Re: [PATCH v4 4/5] kexec: add option to fall back to KEXEC_LOAD when KEXEC_FILE_LOAD is not supported.

From: Dave Young <dyoung@redhat.com>
To: "Michal Suchánek" <msuchanek@suse.de>
Cc: Tony Jones <tonyj@suse.com>,
	horms@verge.net.au, kexec@lists.infradead.org,
	Petr Tesarik <ptesarik@suse.cz>
Subject: Re: [PATCH v4 4/5] kexec: add option to fall back to KEXEC_LOAD when KEXEC_FILE_LOAD is not supported.
Date: Fri, 16 Mar 2018 14:45:02 +0800	[thread overview]
Message-ID: <20180316064502.GA11233@dhcp-128-65.nay.redhat.com> (raw)
In-Reply-To: <20180315120637.4f4c8dc6@kitsune.suse.cz>

On 03/15/18 at 12:06pm, Michal Suchánek wrote:
> On Wed, 14 Mar 2018 11:21:59 +0800
> Dave Young <dyoung@redhat.com> wrote:
> 
> > On 03/06/18 at 02:15pm, Michal Suchanek wrote:
> > > Not all architectures implement KEXEC_FILE_LOAD. However, on some
> > > archiectures KEXEC_FILE_LOAD is required when secure boot is
> > > enabled in locked-down mode. Previously users had to select the
> > > KEXEC_FILE_LOAD syscall with undocumented -s option. However, if
> > > they did pass the option kexec would fail on architectures that do
> > > not support it.
> > > 
> > > So add an -a option that tries KEXEC_FILE_LOAD and when it is not
> > > supported tries KEXEC_LOAD.
> > > 
> > > Signed-off-by: Michal Suchanek <msuchanek@suse.de>
> > > ---
> > > v3: instead of changing the deafult add extra option
> > > v4: actually check -ENOSYS as well
> > > ---
> > >  kexec/kexec.c | 52
> > > ++++++++++++++++++++++++++++++++++++++++++++++++---- kexec/kexec.h
> > > |  4 +++- 2 files changed, 51 insertions(+), 5 deletions(-)
> > > 
> > > diff --git a/kexec/kexec.c b/kexec/kexec.c
> > > index a95cfb473d6b..5c5aee344b41 100644
> > > --- a/kexec/kexec.c
> > > +++ b/kexec/kexec.c
> > > @@ -1243,6 +1243,7 @@ int main(int argc, char *argv[])
> > >  	int do_unload = 0;
> > >  	int do_reuse_initrd = 0;
> > >  	int do_kexec_file_syscall = 0;
> > > +	int do_kexec_fallback = 0;
> > >  	int do_status = 0;
> > >  	void *entry = 0;
> > >  	char *type = 0;
> > > @@ -1367,10 +1368,15 @@ int main(int argc, char *argv[])
> > >  			break;
> > >  		case OPT_KEXEC_FILE_SYSCALL:
> > >  			do_kexec_file_syscall = 1;
> > > +			do_kexec_fallback = 0;
> > >  			break;
> > >  		case OPT_KEXEC_SYSCALL:
> > >  			do_kexec_file_syscall = 0;
> > > +			do_kexec_fallback = 0;
> > >  			break;
> > > +		case OPT_KEXEC_SYSCALL_AUTO:
> > > +			do_kexec_file_syscall = 1;
> > > +			do_kexec_fallback = 1;  
> > 
> > need a break here
> 
> Indeed
> 
> > 
> > >  		case OPT_STATUS:
> > >  			do_status = 1;
> > >  			break;
> > > @@ -1442,16 +1448,54 @@ int main(int argc, char *argv[])
> > >  		result = k_status(kexec_flags);
> > >  	}
> > >  	if (do_unload) {
> > > -		if (do_kexec_file_syscall)
> > > +		if (do_kexec_file_syscall) {
> > >  			result =
> > > kexec_file_unload(kexec_file_flags);
> > > -		else
> > > +			if ((result == -ENOSYS) &&
> > > do_kexec_fallback)
> > > +				do_kexec_file_syscall = 0;
> > > +		}
> > > +		if (!do_kexec_file_syscall)
> > >  			result = k_unload(kexec_flags);
> > >  	}
> > >  	if (do_load && (result == 0)) {
> > > -		if (do_kexec_file_syscall)
> > > +		if (do_kexec_file_syscall) {
> > >  			result = do_kexec_file_load(fileind, argc,
> > > argv, kexec_file_flags);
> > > -		else
> > > +			if (do_kexec_fallback) switch (result) {
> > > +				/*
> > > +				 * Something failed with signature
> > > verification.
> > > +				 * Reject the image.
> > > +				 */
> > > +				case -ELIBBAD:
> > > +				case -EKEYREJECTED:
> > > +				case -ENOPKG:
> > > +				case -ENOKEY:
> > > +				case -EBADMSG:
> > > +				case -EMSGSIZE:
> > > +					/*
> > > +					 * By default reject or do
> > > nothing if
> > > +					 * succeded
> > > +					 */
> > > +				default: break;
> > > +				case -ENOSYS: /* not implemented */
> > > +					/*
> > > +					 * Parsing image or other
> > > options failed
> > > +					 * The image may be
> > > invalid or image
> > > +					 * type may not supported
> > > by kernel so
> > > +					 * retry parsing in
> > > kexec-tools.
> > > +					 */
> > > +				case -EINVAL:
> > > +				case -ENOEXEC:
> > > +					 /*
> > > +					  * ENOTSUPP can be
> > > unsupported image
> > > +					  * type or unsupported PE
> > > signature
> > > +					  * wrapper type, duh
> > > +					  */
> > > +				case -ENOTSUP:
> > > +					do_kexec_file_syscall = 0;
> > > +					break;  
> > 
> > It looks to me it is enough only checking -ENOSYS maybe also
> > -ENOTSUPP and then set do_kexec_file_syscall = 0;
> > 
> > EINVAL and ENOEXEC are real errors, I do not understand why still 
> > fallback.  
> 
> If you pass an image type that the kernel does not understand (eg.
> multiboot or uImage) then the kernel will return a real error because
> it does not understand the image. However, kexec-tools should still be
> able to load it, automatically. That's what the -auto stands for.

This semes over engineering, the initial purpose is to fallback when
kexec_file_load is not supported, so I would suggest not to do more
than that.

> 
> > Also thos signature verification errors are not needed
> > in this code as well.
> 
> Yes, they are not needed. They are here so it's obvious which errors
> are signature verification errors.
> 
> Thanks
> 
> Michal

Thanks
Dave

_______________________________________________
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec