Bug#1030248: kexec-tools: please make kexec -a the default

2023-02-02 Thread Khalid Aziz 
For a code change that changes the default behavior, I would like to see 
the change go into upstream project first. Please submit this proposed 
code change to upstream kexec project on the mailing list 
ke...@lists.infradead.org


Thanks,
Khalid

On 2/1/23 08:16, наб wrote:

Package: kexec-tools
Version: 1:2.0.25-3+b1
Severity: normal
Tags: patch

Dear Maintainer,

AFAICT, there's no downside to this, and running into this each time
I want to kexec (and, presumably, a significant chunk of the population,
since lockdown is quite popular), then going to the manual, then finding
out I want the /auto/ flag(!!!) is quite annoying:
-- >8 --
# kexec -l /boot/vmlinuz-6.1.0-3-amd64 --initrd /boot/initrd.img-6.1.0-3-amd64 
--reuse-cmdline
kexec_load failed: Operation not permitted
entry   = 0x46eff7760 flags = 0x3e
nr_segments = 7
segment[0].buf   = 0x557cd303efa0
segment[0].bufsz = 0x70
segment[0].mem   = 0x10
segment[0].memsz = 0x1000
segment[1].buf   = 0x557cd3046fe0
segment[1].bufsz = 0x190
segment[1].mem   = 0x101000
segment[1].memsz = 0x1000
segment[2].buf   = 0x557cd303f6e0
segment[2].bufsz = 0x30
segment[2].mem   = 0x102000
segment[2].memsz = 0x1000
segment[3].buf   = 0x7f658fa37010
segment[3].bufsz = 0x12a51b5
segment[3].mem   = 0x46a55a000
segment[3].memsz = 0x12a6000
segment[4].buf   = 0x7f6590ce1210
segment[4].bufsz = 0x7e99e0
segment[4].mem   = 0x46b80
segment[4].memsz = 0x377c000
segment[5].buf   = 0x557cd3039350
segment[5].bufsz = 0x42fa
segment[5].mem   = 0x46eff2000
segment[5].memsz = 0x5000
segment[6].buf   = 0x557cd3032000
segment[6].bufsz = 0x70e0
segment[6].mem   = 0x46eff7000
segment[6].memsz = 0x9000
-- >8 --

I'm attaching a patch I've validated works as expected.

Best,
наб

-- System Information:
Debian Release: bookworm/sid
   APT prefers unstable-debug
   APT policy: (500, 'unstable-debug'), (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.0.0-5-amd64 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages kexec-tools depends on:
ii  debconf [debconf-2.0]  1.5.82
ii  dpkg   1.21.19
ii  libc6  2.36-8
ii  libxenmisc4.17 4.17.0-1+b1
ii  lsb-base   11.5
ii  sysvinit-utils [lsb-base]  3.06-2

kexec-tools recommends no packages.

kexec-tools suggests no packages.

-- debconf information excluded

--- kexec-tools-2.0.25.orig/kexec/kexec.c
+++ kexec-tools-2.0.25/kexec/kexec.c
@@ -1049,11 +1049,11 @@ void usage(void)
   "  to original kernel.\n"
   " -s, --kexec-file-syscall Use file based syscall for kexec 
operation\n"
   " -c, --kexec-syscall  Use the kexec_load syscall for for 
compatibility\n"
-  "  with systems that don't support -s 
(default)\n"
+  "  with systems that don't support -s\n"
   " -a, --kexec-syscall-auto  Use file based syscall for kexec and 
fall\n"
   "  back to the compatibility syscall when file 
based\n"
   "  syscall is not supported or the kernel did 
not\n"
-  "  understand the image\n"
+  "  understand the image (default)\n"
   " -d, --debug  Enable debugging to help spot a 
failure.\n"
   " -S, --status Return 1 if the type (by default crash) is 
loaded,\n"
   "  0 if not.\n"
@@ -1407,8 +1407,8 @@ int main(int argc, char *argv[])
int do_ifdown = 0, skip_ifdown = 0;
int do_unload = 0;
int do_reuse_initrd = 0;
-   int do_kexec_file_syscall = 0;
-   int do_kexec_fallback = 0;
+   int do_kexec_file_syscall = 1;
+   int do_kexec_fallback = 1;
int skip_checks = 0;
int do_status = 0;
void *entry = 0;
--- kexec-tools-2.0.25.orig/kexec/kexec.8
+++ kexec-tools-2.0.25/kexec/kexec.8
@@ -151,14 +151,14 @@ Specify that the new kernel is of this
  Specify that the new KEXEC_FILE_LOAD syscall should be used exclusively.
  .TP
  .BI \-c\ (\-\-kexec-syscall)
-Specify that the old KEXEC_LOAD syscall should be used exclusively (the 
default).
+Specify that the old KEXEC_LOAD syscall should be used exclusively.
  .TP
  .BI \-a\ (\-\-kexec-syscall-auto)
  Try the new KEXEC_FILE_LOAD syscall first and when it is not supported or the
  kernel does not understand the supplied image fall back to the old KEXEC_LOAD
  interface.
  
-There is no one single interface that always works.

