[PATCH v5 4/5] kexec: Add option to fall back to KEXEC_LOAD when KEXEC_FILE_LOAD is not supported

Dave Young dyoung at redhat.com
Tue Mar 27 03:06:19 PDT 2018


On 03/26/18 at 07:38pm, Michal Suchánek wrote:
> On Mon, 26 Mar 2018 17:12:10 +0800
> Dave Young <dyoung at redhat.com> wrote:
> 
> > On 03/26/18 at 05:08pm, Dave Young wrote:
> > > On 03/20/18 at 04:56pm, Michal Suchanek wrote:  
> > > > Not all architectures implement KEXEC_FILE_LOAD. However, on some
> > > > archiectures KEXEC_FILE_LOAD is required when secure boot is
> > > > enabled in locked-down mode. Previously users had to select the
> > > > KEXEC_FILE_LOAD syscall with undocumented -s option. However, if
> > > > they did pass the option kexec would fail on architectures that
> > > > do not support it.
> > > > 
> > > > So add an -a option that tries KEXEC_FILE_LOAD and when it is not
> > > > supported tries KEXEC_LOAD.
> > > > 
> > > > Signed-off-by: Michal Suchanek <msuchanek at suse.de>
> > > > ---
> > > > v3: instead of changing the deafult add extra option
> > > > v4: actually check -ENOSYS as well
> > > > v5: add missing break
> > > > ---
> > > >  kexec/kexec.c | 58
> > > > +++++++++++++++++++++++++++++++++++++++++++++++++++++-----
> > > > kexec/kexec.h |  6 +++++- 2 files changed, 58 insertions(+), 6
> > > > deletions(-)
> > > > 
> > > > diff --git a/kexec/kexec.c b/kexec/kexec.c
> > > > index 68ae0594d4a7..44042345a16e 100644
> > > > --- a/kexec/kexec.c
> > > > +++ b/kexec/kexec.c
> > > > @@ -1243,6 +1243,7 @@ int main(int argc, char *argv[])
> > > >  	int do_unload = 0;
> > > >  	int do_reuse_initrd = 0;
> > > >  	int do_kexec_file_syscall = 0;
> > > > +	int do_kexec_fallback = 0;
> > > >  	int do_status = 0;
> > > >  	void *entry = 0;
> > > >  	char *type = 0;
> > > > @@ -1367,6 +1368,15 @@ int main(int argc, char *argv[])
> > > >  			break;
> > > >  		case OPT_KEXEC_FILE_SYSCALL:
> > > >  			do_kexec_file_syscall = 1;
> > > > +			do_kexec_fallback = 0;
> > > > +			break;
> > > > +		case OPT_KEXEC_SYSCALL:
> > > > +			do_kexec_file_syscall = 0;
> > > > +			do_kexec_fallback = 0;
> > > > +			break;
> > > > +		case OPT_KEXEC_SYSCALL_AUTO:
> > > > +			do_kexec_file_syscall = 1;
> > > > +			do_kexec_fallback = 1;
> > > >  			break;
> > > >  		case OPT_STATUS:
> > > >  			do_status = 1;
> > > > @@ -1433,7 +1443,7 @@ int main(int argc, char *argv[])
> > > >  		}
> > > >  	}
> > > >  	if (do_kexec_file_syscall) {
> > > > -		if (do_load_jump_back_helper)
> > > > +		if (do_load_jump_back_helper
> > > > && !do_kexec_fallback) die("--load-jump-back-helper not supported
> > > > with kexec_file_load\n"); if (kexec_flags &
> > > > KEXEC_PRESERVE_CONTEXT) die("--load-preserve-context not
> > > > supported with kexec_file_load\n"); @@ -1447,16 +1457,54 @@ int
> > > > main(int argc, char *argv[]) result = k_status(kexec_flags);
> > > >  	}
> > > >  	if (do_unload) {
> > > > -		if (do_kexec_file_syscall)
> > > > +		if (do_kexec_file_syscall) {
> > > >  			result =
> > > > kexec_file_unload(kexec_file_flags);
> > > > -		else
> > > > +			if ((result == -ENOSYS) &&
> > > > do_kexec_fallback)
> > > > +				do_kexec_file_syscall = 0;
> > > > +		}
> > > > +		if (!do_kexec_file_syscall)
> > > >  			result = k_unload(kexec_flags);
> > > >  	}
> > > >  	if (do_load && (result == 0)) {
> > > > -		if (do_kexec_file_syscall)
> > > > +		if (do_kexec_file_syscall) {
> > > >  			result = do_kexec_file_load(fileind,
> > > > argc, argv, kexec_file_flags);
> > > > -		else
> > > > +			if (do_kexec_fallback) switch (result) {
> > > > +				/*
> > > > +				 * Something failed with
> > > > signature verification.
> > > > +				 * Reject the image.
> > > > +				 */
> > > > +				case -ELIBBAD:
> > > > +				case -EKEYREJECTED:
> > > > +				case -ENOPKG:
> > > > +				case -ENOKEY:
> > > > +				case -EBADMSG:
> > > > +				case -EMSGSIZE:
> > > > +					/*
> > > > +					 * By default reject or
> > > > do nothing if
> > > > +					 * succeded
> > > > +					 */
> > > > +				default: break;
> > > > +				case -ENOSYS: /* not implemented
> > > > */
> > > > +					/*
> > > > +					 * Parsing image or
> > > > other options failed
> > > > +					 * The image may be
> > > > invalid or image
> > > > +					 * type may not
> > > > supported by kernel so
> > > > +					 * retry parsing in
> > > > kexec-tools.
> > > > +					 */
> > > > +				case -EINVAL:
> > > > +				case -ENOEXEC:
> > > > +					 /*
> > > > +					  * ENOTSUPP can be
> > > > unsupported image
> > > > +					  * type or unsupported
> > > > PE signature
> > > > +					  * wrapper type, duh
> > > > +					  */
> > > > +				case -ENOTSUP:  
> > > 
> > > Hmm, this is still used in latest version.  kernel does not return
> > > such error number,  I might not say clearly previously.  Please
> > > check the kernel code, the only one place I know is because no
> > > kdump support in power kexec_file:
> > > arch/powerpc/kernel/machine_kexec_file_64.c
> > > 
> > >         /* We don't support crash kernels yet. */
> > >         if (image->type == KEXEC_TYPE_CRASH)
> > >                 return -ENOTSUPP;
> > > 
> > > So I suggest not checking this as well since -ENOTSUPP is not
> > > populated in userspace headers, and -ENOTSUP is not used at all.
> > > 
> > > Also as I mentioned in another reply -EINVAL and -ENOEXEC is also
> > > not ncessary.
> > > 
> > > For -ENOTSUP, maybe someone can submit a patch to switch to
> > > -ENOTSUPP so that userspace can check it.
> > > Ccing Thiago and Hari for the -ENOTSUPP errno issue.  
> > 
> > Oops for the hurry reply,  I means -ENOTSUPP might be able to replaced
> > with -EOPNOTSUPP, a similar change like this:
> > https://patchwork.kernel.org/patch/8490791/
> 
> Thanks for catching this. In Linux ENOTSUPP with extra P is different
> from EOPNOTSUPP and ENOTSUP (single P). Since we are talking to the
> kernel and it returns the double P ENOTSUPP we need to define it in
> kexec as well. And we should check ENOTSUP with single P in case
> somebody some day thinks that returning undefined error codes to
> userspace is not nice like in the patch above.

I'm not sure if we can define it in kexec-tools since they are used
in kernel only.. 

Thanks
Dave



More information about the kexec mailing list