| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <ZJ7ToGgYAq33bwYI@li-008a6a4c-3549-11b2-a85c-c5cc2836eea2.ibm.com>
Date: Fri, 30 Jun 2023 15:07:44 +0200
From: Alexander Gordeev <agordeev@...ux.ibm.com>
To: Eric DeVolder <eric.devolder@...cle.com>
Cc: linux@...linux.org.uk, catalin.marinas@....com, will@...nel.org,
chenhuacai@...nel.org, geert@...ux-m68k.org,
tsbogend@...ha.franken.de, James.Bottomley@...senpartnership.com,
deller@....de, ysato@...rs.sourceforge.jp, dalias@...c.org,
glaubitz@...sik.fu-berlin.de, tglx@...utronix.de, mingo@...hat.com,
bp@...en8.de, dave.hansen@...ux.intel.com, x86@...nel.org,
linux-kernel@...r.kernel.org, linux-arm-kernel@...ts.infradead.org,
linux-ia64@...r.kernel.org, loongarch@...ts.linux.dev,
linux-m68k@...ts.linux-m68k.org, linux-mips@...r.kernel.org,
linux-parisc@...r.kernel.org, linuxppc-dev@...ts.ozlabs.org,
linux-riscv@...ts.infradead.org, linux-s390@...r.kernel.org,
linux-sh@...r.kernel.org, kernel@...0n.name, mpe@...erman.id.au,
npiggin@...il.com, christophe.leroy@...roup.eu,
paul.walmsley@...ive.com, palmer@...belt.com,
aou@...s.berkeley.edu, hca@...ux.ibm.com, gor@...ux.ibm.com,
borntraeger@...ux.ibm.com, svens@...ux.ibm.com, hpa@...or.com,
keescook@...omium.org, paulmck@...nel.org, peterz@...radead.org,
frederic@...nel.org, akpm@...ux-foundation.org, ardb@...nel.org,
samitolvanen@...gle.com, juerg.haefliger@...onical.com,
arnd@...db.de, rmk+kernel@...linux.org.uk,
linus.walleij@...aro.org, sebastian.reichel@...labora.com,
rppt@...nel.org, kirill.shutemov@...ux.intel.com,
anshuman.khandual@....com, ziy@...dia.com, masahiroy@...nel.org,
ndesaulniers@...gle.com, mhiramat@...nel.org, ojeda@...nel.org,
thunder.leizhen@...wei.com, xin3.li@...el.com, tj@...nel.org,
gregkh@...uxfoundation.org, tsi@...oix.net, bhe@...hat.com,
hbathini@...ux.ibm.com, sourabhjain@...ux.ibm.com,
boris.ostrovsky@...cle.com, konrad.wilk@...cle.com
Subject: Re: [PATCH v3 12/13] s390/kexec: refactor for kernel/Kconfig.kexec
On Mon, Jun 26, 2023 at 12:13:31PM -0400, Eric DeVolder wrote:
> The kexec and crash kernel options are provided in the common
> kernel/Kconfig.kexec. Utilize the common options and provide
> the ARCH_SUPPORTS_ and ARCH_SELECTS_ entries to recreate the
> equivalent set of KEXEC and CRASH options.
>
> NOTE: The original Kconfig has a KEXEC_SIG which depends on
> MODULE_SIG_FORMAT. However, attempts to keep the MODULE_SIG_FORMAT
> dependency (using the strategy outlined in this series, and other
> techniques) results in 'error: recursive dependency detected'
> on CRYPTO.
>
> Per Alexander Gordeev <agordeev@...ux.ibm.com>: "the MODULE_SIG_FORMAT
> dependency was introduced with [git commit below] and in fact was not
> necessary, since s390 did/does not use mod_check_sig() anyway.