+There is no one single interface that always works, so this is the default.
  
  KEXEC_FILE_LOAD is required on systems that use locked-down secure boot

Bug#1030248: kexec-tools: please make kexec -a the default

2023-02-01 Thread наб 
Package: kexec-tools
Version: 1:2.0.25-3+b1
Severity: normal
Tags: patch

Dear Maintainer,

AFAICT, there's no downside to this, and running into this each time
I want to kexec (and, presumably, a significant chunk of the population,
since lockdown is quite popular), then going to the manual, then finding
out I want the /auto/ flag(!!!) is quite annoying:
-- >8 --
# kexec -l /boot/vmlinuz-6.1.0-3-amd64 --initrd /boot/initrd.img-6.1.0-3-amd64 
--reuse-cmdline
kexec_load failed: Operation not permitted
entry   = 0x46eff7760 flags = 0x3e
nr_segments = 7
segment[0].buf   = 0x557cd303efa0
segment[0].bufsz = 0x70
segment[0].mem   = 0x10
segment[0].memsz = 0x1000
segment[1].buf   = 0x557cd3046fe0
segment[1].bufsz = 0x190
segment[1].mem   = 0x101000
segment[1].memsz = 0x1000
segment[2].buf   = 0x557cd303f6e0
segment[2].bufsz = 0x30
segment[2].mem   = 0x102000
segment[2].memsz = 0x1000
segment[3].buf   = 0x7f658fa37010
segment[3].bufsz = 0x12a51b5
segment[3].mem   = 0x46a55a000
segment[3].memsz = 0x12a6000
segment[4].buf   = 0x7f6590ce1210
segment[4].bufsz = 0x7e99e0
segment[4].mem   = 0x46b80
segment[4].memsz = 0x377c000
segment[5].buf   = 0x557cd3039350
segment[5].bufsz = 0x42fa
segment[5].mem   = 0x46eff2000
segment[5].memsz = 0x5000
segment[6].buf   = 0x557cd3032000
segment[6].bufsz = 0x70e0
segment[6].mem   = 0x46eff7000
segment[6].memsz = 0x9000
-- >8 --

I'm attaching a patch I've validated works as expected.

Best,
наб

-- System Information:
Debian Release: bookworm/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.0.0-5-amd64 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages kexec-tools depends on:
ii  debconf [debconf-2.0]  1.5.82
ii  dpkg   1.21.19
ii  libc6  2.36-8
ii  libxenmisc4.17 4.17.0-1+b1
ii  lsb-base   11.5
ii  sysvinit-utils [lsb-base]  3.06-2

kexec-tools recommends no packages.

kexec-tools suggests no packages.

-- debconf information excluded
--- kexec-tools-2.0.25.orig/kexec/kexec.c
+++ kexec-tools-2.0.25/kexec/kexec.c
@@ -1049,11 +1049,11 @@ void usage(void)
   "  to original kernel.\n"
   " -s, --kexec-file-syscall Use file based syscall for kexec 
operation\n"
   " -c, --kexec-syscall  Use the kexec_load syscall for for 
compatibility\n"
-  "  with systems that don't support -s 
(default)\n"
+  "  with systems that don't support -s\n"
   " -a, --kexec-syscall-auto  Use file based syscall for kexec and 
fall\n"
   "  back to the compatibility syscall when 
file based\n"
   "  syscall is not supported or the kernel 
did not\n"
-  "  understand the image\n"
+  "  understand the image (default)\n"
   " -d, --debug  Enable debugging to help spot a 
failure.\n"
   " -S, --status Return 1 if the type (by default crash) 
is loaded,\n"
   "  0 if not.\n"
@@ -1407,8 +1407,8 @@ int main(int argc, char *argv[])
int do_ifdown = 0, skip_ifdown = 0;
int do_unload = 0;
int do_reuse_initrd = 0;
-   int do_kexec_file_syscall = 0;
-   int do_kexec_fallback = 0;
+   int do_kexec_file_syscall = 1;
+   int do_kexec_fallback = 1;
int skip_checks = 0;
int do_status = 0;
void *entry = 0;
--- kexec-tools-2.0.25.orig/kexec/kexec.8
+++ kexec-tools-2.0.25/kexec/kexec.8
@@ -151,14 +151,14 @@ Specify that the new kernel is of this
 Specify that the new KEXEC_FILE_LOAD syscall should be used exclusively.
 .TP
 .BI \-c\ (\-\-kexec-syscall)
-Specify that the old KEXEC_LOAD syscall should be used exclusively (the 
default).
+Specify that the old KEXEC_LOAD syscall should be used exclusively.
 .TP
 .BI \-a\ (\-\-kexec-syscall-auto)
 Try the new KEXEC_FILE_LOAD syscall first and when it is not supported or the
 kernel does not understand the supplied image fall back to the old KEXEC_LOAD
 interface.
 
-There is no one single interface that always works.
+There is no one single interface that always works, so this is the default.
 
 KEXEC_FILE_LOAD is required on systems that use locked-down secure boot to
 verify the kernel signature.  KEXEC_LOAD may be also disabled in the kernel


signature.asc
Description: PGP signature