Re: [PATCH v6 02/14] x86/kexec: refactor for kernel/Kconfig.kexec
Hello, On Thu, Jul 13, 2023 at 07:13:57PM +0800, Leizhen (ThunderTown) wrote: > > > On 2023/7/13 0:15, Eric DeVolder wrote: > > The kexec and crash kernel options are provided in the common > > kernel/Kconfig.kexec. Utilize the common options and provide > > the ARCH_SUPPORTS_ and ARCH_SELECTS_ entries to recreate the > > equivalent set of KEXEC and CRASH options. > > > > Signed-off-by: Eric DeVolder > > --- > > arch/x86/Kconfig | 92 ++-- > > 1 file changed, 19 insertions(+), 73 deletions(-) > > > > diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig > > index 7422db409770..9767a343f7c2 100644 > > --- a/arch/x86/Kconfig > > +++ b/arch/x86/Kconfig > > @@ -2040,88 +2040,34 @@ config EFI_RUNTIME_MAP > > > > source "kernel/Kconfig.hz" > > > > -config KEXEC > > - bool "kexec system call" > > - select KEXEC_CORE > > - help > > - kexec is a system call that implements the ability to shutdown your > > - current kernel, and to start another kernel. It is like a reboot > > - but it is independent of the system firmware. And like a reboot > > - you can start any kernel with it, not just Linux. > > - > > - The name comes from the similarity to the exec system call. > > - > > - It is an ongoing process to be certain the hardware in a machine > > - is properly shutdown, so do not be surprised if this code does not > > - initially work for you. As of this writing the exact hardware > > - interface is strongly in flux, so no good recommendation can be > > - made. > > - > > -config KEXEC_FILE > > - bool "kexec file based system call" > > - select KEXEC_CORE > > - select HAVE_IMA_KEXEC if IMA > > - depends on X86_64 > > - depends on CRYPTO=y > > - depends on CRYPTO_SHA256=y > > - help > > - This is new version of kexec system call. This system call is > > - file based and takes file descriptors as system call argument > > - for kernel and initramfs as opposed to list of segments as > > - accepted by previous system call. > > +config ARCH_SUPPORTS_KEXEC > > + def_bool y > > In v5, Joel Fernandes seems to suggest you change it to the following form: It's unfortunate that the suggestion did not make it to the mailinglist. > In arch/Kconfig: > +config ARCH_SUPPORTS_KEXEC > + bool > > In arch/x86/Kconfig: > config X86 > ... ... > + select ARCH_SUPPORTS_KEXEC > > In arch/arm64/Kconfig: > config ARM64 > ... ... > + select ARCH_SUPPORTS_KEXEC if PM_SLEEP_SMP Which might work for this case > > etc.. > > You can refer to ARCH_HAS_DEBUG_VIRTUAL. > > > > > -config ARCH_HAS_KEXEC_PURGATORY > > - def_bool KEXEC_FILE > > +config ARCH_SUPPORTS_KEXEC_FILE > > + def_bool X86_64 && CRYPTO && CRYPTO_SHA256 > > > > -config KEXEC_SIG > > - bool "Verify kernel signature during kexec_file_load() syscall" > > +config ARCH_SELECTS_KEXEC_FILE > > + def_bool y > > depends on KEXEC_FILE > > - help > > + select HAVE_IMA_KEXEC if IMA but not this case, at least not this trivially. Than for consistency it looks better to keep as is. Thanks Michal > > > > - This option makes the kexec_file_load() syscall check for a valid > > - signature of the kernel image. The image can still be loaded without > > - a valid signature unless you also enable KEXEC_SIG_FORCE, though if > > - there's a signature that we can check, then it must be valid. > > +config ARCH_HAS_KEXEC_PURGATORY > > + def_bool KEXEC_FILE > > > > - In addition to this option, you need to enable signature > > - verification for the corresponding kernel image type being > > - loaded in order for this to work. > > +config ARCH_SUPPORTS_KEXEC_SIG > > + def_bool y > > > > -config KEXEC_SIG_FORCE > > - bool "Require a valid signature in kexec_file_load() syscall" > > - depends on KEXEC_SIG > > - help > > - This option makes kernel signature verification mandatory for > > - the kexec_file_load() syscall. > > +config ARCH_SUPPORTS_KEXEC_SIG_FORCE > > + def_bool y > > > > -config KEXEC_BZIMAGE_VERIFY_SIG > > - bool "Enable bzImage signature verification support" > > - depends on KEXEC_SIG > > - depends on SIGNED_PE_FILE_VERIFICATION > > - select SYSTEM_TRUSTED_KEYRING > > - help > > - Enable bzImage signature verification support. > > +config ARCH_SUPPORTS_KEXEC_BZIMAGE_VERIFY_SIG > > + def_bool y > > > > -config CRASH_DUMP > > - bool "kernel crash dumps" > > - depends on X86_64 || (X86_32 && HIGHMEM) > > - help > > - Generate crash dump after being started by kexec. > > - This should be normally only set in special crash dump kernels > > - which are loaded in the main kernel with kexec-tools into > > - a specially reserved region and then later executed after > > - a crash by kdump/kexec. The crash dump kernel must be compiled > > - to a memory address not used by the main kernel or BIOS using > > - PHYSICAL
