if (kstrtobool(page, &is_dm_key_reused))
+               return -EINVAL;
+
+       if (is_dm_key_reused)
+               get_keys_from_kdump_reserved_memory();
+
+       return count;
+}
+
+CONFIGFS_ATTR(config_keys_, reuse);
+
 static struct configfs_attribute *config_keys_attrs[] = {
        &config_keys_attr_count,
+       &config_keys_attr_reuse,
        NULL,
 };
 
@@ -238,10 +280,12 @@ int crash_load_dm_crypt_keys(struct kimage *image)
                return -ENOENT;
        }
 
-       image->dm_crypt_keys_addr = 0;
-       r = build_keys_header();
-       if (r)
-               return r;
+       if (!is_dm_key_reused) {
+               image->dm_crypt_keys_addr = 0;
+               r = build_keys_header();
+               if (r)
+                       return r;
+       }
 
        kbuf.buffer = keys_header;
        kbuf.bufsz = get_keys_header_size(key_count);