| Message ID | 20230612172805.681179-6-eric.devolder@oracle.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | refactor Kconfig to consolidate KEXEC and CRASH options | expand |
On 2023/6/13 1:27, Eric DeVolder wrote: > The kexec and crash kernel options are provided in the common > kernel/Kconfig.kexec. Utilize the common options and provide > the ARCH_HAS_ and ARCH_SUPPORTS_ entries to recreate the > equivalent set of KEXEC and CRASH options. > > Signed-off-by: Eric DeVolder <eric.devolder@oracle.com> > --- > arch/arm64/Kconfig | 61 ++++++++-------------------------------------- > 1 file changed, 10 insertions(+), 51 deletions(-) > > diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig > index 343e1e1cae10..33552476a877 100644 > --- a/arch/arm64/Kconfig > +++ b/arch/arm64/Kconfig > @@ -1433,60 +1433,19 @@ config PARAVIRT_TIME_ACCOUNTING > > If in doubt, say N here. > > -config KEXEC > - depends on PM_SLEEP_SMP > - select KEXEC_CORE > - bool "kexec system call" > - help > - kexec is a system call that implements the ability to shutdown your > - current kernel, and to start another kernel. It is like a reboot > - but it is independent of the system firmware. And like a reboot > - you can start any kernel with it, not just Linux. > - > -config KEXEC_FILE > - bool "kexec file based system call" > - select KEXEC_CORE > - select HAVE_IMA_KEXEC if IMA > - help > - This is new version of kexec system call. This system call is > - file based and takes file descriptors as system call argument > - for kernel and initramfs as opposed to list of segments as > - accepted by previous system call. > - > -config KEXEC_SIG > - bool "Verify kernel signature during kexec_file_load() syscall" > - depends on KEXEC_FILE > - help > - Select this option to verify a signature with loaded kernel > - image. If configured, any attempt of loading a image without > - valid signature will fail. > - > - In addition to that option, you need to enable signature > - verification for the corresponding kernel image type being > - loaded in order for this to work. > +config ARCH_HAS_KEXEC > + def_bool PM_SLEEP_SMP > > -config KEXEC_IMAGE_VERIFY_SIG > - bool "Enable Image signature verification support" > - default y > - depends on KEXEC_SIG > - depends on EFI && SIGNED_PE_FILE_VERIFICATION > - help > - Enable Image signature verification support. I don't see an alternative to this option. It's used in arch/arm64/kernel/kexec_image.c:135 > - > -comment "Support for PE file signature verification disabled" > - depends on KEXEC_SIG > - depends on !EFI || !SIGNED_PE_FILE_VERIFICATION > +config ARCH_HAS_KEXEC_FILE > + def_bool y > > -config CRASH_DUMP > - bool "Build kdump crash kernel" > - help > - Generate crash dump after being started by kexec. This should > - be normally only set in special crash dump kernels which are > - loaded in the main kernel with kexec-tools into a specially > - reserved region and then later executed after a crash by > - kdump/kexec. > +config ARCH_SUPPORTS_KEXEC_FILE > + def_bool y > + depends on KEXEC_FILE > + select HAVE_IMA_KEXEC if IMA > > - For more details see Documentation/admin-guide/kdump/kdump.rst > +config ARCH_HAS_CRASH_DUMP > + def_bool y > > config TRANS_TABLE > def_bool y >
On 6/13/23 20:22, Leizhen (ThunderTown) wrote: > > > On 2023/6/13 1:27, Eric DeVolder wrote: >> The kexec and crash kernel options are provided in the common >> kernel/Kconfig.kexec. Utilize the common options and provide >> the ARCH_HAS_ and ARCH_SUPPORTS_ entries to recreate the >> equivalent set of KEXEC and CRASH options. >> >> Signed-off-by: Eric DeVolder <eric.devolder@oracle.com> >> --- >> arch/arm64/Kconfig | 61 ++++++++-------------------------------------- >> 1 file changed, 10 insertions(+), 51 deletions(-) >> >> diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig >> index 343e1e1cae10..33552476a877 100644 >> --- a/arch/arm64/Kconfig >> +++ b/arch/arm64/Kconfig >> @@ -1433,60 +1433,19 @@ config PARAVIRT_TIME_ACCOUNTING >> >> If in doubt, say N here. >> >> -config KEXEC >> - depends on PM_SLEEP_SMP >> - select KEXEC_CORE >> - bool "kexec system call" >> - help >> - kexec is a system call that implements the ability to shutdown your >> - current kernel, and to start another kernel. It is like a reboot >> - but it is independent of the system firmware. And like a reboot >> - you can start any kernel with it, not just Linux. >> - >> -config KEXEC_FILE >> - bool "kexec file based system call" >> - select KEXEC_CORE >> - select HAVE_IMA_KEXEC if IMA >> - help >> - This is new version of kexec system call. This system call is >> - file based and takes file descriptors