lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 20 Jun 2023 22:49:50 +0800
From:   Baoquan He <bhe@...hat.com>
To:     Eric DeVolder <eric.devolder@...cle.com>
Cc:     linux@...linux.org.uk, catalin.marinas@....com, will@...nel.org,
        chenhuacai@...nel.org, geert@...ux-m68k.org,
        tsbogend@...ha.franken.de, James.Bottomley@...senpartnership.com,
        deller@....de, ysato@...rs.sourceforge.jp, dalias@...c.org,
        glaubitz@...sik.fu-berlin.de, tglx@...utronix.de, mingo@...hat.com,
        bp@...en8.de, dave.hansen@...ux.intel.com, x86@...nel.org,
        linux-kernel@...r.kernel.org, linux-arm-kernel@...ts.infradead.org,
        linux-ia64@...r.kernel.org, loongarch@...ts.linux.dev,
        linux-m68k@...ts.linux-m68k.org, linux-mips@...r.kernel.org,
        linux-parisc@...r.kernel.org, linuxppc-dev@...ts.ozlabs.org,
        linux-riscv@...ts.infradead.org, linux-s390@...r.kernel.org,
        linux-sh@...r.kernel.org, kernel@...0n.name, mpe@...erman.id.au,
        npiggin@...il.com, christophe.leroy@...roup.eu,
        paul.walmsley@...ive.com, palmer@...belt.com,
        aou@...s.berkeley.edu, hca@...ux.ibm.com, gor@...ux.ibm.com,
        agordeev@...ux.ibm.com, borntraeger@...ux.ibm.com,
        svens@...ux.ibm.com, hpa@...or.com, keescook@...omium.org,
        paulmck@...nel.org, peterz@...radead.org, frederic@...nel.org,
        akpm@...ux-foundation.org, ardb@...nel.org,
        samitolvanen@...gle.com, juerg.haefliger@...onical.com,
        arnd@...db.de, rmk+kernel@...linux.org.uk,
        linus.walleij@...aro.org, sebastian.reichel@...labora.com,
        rppt@...nel.org, kirill.shutemov@...ux.intel.com,
        anshuman.khandual@....com, ziy@...dia.com, masahiroy@...nel.org,
        ndesaulniers@...gle.com, mhiramat@...nel.org, ojeda@...nel.org,
        thunder.leizhen@...wei.com, xin3.li@...el.com, tj@...nel.org,
        gregkh@...uxfoundation.org, tsi@...oix.net, hbathini@...ux.ibm.com,
        sourabhjain@...ux.ibm.com, boris.ostrovsky@...cle.com,
        konrad.wilk@...cle.com
Subject: Re: [PATCH v2 02/13] x86/kexec: refactor for kernel/Kconfig.kexec

On 06/20/23 at 07:56am, Eric DeVolder wrote:
> 
> 
> On 6/20/23 03:21, Baoquan He wrote:
> > Hi Eric,
> > 
> > On 06/19/23 at 10:57am, Eric DeVolder wrote:
> > ......
> > > +config ARCH_SUPPORTS_KEXEC
> > > +	def_bool y
> > > -config ARCH_HAS_KEXEC_PURGATORY
> > > -	def_bool KEXEC_FILE
> > > +config ARCH_SUPPORTS_KEXEC_FILE
> > > +	def_bool X86_64 && CRYPTO && CRYPTO_SHA256
> > ......
> > > +config ARCH_SELECTS_KEXEC_FILE
> > > +	def_bool y
> > >   	depends on KEXEC_FILE
> > > -	help
> > 
> > I am a little confused about this ARCH_SELECTS_XX adding. Wondering what
> > limits us defining the ARCH_SUPPORTS_KEXEC_FILE like below? I have limited
> > knowledge about Kconfig, please correct me if I am wrong. Thanks in
> > advance.
> > 
> >   +config ARCH_SUPPORTS_KEXEC_FILE
> >   +	def_bool y
> >    	depends on KEXEC_FILE
> >    	depends on X86_64 && CRYPTO && CRYPTO_SHA256
> > 
> 
> For the ARCH_SUPPORTS_ options, I chose to list the dependencies on the
> def_bool line to show that it took all those conditions to result in True.
> However, as you point out, using a def_bool y and then listing them as 'depends on' works as well.
> Probably would have resulted in fewer changes to the Kconfig file.
> Either way is ok (the 'depends on KEXEC_FILE' is erroneous in your example).

Got it, thanks. To me, one option with explicit dependencies looks clearer
and straightforward. I need check and investigage why two options are needed,
whether two options are unavoidable. Not sure if other people would get
the same feeling or not. Honestly, it's my first time to see the usage of
XXX_SELECTS_XXX, it took me a while to dig into.

> 
> > > -
> > > -	  This option makes the kexec_file_load() syscall check for a valid
> > > -	  signature of the kernel image.  The image can still be loaded without
> > > -	  a valid signature unless you also enable KEXEC_SIG_FORCE, though if
> > > -	  there's a signature that we can check, then it must be valid.
> > > -
> > > -	  In addition to this option, you need to enable signature
> > > -	  verification for the corresponding kernel image type being
> > > -	  loaded in order for this to work.
> > > -
> > 
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