>
> commit c8424e776b09 ("MODSIGN: Export module signature definitions")
>
> MODULE_SIG_FORMAT is needed to select SYSTEM_DATA_VERIFICATION. But
> SYSTEM_DATA_VERIFICATION is also selected by FS_VERITY*, so dropping
> MODULE_SIG_FORMAT does not hurt."
>
> Therefore, the solution is to drop the MODULE_SIG_FORMAT dependency
> from KEXEC_SIG. Still results in equivalent .config files for s390.
>
> Signed-off-by: Eric DeVolder <eric.devolder@...cle.com>
> ---
> arch/s390/Kconfig | 65 ++++++++++++++---------------------------------
> 1 file changed, 19 insertions(+), 46 deletions(-)
>
> diff --git a/arch/s390/Kconfig b/arch/s390/Kconfig
> index 6dab9c1be508..58dc124433ca 100644
> --- a/arch/s390/Kconfig
> +++ b/arch/s390/Kconfig
> @@ -243,6 +243,25 @@ config PGTABLE_LEVELS
>
> source "kernel/livepatch/Kconfig"
>
> +config ARCH_DEFAULT_KEXEC
> + def_bool y
> +
> +config ARCH_SUPPORTS_KEXEC
> + def_bool y
> +
> +config ARCH_SUPPORTS_KEXEC_FILE
> + def_bool CRYPTO && CRYPTO_SHA256 && CRYPTO_SHA256_S390
> +
> +config ARCH_HAS_KEXEC_PURGATORY
> + def_bool KEXEC_FILE
> +
> +config ARCH_SUPPORTS_CRASH_DUMP
> + def_bool y
> + help
> + Refer to <file:Documentation/s390/zfcpdump.rst> for more details on this.
> + This option also enables s390 zfcpdump.
> + See also <file:Documentation/s390/zfcpdump.rst>
> +
> menu "Processor type and features"
>
> config HAVE_MARCH_Z10_FEATURES
> @@ -481,36 +500,6 @@ config SCHED_TOPOLOGY
>
> source "kernel/Kconfig.hz"
>
> -config KEXEC
> - def_bool y
> - select KEXEC_CORE
> -
> -config KEXEC_FILE
> - bool "kexec file based system call"
> - select KEXEC_CORE
> - depends on CRYPTO
> - depends on CRYPTO_SHA256
> - depends on CRYPTO_SHA256_S390
> - help
> - Enable the kexec file based system call. In contrast to the normal
> - kexec system call this system call takes file descriptors for the
> - kernel and initramfs as arguments.
> -
> -config ARCH_HAS_KEXEC_PURGATORY
> - def_bool y
> - depends on KEXEC_FILE
> -
> -config KEXEC_SIG
> - bool "Verify kernel signature during kexec_file_load() syscall"
> - depends on KEXEC_FILE && MODULE_SIG_FORMAT
> - help
> - This option makes kernel signature verification mandatory for
> - the kexec_file_load() syscall.
> -
> - In addition to that option, you need to enable signature
> - verification for the corresponding kernel image type being
> - loaded in order for this to work.
> -
> config KERNEL_NOBP
> def_bool n
> prompt "Enable modified branch prediction for the kernel by default"
> @@ -732,22 +721,6 @@ config VFIO_AP
>
> endmenu
>
> -menu "Dump support"
> -
> -config CRASH_DUMP
> - bool "kernel crash dumps"
> - select KEXEC
> - help
> - Generate crash dump after being started by kexec.
> - Crash dump kernels are loaded in the main kernel with kexec-tools
> - into a specially reserved region and then later executed after
> - a crash by kdump/kexec.
> - Refer to <file:Documentation/s390/zfcpdump.rst> for more details on this.
> - This option also enables s390 zfcpdump.
> - See also <file:Documentation/s390/zfcpdump.rst>
> -
> -endmenu
> -
> config CCW
> def_bool y
Acked-by: Alexander Gordeev <agordeev@...ux.ibm.com>
Powered by blists - more mailing lists