Bug#1030248: kexec-tools: please make kexec -a the default

[наб]

Package: kexec-tools
Version: 1:2.0.25-3+b1
Severity: normal
Tags: patch

Dear Maintainer,

AFAICT, there's no downside to this, and running into this each time
I want to kexec (and, presumably, a significant chunk of the population,
since lockdown is quite popular), then going to the manual, then finding
out I want the /auto/ flag(!!!) is quite annoying:
-- >8 --
# kexec -l /boot/vmlinuz-6.1.0-3-amd64 --initrd /boot/initrd.img-6.1.0-3-amd64 --reuse-cmdline
kexec_load failed: Operation not permitted
entry = 0x46eff7760 flags = 0x3e0000
nr_segments = 7
segment[0].buf = 0x557cd303efa0
segment[0].bufsz = 0x70
segment[0].mem = 0x100000
segment[0].memsz = 0x1000
segment[1].buf = 0x557cd3046fe0
segment[1].bufsz = 0x190
segment[1].mem = 0x101000
segment[1].memsz = 0x1000
segment[2].buf = 0x557cd303f6e0
segment[2].bufsz = 0x30
segment[2].mem = 0x102000
segment[2].memsz = 0x1000
segment[3].buf = 0x7f658fa37010
segment[3].bufsz = 0x12a51b5
segment[3].mem = 0x46a55a000
segment[3].memsz = 0x12a6000
segment[4].buf = 0x7f6590ce1210
segment[4].bufsz = 0x7e99e0
segment[4].mem = 0x46b800000
segment[4].memsz = 0x377c000
segment[5].buf = 0x557cd3039350
segment[5].bufsz = 0x42fa
segment[5].mem = 0x46eff2000
segment[5].memsz = 0x5000
segment[6].buf = 0x557cd3032000
segment[6].bufsz = 0x70e0
segment[6].mem = 0x46eff7000
segment[6].memsz = 0x9000
-- >8 --

I'm attaching a patch I've validated works as expected.

Best,
наб

-- System Information:
Debian Release: bookworm/sid
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.0.0-5-amd64 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages kexec-tools depends on:
ii debconf [debconf-2.0] 1.5.82
ii dpkg 1.21.19
ii libc6 2.36-8
ii libxenmisc4.17 4.17.0-1+b1
ii lsb-base 11.5
ii sysvinit-utils [lsb-base] 3.06-2

kexec-tools recommends no packages.

kexec-tools suggests no packages.

-- debconf information excluded

[Khalid Aziz]

For a code change that changes the default behavior, I would like to see
the change go into upstream project first. Please submit this proposed
code change to upstream kexec project on the mailing list
ke...@lists.infradead.org

Thanks,
Khalid

> --- kexec-tools-2.0.25.orig/kexec/kexec.c
> +++ kexec-tools-2.0.25/kexec/kexec.c
> @@ -1049,11 +1049,11 @@ void usage(void)
> " to original kernel.\n"
> " -s, --kexec-file-syscall Use file based syscall for kexec operation\n"
> " -c, --kexec-syscall Use the kexec_load syscall for for compatibility\n"
> - " with systems that don't support -s (default)\n"
> + " with systems that don't support -s\n"
> " -a, --kexec-syscall-auto Use file based syscall for kexec and fall\n"
> " back to the compatibility syscall when file based\n"
> " syscall is not supported or the kernel did not\n"
> - " understand the image\n"
> + " understand the image (default)\n"
> " -d, --debug Enable debugging to help spot a failure.\n"
> " -S, --status Return 1 if the type (by default crash) is loaded,\n"
> " 0 if not.\n"
> @@ -1407,8 +1407,8 @@ int main(int argc, char *argv[])
> int do_ifdown = 0, skip_ifdown = 0;
> int do_unload = 0;
> int do_reuse_initrd = 0;
> - int do_kexec_file_syscall = 0;
> - int do_kexec_fallback = 0;
> + int do_kexec_file_syscall = 1;
> + int do_kexec_fallback = 1;
> int skip_checks = 0;
> int do_status = 0;
> void *entry = 0;
> --- kexec-tools-2.0.25.orig/kexec/kexec.8
> +++ kexec-tools-2.0.25/kexec/kexec.8
> @@ -151,14 +151,14 @@ Specify that the new kernel is of this
> Specify that the new KEXEC_FILE_LOAD syscall should be used exclusively.
> .TP
> .BI \-c\ (\-\-kexec-syscall)
> -Specify that the old KEXEC_LOAD syscall should be used exclusively (the default).
> +Specify that the old KEXEC_LOAD syscall should be used exclusively.
> .TP
> .BI \-a\ (\-\-kexec-syscall-auto)
> Try the new KEXEC_FILE_LOAD syscall first and when it is not supported or the
> kernel does not understand the supplied image fall back to the old KEXEC_LOAD
> interface.
>
> -There is no one single interface that always works.
> +There is no one single interface that always works, so this is the default.
>
> KEXEC_FILE_LOAD is required on systems that use locked-down secure boot to
> verify the kernel signature. KEXEC_LOAD may be also disabled in the kernel

