| Message ID | 20231128054457.659452-1-bhe@redhat.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [v2] kernel/Kconfig.kexec: drop select of KEXEC for CRASH_DUMP | expand |
On Tue, Nov 28, 2023 at 5:45 AM Baoquan He <bhe@redhat.com> wrote: > > Ignat Korchagin complained that a potential config regression was > introduced by commit 89cde455915f ("kexec: consolidate kexec and > crash options into kernel/Kconfig.kexec"). Before the commit, > CONFIG_CRASH_DUMP has no dependency on CONFIG_KEXEC. After the commit, > CRASH_DUMP selects KEXEC. That enforces system to have CONFIG_KEXEC=y > as long as CONFIG_CRASH_DUMP=Y which people may not want. > > In Ignat's case, he sets CONFIG_CRASH_DUMP=y, CONFIG_KEXEC_FILE=y and > CONFIG_KEXEC=n because kexec_load interface could have security issue if > kernel/initrd has no chance to be signed and verified. > > CRASH_DUMP has select of KEXEC because Eric, author of above commit, > met a LKP report of build failure when posting patch of earlier version. > Please see below link to get detail of the LKP report: > > https://lore.kernel.org/all/3e8eecd1-a277-2cfb-690e-5de2eb7b988e@oracle.com/T/#u > > In fact, that LKP report is triggered because arm's <asm/kexec.h> is > wrapped in CONFIG_KEXEC ifdeffery scope. That is wrong. CONFIG_KEXEC > controls the enabling/disabling of kexec_load interface, but not kexec > feature. Removing the wrongly added CONFIG_KEXEC ifdeffery scope in > <asm/kexec.h> of arm allows us to drop the select KEXEC for CRASH_DUMP. > Meanwhile, change arch/arm/kernel/Makefile to let machine_kexec.o > relocate_kernel.o depend on KEXEC_CORE. > > Fixes: commit 89cde455915f ("kexec: consolidate kexec and crash options into kernel/Kconfig.kexec") > Reported-by: Ignat Korchagin <ignat@cloudflare.com> > Signed-off-by: Baoquan He <bhe@redhat.com> Tested-by: Ignat Korchagin <ignat@cloudflare.com> # compile-time only for x86 and arm > --- > arch/arm/include/asm/kexec.h | 4 ---- > arch/arm/kernel/Makefile | 2 +- > kernel/Kconfig.kexec | 1 - > 3 files changed, 1 insertion(+), 6 deletions(-) > > diff --git a/arch/arm/include/asm/kexec.h b/arch/arm/include/asm/kexec.h > index e62832dcba76..a8287e7ab9d4 100644 > --- a/arch/arm/include/asm/kexec.h > +++ b/arch/arm/include/asm/kexec.h > @@ -2,8 +2,6 @@ > #ifndef _ARM_KEXEC_H > #define _ARM_KEXEC_H > > -#ifdef CONFIG_KEXEC > - > /* Maximum physical address we can use pages from */ > #define KEXEC_SOURCE_MEMORY_LIMIT (-1UL) > /* Maximum address we can reach in physical address mode */ > @@ -82,6 +80,4 @@ static inline struct page *boot_pfn_to_page(unsigned long boot_pfn) > > #endif /* __ASSEMBLY__ */ > > -#endif /* CONFIG_KEXEC */ > - > #endif /* _ARM_KEXEC_H */ > diff --git a/arch/arm/kernel/Makefile b/arch/arm/kernel/Makefile > index d53f56d6f840..771264d4726a 100644 > --- a/arch/arm/kernel/Makefile > +++ b/arch/arm/kernel/Makefile > @@ -59,7 +59,7 @@ obj-$(CONFIG_FUNCTION_TRACER) += entry-ftrace.o > obj-$(CONFIG_DYNAMIC_FTRACE) += ftrace.o insn.o patch.o > obj-$(CONFIG_FUNCTION_GRAPH_TRACER) += ftrace.o insn.o patch.o > obj-$(CONFIG_JUMP_LABEL) += jump_label.o insn.o patch.o > -obj-$(CONFIG_KEXEC) += machine_kexec.o relocate_kernel.o > +obj-$(CONFIG_KEXEC_CORE) += machine_kexec.o relocate_kernel.o > # Main staffs in KPROBES are in arch/arm/probes/ . > obj-$(CONFIG_KPROBES) += patch.o insn.o > obj-$(CONFIG_OABI_COMPAT) += sys_oabi-compat.o > diff --git a/kernel/Kconfig.kexec b/kernel/Kconfig.kexec > index 7aff28ded2f4..1cc3b1c595d7 100644 > --- a/kernel/Kconfig.kexec > +++ b/kernel/Kconfig.kexec > @@ -97,7 +97,6 @@ config CRASH_DUMP > depends on ARCH_SUPPORTS_KEXEC > select CRASH_CORE > select KEXEC_CORE > - select KEXEC > help > Generate crash dump after being started by kexec. > This should be normally only set in special crash dump kernels > -- > 2.41.0 >
On Tue, Nov 28, 2023 at 01:44:57PM +0800, Baoquan He wrote: > Ignat Korchagin complained that a potential config regression was > introduced by commit 89cde455915f ("kexec: consolidate kexec and > crash options into kernel/Kconfig.kexec"). Before the commit, > CONFIG_CRASH_DUMP has no dependency on CONFIG_KEXEC. After the commit, > CRASH_DUMP selects KEXEC. That enforces system to have CONFIG_KEXEC=y > as long as CONFIG_CRASH_DUMP=Y which people may not want. > > In Ignat's case, he sets CONFIG_CRASH_DUMP=y, CONFIG_KEXEC_FILE=y and > CONFIG_KEXEC=n because kexec_load interface could have security issue if > kernel/initrd has no chance to be signed and verified. > > CRASH_DUMP has select of KEXEC because Eric, author of above commit, > met a LKP report of build failure when posting patch of earlier version. > Please see below link to get detail of the LKP report: > > https://lore.kernel.org/all/3e8eecd1-a277-2cfb-690e-5de2eb7b988e@oracle.com/T/#u > > In fact, that LKP report is triggered because arm's <asm/kexec.h> is > wrapped in CONFIG_KEXEC ifdeffery scope. That is wrong. CONFIG_KEXEC > controls the enabling/disabling of kexec_load interface, but not kexec > feature. Removing the wrongly added CONFIG_KEXEC ifdeffery scope in > <asm/kexec.h> of arm allows us to drop the select KEXEC for CRASH_DUMP. > Meanwhile, change arch/arm/kernel/Makefile to let machine_kexec.o > relocate_kernel.o depend on KEXEC_CORE. > > Fixes: commit 89cde455915f ("kexec: consolidate kexec and crash options into kernel/Kconfig.kexec") > Reported-by: Ignat Korchagin <ignat@cloudflare.com> > Signed-off-by: Baoquan He <bhe@redhat.com> > --- > arch/arm/include/asm/kexec.h | 4 ---- > arch/arm/kernel/Makefile | 2 +- > kernel/Kconfig.kexec | 1 - > 3 files changed, 1 insertion(+), 6 deletions(-) On s390: Tested-by: Alexander Gordeev <agordeev@linux.ibm.com> Thanks!
