Le 07/07/2023 à 00:20, Eric DeVolder a écrit : > The kexec and crash kernel options are provided in the common > kernel/Kconfig.kexec. Utilize the common options and provide > the ARCH_SUPPORTS_ and ARCH_SELECTS_ entries to recreate the > equivalent set of KEXEC and CRASH options. Why do you need to duplicate the ARCH_SELECTS_ entries in each architecture ? Why not define them in arch/Kconfig then select if from each architecture ? For instance here for x86 for ARCH_SELECTS_KEXEC_FILE all you'll have to do is: select ARCH_SELECTS_KEXEC_FILE if KEXEC_FILE select HAVE_IMA_KEXEC if IMA && KEXEC_FILE Christophe > > Signed-off-by: Eric DeVolder <eric.devolder@xxxxxxxxxx> > --- > arch/x86/Kconfig | 92 ++++++++++-------------------------------------- > 1 file changed, 19 insertions(+), 73 deletions(-) > > diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig > index 7422db409770..9767a343f7c2 100644 > --- a/arch/x86/Kconfig > +++ b/arch/x86/Kconfig > @@ -2040,88 +2040,34 @@ config EFI_RUNTIME_MAP > > source "kernel/Kconfig.hz" > > -config KEXEC > - bool "kexec system call" > - select KEXEC_CORE > - help > - kexec is a system call that implements the ability to shutdown your > - current kernel, and to start another kernel. It is like a reboot > - but it is independent of the system firmware. And like a reboot > - you can start any kernel with it, not just Linux. > - > - The name comes from the similarity to the exec system call. > - > - It is an ongoing process to be certain the hardware in a machine > - is properly shutdown, so do not be surprised if this code does not > - initially work for you. As of this writing the exact hardware > - interface is strongly in flux, so no good recommendation can be > - made. > - > -config KEXEC_FILE > - bool "kexec file based system call" > - select KEXEC_CORE > - select HAVE_IMA_KEXEC if IMA > - depends on X86_64 > - depends on CRYPTO=y > - depends on CRYPTO_SHA256=y > - help > - This is new version of kexec system call. This system call is > - file based and takes file descriptors as system call argument > - for kernel and initramfs as opposed to list of segments as > - accepted by previous system call. > +config ARCH_SUPPORTS_KEXEC > + def_bool y > > -config ARCH_HAS_KEXEC_PURGATORY > - def_bool KEXEC_FILE > +config ARCH_SUPPORTS_KEXEC_FILE > + def_bool X86_64 && CRYPTO && CRYPTO_SHA256 > > -config KEXEC_SIG > - bool "Verify kernel signature during kexec_file_load() syscall" > +config ARCH_SELECTS_KEXEC_FILE > + def_bool y > depends on KEXEC_FILE > - help > + select HAVE_IMA_KEXEC if IMA > > - This option makes the kexec_file_load() syscall check for a valid > - signature of the kernel image. The image can still be loaded without > - a valid signature unless you also enable KEXEC_SIG_FORCE, though if > - there's a signature that we can check, then it must be valid. > +config ARCH_HAS_KEXEC_PURGATORY > + def_bool KEXEC_FILE > > - In addition to this option, you need to enable signature > - verification for the corresponding kernel image type being > - loaded in order for this to work. > +config ARCH_SUPPORTS_KEXEC_SIG > + def_bool y > > -config KEXEC_SIG_FORCE > - bool "Require a valid signature in kexec_file_load() syscall" > - depends on KEXEC_SIG > - help > - This option makes kernel signature verification mandatory for > - the kexec_file_load() syscall. > +config ARCH_SUPPORTS_KEXEC_SIG_FORCE > + def_bool y > > -config KEXEC_BZIMAGE_VERIFY_SIG > - bool "Enable bzImage signature verification support" > - depends on KEXEC_SIG > - depends on SIGNED_PE_FILE_VERIFICATION > - select SYSTEM_TRUSTED_KEYRING > - help > - Enable bzImage signature verification support. > +config ARCH_SUPPORTS_KEXEC_BZIMAGE_VERIFY_SIG > + def_bool y > > -config CRASH_DUMP > - bool "kernel crash dumps" > - depends on X86_64 || (X86_32 && HIGHMEM) > - help > - Generate crash dump after being started by kexec. > - This should be normally only set in special crash dump kernels > - which are loaded in the main kernel with kexec-tools into > - a specially reserved region and then later executed after > - a crash by kdump/kexec. The crash dump kernel must be compiled > - to a memory address not used by the main kernel or BIOS using > - PHYSICAL_START, or it must be built as a relocatable image > - (CONFIG_RELOCATABLE=y). > - For more details see Documentation/admin-guide/kdump/kdump.rst > +config ARCH_SUPPORTS_KEXEC_JUMP > + def_bool y > > -config KEXEC_JUMP > - bool "kexec jump" > - depends on KEXEC && HIBERNATION > - help > - Jump between original kernel and kexeced kernel and invoke > - code in physical address mode via KEXEC > +config ARCH_SUPPORTS_CRASH_DUMP > + def_bool X86_64 || (X86_32 && HIGHMEM) > > config PHYSICAL_START > hex "Physical address where the kernel is loaded" if (EXPERT || CRASH_DUMP)