[Ahelenia Ziemiańska]

AFAICT, there's no downside to this, and running into this each time
I want to kexec (and, presumably, a significant chunk of the population,

since lockdown is quite popular) on some machines,
then going to the manual, then finding out I want the /auto/ flag(!)
is quite annoying:

Closes: https://bugs.debian.org/1030248
Signed-off-by: Ahelenia Ziemiańska <nabijac...@nabijaczleweli.xyz>
---
kexec/kexec.8 | 4 ++--
kexec/kexec.c | 8 ++++----
2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/kexec/kexec.8 b/kexec/kexec.8
index 3ebede6..66453b8 100644
--- a/kexec/kexec.8
+++ b/kexec/kexec.8

@@ -151,14 +151,14 @@ Specify that the new kernel is of this
Specify that the new KEXEC_FILE_LOAD syscall should be used exclusively.
.TP
.BI \-c\ (\-\-kexec-syscall)
-Specify that the old KEXEC_LOAD syscall should be used exclusively (the default).
+Specify that the old KEXEC_LOAD syscall should be used exclusively.
.TP
.BI \-a\ (\-\-kexec-syscall-auto)
Try the new KEXEC_FILE_LOAD syscall first and when it is not supported or the
kernel does not understand the supplied image fall back to the old KEXEC_LOAD
interface.

-There is no one single interface that always works.
+There is no one single interface that always works, so this is the default.

KEXEC_FILE_LOAD is required on systems that use locked-down secure boot to
verify the kernel signature. KEXEC_LOAD may be also disabled in the kernel

diff --git a/kexec/kexec.c b/kexec/kexec.c
index 0e92d96..36bb2ad 100644
--- a/kexec/kexec.c
+++ b/kexec/kexec.c

2.30.2

[наб]

I'm subscribed, passed greylist, got queued:
Feb 03 00:17:58 tarta postfix/qmgr[17154]: 270C9B76: from=<nabijac...@nabijaczleweli.xyz>, size=6121, nrcpt=2 (queue active)
Feb 03 00:18:01 tarta postfix/smtpd[899494]: connect from bombadil.infradead.org[198.137.202.133]
Feb 03 00:18:02 tarta postfix/smtpd[899494]: 8D84B100A: client=bombadil.infradead.org[198.137.202.133]
Feb 03 00:18:02 tarta postfix/smtpd[899494]: disconnect from bombadil.infradead.org[198.137.202.133] ehlo=2 starttls=1 mail=1 rcpt=1 quit=1 commands=6
Feb 03 00:18:04 tarta postfix/smtp[899865]: 270C9B76: to=<ke...@lists.infradead.org>, relay=bombadil.infradead.org[198.137.202.133]:25, delay=466, delays=460/0.02/1.8/4.2, dsn=2.0.0, status=sent (250 OK id=1pNiqA-00HOjV-Qp)
Feb 03 00:18:04 tarta postfix/qmgr[17154]: 270C9B76: removed
and had no further infradead.org I/O ‒ didn't get a bounce,
or (like I historically did when posting to kexec@)
an "awaiting admin approval" notification,
and I don't see it in the archive:
http://lists.infradead.org/pipermail/kexec/2023-February/thread.html
so hell knows if I actually got queued.

Thoughts?

наб

[Khalid Aziz]

Hello,

I see
<http://lists.infradead.org/pipermail/kexec/2023-February/026592.html>.
So looks like it was posted to mailing list.

--
Khalid

[наб]

Control: forwarded -1 http://lists.infradead.org/pipermail/kexec/2023-February/026592.html

On Sun, Feb 05, 2023 at 09:36:20AM -0700, Khalid Aziz wrote:
> I see
> <http://lists.infradead.org/pipermail/kexec/2023-February/026592.html>. So
> looks like it was posted to mailing list.

I've re-verified against an open tab of the listing I have from yesterday,
and I didn't just miss it, it resolved right after I posted. Naturally.

Ah well, thanks.

наб

[Simon Horman]

Thanks, applied.

[наб]

Control: tags -1 + fixed-upstream

Applied as
https://git.kernel.org/pub/scm/utils/kernel/kexec/kexec-tools.git/commit/?id=29fe5067ed07452bcbbbe5fcd0b4e4215f598014

наб