From: Chen Qi <[email protected]> Running command 'kexec -p /path/to/crash-kernel --reuse-cmdline' will give out the following warning:
kexec[970]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set Add MFD_NOEXEC_SEAL explicitly to avoid such warning. Signed-off-by: Chen Qi <[email protected]> --- ...-add-MFD_NOEXEC_SEAL-flag-explicitly.patch | 46 +++++++++++++++++++ .../kexec/kexec-tools_2.0.29.bb | 1 + 2 files changed, 47 insertions(+) create mode 100644 meta/recipes-kernel/kexec/kexec-tools/0001-kexec.c-add-MFD_NOEXEC_SEAL-flag-explicitly.patch diff --git a/meta/recipes-kernel/kexec/kexec-tools/0001-kexec.c-add-MFD_NOEXEC_SEAL-flag-explicitly.patch b/meta/recipes-kernel/kexec/kexec-tools/0001-kexec.c-add-MFD_NOEXEC_SEAL-flag-explicitly.patch new file mode 100644 index 0000000000..dc52981025 --- /dev/null +++ b/meta/recipes-kernel/kexec/kexec-tools/0001-kexec.c-add-MFD_NOEXEC_SEAL-flag-explicitly.patch @@ -0,0 +1,46 @@ +From a6a9e17dfeb5627f3e6f569b66f243f50f8a3645 Mon Sep 17 00:00:00 2001 +From: Chen Qi <[email protected]> +Date: Tue, 6 Aug 2024 21:42:43 -0700 +Subject: [PATCH] kexec.c: add MFD_NOEXEC_SEAL flag explicitly + +Add MFD_NOEXEC_SEAL to avoid kernel warning like below: + + kexec[970]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set + +For old kernels, there will be no MFD_NOEXEC_SEAL definition, so fallback +to define it to 0. + +Upstream-Status: Submitted [https://github.com/horms/kexec-tools/pull/7] + +Signed-off-by: Chen Qi <[email protected]> +--- + kexec/kexec.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/kexec/kexec.c b/kexec/kexec.c +index 7c614b0..41d285d 100644 +--- a/kexec/kexec.c ++++ b/kexec/kexec.c +@@ -60,6 +60,10 @@ + #define KEXEC_LOADED_PATH "/sys/kernel/kexec_loaded" + #define KEXEC_CRASH_LOADED_PATH "/sys/kernel/kexec_crash_loaded" + ++#ifndef MFD_NOEXEC_SEAL ++#define MFD_NOEXEC_SEAL 0 ++#endif ++ + unsigned long long mem_min = 0; + unsigned long long mem_max = ULONG_MAX; + unsigned long elfcorehdrsz = 0; +@@ -655,7 +659,7 @@ static int copybuf_memfd(const char *kernel_buf, size_t size) + { + int fd, count; + +- fd = memfd_create("kernel", MFD_ALLOW_SEALING); ++ fd = memfd_create("kernel", MFD_ALLOW_SEALING | MFD_NOEXEC_SEAL); + if (fd == -1) + return fd; + +-- +2.25.1 + diff --git a/meta/recipes-kernel/kexec/kexec-tools_2.0.29.bb b/meta/recipes-kernel/kexec/kexec-tools_2.0.29.bb index b88db60ee8..2c2901f19e 100644 --- a/meta/recipes-kernel/kexec/kexec-tools_2.0.29.bb +++ b/meta/recipes-kernel/kexec/kexec-tools_2.0.29.bb @@ -16,6 +16,7 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/utils/kernel/kexec/kexec-tools-${PV}.tar.gz file://0002-purgatory-Pass-r-directly-to-linker.patch \ file://0005-Disable-PIE-during-link.patch \ file://0001-arm64-kexec-disabled-check-if-kaslr-seed-dtb-propert.patch \ + file://0001-kexec.c-add-MFD_NOEXEC_SEAL-flag-explicitly.patch \ " SRC_URI[sha256sum] = "0756dd54dab2f2a437e5d4df64b9760c3e6cf6a7d29fb296bdeeeb749f6ea28e" -- 2.25.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#203059): https://lists.openembedded.org/g/openembedded-core/message/203059 Mute This Topic: https://lists.openembedded.org/mt/107764868/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
