| Message ID | 20240807033404.1513069-1-Qi.Chen@windriver.com |
|---|---|
| State | Accepted, archived |
| Commit | c1bcebf4ca0176d69e6dfd589871944352eec449 |
| Headers | show |
| Series | kexec-tools: avoid kernel warning | expand |
What is oe specific in this patch and why that makes it inappropriate for upstream? Please do explain. I think it should be sent upstream. Alex On Wed 7. Aug 2024 at 6.34, Chen Qi via lists.openembedded.org <Qi.Chen= windriver.com@lists.openembedded.org> wrote: > From: Chen Qi <Qi.Chen@windriver.com> > > Running command 'kexec -p /path/to/crash-kernel --reuse-cmdline' will > give out the following warning: > > kexec[970]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set > > Add MFD_NOEXEC_SEAL explicitly to avoid such warning. > > Signed-off-by: Chen Qi <Qi.Chen@windriver.com> > --- > ...-add-MFD_NOEXEC_SEAL-flag-explicitly.patch | 36 +++++++++++++++++++ > .../kexec/kexec-tools_2.0.28.bb | 1 + > 2 files changed, 37 insertions(+) > create mode 100644 > meta/recipes-kernel/kexec/kexec-tools/0001-kexec.c-add-MFD_NOEXEC_SEAL-flag-explicitly.patch > > diff --git > a/meta/recipes-kernel/kexec/kexec-tools/0001-kexec.c-add-MFD_NOEXEC_SEAL-flag-explicitly.patch > b/meta/recipes-kernel/kexec/kexec-tools/0001-kexec.c-add-MFD_NOEXEC_SEAL-flag-explicitly.patch > new file mode 100644 > index 0000000000..3b11555a1b > --- /dev/null > +++ > b/meta/recipes-kernel/kexec/kexec-tools/0001-kexec.c-add-MFD_NOEXEC_SEAL-flag-explicitly.patch > @@ -0,0 +1,36 @@ > +From 6436da0b58b59e1b4cd3924bd007108b8ddf73dc Mon Sep 17 00:00:00 2001 > +From: Chen Qi <Qi.Chen@windriver.com> > +Date: Tue, 6 Aug 2024 19:41:30 -0700 > +Subject: [PATCH] kexec.c: add MFD_NOEXEC_SEAL flag explicitly > + > +Add MFD_NOEXEC_SEAL to avoid kernel warning like below: > + > + kexec[970]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL > set > + > +As the above two flags are only available in newer kernels, ideally > +we need to do some fallback. But we know for sure that OE scarthgap/master > +is using >6.6 kernel, so we don't need to do such fallback. > + > +Upstream-Status: Inappropriate [OE Specific] > + > +Signed-off-by: Chen Qi <Qi.Chen@windriver.com> > +--- > + kexec/kexec.c | 2 +- > + 1 file changed, 1 insertion(+), 1 deletion(-) > + > +diff --git a/kexec/kexec.c b/kexec/kexec.c > +index 08edfca..c5f52d4 100644 > +--- a/kexec/kexec.c > ++++ b/kexec/kexec.c > +@@ -655,7 +655,7 @@ static int copybuf_memfd(const char *kernel_buf, > size_t size) > + { > + int fd, count; > + > +- fd = memfd_create("kernel", MFD_ALLOW_SEALING); > ++ fd = memfd_create("kernel", MFD_ALLOW_SEALING | MFD_NOEXEC_SEAL); > + if (fd == -1) > + return fd; > + > +-- > +2.25.1 > + > diff --git a/meta/recipes-kernel/kexec/kexec-tools_2.0.28.bb > b/meta/recipes-kernel/kexec/kexec-tools_2.0.28.bb > index f0a484f884..830d9ce585 100644 > --- a/meta/recipes-kernel/kexec/kexec-tools_2.0.28.bb > +++ b/meta/recipes-kernel/kexec/kexec-tools_2.0.28.bb > @@ -19,6 +19,7 @@ SRC_URI = > "${KERNELORG_MIRROR}/linux/utils/kernel/kexec/kexec-tools-${PV}.tar.gz > > file://0001-arm64-kexec-disabled-check-if-kaslr-seed-dtb-propert.patch \ > file://Fix-building-on-x86_64-with-binutils-2.41.patch \ > file://0001-x86-linux-setup.c-Use-POSIX-basename-API.patch \ > + file://0001-kexec.c-add-MFD_NOEXEC_SEAL-flag-explicitly.patch \ > " > > SRC_URI[sha256sum] = > "f33d2660b3e38d25a127e87097978e0f7a9a73ab5151a29eb80974d169ff6a29" > -- > 2.25.1 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#203052): > https://lists.openembedded.org/g/openembedded-core/message/203052 > Mute This Topic: https://lists.openembedded.org/mt/107763946/1686489 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [ > alex.kanavin@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- > >
