Hello, On Thu, Jul 13, 2023 at 07:13:57PM +0800, Leizhen (ThunderTown) wrote: > > > On 2023/7/13 0:15, Eric DeVolder wrote: > > The kexec and crash kernel options are provided in the common > > kernel/Kconfig.kexec. Utilize the common options and provide > > the ARCH_SUPPORTS_ and ARCH_SELECTS_ entries to recreate the > > equivalent set of KEXEC and CRASH options. > > > > Signed-off-by: Eric DeVolder <eric.devolder@xxxxxxxxxx> > > --- > > arch/x86/Kconfig | 92 ++++++++++-------------------------------------- > > 1 file changed, 19 insertions(+), 73 deletions(-) > > > > diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig > > index 7422db409770..9767a343f7c2 100644 > > --- a/arch/x86/Kconfig > > +++ b/arch/x86/Kconfig > > @@ -2040,88 +2040,34 @@ config EFI_RUNTIME_MAP > > > > source "kernel/Kconfig.hz" > > > > -config KEXEC > > - bool "kexec system call" > > - select KEXEC_CORE > > - help > > - kexec is a system call that implements the ability to shutdown your > > - current kernel, and to start another kernel. It is like a reboot > > - but it is independent of the system firmware. And like a reboot > > - you can start any kernel with it, not just Linux. > > - > > - The name comes from the similarity to the exec system call. > > - > > - It is an ongoing process to be certain the hardware in a machine > > - is properly shutdown, so do not be surprised if this code does not > > - initially work for you. As of this writing the exact hardware > > - interface is strongly in flux, so no good recommendation can be > > - made. > > - > > -config KEXEC_FILE > > - bool "kexec file based system call" > > - select KEXEC_CORE > > - select HAVE_IMA_KEXEC if IMA > > - depends on X86_64 > > - depends on CRYPTO=y > > - depends on CRYPTO_SHA256=y > > - help > > - This is new version of kexec system call. This system call is > > - file based and takes file descriptors as system call argument > > - for kernel and initramfs as opposed to list of segments as > > - accepted by previous system call. > > +config ARCH_SUPPORTS_KEXEC > > + def_bool y > > In v5, Joel Fernandes seems to suggest you change it to the following form: It's unfortunate that the suggestion did not make it to the mailinglist. > In arch/Kconfig: > +config ARCH_SUPPORTS_KEXEC > + bool > > In arch/x86/Kconfig: > config X86 > ... ... > + select ARCH_SUPPORTS_KEXEC > > In arch/arm64/Kconfig: > config ARM64 > ... ... > + select ARCH_SUPPORTS_KEXEC if PM_SLEEP_SMP Which might work for this case > > etc.. > > You can refer to ARCH_HAS_DEBUG_VIRTUAL. > > > > > -config ARCH_HAS_KEXEC_PURGATORY > > - def_bool KEXEC_FILE > > +config ARCH_SUPPORTS_KEXEC_FILE > > + def_bool X86_64 && CRYPTO && CRYPTO_SHA256 > > > > -config KEXEC_SIG > > - bool "Verify kernel signature during kexec_file_load() syscall" > > +config ARCH_SELECTS_KEXEC_FILE > > + def_bool y > > depends on KEXEC_FILE > > - help > > + select HAVE_IMA_KEXEC if IMA but not this case, at least not this trivially. Than for consistency it looks better to keep as is. Thanks Michal > > > > - This option makes the kexec_file_load() syscall check for a valid > > - signature of the kernel image. The image can still be loaded without > > - a valid signature unless you also enable KEXEC_SIG_FORCE, though if > > - there's a signature that we can check, then it must be valid. > > +config ARCH_HAS_KEXEC_PURGATORY > > + def_bool KEXEC_FILE > > > > - In addition to this option, you need to enable signature > > - verification for the corresponding kernel image type being > > - loaded in order for this to work. > > +config ARCH_SUPPORTS_KEXEC_SIG > > + def_bool y > > > > -config KEXEC_SIG_FORCE > > - bool "Require a valid signature in kexec_file_load() syscall" > > - depends on KEXEC_SIG > > - help > > - This option makes kernel signature verification mandatory for > > - the kexec_file_load() syscall. > > +config ARCH_SUPPORTS_KEXEC_SIG_FORCE > > + def_bool y > > > > -config KEXEC_BZIMAGE_VERIFY_SIG > > - bool "Enable bzImage signature verification support" > > - depends on KEXEC_SIG > > - depends on SIGNED_PE_FILE_VERIFICATION > > - select SYSTEM_TRUSTED_KEYRING > > - help > > - Enable bzImage signature verification support. > > +config ARCH_SUPPORTS_KEXEC_BZIMAGE_VERIFY_SIG > > + def_bool y > > > > -config CRASH_DUMP > > - bool "kernel crash dumps" > > - depends on X86_64 || (X86_32 && HIGHMEM) > > - help > > - Generate crash dump after being started by kexec. > > - This should be normally only set in special crash dump kernels > > - which are loaded in the main kernel with kexec-tools into > > - a specially reserved region and then later executed after > > - a crash by kdump/kexec. The crash dump kernel must be compiled > > - to a memory address not used by the main kernel or BIOS using > > - PHYSICAL_START, or it must be built as a relocatable image > > - (CONFIG_RELOCATABLE=y). > > - For more details see Documentation/admin-guide/kdump/kdump.rst > > +config ARCH_SUPPORTS_KEXEC_JUMP > > + def_bool y > > > > -config KEXEC_JUMP > > - bool "kexec jump" > > - depends on KEXEC && HIBERNATION > > - help > > - Jump between original kernel and kexeced kernel and invoke > > - code in physical address mode via KEXEC > > +config ARCH_SUPPORTS_CRASH_DUMP > > + def_bool X86_64 || (X86_32 && HIGHMEM) > > > > config PHYSICAL_START > > hex "Physical address where the kernel is loaded" if (EXPERT || CRASH_DUMP) > > > > -- > Regards, > Zhen Lei
