Re: [PATCH v2 02/13] x86/kexec: refactor for kernel/Kconfig.kexec

From: Baoquan He
Date: Tue Jun 20 2023 - 10:54:29 EST


On 06/20/23 at 07:56am, Eric DeVolder wrote:
>
>
> On 6/20/23 03:21, Baoquan He wrote:
> > Hi Eric,
> >
> > On 06/19/23 at 10:57am, Eric DeVolder wrote:
> > ......
> > > +config ARCH_SUPPORTS_KEXEC
> > > + def_bool y
> > > -config ARCH_HAS_KEXEC_PURGATORY
> > > - def_bool KEXEC_FILE
> > > +config ARCH_SUPPORTS_KEXEC_FILE
> > > + def_bool X86_64 && CRYPTO && CRYPTO_SHA256
> > ......
> > > +config ARCH_SELECTS_KEXEC_FILE
> > > + def_bool y
> > > depends on KEXEC_FILE
> > > - help
> >
> > I am a little confused about this ARCH_SELECTS_XX adding. Wondering what
> > limits us defining the ARCH_SUPPORTS_KEXEC_FILE like below? I have limited
> > knowledge about Kconfig, please correct me if I am wrong. Thanks in
> > advance.
> >
> > +config ARCH_SUPPORTS_KEXEC_FILE
> > + def_bool y
> > depends on KEXEC_FILE
> > depends on X86_64 && CRYPTO && CRYPTO_SHA256
> >
>
> For the ARCH_SUPPORTS_ options, I chose to list the dependencies on the
> def_bool line to show that it took all those conditions to result in True.
> However, as you point out, using a def_bool y and then listing them as 'depends on' works as well.
> Probably would have resulted in fewer changes to the Kconfig file.
> Either way is ok (the 'depends on KEXEC_FILE' is erroneous in your example).

Got it, thanks. To me, one option with explicit dependencies looks clearer
and straightforward. I need check and investigage why two options are needed,
whether two options are unavoidable. Not sure if other people would get
the same feeling or not. Honestly, it's my first time to see the usage of
XXX_SELECTS_XXX, it took me a while to dig into.

>
> > > -
> > > - This option makes the kexec_file_load() syscall check for a valid
> > > - signature of the kernel image. The image can still be loaded without
> > > - a valid signature unless you also enable KEXEC_SIG_FORCE, though if
> > > - there's a signature that we can check, then it must be valid.
> > > -
> > > - In addition to this option, you need to enable signature
> > > - verification for the corresponding kernel image type being
> > > - loaded in order for this to work.
> > > -
> >
>