Re: [PATCH v6 02/14] x86/kexec: refactor for kernel/Kconfig.kexec
On 2023/7/13 0:15, Eric DeVolder wrote: > The kexec and crash kernel options are provided in the common > kernel/Kconfig.kexec. Utilize the common options and provide > the ARCH_SUPPORTS_ and ARCH_SELECTS_ entries to recreate the > equivalent set of KEXEC and CRASH options. > > Signed-off-by: Eric DeVolder > --- > arch/x86/Kconfig | 92 ++-- > 1 file changed, 19 insertions(+), 73 deletions(-) > > diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig > index 7422db409770..9767a343f7c2 100644 > --- a/arch/x86/Kconfig > +++ b/arch/x86/Kconfig > @@ -2040,88 +2040,34 @@ config EFI_RUNTIME_MAP > > source "kernel/Kconfig.hz" > > -config KEXEC > - bool "kexec system call" > - select KEXEC_CORE > - help > - kexec is a system call that implements the ability to shutdown your > - current kernel, and to start another kernel. It is like a reboot > - but it is independent of the system firmware. And like a reboot > - you can start any kernel with it, not just Linux. > - > - The name comes from the similarity to the exec system call. > - > - It is an ongoing process to be certain the hardware in a machine > - is properly shutdown, so do not be surprised if this code does not > - initially work for you. As of this writing the exact hardware > - interface is strongly in flux, so no good recommendation can be > - made. > - > -config KEXEC_FILE > - bool "kexec file based system call" > - select KEXEC_CORE > - select HAVE_IMA_KEXEC if IMA > - depends on X86_64 > - depends on CRYPTO=y > - depends on CRYPTO_SHA256=y > - help > - This is new version of kexec system call. This system call is > - file based and takes file descriptors as system call argument > - for kernel and initramfs as opposed to list of segments as > - accepted by previous system call. > +config ARCH_SUPPORTS_KEXEC > + def_bool y In v5, Joel Fernandes seems to suggest you change it to the following form: In arch/Kconfig: +config ARCH_SUPPORTS_KEXEC + bool In arch/x86/Kconfig: config X86 ... ... + select ARCH_SUPPORTS_KEXEC In arch/arm64/Kconfig: config ARM64 ... ... + select ARCH_SUPPORTS_KEXEC if PM_SLEEP_SMP etc.. You can refer to ARCH_HAS_DEBUG_VIRTUAL. > > -config ARCH_HAS_KEXEC_PURGATORY > - def_bool KEXEC_FILE > +config ARCH_SUPPORTS_KEXEC_FILE > + def_bool X86_64 && CRYPTO && CRYPTO_SHA256 > > -config KEXEC_SIG > - bool "Verify kernel signature during kexec_file_load() syscall" > +config ARCH_SELECTS_KEXEC_FILE > + def_bool y > depends on KEXEC_FILE > - help > + select HAVE_IMA_KEXEC if IMA > > - This option makes the kexec_file_load() syscall check for a valid > - signature of the kernel image. The image can still be loaded without > - a valid signature unless you also enable KEXEC_SIG_FORCE, though if > - there's a signature that we can check, then it must be valid. > +config ARCH_HAS_KEXEC_PURGATORY > + def_bool KEXEC_FILE > > - In addition to this option, you need to enable signature > - verification for the corresponding kernel image type being > - loaded in order for this to work. > +config ARCH_SUPPORTS_KEXEC_SIG > + def_bool y > > -config KEXEC_SIG_FORCE > - bool "Require a valid signature in kexec_file_load() syscall" > - depends on KEXEC_SIG > - help > - This option makes kernel signature verification mandatory for > - the kexec_file_load() syscall. > +config ARCH_SUPPORTS_KEXEC_SIG_FORCE > + def_bool y > > -config KEXEC_BZIMAGE_VERIFY_SIG > - bool "Enable bzImage signature verification support" > - depends on KEXEC_SIG > - depends on SIGNED_PE_FILE_VERIFICATION > - select SYSTEM_TRUSTED_KEYRING > - help > - Enable bzImage signature verification support. > +config ARCH_SUPPORTS_KEXEC_BZIMAGE_VERIFY_SIG > + def_bool y > > -config CRASH_DUMP > - bool "kernel crash dumps" > - depends on X86_64 || (X86_32 && HIGHMEM) > - help > - Generate crash dump after being started by kexec. > - This should be normally only set in special crash dump kernels > - which are loaded in the main kernel with kexec-tools into > - a specially reserved region and then later executed after > - a crash by kdump/kexec. The crash dump kernel must be compiled > - to a memory address not used by the main kernel or BIOS using > - PHYSICAL_START, or it must be built as a relocatable image > - (CONFIG_RELOCATABLE=y). > - For more details see Documentation/admin-guide/kdump/kdump.rst > +config ARCH_SUPPORTS_KEXEC_JUMP > + def_bool y > > -config KEXEC_JUMP > - bool "kexec jump" > - depends on KEXEC && HIBERNATION > - help > - Jump between original kernel and kexeced kernel and invoke > - code in physical address mode
