Re: [PATCHv7 11/14] x86: Disable kexec if system has unaccepted memory

From: Eric W. Biederman
Date: Thu Jun 23 2022 - 17:49:42 EST


Dave Hansen <dave.hansen@xxxxxxxxx> writes:

> ... adding kexec folks
>
> On 6/14/22 05:02, Kirill A. Shutemov wrote:
>> On kexec, the target kernel has to know what memory has been accepted.
>> Information in EFI map is out of date and cannot be used.
>>
>> boot_params.unaccepted_memory can be used to pass the bitmap between two
>> kernels on kexec, but the use-case is not yet implemented.
>>
>> Disable kexec on machines with unaccepted memory for now.
> ...
>> +static int __init unaccepted_init(void)
>> +{
>> + if (!boot_params.unaccepted_memory)
>> + return 0;
>> +
>> +#ifdef CONFIG_KEXEC_CORE
>> + /*
>> + * TODO: Information on memory acceptance status has to be communicated
>> + * between kernel.
>> + */
>> + pr_warn("Disable kexec: not yet supported on systems with unaccepted memory\n");
>> + kexec_load_disabled = 1;
>> +#endif
>
> This looks to be the *only* in-kernel user tweaking kexec_load_disabled.
> It doesn't feel great to just be disabling kexec like this. Why not
> just fix it properly?
>
> What do the kexec folks think?

I didn't realized someone had implemented kexec_load_disabled. I am not
particularly happy about that. It looks like an over-broad stick that
we will have to support forever.

This change looks like it just builds on that bad decision.

If people don't want to deal with this situation right now, then I
recommend they make this new code and KEXEC conflict at the Kconfig
level. That would give serious incentive to adding the missing
implementation.

If there is some deep and fundamental why this can not be supported
then it probably makes sense to put some code in the arch_kexec_load
hook that verifies that deep and fundamental reason is present.

With the kexec code all we have to verify it works is a little testing
and careful code review. Something like this makes code review much
harder because the entire kernel has to be checked to see if some random
driver without locking changed a variable. Rather than having it
apparent that this special case exists when reading through the kexec
code.

Eric