[PATCH v5 4/5] kexec: Add option to fall back to KEXEC_LOAD when KEXEC_FILE_LOAD is not supported

Tue Mar 27 02:59:55 PDT 2018

On 03/26/18 at 03:52pm, Thiago Jung Bauermann wrote:
> 
> Michal Suchánek <msuchanek at suse.de> writes:
> 
> > On Mon, 26 Mar 2018 17:12:10 +0800
> > Dave Young <dyoung at redhat.com> wrote:
> >
> >> On 03/26/18 at 05:08pm, Dave Young wrote:
> >> > On 03/20/18 at 04:56pm, Michal Suchanek wrote:  
> >> > > Not all architectures implement KEXEC_FILE_LOAD. However, on some
> >> > > archiectures KEXEC_FILE_LOAD is required when secure boot is
> >> > > enabled in locked-down mode. Previously users had to select the
> >> > > KEXEC_FILE_LOAD syscall with undocumented -s option. However, if
> >> > > they did pass the option kexec would fail on architectures that
> >> > > do not support it.
> >> > > 
> >> > > So add an -a option that tries KEXEC_FILE_LOAD and when it is not
> >> > > supported tries KEXEC_LOAD.
> >> > > 
> >> > > Signed-off-by: Michal Suchanek <msuchanek at suse.de>
> >> > > ---
> >> > > v3: instead of changing the deafult add extra option
> >> > > v4: actually check -ENOSYS as well
> >> > > v5: add missing break
> >> > > ---
> >> > >  kexec/kexec.c | 58
> >> > > +++++++++++++++++++++++++++++++++++++++++++++++++++++-----
> >> > > kexec/kexec.h |  6 +++++- 2 files changed, 58 insertions(+), 6
> >> > > deletions(-)
> >> > > 
> >> > > diff --git a/kexec/kexec.c b/kexec/kexec.c
> >> > > index 68ae0594d4a7..44042345a16e 100644
> >> > > --- a/kexec/kexec.c
> >> > > +++ b/kexec/kexec.c
> >> > > @@ -1243,6 +1243,7 @@ int main(int argc, char *argv[])
> >> > >  	int do_unload = 0;
> >> > >  	int do_reuse_initrd = 0;
> >> > >  	int do_kexec_file_syscall = 0;
> >> > > +	int do_kexec_fallback = 0;
> >> > >  	int do_status = 0;
> >> > >  	void *entry = 0;
> >> > >  	char *type = 0;
> >> > > @@ -1367,6 +1368,15 @@ int main(int argc, char *argv[])
> >> > >  			break;
> >> > >  		case OPT_KEXEC_FILE_SYSCALL:
> >> > >  			do_kexec_file_syscall = 1;
> >> > > +			do_kexec_fallback = 0;
> >> > > +			break;
> >> > > +		case OPT_KEXEC_SYSCALL:
> >> > > +			do_kexec_file_syscall = 0;
> >> > > +			do_kexec_fallback = 0;
> >> > > +			break;
> >> > > +		case OPT_KEXEC_SYSCALL_AUTO:
> >> > > +			do_kexec_file_syscall = 1;
> >> > > +			do_kexec_fallback = 1;
> >> > >  			break;
> >> > >  		case OPT_STATUS:
> >> > >  			do_status = 1;
> >> > > @@ -1433,7 +1443,7 @@ int main(int argc, char *argv[])
> >> > >  		}
> >> > >  	}
> >> > >  	if (do_kexec_file_syscall) {
> >> > > -		if (do_load_jump_back_helper)
> >> > > +		if (do_load_jump_back_helper
> >> > > && !do_kexec_fallback) die("--load-jump-back-helper not supported
> >> > > with kexec_file_load\n"); if (kexec_flags &
> >> > > KEXEC_PRESERVE_CONTEXT) die("--load-preserve-context not
> >> > > supported with kexec_file_load\n"); @@ -1447,16 +1457,54 @@ int
> >> > > main(int argc, char *argv[]) result = k_status(kexec_flags);
> >> > >  	}
> >> > >  	if (do_unload) {
> >> > > -		if (do_kexec_file_syscall)
> >> > > +		if (do_kexec_file_syscall) {
> >> > >  			result =
> >> > > kexec_file_unload(kexec_file_flags);
> >> > > -		else
> >> > > +			if ((result == -ENOSYS) &&
> >> > > do_kexec_fallback)
> >> > > +				do_kexec_file_syscall = 0;
> >> > > +		}
> >> > > +		if (!do_kexec_file_syscall)