On 8/7/24 12:17, Alexander Kanavin wrote: > What is oe specific in this patch and why that makes it inappropriate > for upstream? Please do explain. > > I think it should be sent upstream. > > Alex I've explained in the patch right above the Upstream-Status line. > > On Wed 7. Aug 2024 at 6.34, Chen Qi via lists.openembedded.org > <https://urldefense.com/v3/__http://lists.openembedded.org__;!!AjveYdw8EvQ!dhPgsDclJDntowFvKeG85mLWqOhRHEUplkPeTrqYRxBm02VFUpgqNW76DDtGXPgGWMp7bYr8CTxzNf-nvWp306Q$> > <Qi.Chen=windriver.com@lists.openembedded.org> wrote: > > From: Chen Qi <Qi.Chen@windriver.com> > > Running command 'kexec -p /path/to/crash-kernel --reuse-cmdline' will > give out the following warning: > > kexec[970]: memfd_create() called without MFD_EXEC or > MFD_NOEXEC_SEAL set > > Add MFD_NOEXEC_SEAL explicitly to avoid such warning. > > Signed-off-by: Chen Qi <Qi.Chen@windriver.com> > --- > ...-add-MFD_NOEXEC_SEAL-flag-explicitly.patch | 36 > +++++++++++++++++++ > .../kexec/kexec-tools_2.0.28.bb > <https://urldefense.com/v3/__http://kexec-tools_2.0.28.bb__;!!AjveYdw8EvQ!dhPgsDclJDntowFvKeG85mLWqOhRHEUplkPeTrqYRxBm02VFUpgqNW76DDtGXPgGWMp7bYr8CTxzNf-nqfERVjA$> > | 1 + > 2 files changed, 37 insertions(+) > create mode 100644 > meta/recipes-kernel/kexec/kexec-tools/0001-kexec.c-add-MFD_NOEXEC_SEAL-flag-explicitly.patch > > diff --git > a/meta/recipes-kernel/kexec/kexec-tools/0001-kexec.c-add-MFD_NOEXEC_SEAL-flag-explicitly.patch > b/meta/recipes-kernel/kexec/kexec-tools/0001-kexec.c-add-MFD_NOEXEC_SEAL-flag-explicitly.patch > new file mode 100644 > index 0000000000..3b11555a1b > --- /dev/null > +++ > b/meta/recipes-kernel/kexec/kexec-tools/0001-kexec.c-add-MFD_NOEXEC_SEAL-flag-explicitly.patch > @@ -0,0 +1,36 @@ > +From 6436da0b58b59e1b4cd3924bd007108b8ddf73dc Mon Sep 17 00:00:00 > 2001 > +From: Chen Qi <Qi.Chen@windriver.com> > +Date: Tue, 6 Aug 2024 19:41:30 -0700 > +Subject: [PATCH] kexec.c: add MFD_NOEXEC_SEAL flag explicitly > + > +Add MFD_NOEXEC_SEAL to avoid kernel warning like below: > + > + kexec[970]: memfd_create() called without MFD_EXEC or > MFD_NOEXEC_SEAL set > + > +As the above two flags are only available in newer kernels, ideally > +we need to do some fallback. But we know for sure that OE > scarthgap/master > +is using >6.6 kernel, so we don't need to do such fallback. > + > +Upstream-Status: Inappropriate [OE Specific] > + > +Signed-off-by: Chen Qi <Qi.Chen@windriver.com> > +--- > + kexec/kexec.c | 2 +- > + 1 file changed, 1 insertion(+), 1 deletion(-) > + > +diff --git a/kexec/kexec.c b/kexec/kexec.c > +index 08edfca..c5f52d4 100644 > +--- a/kexec/kexec.c > ++++ b/kexec/kexec.c > +@@ -655,7 +655,7 @@ static int copybuf_memfd(const char > *kernel_buf, size_t size) > + { > + int fd, count; > + > +- fd = memfd_create("kernel", MFD_ALLOW_SEALING); > ++ fd = memfd_create("kernel", MFD_ALLOW_SEALING | > MFD_NOEXEC_SEAL); > + if (fd == -1) > + return fd; > + > +-- > +2.25.1 > + > diff --git a/meta/recipes-kernel/kexec/kexec-tools_2.0.28.bb > <https://urldefense.com/v3/__http://kexec-tools_2.0.28.bb__;!!AjveYdw8EvQ!dhPgsDclJDntowFvKeG85mLWqOhRHEUplkPeTrqYRxBm02VFUpgqNW76DDtGXPgGWMp7bYr8CTxzNf-nqfERVjA$> > b/meta/recipes-kernel/kexec/kexec-tools_2.0.28.bb > <https://urldefense.com/v3/__http://kexec-tools_2.0.28.bb__;!!AjveYdw8EvQ!dhPgsDclJDntowFvKeG85mLWqOhRHEUplkPeTrqYRxBm02VFUpgqNW76DDtGXPgGWMp7bYr8CTxzNf-nqfERVjA$> > index f0a484f884..830d9ce585 100644 > --- a/meta/recipes-kernel/kexec/kexec-tools_2.0.28.bb > <https://urldefense.com/v3/__http://kexec-tools_2.0.28.bb__;!!AjveYdw8EvQ!dhPgsDclJDntowFvKeG85mLWqOhRHEUplkPeTrqYRxBm02VFUpgqNW76DDtGXPgGWMp7bYr8CTxzNf-nqfERVjA$> > +++ b/meta/recipes-kernel/kexec/kexec-tools_2.0.28.bb > <https://urldefense.com/v3/__http://kexec-tools_2.0.28.bb__;!!AjveYdw8EvQ!dhPgsDclJDntowFvKeG85mLWqOhRHEUplkPeTrqYRxBm02VFUpgqNW76DDtGXPgGWMp7bYr8CTxzNf-nqfERVjA$> > @@ -19,6 +19,7 @@ SRC_URI = > "${KERNELORG_MIRROR}/linux/utils/kernel/kexec/kexec-tools-${PV}.tar.gz > file://0001-arm64-kexec-disabled-check-if-kaslr-seed-dtb-propert.patch > \ > file://Fix-building-on-x86_64-with-binutils-2.41.patch \ > file://0001-x86-linux-setup.c-Use-POSIX-basename-API.patch \ > + file://0001-kexec.c-add-MFD_NOEXEC_SEAL-flag-explicitly.patch \ > " > > SRC_URI[sha256sum] = > "f33d2660b3e38d25a127e87097978e0f7a9a73ab5151a29eb80974d169ff6a29" > -- > 2.25.1 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#203052): > https://lists.openembedded.org/g/openembedded-core/message/203052 > <https://urldefense.com/v3/__https://lists.openembedded.org/g/openembedded-core/message/203052__;!!AjveYdw8EvQ!dhPgsDclJDntowFvKeG85mLWqOhRHEUplkPeTrqYRxBm02VFUpgqNW76DDtGXPgGWMp7bYr8CTxzNf-nw7d5_F4$> > Mute This Topic: > https://lists.openembedded.org/mt/107763946/1686489 > <https://urldefense.com/v3/__https://lists.openembedded.org/mt/107763946/1686489__;!!AjveYdw8EvQ!dhPgsDclJDntowFvKeG85mLWqOhRHEUplkPeTrqYRxBm02VFUpgqNW76DDtGXPgGWMp7bYr8CTxzNf-n3bGPnZ0$> > Group Owner: openembedded-core+owner@lists.openembedded.org > <mailto:openembedded-core%2Bowner@lists.openembedded.org> > Unsubscribe: > https://lists.openembedded.org/g/openembedded-core/unsub > <https://urldefense.com/v3/__https://lists.openembedded.org/g/openembedded-core/unsub__;!!AjveYdw8EvQ!dhPgsDclJDntowFvKeG85mLWqOhRHEUplkPeTrqYRxBm02VFUpgqNW76DDtGXPgGWMp7bYr8CTxzNf-nL7JAvTQ$> > [alex.kanavin@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- >
Yes and I don’t understand why it’s not appropriate for upstream submission. The patch is fixing a kernel warning which is not specific to oe. So why can’t it be sent upstream? Alex On Wed 7. Aug 2024 at 7.22, ChenQi <Qi.Chen@windriver.com> wrote: > On 8/7/24 12:17, Alexander Kanavin wrote: > > What is oe specific in this patch and why that makes it inappropriate for > upstream? Please do explain. > > I think it should be sent upstream. > > Alex > > I've explained in the patch right above the Upstream-Status line. > > > > On Wed 7. Aug 2024 at 6.34, Chen Qi via lists.openembedded.org > <https://urldefense.com/v3/__http://lists.openembedded.org__;!!AjveYdw8EvQ!dhPgsDclJDntowFvKeG85mLWqOhRHEUplkPeTrqYRxBm02VFUpgqNW76DDtGXPgGWMp7bYr8CTxzNf-nvWp306Q$> > <Qi.Chen=windriver.com@lists.openembedded.org> wrote: > >> From: Chen Qi <Qi.Chen@windriver.com> >> >> Running command 'kexec -p /path/to/crash-kernel --reuse-cmdline' will >> give out the following warning: >> >> kexec[970]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL >> set >> >> Add MFD_NOEXEC_SEAL explicitly to avoid such warning. >> >> Signed-off-by: Chen Qi <Qi.Chen@windriver.com> >> --- >> ...-add-MFD_NOEXEC_SEAL-flag-explicitly.patch | 36 +++++++++++++++++++ >> .../kexec/kexec-tools_2.0.28.bb >> <https://urldefense.com/v3/__http://kexec-tools_2.0.28.bb__;!!AjveYdw8EvQ!dhPgsDclJDntowFvKeG85mLWqOhRHEUplkPeTrqYRxBm02VFUpgqNW76DDtGXPgGWMp7bYr8CTxzNf-nqfERVjA$> >> | 1 + >> 2 files changed, 37 insertions(+) >> create mode 100644 >> meta/recipes-kernel/kexec/kexec-tools/0001-kexec.c-add-MFD_NOEXEC_SEAL-flag-explicitly.patch >> >> diff --git >> a/meta/recipes-kernel/kexec/kexec-tools/0001-kexec.c-add-MFD_NOEXEC_SEAL-flag-explicitly.patch >> b/meta/recipes-kernel/kexec/kexec-tools/0001-kexec.c-add-MFD_NOEXEC_SEAL-flag-explicitly.patch >> new file mode 100644 >> index 0000000000..3b11555a1b >> --- /dev/null >> +++ >> b/meta/recipes-kernel/kexec/kexec-tools/0001-kexec.c-add-MFD_NOEXEC_SEAL-flag-explicitly.patch >> @@ -0,0 +1,36 @@ >> +From 6436da0b58b59e1b4cd3924bd007108b8ddf73dc Mon Sep 17 00:00:00 2001 >> +From: Chen Qi <Qi.Chen@windriver.com> >> +Date: Tue, 6 Aug 2024 19:41:30 -0700 >> +Subject: [PATCH] kexec.c: add MFD_NOEXEC_SEAL flag explicitly >> + >> +Add MFD_NOEXEC_SEAL to avoid kernel warning like below: >> + >> + kexec[970]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL >> set >> + >> +As the above two flags are only available in newer kernels, ideally >> +we need to do some fallback. But we know for sure that OE >> scarthgap/master >> +is using >6.6 kernel, so we don't need to do such fallback. >> + >> +Upstream-Status: Inappropriate [OE Specific] >> + >> +Signed-off-by: Chen Qi <Qi.Chen@windriver.com> >> +--- >> + kexec/kexec.c | 2 +- >> + 1 file changed, 1 insertion(+), 1 deletion(-) >> + >> +diff --git a/kexec/kexec.c b/kexec/kexec.c >> +index 08edfca..c5f52d4 100644 >> +--- a/kexec/kexec.c >> ++++ b/kexec/kexec.c >> +@@ -655,7 +655,7 @@ static int copybuf_memfd(const char *kernel_buf, >> size_t size) >> + { >> + int fd, count; >> + >> +- fd = memfd_create("kernel", MFD_ALLOW_SEALING); >> ++ fd = memfd_create("kernel", MFD_ALLOW_SEALING | MFD_NOEXEC_SEAL); >> + if (fd == -1) >> + return fd; >> + >> +-- >> +2.25.1 >> + >> diff --git a/meta/recipes-kernel/kexec/kexec-tools_2.0.28.bb >> <https://urldefense.com/v3/__http://kexec-tools_2.0.28.bb__;!!AjveYdw8EvQ!dhPgsDclJDntowFvKeG85mLWqOhRHEUplkPeTrqYRxBm02VFUpgqNW76DDtGXPgGWMp7bYr8CTxzNf-nqfERVjA$> >> b/meta/recipes-kernel/kexec/kexec-tools_2.0.28.bb >> <https://urldefense.com/v3/__http://kexec-tools_2.0.28.bb__;!!AjveYdw8EvQ!dhPgsDclJDntowFvKeG85mLWqOhRHEUplkPeTrqYRxBm02VFUpgqNW76DDtGXPgGWMp7bYr8CTxzNf-nqfERVjA$> >> index f0a484f884..830d9ce585 100644 >> --- a/meta/recipes-kernel/kexec/kexec-tools_2.0.28.bb >> <https://urldefense.com/v3/__http://kexec-tools_2.0.28.bb__;!!AjveYdw8EvQ!dhPgsDclJDntowFvKeG85mLWqOhRHEUplkPeTrqYRxBm02VFUpgqNW76DDtGXPgGWMp7bYr8CTxzNf-nqfERVjA$> >> +++ b/meta/recipes-kernel/kexec/kexec-tools_2.0.28.bb >> <https://urldefense.com/v3/__http://kexec-tools_2.0.28.bb__;!!AjveYdw8EvQ!dhPgsDclJDntowFvKeG85mLWqOhRHEUplkPeTrqYRxBm02VFUpgqNW76DDtGXPgGWMp7bYr8CTxzNf-nqfERVjA$> >> @@ -19,6 +19,7 @@ SRC_URI = >> "${KERNELORG_MIRROR}/linux/utils/kernel/kexec/kexec-tools-${PV}.tar.gz >> >> file://0001-arm64-kexec-disabled-check-if-kaslr-seed-dtb-propert.patch \ >> file://Fix-building-on-x86_64-with-binutils-2.41.patch \ >> file://0001-x86-linux-setup.c-Use-POSIX-basename-API.patch \ >> + file://0001-kexec.c-add-MFD_NOEXEC_SEAL-flag-explicitly.patch >> \ >> " >> >> SRC_URI[sha256sum] = >> "f33d2660b3e38d25a127e87097978e0f7a9a73ab5151a29eb80974d169ff6a29" >> -- >> 2.25.1 >> >> >> -=-=-=-=-=-=-=-=-=-=-=- >> Links: You receive all messages sent to this group. >> View/Reply Online (#203052): >> https://lists.openembedded.org/g/openembedded-core/message/203052 >> <https://urldefense.com/v3/__https://lists.openembedded.org/g/openembedded-core/message/203052__;!!AjveYdw8EvQ!dhPgsDclJDntowFvKeG85mLWqOhRHEUplkPeTrqYRxBm02VFUpgqNW76DDtGXPgGWMp7bYr8CTxzNf-nw7d5_F4$> >> Mute This Topic: https://lists.openembedded.org/mt/107763946/1686489 >> <https://urldefense.com/v3/__https://lists.openembedded.org/mt/107763946/1686489__;!!AjveYdw8EvQ!dhPgsDclJDntowFvKeG85mLWqOhRHEUplkPeTrqYRxBm02VFUpgqNW76DDtGXPgGWMp7bYr8CTxzNf-n3bGPnZ0$> >> Group Owner: openembedded-core+owner@lists.openembedded.org >> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub >> <https://urldefense.com/v3/__https://lists.openembedded.org/g/openembedded-core/unsub__;!!AjveYdw8EvQ!dhPgsDclJDntowFvKeG85mLWqOhRHEUplkPeTrqYRxBm02VFUpgqNW76DDtGXPgGWMp7bYr8CTxzNf-nL7JAvTQ$> >> [alex.kanavin@gmail.com] >> -=-=-=-=-=-=-=-=-=-=-=- >> >> >