On 11/27/23 23:44, Baoquan He wrote: > Ignat Korchagin complained that a potential config regression was > introduced by commit 89cde455915f ("kexec: consolidate kexec and > crash options into kernel/Kconfig.kexec"). Before the commit, > CONFIG_CRASH_DUMP has no dependency on CONFIG_KEXEC. After the commit, > CRASH_DUMP selects KEXEC. That enforces system to have CONFIG_KEXEC=y > as long as CONFIG_CRASH_DUMP=Y which people may not want. > > In Ignat's case, he sets CONFIG_CRASH_DUMP=y, CONFIG_KEXEC_FILE=y and > CONFIG_KEXEC=n because kexec_load interface could have security issue if > kernel/initrd has no chance to be signed and verified. > > CRASH_DUMP has select of KEXEC because Eric, author of above commit, > met a LKP report of build failure when posting patch of earlier version. > Please see below link to get detail of the LKP report: > > https://lore.kernel.org/all/3e8eecd1-a277-2cfb-690e-5de2eb7b988e@oracle.com/T/#u > > In fact, that LKP report is triggered because arm's <asm/kexec.h> is > wrapped in CONFIG_KEXEC ifdeffery scope. That is wrong. CONFIG_KEXEC > controls the enabling/disabling of kexec_load interface, but not kexec > feature. Removing the wrongly added CONFIG_KEXEC ifdeffery scope in > <asm/kexec.h> of arm allows us to drop the select KEXEC for CRASH_DUMP. > Meanwhile, change arch/arm/kernel/Makefile to let machine_kexec.o > relocate_kernel.o depend on KEXEC_CORE. > > Fixes: commit 89cde455915f ("kexec: consolidate kexec and crash options into kernel/Kconfig.kexec") > Reported-by: Ignat Korchagin <ignat@cloudflare.com> > Signed-off-by: Baoquan He <bhe@redhat.com> > --- > arch/arm/include/asm/kexec.h | 4 ---- > arch/arm/kernel/Makefile | 2 +- > kernel/Kconfig.kexec | 1 - > 3 files changed, 1 insertion(+), 6 deletions(-) > > diff --git a/arch/arm/include/asm/kexec.h b/arch/arm/include/asm/kexec.h > index e62832dcba76..a8287e7ab9d4 100644 > --- a/arch/arm/include/asm/kexec.h > +++ b/arch/arm/include/asm/kexec.h > @@ -2,8 +2,6 @@ > #ifndef _ARM_KEXEC_H > #define _ARM_KEXEC_H > > -#ifdef CONFIG_KEXEC > - > /* Maximum physical address we can use pages from */ > #define KEXEC_SOURCE_MEMORY_LIMIT (-1UL) > /* Maximum address we can reach in physical address mode */ > @@ -82,6 +80,4 @@ static inline struct page *boot_pfn_to_page(unsigned long boot_pfn) > > #endif /* __ASSEMBLY__ */ > > -#endif /* CONFIG_KEXEC */ > - > #endif /* _ARM_KEXEC_H */ > diff --git a/arch/arm/kernel/Makefile b/arch/arm/kernel/Makefile > index d53f56d6f840..771264d4726a 100644 > --- a/arch/arm/kernel/Makefile > +++ b/arch/arm/kernel/Makefile > @@ -59,7 +59,7 @@ obj-$(CONFIG_FUNCTION_TRACER) += entry-ftrace.o > obj-$(CONFIG_DYNAMIC_FTRACE) += ftrace.o insn.o patch.o > obj-$(CONFIG_FUNCTION_GRAPH_TRACER) += ftrace.o insn.o patch.o > obj-$(CONFIG_JUMP_LABEL) += jump_label.o insn.o patch.o > -obj-$(CONFIG_KEXEC) += machine_kexec.o relocate_kernel.o > +obj-$(CONFIG_KEXEC_CORE) += machine_kexec.o relocate_kernel.o > # Main staffs in KPROBES are in arch/arm/probes/ . > obj-$(CONFIG_KPROBES) += patch.o insn.o > obj-$(CONFIG_OABI_COMPAT) += sys_oabi-compat.o > diff --git a/kernel/Kconfig.kexec b/kernel/Kconfig.kexec > index 7aff28ded2f4..1cc3b1c595d7 100644 > --- a/kernel/Kconfig.kexec > +++ b/kernel/Kconfig.kexec > @@ -97,7 +97,6 @@ config CRASH_DUMP > depends on ARCH_SUPPORTS_KEXEC > select CRASH_CORE > select KEXEC_CORE > - select KEXEC > help > Generate crash dump after being started by kexec. > This should be normally only set in special crash dump kernels I have run this change against the kconfig regression script, and it did not find any differences! Reviewed-by: Eric DeVolder <eric_devolder@yahoo.com>
diff --git a/arch/arm/include/asm/kexec.h b/arch/arm/include/asm/kexec.h index e62832dcba76..a8287e7ab9d4 100644 --- a/arch/arm/include/asm/kexec.h +++ b/arch/arm/include/asm/kexec.h @@ -2,8 +2,6 @@ #ifndef _ARM_KEXEC_H #define _ARM_KEXEC_H -#ifdef CONFIG_KEXEC - /* Maximum physical address we can use pages from */ #define KEXEC_SOURCE_MEMORY_LIMIT (-1UL) /* Maximum address we can reach in physical address mode */ @@ -82,6 +80,4 @@ static inline struct page *boot_pfn_to_page(unsigned long boot_pfn) #endif /* __ASSEMBLY__ */ -#endif /* CONFIG_KEXEC */ - #endif /* _ARM_KEXEC_H */ diff --git a/arch/arm/kernel/Makefile b/arch/arm/kernel/Makefile index d53f56d6f840..771264d4726a 100644 --- a/arch/arm/kernel/Makefile +++ b/arch/arm/kernel/Makefile @@ -59,7 +59,7 @@ obj-$(CONFIG_FUNCTION_TRACER) += entry-ftrace.o obj-$(CONFIG_DYNAMIC_FTRACE) += ftrace.o insn.o patch.o obj-$(CONFIG_FUNCTION_GRAPH_TRACER) += ftrace.o insn.o patch.o obj-$(CONFIG_JUMP_LABEL) += jump_label.o insn.o patch.o -obj-$(CONFIG_KEXEC) += machine_kexec.o relocate_kernel.o +obj-$(CONFIG_KEXEC_CORE) += machine_kexec.o relocate_kernel.o # Main staffs in KPROBES are in arch/arm/probes/ . obj-$(CONFIG_KPROBES) += patch.o insn.o obj-$(CONFIG_OABI_COMPAT) += sys_oabi-compat.o diff --git a/kernel/Kconfig.kexec b/kernel/Kconfig.kexec index 7aff28ded2f4..1cc3b1c595d7 100644 --- a/kernel/Kconfig.kexec +++ b/kernel/Kconfig.kexec @@ -97,7 +97,6 @@ config CRASH_DUMP depends on ARCH_SUPPORTS_KEXEC select CRASH_CORE select KEXEC_CORE - select KEXEC help Generate crash dump after being started by kexec. This should be normally only set in special crash dump kernels
Ignat Korchagin complained that a potential config regression was introduced by commit 89cde455915f ("kexec: consolidate kexec and crash options into kernel/Kconfig.kexec"). Before the commit, CONFIG_CRASH_DUMP has no dependency on CONFIG_KEXEC. After the commit, CRASH_DUMP selects KEXEC. That enforces system to have CONFIG_KEXEC=y as long as CONFIG_CRASH_DUMP=Y which people may not want. In Ignat's case, he sets CONFIG_CRASH_DUMP=y, CONFIG_KEXEC_FILE=y and CONFIG_KEXEC=n because kexec_load interface could have security issue if kernel/initrd has no chance to be signed and verified. CRASH_DUMP has select of KEXEC because Eric, author of above commit, met a LKP report of build failure when posting patch of earlier version. Please see below link to get detail of the LKP report: https://lore.kernel.org/all/3e8eecd1-a277-2cfb-690e-5de2eb7b988e@oracle.com/T/#u In fact, that LKP report is triggered because arm's <asm/kexec.h> is wrapped in CONFIG_KEXEC ifdeffery scope. That is wrong. CONFIG_KEXEC controls the enabling/disabling of kexec_load interface, but not kexec feature. Removing the wrongly added CONFIG_KEXEC ifdeffery scope in <asm/kexec.h> of arm allows us to drop the select KEXEC for CRASH_DUMP. Meanwhile, change arch/arm/kernel/Makefile to let machine_kexec.o relocate_kernel.o depend on KEXEC_CORE. Fixes: commit 89cde455915f ("kexec: consolidate kexec and crash options into kernel/Kconfig.kexec") Reported-by: Ignat Korchagin <ignat@cloudflare.com> Signed-off-by: Baoquan He <bhe@redhat.com> --- arch/arm/include/asm/kexec.h | 4 ---- arch/arm/kernel/Makefile | 2 +- kernel/Kconfig.kexec | 1 - 3 files changed, 1 insertion(+), 6 deletions(-)