[PATCH v5 02/13] x86/kexec: refactor for kernel/Kconfig.kexec
Christophe Leroy
christophe.leroy at csgroup.eu
Thu Jul 6 22:58:35 PDT 2023
Le 07/07/2023 à 00:20, Eric DeVolder a écrit :
> The kexec and crash kernel options are provided in the common
> kernel/Kconfig.kexec. Utilize the common options and provide
> the ARCH_SUPPORTS_ and ARCH_SELECTS_ entries to recreate the
> equivalent set of KEXEC and CRASH options.
Why do you need to duplicate the ARCH_SELECTS_ entries in each
architecture ?
Why not define them in arch/Kconfig then select if from each architecture ?
For instance here for x86 for ARCH_SELECTS_KEXEC_FILE all you'll have to
do is:
select ARCH_SELECTS_KEXEC_FILE if KEXEC_FILE
select HAVE_IMA_KEXEC if IMA && KEXEC_FILE
Christophe
>
> Signed-off-by: Eric DeVolder <eric.devolder at oracle.com>
> ---
> arch/x86/Kconfig | 92 ++++++++++--------------------------------------
> 1 file changed, 19 insertions(+), 73 deletions(-)
>
> diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
> index 7422db409770..9767a343f7c2 100644
> --- a/arch/x86/Kconfig
> +++ b/arch/x86/Kconfig
> @@ -2040,88 +2040,34 @@ config EFI_RUNTIME_MAP
>
> source "kernel/Kconfig.hz"
>
> -config KEXEC
> - bool "kexec system call"
> - select KEXEC_CORE
> - help
> - kexec is a system call that implements the ability to shutdown your
> - current kernel, and to start another kernel. It is like a reboot
> - but it is independent of the system firmware. And like a reboot
> - you can start any kernel with it, not just Linux.
> -
> - The name comes from the similarity to the exec system call.
> -
> - It is an ongoing process to be certain the hardware in a machine
> - is properly shutdown, so do not be surprised if this code does not
> - initially work for you. As of this writing the exact hardware
> - interface is strongly in flux, so no good recommendation can be
> - made.
> -
> -config KEXEC_FILE
> - bool "kexec file based system call"
> - select KEXEC_CORE
> - select HAVE_IMA_KEXEC if IMA
> - depends on X86_64
> - depends on CRYPTO=y
> - depends on CRYPTO_SHA256=y
> - help
> - This is new version of kexec system call. This system call is
> - file based and takes file descriptors as system call argument
> - for kernel and initramfs as opposed to list of segments as
> - accepted by previous system call.
> +config ARCH_SUPPORTS_KEXEC
> + def_bool y
>
> -config ARCH_HAS_KEXEC_PURGATORY
> - def_bool KEXEC_FILE
> +config ARCH_SUPPORTS_KEXEC_FILE
> + def_bool X86_64 && CRYPTO && CRYPTO_SHA256
>
> -config KEXEC_SIG
> - bool "Verify kernel signature during kexec_file_load() syscall"
> +config ARCH_SELECTS_KEXEC_FILE
> + def_bool y
> depends on KEXEC_FILE
> - help
> + select HAVE_IMA_KEXEC if IMA
>
> - This option makes the kexec_file_load() syscall check for a valid
> - signature of the kernel image. The image can still be loaded without
> - a valid signature unless you also enable KEXEC_SIG_FORCE, though if
> - there's a signature that we can check, then it must be valid.
> +config ARCH_HAS_KEXEC_PURGATORY
> + def_bool KEXEC_FILE
>
> - In addition to this option, you need to enable signature
> - verification for the corresponding kernel image type being
> - loaded in order for this to work.
> +config ARCH_SUPPORTS_KEXEC_SIG
> + def_bool y
>
> -config KEXEC_SIG_FORCE
> - bool "Require a valid signature in kexec_file_load() syscall"
> - depends on KEXEC_SIG
> - help
> - This option makes kernel signature verification mandatory for
> - the kexec_file_load() syscall.
> +config ARCH_SUPPORTS_KEXEC_SIG_FORCE
> + def_bool y
>
> -config KEXEC_BZIMAGE_VERIFY_SIG
> - bool "Enable bzImage signature verification support"
> - depends on KEXEC_SIG
> - depends on SIGNED_PE_FILE_VERIFICATION
> - select SYSTEM_TRUSTED_KEYRING
> - help
> - Enable bzImage signature verification support.
> +config ARCH_SUPPORTS_KEXEC_BZIMAGE_VERIFY_SIG
> + def_bool y
>
> -config CRASH_DUMP
> - bool "kernel crash dumps"
> - depends on X86_64 || (X86_32 && HIGHMEM)
> - help
> - Generate crash dump after being started by kexec.
> - This should be normally only set in special crash dump kernels
> - which are loaded in the main kernel with kexec-tools into
> - a specially reserved region and then later executed after
> - a crash by kdump/kexec. The crash dump kernel must be compiled
> - to a memory address not used by the main kernel or BIOS using
> - PHYSICAL_START, or it must be built as a relocatable image
> - (CONFIG_RELOCATABLE=y).
> - For more details see Documentation/admin-guide/kdump/kdump.rst
> +config ARCH_SUPPORTS_KEXEC_JUMP
> + def_bool y
>
> -config KEXEC_JUMP
> - bool "kexec jump"
> - depends on KEXEC && HIBERNATION
> - help
> - Jump between original kernel and kexeced kernel and invoke
> - code in physical address mode via KEXEC
> +config ARCH_SUPPORTS_CRASH_DUMP
> + def_bool X86_64 || (X86_32 && HIGHMEM)
>
> config PHYSICAL_START
> hex "Physical address where the kernel is loaded" if (EXPERT || CRASH_DUMP)
More information about the linux-riscv
mailing list