Commit cc66e486 authored by Coiby Xu's avatar Coiby Xu Committed by Andrew Morton
Browse files

x86/crash: make the page that stores the dm crypt keys inaccessible 

This adds an addition layer of protection for the saved copy of dm crypt
key.  Trying to access the saved copy will cause page fault.

Link: https://lkml.kernel.org/r/20250502011246.99238-9-coxu@redhat.com


Signed-off-by: default avatarCoiby Xu <coxu@redhat.com>
Suggested-by: default avatarPingfan Liu <kernelfans@gmail.com>
Acked-by: default avatarBaoquan He <bhe@redhat.com>
Cc: "Daniel P. Berrange" <berrange@redhat.com>
Cc: Dave Hansen <dave.hansen@intel.com>
Cc: Dave Young <dyoung@redhat.com>
Cc: Jan Pazdziora <jpazdziora@redhat.com>
Cc: Milan Broz <gmazyland@gmail.com>
Cc: Ondrej Kozina <okozina@redhat.com>
Cc: Vitaly Kuznetsov <vkuznets@redhat.com>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
parent 5eb3f605

arch/x86/kernel/machine_kexec_64.c

+22 −0
Original line number Diff line number Diff line
@@ -598,13 +598,35 @@ static void kexec_mark_crashkres(bool protect) 
	kexec_mark_range(control, crashk_res.end, protect);

}



/* make the memory storing dm crypt keys in/accessible */

static void kexec_mark_dm_crypt_keys(bool protect)

{

	unsigned long start_paddr, end_paddr;

	unsigned int nr_pages;



	if (kexec_crash_image->dm_crypt_keys_addr) {

		start_paddr = kexec_crash_image->dm_crypt_keys_addr;

		end_paddr = start_paddr + kexec_crash_image->dm_crypt_keys_sz - 1;

		nr_pages = (PAGE_ALIGN(end_paddr) - PAGE_ALIGN_DOWN(start_paddr))/PAGE_SIZE;

		if (protect)

			set_memory_np((unsigned long)phys_to_virt(start_paddr), nr_pages);

		else

			__set_memory_prot(

				(unsigned long)phys_to_virt(start_paddr),

				nr_pages,

				__pgprot(_PAGE_PRESENT | _PAGE_NX | _PAGE_RW));

	}

}



void arch_kexec_protect_crashkres(void)

{

	kexec_mark_crashkres(true);

	kexec_mark_dm_crypt_keys(true);

}



void arch_kexec_unprotect_crashkres(void)

{

	kexec_mark_dm_crypt_keys(false);

	kexec_mark_crashkres(false);

}

#endif