lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <ac065d02-61a4-3b1f-241d-443ede70d3f2@oracle.com>
Date:   Tue, 20 Jun 2023 07:56:55 -0500
From:   Eric DeVolder <eric.devolder@...cle.com>
To:     Baoquan He <bhe@...hat.com>
Cc:     linux@...linux.org.uk, catalin.marinas@....com, will@...nel.org,
        chenhuacai@...nel.org, geert@...ux-m68k.org,
        tsbogend@...ha.franken.de, James.Bottomley@...senpartnership.com,
        deller@....de, ysato@...rs.sourceforge.jp, dalias@...c.org,
        glaubitz@...sik.fu-berlin.de, tglx@...utronix.de, mingo@...hat.com,
        bp@...en8.de, dave.hansen@...ux.intel.com, x86@...nel.org,
        linux-kernel@...r.kernel.org, linux-arm-kernel@...ts.infradead.org,
        linux-ia64@...r.kernel.org, loongarch@...ts.linux.dev,
        linux-m68k@...ts.linux-m68k.org, linux-mips@...r.kernel.org,
        linux-parisc@...r.kernel.org, linuxppc-dev@...ts.ozlabs.org,
        linux-riscv@...ts.infradead.org, linux-s390@...r.kernel.org,
        linux-sh@...r.kernel.org, kernel@...0n.name, mpe@...erman.id.au,
        npiggin@...il.com, christophe.leroy@...roup.eu,
        paul.walmsley@...ive.com, palmer@...belt.com,
        aou@...s.berkeley.edu, hca@...ux.ibm.com, gor@...ux.ibm.com,
        agordeev@...ux.ibm.com, borntraeger@...ux.ibm.com,
        svens@...ux.ibm.com, hpa@...or.com, keescook@...omium.org,
        paulmck@...nel.org, peterz@...radead.org, frederic@...nel.org,
        akpm@...ux-foundation.org, ardb@...nel.org,
        samitolvanen@...gle.com, juerg.haefliger@...onical.com,
        arnd@...db.de, rmk+kernel@...linux.org.uk,
        linus.walleij@...aro.org, sebastian.reichel@...labora.com,
        rppt@...nel.org, kirill.shutemov@...ux.intel.com,
        anshuman.khandual@....com, ziy@...dia.com, masahiroy@...nel.org,
        ndesaulniers@...gle.com, mhiramat@...nel.org, ojeda@...nel.org,
        thunder.leizhen@...wei.com, xin3.li@...el.com, tj@...nel.org,
        gregkh@...uxfoundation.org, tsi@...oix.net, hbathini@...ux.ibm.com,
        sourabhjain@...ux.ibm.com, boris.ostrovsky@...cle.com,
        konrad.wilk@...cle.com
Subject: Re: [PATCH v2 02/13] x86/kexec: refactor for kernel/Kconfig.kexec



On 6/20/23 03:21, Baoquan He wrote:
> Hi Eric,
> 
> On 06/19/23 at 10:57am, Eric DeVolder wrote:
> ......
>> +config ARCH_SUPPORTS_KEXEC
>> +	def_bool y
>>   
>> -config ARCH_HAS_KEXEC_PURGATORY
>> -	def_bool KEXEC_FILE
>> +config ARCH_SUPPORTS_KEXEC_FILE
>> +	def_bool X86_64 && CRYPTO && CRYPTO_SHA256
> ......
>> +config ARCH_SELECTS_KEXEC_FILE
>> +	def_bool y
>>   	depends on KEXEC_FILE
>> -	help
> 
> I am a little confused about this ARCH_SELECTS_XX adding. Wondering what
> limits us defining the ARCH_SUPPORTS_KEXEC_FILE like below? I have limited
> knowledge about Kconfig, please correct me if I am wrong. Thanks in
> advance.
> 
>   +config ARCH_SUPPORTS_KEXEC_FILE
>   +	def_bool y
>    	depends on KEXEC_FILE
>    	depends on X86_64 && CRYPTO && CRYPTO_SHA256
> 

For the ARCH_SUPPORTS_ options, I chose to list the dependencies on the def_bool line to show that 
it took all those conditions to result in True.
However, as you point out, using a def_bool y and then listing them as 'depends on' works as well.
Probably would have resulted in fewer changes to the Kconfig file.
Either way is ok (the 'depends on KEXEC_FILE' is erroneous in your example).
eric


>> -
>> -	  This option makes the kexec_file_load() syscall check for a valid
>> -	  signature of the kernel image.  The image can still be loaded without
>> -	  a valid signature unless you also enable KEXEC_SIG_FORCE, though if
>> -	  there's a signature that we can check, then it must be valid.
>> -
>> -	  In addition to this option, you need to enable signature
>> -	  verification for the corresponding kernel image type being
>> -	  loaded in order for this to work.
>> -
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