lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Sun, 8 Jan 2023 00:22:15 +0900
From:   Masami Hiramatsu (Google) <mhiramat@...nel.org>
To:     paulmck@...nel.org
Cc:     linux-kernel@...r.kernel.org, linux-doc@...r.kernel.org,
        mhiramat@...nel.org, corbet@....net, akpm@...ux-foundation.org,
        ndesaulniers@...gle.com, vbabka@...e.cz, hannes@...xchg.org,
        joel@...lfernandes.org, quic_neeraju@...cinc.com, urezki@...il.com
Subject: Re: [PATCH RFC bootconfig] Allow forcing unconditional bootconfig
 processing

On Wed, 4 Jan 2023 16:58:38 -0800
"Paul E. McKenney" <paulmck@...nel.org> wrote:

> The BOOT_CONFIG family of Kconfig options allows a bootconfig file
> containing kernel boot parameters to be embedded into an initrd or into
> the kernel itself.  This can be extremely useful when deploying kernels
> in cases where some of the boot parameters depend on the kernel version
> rather than on the server hardware, firmware, or workload.
> 
> Unfortunately, the "bootconfig" kernel parameter must be specified in
> order to cause the kernel to look for the embedded bootconfig file,
> and it clearly does not help to embed this "bootconfig" kernel parameter
> into that file.
> 
> Therefore, provide a new BOOT_CONFIG_FORCE Kconfig option that causes the
> kernel to act as if the "bootconfig" kernel parameter had been specified.
> In other words, kernels built with CONFIG_BOOT_CONFIG_FORCE=y will look
> for the embedded bootconfig file even when the "bootconfig" kernel
> parameter is omitted.  This permits kernel-version-dependent kernel
> boot parameters to be embedded into the kernel image without the need to
> (for example) update large numbers of boot loaders.
> 

I like this because this is a simple solution. We have another option
to specify "bootconfig" in CONFIG_CMDLINE, but it can be overwritten by
bootloader. Thus, it is better to have this option so that user can
always enable bootconfig.

Acked-by: Masami Hiramatsu (Google) <mhiramat@...nel.org>

BTW, maybe CONFIG_BOOT_CONFIG_EMBED is better to select this.
(or at least recommend to enable this)

Thank you!

> Signed-off-by: Paul E. McKenney <paulmck@...nel.org>
> Cc: Masami Hiramatsu <mhiramat@...nel.org>
> Cc: Jonathan Corbet <corbet@....net>
> Cc: Andrew Morton <akpm@...ux-foundation.org>
> Cc: Nick Desaulniers <ndesaulniers@...gle.com>
> Cc: Vlastimil Babka <vbabka@...e.cz>
> Cc: Johannes Weiner <hannes@...xchg.org>
> Cc: <linux-doc@...r.kernel.org>
> 
> diff --git a/Documentation/admin-guide/bootconfig.rst b/Documentation/admin-guide/bootconfig.rst
> index 9355c525fbe0a..91339efdcb541 100644
> --- a/Documentation/admin-guide/bootconfig.rst
> +++ b/Documentation/admin-guide/bootconfig.rst
> @@ -201,6 +201,8 @@ To remove the config from the image, you can use -d option as below::
>  
>  Then add "bootconfig" on the normal kernel command line to tell the
>  kernel to look for the bootconfig at the end of the initrd file.
> +Alternatively, build your kernel with the ``CONFIG_BOOT_CONFIG_FORCE``
> +Kconfig option selected.
>  
>  Embedding a Boot Config into Kernel
>  -----------------------------------
> @@ -217,7 +219,9 @@ path to the bootconfig file from source tree or object tree.
>  The kernel will embed it as the default bootconfig.
>  
>  Just as when attaching the bootconfig to the initrd, you need ``bootconfig``
> -option on the kernel command line to enable the embedded bootconfig.
> +option on the kernel command line to enable the embedded bootconfig, or,
> +alternatively, build your kernel with the ``CONFIG_BOOT_CONFIG_FORCE``
> +Kconfig option selected.
>  
>  Note that even if you set this option, you can override the embedded
>  bootconfig by another bootconfig which attached to the initrd.
> diff --git a/init/Kconfig b/init/Kconfig
> index 7e5c3ddc341de..f894fb004bad4 100644
> --- a/init/Kconfig
> +++ b/init/Kconfig
> @@ -1376,6 +1376,18 @@ config BOOT_CONFIG
>  
>  	  If unsure, say Y.
>  
> +config BOOT_CONFIG_FORCE
> +	bool "Force unconditional bootconfig processing"
> +	depends on BOOT_CONFIG
> +	help
> +	  With this Kconfig option set, BOOT_CONFIG processing is carried
> +	  out even when the "bootconfig" kernel-boot parameter is omitted.
> +	  In fact, with this Kconfig option set, there is no way to
> +	  make the kernel ignore the BOOT_CONFIG-supplied kernel-boot
> +	  parameters.
> +
> +	  If unsure, say N.
> +
>  config BOOT_CONFIG_EMBED
>  	bool "Embed bootconfig file in the kernel"
>  	depends on BOOT_CONFIG
> diff --git a/init/main.c b/init/main.c
> index e1c3911d7c707..669cb892e6c17 100644
> --- a/init/main.c
> +++ b/init/main.c
> @@ -156,7 +156,7 @@ static char *extra_init_args;
>  
>  #ifdef CONFIG_BOOT_CONFIG
>  /* Is bootconfig on command line? */
> -static bool bootconfig_found;
> +static bool bootconfig_found = IS_ENABLED(CONFIG_BOOT_CONFIG_FORCE);
>  static size_t initargs_offs;
>  #else
>  # define bootconfig_found false


-- 
Masami Hiramatsu (Google) <mhiramat@...nel.org>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