On 8/7/24 12:25, Alexander Kanavin wrote: > Yes and I don’t understand why it’s not appropriate for upstream > submission. The patch is fixing a kernel warning which is not specific > to oe. So why can’t it be sent upstream? > > Alex Because an ideal solution should consider old kernels. I think when kexec fixes the warning (they haven't in their latest 2.0.29 release), they'll consider both old and new kernels. My patch only works on new kernels. As OE master/scarthgap's kernels are new, so this patch should work for us. But it's not good for upstream. Now, given it a second thought, I've decided to write a new patch and send it to upstream. I'll send out V2. Regards, Qi > > On Wed 7. Aug 2024 at 7.22, ChenQi <Qi.Chen@windriver.com> wrote: > > On 8/7/24 12:17, Alexander Kanavin wrote: >> What is oe specific in this patch and why that makes it >> inappropriate for upstream? Please do explain. >> >> I think it should be sent upstream. >> >> Alex > > I've explained in the patch right above the Upstream-Status line. > > >> >> On Wed 7. Aug 2024 at 6.34, Chen Qi via lists.openembedded.org >> <https://urldefense.com/v3/__http://lists.openembedded.org__;!!AjveYdw8EvQ!dhPgsDclJDntowFvKeG85mLWqOhRHEUplkPeTrqYRxBm02VFUpgqNW76DDtGXPgGWMp7bYr8CTxzNf-nvWp306Q$> >> <Qi.Chen=windriver.com@lists.openembedded.org> wrote: >> >> From: Chen Qi <Qi.Chen@windriver.com> >> >> Running command 'kexec -p /path/to/crash-kernel >> --reuse-cmdline' will >> give out the following warning: >> >> kexec[970]: memfd_create() called without MFD_EXEC or >> MFD_NOEXEC_SEAL set >> >> Add MFD_NOEXEC_SEAL explicitly to avoid such warning. >> >> Signed-off-by: Chen Qi <Qi.Chen@windriver.com> >> --- >> ...-add-MFD_NOEXEC_SEAL-flag-explicitly.patch | 36 >> +++++++++++++++++++ >> .../kexec/kexec-tools_2.0.28.bb >> <https://urldefense.com/v3/__http://kexec-tools_2.0.28.bb__;!!AjveYdw8EvQ!dhPgsDclJDntowFvKeG85mLWqOhRHEUplkPeTrqYRxBm02VFUpgqNW76DDtGXPgGWMp7bYr8CTxzNf-nqfERVjA$> >> | 1 + >> 2 files changed, 37 insertions(+) >> create mode 100644 >> meta/recipes-kernel/kexec/kexec-tools/0001-kexec.c-add-MFD_NOEXEC_SEAL-flag-explicitly.patch >> >> diff --git >> a/meta/recipes-kernel/kexec/kexec-tools/0001-kexec.c-add-MFD_NOEXEC_SEAL-flag-explicitly.patch >> b/meta/recipes-kernel/kexec/kexec-tools/0001-kexec.c-add-MFD_NOEXEC_SEAL-flag-explicitly.patch >> new file mode 100644 >> index 0000000000..3b11555a1b >> --- /dev/null >> +++ >> b/meta/recipes-kernel/kexec/kexec-tools/0001-kexec.c-add-MFD_NOEXEC_SEAL-flag-explicitly.patch >> @@ -0,0 +1,36 @@ >> +From 6436da0b58b59e1b4cd3924bd007108b8ddf73dc Mon Sep 17 >> 00:00:00 2001 >> +From: Chen Qi <Qi.Chen@windriver.com> >> +Date: Tue, 6 Aug 2024 19:41:30 -0700 >> +Subject: [PATCH] kexec.c: add MFD_NOEXEC_SEAL flag explicitly >> + >> +Add MFD_NOEXEC_SEAL to avoid kernel warning like below: >> + >> + kexec[970]: memfd_create() called without MFD_EXEC or >> MFD_NOEXEC_SEAL set >> + >> +As the above two flags are only available in newer kernels, >> ideally >> +we need to do some fallback. But we know for sure that OE >> scarthgap/master >> +is using >6.6 kernel, so we don't need to do such fallback. >> + >> +Upstream-Status: Inappropriate [OE Specific] >> + >> +Signed-off-by: Chen Qi <Qi.Chen@windriver.com> >> +--- >> + kexec/kexec.c | 2 +- >> + 1 file changed, 1 insertion(+), 1 deletion(-) >> + >> +diff --git a/kexec/kexec.c b/kexec/kexec.c >> +index 08edfca..c5f52d4 100644 >> +--- a/kexec/kexec.c >> ++++ b/kexec/kexec.c >> +@@ -655,7 +655,7 @@ static int copybuf_memfd(const char >> *kernel_buf, size_t size) >> + { >> + int fd, count; >> + >> +- fd = memfd_create("kernel", MFD_ALLOW_SEALING); >> ++ fd = memfd_create("kernel", MFD_ALLOW_SEALING | >> MFD_NOEXEC_SEAL); >> + if (fd == -1) >> + return fd; >> + >> +-- >> +2.25.1 >> + >> diff --git a/meta/recipes-kernel/kexec/kexec-tools_2.0.28.bb >> <https://urldefense.com/v3/__http://kexec-tools_2.0.28.bb__;!!AjveYdw8EvQ!dhPgsDclJDntowFvKeG85mLWqOhRHEUplkPeTrqYRxBm02VFUpgqNW76DDtGXPgGWMp7bYr8CTxzNf-nqfERVjA$> >> b/meta/recipes-kernel/kexec/kexec-tools_2.0.28.bb >> <https://urldefense.com/v3/__http://kexec-tools_2.0.28.bb__;!!AjveYdw8EvQ!dhPgsDclJDntowFvKeG85mLWqOhRHEUplkPeTrqYRxBm02VFUpgqNW76DDtGXPgGWMp7bYr8CTxzNf-nqfERVjA$> >> index f0a484f884..830d9ce585 100644 >> --- a/meta/recipes-kernel/kexec/kexec-tools_2.0.28.bb >> <https://urldefense.com/v3/__http://kexec-tools_2.0.28.bb__;!!AjveYdw8EvQ!dhPgsDclJDntowFvKeG85mLWqOhRHEUplkPeTrqYRxBm02VFUpgqNW76DDtGXPgGWMp7bYr8CTxzNf-nqfERVjA$> >> +++ b/meta/recipes-kernel/kexec/kexec-tools_2.0.28.bb >> <https://urldefense.com/v3/__http://kexec-tools_2.0.28.bb__;!!AjveYdw8EvQ!dhPgsDclJDntowFvKeG85mLWqOhRHEUplkPeTrqYRxBm02VFUpgqNW76DDtGXPgGWMp7bYr8CTxzNf-nqfERVjA$> >> @@ -19,6 +19,7 @@ SRC_URI = >> "${KERNELORG_MIRROR}/linux/utils/kernel/kexec/kexec-tools-${PV}.tar.gz >> file://0001-arm64-kexec-disabled-check-if-kaslr-seed-dtb-propert.patch >> \ >> file://Fix-building-on-x86_64-with-binutils-2.41.patch \ >> file://0001-x86-linux-setup.c-Use-POSIX-basename-API.patch \ >> + file://0001-kexec.c-add-MFD_NOEXEC_SEAL-flag-explicitly.patch \ >> " >> >> SRC_URI[sha256sum] = >> "f33d2660b3e38d25a127e87097978e0f7a9a73ab5151a29eb80974d169ff6a29" >> -- >> 2.25.1 >> >> >> -=-=-=-=-=-=-=-=-=-=-=- >> Links: You receive all messages sent to this group. >> View/Reply Online (#203052): >> https://lists.openembedded.org/g/openembedded-core/message/203052 >> <https://urldefense.com/v3/__https://lists.openembedded.org/g/openembedded-core/message/203052__;!!AjveYdw8EvQ!dhPgsDclJDntowFvKeG85mLWqOhRHEUplkPeTrqYRxBm02VFUpgqNW76DDtGXPgGWMp7bYr8CTxzNf-nw7d5_F4$> >> Mute This Topic: >> https://lists.openembedded.org/mt/107763946/1686489 >> <https://urldefense.com/v3/__https://lists.openembedded.org/mt/107763946/1686489__;!!AjveYdw8EvQ!dhPgsDclJDntowFvKeG85mLWqOhRHEUplkPeTrqYRxBm02VFUpgqNW76DDtGXPgGWMp7bYr8CTxzNf-n3bGPnZ0$> >> Group Owner: openembedded-core+owner@lists.openembedded.org >> <mailto:openembedded-core%2Bowner@lists.openembedded.org> >> Unsubscribe: >> https://lists.openembedded.org/g/openembedded-core/unsub >> <https://urldefense.com/v3/__https://lists.openembedded.org/g/openembedded-core/unsub__;!!AjveYdw8EvQ!dhPgsDclJDntowFvKeG85mLWqOhRHEUplkPeTrqYRxBm02VFUpgqNW76DDtGXPgGWMp7bYr8CTxzNf-nL7JAvTQ$> >> [alex.kanavin@gmail.com] >> -=-=-=-=-=-=-=-=-=-=-=- >> >
Thanks, this is what I tried to get at. It’s also ok to have a less than perfect patch too, but then it should still include a link to upstream ticket that makes them aware of the issue. Alex On Wed 7. Aug 2024 at 7.33, ChenQi <Qi.Chen@windriver.com> wrote: > On 8/7/24 12:25, Alexander Kanavin wrote: > > Yes and I don’t understand why it’s not appropriate for upstream > submission. The patch is fixing a kernel warning which is not specific to > oe. So why can’t it be sent upstream? > > Alex > > Because an ideal solution should consider old kernels. I think when kexec > fixes the warning (they haven't in their latest 2.0.29 release), they'll > consider both old and new kernels. My patch only works on new kernels. As > OE master/scarthgap's kernels are new, so this patch should work for us. > But it's not good for upstream. > > Now, given it a second thought, I've decided to write a new patch and send > it to upstream. I'll send out V2. > > Regards, > > Qi > > > On Wed 7. Aug 2024 at 7.22, ChenQi <Qi.Chen@windriver.com> wrote: > >> On 8/7/24 12:17, Alexander Kanavin wrote: >> >> What is oe specific in this patch and why that makes it inappropriate for >> upstream? Please do explain. >> >> I think it should be sent upstream. >> >> Alex >> >> I've explained in the patch right above the Upstream-Status