diff options
| author | Vivek Goyal <vgoyal@redhat.com> | 2014-08-18 11:22:32 -0400 |
|---|---|---|
| committer | Simon Horman <horms@verge.net.au> | 2014-08-27 16:59:04 +0900 |
| commit | 046d1755d2bd723a11a180c265e61a884990712e (patch) | |
| tree | af5fab084733aeada0dc6f067dd240fb35144e75 /kexec/kexec-syscall.h | |
| parent | 943ba35f8143408d8ada9a24d0986663cc612df9 (diff) | |
kexec: Provide an option to use new kexec system call
Hi,
This is v2 of the patch. Since v1, I moved syscall implemented check littler
earlier in the function as per the feedback.
Now a new kexec syscall (kexec_file_load()) has been merged in upstream
kernel. This system call takes file descriptors of kernel and initramfs
as input (as opposed to list of segments to be loaded). This new system
call allows for signature verification of the kernel being loaded.
One use of signature verification of kernel is secureboot systems where
we want to allow kexec into a kernel only if it is validly signed by
a key system trusts.
This patch provides and option --kexec-file-syscall (-s), to force use of
new system call for kexec. Default is to continue to use old syscall.
Currently only bzImage64 on x86_64 can be loaded using this system call.
As kernel adds support for more arches and for more image types, kexec-tools
can be modified accordingly.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Acked-by: Baoquan He <bhe@redhat.com>
Signed-off-by: Simon Horman <horms@verge.net.au>
Diffstat (limited to 'kexec/kexec-syscall.h')
| -rw-r--r-- | kexec/kexec-syscall.h | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/kexec/kexec-syscall.h b/kexec/kexec-syscall.h index 6238044..ce2e20b 100644 --- a/kexec/kexec-syscall.h +++ b/kexec/kexec-syscall.h @@ -53,6 +53,19 @@ #endif #endif /*ifndef __NR_kexec_load*/ +#ifndef __NR_kexec_file_load + +#ifdef __x86_64__ +#define __NR_kexec_file_load 320 +#endif + +#ifndef __NR_kexec_file_load +/* system call not available for the arch */ +#define __NR_kexec_file_load 0xffffffff /* system call not available */ +#endif + +#endif /*ifndef __NR_kexec_file_load*/ + struct kexec_segment; static inline long kexec_load(void *entry, unsigned long nr_segments, @@ -61,10 +74,29 @@ static inline long kexec_load(void *entry, unsigned long nr_segments, return (long) syscall(__NR_kexec_load, entry, nr_segments, segments, flags); } +static inline int is_kexec_file_load_implemented(void) { + if (__NR_kexec_file_load != 0xffffffff) + return 1; + return 0; +} + +static inline long kexec_file_load(int kernel_fd, int initrd_fd, + unsigned long cmdline_len, const char *cmdline_ptr, + unsigned long flags) +{ + return (long) syscall(__NR_kexec_file_load, kernel_fd, initrd_fd, + cmdline_len, cmdline_ptr, flags); +} + #define KEXEC_ON_CRASH 0x00000001 #define KEXEC_PRESERVE_CONTEXT 0x00000002 #define KEXEC_ARCH_MASK 0xffff0000 +/* Flags for kexec file based system call */ +#define KEXEC_FILE_UNLOAD 0x00000001 +#define KEXEC_FILE_ON_CRASH 0x00000002 +#define KEXEC_FILE_NO_INITRAMFS 0x00000004 + /* These values match the ELF architecture values. * Unless there is a good reason that should continue to be the case. */ |