[PATCH v6 02/14] x86/kexec: refactor for kernel/Kconfig.kexec
The kexec and crash kernel options are provided in the common kernel/Kconfig.kexec. Utilize the common options and provide the ARCH_SUPPORTS_ and ARCH_SELECTS_ entries to recreate the equivalent set of KEXEC and CRASH options. Signed-off-by: Eric DeVolder --- arch/x86/Kconfig | 92 ++-- 1 file changed, 19 insertions(+), 73 deletions(-) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 7422db409770..9767a343f7c2 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -2040,88 +2040,34 @@ config EFI_RUNTIME_MAP source "kernel/Kconfig.hz" -config KEXEC - bool "kexec system call" - select KEXEC_CORE - help - kexec is a system call that implements the ability to shutdown your - current kernel, and to start another kernel. It is like a reboot - but it is independent of the system firmware. And like a reboot - you can start any kernel with it, not just Linux. - - The name comes from the similarity to the exec system call. - - It is an ongoing process to be certain the hardware in a machine - is properly shutdown, so do not be surprised if this code does not - initially work for you. As of this writing the exact hardware - interface is strongly in flux, so no good recommendation can be - made. - -config KEXEC_FILE - bool "kexec file based system call" - select KEXEC_CORE - select HAVE_IMA_KEXEC if IMA - depends on X86_64 - depends on CRYPTO=y - depends on CRYPTO_SHA256=y - help - This is new version of kexec system call. This system call is - file based and takes file descriptors as system call argument - for kernel and initramfs as opposed to list of segments as - accepted by previous system call. +config ARCH_SUPPORTS_KEXEC + def_bool y -config ARCH_HAS_KEXEC_PURGATORY - def_bool KEXEC_FILE +config ARCH_SUPPORTS_KEXEC_FILE + def_bool X86_64 && CRYPTO && CRYPTO_SHA256 -config KEXEC_SIG - bool "Verify kernel signature during kexec_file_load() syscall" +config ARCH_SELECTS_KEXEC_FILE + def_bool y depends on KEXEC_FILE - help + select HAVE_IMA_KEXEC if IMA - This option makes the kexec_file_load() syscall check for a valid - signature of the kernel image. The image can still be loaded without - a valid signature unless you also enable KEXEC_SIG_FORCE, though if - there's a signature that we can check, then it must be valid. +config ARCH_HAS_KEXEC_PURGATORY + def_bool KEXEC_FILE - In addition to this option, you need to enable signature - verification for the corresponding kernel image type being - loaded in order for this to work. +config ARCH_SUPPORTS_KEXEC_SIG + def_bool y -config KEXEC_SIG_FORCE - bool "Require a valid signature in kexec_file_load() syscall" - depends on KEXEC_SIG - help - This option makes kernel signature verification mandatory for - the kexec_file_load() syscall. +config ARCH_SUPPORTS_KEXEC_SIG_FORCE + def_bool y -config KEXEC_BZIMAGE_VERIFY_SIG - bool "Enable bzImage signature verification support" - depends on KEXEC_SIG - depends on SIGNED_PE_FILE_VERIFICATION - select SYSTEM_TRUSTED_KEYRING - help - Enable bzImage signature verification support. +config ARCH_SUPPORTS_KEXEC_BZIMAGE_VERIFY_SIG + def_bool y -config CRASH_DUMP - bool "kernel crash dumps" - depends on X86_64 || (X86_32 && HIGHMEM) - help - Generate crash dump after being started by kexec. - This should be normally only set in special crash dump kernels - which are loaded in the main kernel with kexec-tools into - a specially reserved region and then later executed after - a crash by kdump/kexec. The crash dump kernel must be compiled - to a memory address not used by the main kernel or BIOS using - PHYSICAL_START, or it must be built as a relocatable image - (CONFIG_RELOCATABLE=y). - For more details see Documentation/admin-guide/kdump/kdump.rst +config ARCH_SUPPORTS_KEXEC_JUMP + def_bool y -config KEXEC_JUMP - bool "kexec jump" - depends on KEXEC && HIBERNATION - help - Jump between original kernel and kexeced kernel and invoke - code in physical address mode via KEXEC +config ARCH_SUPPORTS_CRASH_DUMP + def_bool X86_64 || (X86_32 && HIGHMEM) config PHYSICAL_START hex "Physical address where the kernel is loaded" if (EXPERT || CRASH_DUMP) -- 2.31.1