> >> > >  			result = k_unload(kexec_flags);
> >> > >  	}
> >> > >  	if (do_load && (result == 0)) {
> >> > > -		if (do_kexec_file_syscall)
> >> > > +		if (do_kexec_file_syscall) {
> >> > >  			result = do_kexec_file_load(fileind,
> >> > > argc, argv, kexec_file_flags);
> >> > > -		else
> >> > > +			if (do_kexec_fallback) switch (result) {
> >> > > +				/*
> >> > > +				 * Something failed with
> >> > > signature verification.
> >> > > +				 * Reject the image.
> >> > > +				 */
> >> > > +				case -ELIBBAD:
> >> > > +				case -EKEYREJECTED:
> >> > > +				case -ENOPKG:
> >> > > +				case -ENOKEY:
> >> > > +				case -EBADMSG:
> >> > > +				case -EMSGSIZE:
> >> > > +					/*
> >> > > +					 * By default reject or
> >> > > do nothing if
> >> > > +					 * succeded
> >> > > +					 */
> >> > > +				default: break;
> >> > > +				case -ENOSYS: /* not implemented
> >> > > */
> >> > > +					/*
> >> > > +					 * Parsing image or
> >> > > other options failed
> >> > > +					 * The image may be
> >> > > invalid or image
> >> > > +					 * type may not
> >> > > supported by kernel so
> >> > > +					 * retry parsing in
> >> > > kexec-tools.
> >> > > +					 */
> >> > > +				case -EINVAL:
> >> > > +				case -ENOEXEC:
> >> > > +					 /*
> >> > > +					  * ENOTSUPP can be
> >> > > unsupported image
> >> > > +					  * type or unsupported
> >> > > PE signature
> >> > > +					  * wrapper type, duh
> >> > > +					  */
> >> > > +				case -ENOTSUP:  
> >> > 
> >> > Hmm, this is still used in latest version.  kernel does not return
> >> > such error number,  I might not say clearly previously.  Please
> >> > check the kernel code, the only one place I know is because no
> >> > kdump support in power kexec_file:
> >> > arch/powerpc/kernel/machine_kexec_file_64.c
> >> > 
> >> >         /* We don't support crash kernels yet. */
> >> >         if (image->type == KEXEC_TYPE_CRASH)
> >> >                 return -ENOTSUPP;
> >> > 
> >> > So I suggest not checking this as well since -ENOTSUPP is not
> >> > populated in userspace headers, and -ENOTSUP is not used at all.
> >> > 
> >> > Also as I mentioned in another reply -EINVAL and -ENOEXEC is also
> >> > not ncessary.
> >> > 
> >> > For -ENOTSUP, maybe someone can submit a patch to switch to
> >> > -ENOTSUPP so that userspace can check it.
> >> > Ccing Thiago and Hari for the -ENOTSUPP errno issue.  
> >> 
> >> Oops for the hurry reply,  I means -ENOTSUPP might be able to replaced
> >> with -EOPNOTSUPP, a similar change like this:
> >> https://patchwork.kernel.org/patch/8490791/
> >
> > Thanks for catching this. In Linux ENOTSUPP with extra P is different
> > from EOPNOTSUPP and ENOTSUP (single P). Since we are talking to the
> > kernel and it returns the double P ENOTSUPP we need to define it in
> > kexec as well. And we should check ENOTSUP with single P in case
> > somebody some day thinks that returning undefined error codes to
> > userspace is not nice like in the patch above.
> 
> I wasn't aware that ENOTSUPP was an in-kernel only errno. Should I
> submit a patch for the kernel so that powerpc returns -EOPNOTSUPP in
> case of trying to load kdump kernel with kexec_file_load()?

This should be the easiest way and worth a try since userspace check it
now. 

> 
> -- 
> Thiago Jung Bauermann
> IBM Linux Technology Center
> 