as system call argument >> - for kernel and initramfs as opposed to list of segments as >> - accepted by previous system call. >> - >> -config KEXEC_SIG >> - bool "Verify kernel signature during kexec_file_load() syscall" >> - depends on KEXEC_FILE >> - help >> - Select this option to verify a signature with loaded kernel >> - image. If configured, any attempt of loading a image without >> - valid signature will fail. >> - >> - In addition to that option, you need to enable signature >> - verification for the corresponding kernel image type being >> - loaded in order for this to work. >> +config ARCH_HAS_KEXEC >> + def_bool PM_SLEEP_SMP >> >> -config KEXEC_IMAGE_VERIFY_SIG >> - bool "Enable Image signature verification support" >> - default y >> - depends on KEXEC_SIG >> - depends on EFI && SIGNED_PE_FILE_VERIFICATION >> - help >> - Enable Image signature verification support. > > I don't see an alternative to this option. It's used in > arch/arm64/kernel/kexec_image.c:135 > Good catch! I will move this into the common options. Thank you Zhen! eric >> - >> -comment "Support for PE file signature verification disabled" >> - depends on KEXEC_SIG >> - depends on !EFI || !SIGNED_PE_FILE_VERIFICATION >> +config ARCH_HAS_KEXEC_FILE >> + def_bool y >> >> -config CRASH_DUMP >> - bool "Build kdump crash kernel" >> - help >> - Generate crash dump after being started by kexec. This should >> - be normally only set in special crash dump kernels which are >> - loaded in the main kernel with kexec-tools into a specially >> - reserved region and then later executed after a crash by >> - kdump/kexec. >> +config ARCH_SUPPORTS_KEXEC_FILE >> + def_bool y >> + depends on KEXEC_FILE >> + select HAVE_IMA_KEXEC if IMA >> >> - For more details see Documentation/admin-guide/kdump/kdump.rst >> +config ARCH_HAS_CRASH_DUMP >> + def_bool y >> >> config TRANS_TABLE >> def_bool y >> >
diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index 343e1e1cae10..33552476a877 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -1433,60 +1433,19 @@ config PARAVIRT_TIME_ACCOUNTING If in doubt, say N here. -config KEXEC - depends on PM_SLEEP_SMP - select KEXEC_CORE - bool "kexec system call" - help - kexec is a system call that implements the ability to shutdown your - current kernel, and to start another kernel. It is like a reboot - but it is independent of the system firmware. And like a reboot - you can start any kernel with it, not just Linux. - -config KEXEC_FILE - bool "kexec file based system call" - select KEXEC_CORE - select HAVE_IMA_KEXEC if IMA - help - This is new version of kexec system call. This system call is - file based and takes file descriptors as system call argument - for kernel and initramfs as opposed to list of segments as - accepted by previous system call. - -config KEXEC_SIG - bool "Verify kernel signature during kexec_file_load() syscall" - depends on KEXEC_FILE - help - Select this option to verify a signature with loaded kernel - image. If configured, any attempt of loading a image without - valid signature will fail. - - In addition to that option, you need to enable signature - verification for the corresponding kernel image type being - loaded in order for this to work. +config ARCH_HAS_KEXEC + def_bool PM_SLEEP_SMP -config KEXEC_IMAGE_VERIFY_SIG - bool "Enable Image signature verification support" - default y - depends on KEXEC_SIG - depends on EFI && SIGNED_PE_FILE_VERIFICATION - help - Enable Image signature verification support. - -comment "Support for PE file signature verification disabled" - depends on KEXEC_SIG - depends on !EFI || !SIGNED_PE_FILE_VERIFICATION +config ARCH_HAS_KEXEC_FILE + def_bool y -config CRASH_DUMP - bool "Build kdump crash kernel" - help - Generate crash dump after being started by kexec. This should - be normally only set in special crash dump kernels which are - loaded in the main kernel with kexec-tools into a specially - reserved region and then later executed after a crash by - kdump/kexec. +config ARCH_SUPPORTS_KEXEC_FILE + def_bool y + depends on KEXEC_FILE + select HAVE_IMA_KEXEC if IMA - For more details see Documentation/admin-guide/kdump/kdump.rst +config ARCH_HAS_CRASH_DUMP + def_bool y config TRANS_TABLE def_bool y
The kexec and crash kernel options are provided in the common kernel/Kconfig.kexec. Utilize the common options and provide the ARCH_HAS_ and ARCH_SUPPORTS_ entries to recreate the equivalent set of KEXEC and CRASH options. Signed-off-by: Eric DeVolder <eric.devolder@oracle.com> --- arch/arm64/Kconfig | 61 ++++++++-------------------------------------- 1 file changed, 10 insertions(+), 51 deletions(-)