lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20240827113356.GA4318@willie-the-truck>
Date: Tue, 27 Aug 2024 12:33:56 +0100
From: Will Deacon <will@...nel.org>
To: Bjorn Andersson <quic_bjorande@...cinc.com>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>,
	Bjorn Andersson <andersson@...nel.org>,
	Catalin Marinas <catalin.marinas@....com>,
	linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org,
	linux-arm-msm@...r.kernel.org
Subject: Re: [PATCH] arm64: Allow packing uncompressed images into distro
 packages

On Fri, Aug 23, 2024 at 04:08:44PM -0700, Bjorn Andersson wrote:
> On Fri, Aug 23, 2024 at 11:58:54AM +0100, Will Deacon wrote:
> > On Mon, Aug 19, 2024 at 08:11:58PM -0700, Bjorn Andersson wrote:
> > > From: Bjorn Andersson <quic_bjorande@...cinc.com>
> > > 
> > > The distro packages (deb-pkg, pacman-pkg, rpm-pkg) are generated using
> > > the compressed kernel image, which means that the kernel once installed
> > > can not be booted with systemd-boot.
> > > 
> > > This differs from the packages generated by the distros themselves,
> > > which uses the uncompressed image.
> > > 
> > > Expand the newly introduced CONFIG_COMPRESSED_INSTALL option to allow
> > > selection of which version of the kernel image should be packaged into
> > > the distro packages.
> > > 
> > > Signed-off-by: Bjorn Andersson <quic_bjorande@...cinc.com>
> > > ---
> > >  arch/arm64/Makefile | 15 ++++++---------
> > >  1 file changed, 6 insertions(+), 9 deletions(-)
> > > 
> > > diff --git a/arch/arm64/Makefile b/arch/arm64/Makefile
> > > index f6bc3da1ef11..7bb9a0a5500a 100644
> > > --- a/arch/arm64/Makefile
> > > +++ b/arch/arm64/Makefile
> > > @@ -166,9 +166,13 @@ BOOT_TARGETS	:= Image vmlinuz.efi image.fit
> > >  PHONY += $(BOOT_TARGETS)
> > >  
> > >  ifeq ($(CONFIG_EFI_ZBOOT),)
> > > -KBUILD_IMAGE	:= $(boot)/Image.gz
> > > +  ifeq ($(CONFIG_COMPRESSED_INSTALL),y)
> > > +    KBUILD_IMAGE := $(boot)/Image.gz
> > > +  else
> > > +    KBUILD_IMAGE := $(boot)/Image
> > > +  endif
> > >  else
> > > -KBUILD_IMAGE	:= $(boot)/vmlinuz.efi
> > > +  KBUILD_IMAGE := $(boot)/vmlinuz.efi
> > >  endif
> > >  
> > >  all:	$(notdir $(KBUILD_IMAGE))
> > > @@ -182,13 +186,6 @@ $(BOOT_TARGETS): vmlinux
> > >  Image.%: Image
> > >  	$(Q)$(MAKE) $(build)=$(boot) $(boot)/$@
> > >  
> > > -ifeq ($(CONFIG_COMPRESSED_INSTALL),y)
> > > - DEFAULT_KBUILD_IMAGE = $(KBUILD_IMAGE)
> > > -else
> > > - DEFAULT_KBUILD_IMAGE = $(boot)/Image
> > > -endif
> > > -
> > > -install: KBUILD_IMAGE := $(DEFAULT_KBUILD_IMAGE)
> > 
> > Hmm, doesn't this mean that we always install vmlinuz.efi if
> > CONFIG_EFI_ZBOOT=y?
> > 
> 
> Hmm, you're right, I failed to parse that part.
> 
> That said, prior to Linus' change we'd always install "Image" and I read
> his commit message to allow installing "Image.gz".
> 
> But the change also made it possible to install "vmlinuz.efi", by
> setting both options to =y. Was this intentional?
> 
> Can you confirm that this is what we want:
> 
> ZBOOT | COMPRESS | BUILD_IMAGE | install
> ------+----------+-------------+--------
>   N   |    N     | Image       | Image
>   N   |    Y     | Image.gz    | Image.gz
>   Y   |    N     | vmlinuz.efi | Image (?)
>   Y   |    Y     | vmlinuz.efi | vmlinuz.efi (was Image in v6.10)

I think that's the current behaviour, and I don't see a problem with it.

The main thing is to avoid breaking somebody's system in the default
configuration (i.e. when CONFIG_COMPRESSED_INSTALL=n) by installing an
image via `make install` that isn't supported universally by bootloaders.

Will

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