line. >> >> >> >> On Wed 7. Aug 2024 at 6.34, Chen Qi via lists.openembedded.org >> <https://urldefense.com/v3/__http://lists.openembedded.org__;!!AjveYdw8EvQ!dhPgsDclJDntowFvKeG85mLWqOhRHEUplkPeTrqYRxBm02VFUpgqNW76DDtGXPgGWMp7bYr8CTxzNf-nvWp306Q$> >> <Qi.Chen=windriver.com@lists.openembedded.org> wrote: >> >>> From: Chen Qi <Qi.Chen@windriver.com> >>> >>> Running command 'kexec -p /path/to/crash-kernel --reuse-cmdline' will >>> give out the following warning: >>> >>> kexec[970]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL >>> set >>> >>> Add MFD_NOEXEC_SEAL explicitly to avoid such warning. >>> >>> Signed-off-by: Chen Qi <Qi.Chen@windriver.com> >>> --- >>> ...-add-MFD_NOEXEC_SEAL-flag-explicitly.patch | 36 +++++++++++++++++++ >>> .../kexec/kexec-tools_2.0.28.bb >>> <https://urldefense.com/v3/__http://kexec-tools_2.0.28.bb__;!!AjveYdw8EvQ!dhPgsDclJDntowFvKeG85mLWqOhRHEUplkPeTrqYRxBm02VFUpgqNW76DDtGXPgGWMp7bYr8CTxzNf-nqfERVjA$> >>> | 1 + >>> 2 files changed, 37 insertions(+) >>> create mode 100644 >>> meta/recipes-kernel/kexec/kexec-tools/0001-kexec.c-add-MFD_NOEXEC_SEAL-flag-explicitly.patch >>> >>> diff --git >>> a/meta/recipes-kernel/kexec/kexec-tools/0001-kexec.c-add-MFD_NOEXEC_SEAL-flag-explicitly.patch >>> b/meta/recipes-kernel/kexec/kexec-tools/0001-kexec.c-add-MFD_NOEXEC_SEAL-flag-explicitly.patch >>> new file mode 100644 >>> index 0000000000..3b11555a1b >>> --- /dev/null >>> +++ >>> b/meta/recipes-kernel/kexec/kexec-tools/0001-kexec.c-add-MFD_NOEXEC_SEAL-flag-explicitly.patch >>> @@ -0,0 +1,36 @@ >>> +From 6436da0b58b59e1b4cd3924bd007108b8ddf73dc Mon Sep 17 00:00:00 2001 >>> +From: Chen Qi <Qi.Chen@windriver.com> >>> +Date: Tue, 6 Aug 2024 19:41:30 -0700 >>> +Subject: [PATCH] kexec.c: add MFD_NOEXEC_SEAL flag explicitly >>> + >>> +Add MFD_NOEXEC_SEAL to avoid kernel warning like below: >>> + >>> + kexec[970]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL >>> set >>> + >>> +As the above two flags are only available in newer kernels, ideally >>> +we need to do some fallback. But we know for sure that OE >>> scarthgap/master >>> +is using >6.6 kernel, so we don't need to do such fallback. >>> + >>> +Upstream-Status: Inappropriate [OE Specific] >>> + >>> +Signed-off-by: Chen Qi <Qi.Chen@windriver.com> >>> +--- >>> + kexec/kexec.c | 2 +- >>> + 1 file changed, 1 insertion(+), 1 deletion(-) >>> + >>> +diff --git a/kexec/kexec.c b/kexec/kexec.c >>> +index 08edfca..c5f52d4 100644 >>> +--- a/kexec/kexec.c >>> ++++ b/kexec/kexec.c >>> +@@ -655,7 +655,7 @@ static int copybuf_memfd(const char *kernel_buf, >>> size_t size) >>> + { >>> + int fd, count; >>> + >>> +- fd = memfd_create("kernel", MFD_ALLOW_SEALING); >>> ++ fd = memfd_create("kernel", MFD_ALLOW_SEALING | MFD_NOEXEC_SEAL); >>> + if (fd == -1) >>> + return fd; >>> + >>> +-- >>> +2.25.1 >>> + >>> diff --git a/meta/recipes-kernel/kexec/kexec-tools_2.0.28.bb >>> <https://urldefense.com/v3/__http://kexec-tools_2.0.28.bb__;!!AjveYdw8EvQ!dhPgsDclJDntowFvKeG85mLWqOhRHEUplkPeTrqYRxBm02VFUpgqNW76DDtGXPgGWMp7bYr8CTxzNf-nqfERVjA$> >>> b/meta/recipes-kernel/kexec/kexec-tools_2.0.28.bb >>> <https://urldefense.com/v3/__http://kexec-tools_2.0.28.bb__;!!AjveYdw8EvQ!dhPgsDclJDntowFvKeG85mLWqOhRHEUplkPeTrqYRxBm02VFUpgqNW76DDtGXPgGWMp7bYr8CTxzNf-nqfERVjA$> >>> index f0a484f884..830d9ce585 100644 >>> --- a/meta/recipes-kernel/kexec/kexec-tools_2.0.28.bb >>> <https://urldefense.com/v3/__http://kexec-tools_2.0.28.bb__;!!AjveYdw8EvQ!dhPgsDclJDntowFvKeG85mLWqOhRHEUplkPeTrqYRxBm02VFUpgqNW76DDtGXPgGWMp7bYr8CTxzNf-nqfERVjA$> >>> +++ b/meta/recipes-kernel/kexec/kexec-tools_2.0.28.bb >>> <https://urldefense.com/v3/__http://kexec-tools_2.0.28.bb__;!!AjveYdw8EvQ!dhPgsDclJDntowFvKeG85mLWqOhRHEUplkPeTrqYRxBm02VFUpgqNW76DDtGXPgGWMp7bYr8CTxzNf-nqfERVjA$> >>> @@ -19,6 +19,7 @@ SRC_URI = >>> "${KERNELORG_MIRROR}/linux/utils/kernel/kexec/kexec-tools-${PV}.tar.gz >>> >>> file://0001-arm64-kexec-disabled-check-if-kaslr-seed-dtb-propert.patch \ >>> file://Fix-building-on-x86_64-with-binutils-2.41.patch \ >>> file://0001-x86-linux-setup.c-Use-POSIX-basename-API.patch \ >>> + >>> file://0001-kexec.c-add-MFD_NOEXEC_SEAL-flag-explicitly.patch \ >>> " >>> >>> SRC_URI[sha256sum] = >>> "f33d2660b3e38d25a127e87097978e0f7a9a73ab5151a29eb80974d169ff6a29" >>> -- >>> 2.25.1 >>> >>> >>> -=-=-=-=-=-=-=-=-=-=-=- >>> Links: You receive all messages sent to this group. >>> View/Reply Online (#203052): >>> https://lists.openembedded.org/g/openembedded-core/message/203052 >>> <https://urldefense.com/v3/__https://lists.openembedded.org/g/openembedded-core/message/203052__;!!AjveYdw8EvQ!dhPgsDclJDntowFvKeG85mLWqOhRHEUplkPeTrqYRxBm02VFUpgqNW76DDtGXPgGWMp7bYr8CTxzNf-nw7d5_F4$> >>> Mute This Topic: https://lists.openembedded.org/mt/107763946/1686489 >>> <https://urldefense.com/v3/__https://lists.openembedded.org/mt/107763946/1686489__;!!AjveYdw8EvQ!dhPgsDclJDntowFvKeG85mLWqOhRHEUplkPeTrqYRxBm02VFUpgqNW76DDtGXPgGWMp7bYr8CTxzNf-n3bGPnZ0$> >>> Group Owner: openembedded-core+owner@lists.openembedded.org >>> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub >>> <https://urldefense.com/v3/__https://lists.openembedded.org/g/openembedded-core/unsub__;!!AjveYdw8EvQ!dhPgsDclJDntowFvKeG85mLWqOhRHEUplkPeTrqYRxBm02VFUpgqNW76DDtGXPgGWMp7bYr8CTxzNf-nL7JAvTQ$> >>> [alex.kanavin@gmail.com] >>> -=-=-=-=-=-=-=-=-=-=-=- >>> >>> >> >
diff --git a/meta/recipes-kernel/kexec/kexec-tools/0001-kexec.c-add-MFD_NOEXEC_SEAL-flag-explicitly.patch b/meta/recipes-kernel/kexec/kexec-tools/0001-kexec.c-add-MFD_NOEXEC_SEAL-flag-explicitly.patch new file mode 100644 index 0000000000..3b11555a1b --- /dev/null +++ b/meta/recipes-kernel/kexec/kexec-tools/0001-kexec.c-add-MFD_NOEXEC_SEAL-flag-explicitly.patch @@ -0,0 +1,36 @@ +From 6436da0b58b59e1b4cd3924bd007108b8ddf73dc Mon Sep 17 00:00:00 2001 +From: Chen Qi <Qi.Chen@windriver.com> +Date: Tue, 6 Aug 2024 19:41:30 -0700 +Subject: [PATCH] kexec.c: add MFD_NOEXEC_SEAL flag explicitly + +Add MFD_NOEXEC_SEAL to avoid kernel warning like below: + + kexec[970]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set + +As the above two flags are only available in newer kernels, ideally +we need to do some fallback. But we know for sure that OE scarthgap/master +is using >6.6 kernel, so we don't need to do such fallback. + +Upstream-Status: Inappropriate [OE Specific] + +Signed-off-by: Chen Qi <Qi.Chen@windriver.com> +--- + kexec/kexec.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/kexec/kexec.c b/kexec/kexec.c +index 08edfca..c5f52d4 100644 +--- a/kexec/kexec.c ++++ b/kexec/kexec.c +@@ -655,7 +655,7 @@ static int copybuf_memfd(const char *kernel_buf, size_t size) + { + int fd, count; + +- fd = memfd_create("kernel", MFD_ALLOW_SEALING); ++ fd = memfd_create("kernel", MFD_ALLOW_SEALING | MFD_NOEXEC_SEAL); + if (fd == -1) + return fd; + +-- +2.25.1 + diff --git a/meta/recipes-kernel/kexec/kexec-tools_2.0.28.bb b/meta/recipes-kernel/kexec/kexec-tools_2.0.28.bb index f0a484f884..830d9ce585 100644 --- a/meta/recipes-kernel/kexec/kexec-tools_2.0.28.bb +++ b/meta/recipes-kernel/kexec/kexec-tools_2.0.28.bb @@ -19,6 +19,7 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/utils/kernel/kexec/kexec-tools-${PV}.tar.gz file://0001-arm64-kexec-disabled-check-if-kaslr-seed-dtb-propert.patch \ file://Fix-building-on-x86_64-with-binutils-2.41.patch \ file://0001-x86-linux-setup.c-Use-POSIX-basename-API.patch \ + file://0001-kexec.c-add-MFD_NOEXEC_SEAL-flag-explicitly.patch \ " SRC_URI[sha256sum] = "f33d2660b3e38d25a127e87097978e0f7a9a73ab5151a29eb80974d169ff6a29"