[PATCH v4 4/5] kexec: add option to fall back to KEXEC_LOAD when KEXEC_FILE_LOAD is not supported.
Michal Suchánek
msuchanek at suse.de
Thu Mar 15 04:06:37 PDT 2018
On Wed, 14 Mar 2018 11:21:59 +0800
Dave Young <dyoung at redhat.com> wrote:
> On 03/06/18 at 02:15pm, Michal Suchanek wrote:
> > Not all architectures implement KEXEC_FILE_LOAD. However, on some
> > archiectures KEXEC_FILE_LOAD is required when secure boot is
> > enabled in locked-down mode. Previously users had to select the
> > KEXEC_FILE_LOAD syscall with undocumented -s option. However, if
> > they did pass the option kexec would fail on architectures that do
> > not support it.
> >
> > So add an -a option that tries KEXEC_FILE_LOAD and when it is not
> > supported tries KEXEC_LOAD.
> >
> > Signed-off-by: Michal Suchanek <msuchanek at suse.de>
> > ---
> > v3: instead of changing the deafult add extra option
> > v4: actually check -ENOSYS as well
> > ---
> > kexec/kexec.c | 52
> > ++++++++++++++++++++++++++++++++++++++++++++++++---- kexec/kexec.h
> > | 4 +++- 2 files changed, 51 insertions(+), 5 deletions(-)
> >
> > diff --git a/kexec/kexec.c b/kexec/kexec.c
> > index a95cfb473d6b..5c5aee344b41 100644
> > --- a/kexec/kexec.c
> > +++ b/kexec/kexec.c
> > @@ -1243,6 +1243,7 @@ int main(int argc, char *argv[])
> > int do_unload = 0;
> > int do_reuse_initrd = 0;
> > int do_kexec_file_syscall = 0;
> > + int do_kexec_fallback = 0;
> > int do_status = 0;
> > void *entry = 0;
> > char *type = 0;
> > @@ -1367,10 +1368,15 @@ int main(int argc, char *argv[])
> > break;
> > case OPT_KEXEC_FILE_SYSCALL:
> > do_kexec_file_syscall = 1;
> > + do_kexec_fallback = 0;
> > break;
> > case OPT_KEXEC_SYSCALL:
> > do_kexec_file_syscall = 0;
> > + do_kexec_fallback = 0;
> > break;
> > + case OPT_KEXEC_SYSCALL_AUTO:
> > + do_kexec_file_syscall = 1;
> > + do_kexec_fallback = 1;
>
> need a break here
Indeed
>
> > case OPT_STATUS:
> > do_status = 1;
> > break;
> > @@ -1442,16 +1448,54 @@ int main(int argc, char *argv[])
> > result = k_status(kexec_flags);
> > }
> > if (do_unload) {
> > - if (do_kexec_file_syscall)
> > + if (do_kexec_file_syscall) {
> > result =
> > kexec_file_unload(kexec_file_flags);
> > - else
> > + if ((result == -ENOSYS) &&
> > do_kexec_fallback)
> > + do_kexec_file_syscall = 0;
> > + }
> > + if (!do_kexec_file_syscall)
> > result = k_unload(kexec_flags);
> > }
> > if (do_load && (result == 0)) {
> > - if (do_kexec_file_syscall)
> > + if (do_kexec_file_syscall) {
> > result = do_kexec_file_load(fileind, argc,
> > argv, kexec_file_flags);
> > - else
> > + if (do_kexec_fallback) switch (result) {
> > + /*
> > + * Something failed with signature
> > verification.
> > + * Reject the image.
> > + */
> > + case -ELIBBAD:
> > + case -EKEYREJECTED:
> > + case -ENOPKG:
> > + case -ENOKEY:
> > + case -EBADMSG:
> > + case -EMSGSIZE:
> > + /*
> > + * By default reject or do
> > nothing if
> > + * succeded
> > + */
> > + default: break;
> > + case -ENOSYS: /* not implemented */
> > + /*
> > + * Parsing image or other
> > options failed
> > + * The image may be
> > invalid or image
> > + * type may not supported
> > by kernel so
> > + * retry parsing in
> > kexec-tools.
> > + */
> > + case -EINVAL:
> > + case -ENOEXEC:
> > + /*
> > + * ENOTSUPP can be
> > unsupported image
> > + * type or unsupported PE
> > signature
> > + * wrapper type, duh
> > + */
> > + case -ENOTSUP:
> > + do_kexec_file_syscall = 0;
> > + break;
>
> It looks to me it is enough only checking -ENOSYS maybe also
> -ENOTSUPP and then set do_kexec_file_syscall = 0;
>
> EINVAL and ENOEXEC are real errors, I do not understand why still
> fallback.
If you pass an image type that the kernel does not understand (eg.
multiboot or uImage) then the kernel will return a real error because
it does not understand the image. However, kexec-tools should still be
able to load it, automatically. That's what the -auto stands for.
> Also thos signature verification errors are not needed
> in this code as well.
Yes, they are not needed. They are here so it's obvious which errors
are signature verification errors.
Thanks
Michal
More information about the kexec
mailing list