RE: [PATCHv6 00/16] x86/tdx: Add kexec support

From: Huang, Kai
Date: Wed Jan 31 2024 - 08:07:52 EST

Next message: Niklas Cassel: "Re: [PATCH 1/1] block: print warning when invalid domain set to ioprio"
Previous message: Manivannan Sadhasivam: "Re: [PATCH] MAINTAINERS: Step down as PCI ENDPOINT maintainer"
In reply to: Nikolay Borisov: "Re: [PATCHv6 00/16] x86/tdx: Add kexec support"
Next in thread: Baoquan He: "Re: [PATCHv6 00/16] x86/tdx: Add kexec support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> > Runtime disabling kexec looks better than at cmpile time, esp for
> > distros. While from above patch, making using of kexec_load_disabled
> > to achive the runtime disabling may not be so good. Because we have a
> > front door to enable it through:
> >
> > /proc/sys/kernel/kexec_load_disabled
>
> AFAIU it can't be enabled via this sysctl because the handler for it expects
> only 1 to be written to it:
>
> 2 .proc_handler = proc_dointvec_minmax,
>
> 1 .extra1 = SYSCTL_ONE,
>
> 994 .extra2 = SYSCTL_ONE,
>

This is also my understanding.

The documentation also says once it is turned to disable we cannot turn back again:

kexec_load_disable
===================

A toggle indicating if the syscalls ``kexec_load`` and
``kexec_file_load`` have been disabled.
This value defaults to 0 (false: ``kexec_*load`` enabled), but can be
set to 1 (true: ``kexec_*load`` disabled).
Once true, kexec can no longer be used, and the toggle cannot be set
back to false.
......

Next message: Niklas Cassel: "Re: [PATCH 1/1] block: print warning when invalid domain set to ioprio"
Previous message: Manivannan Sadhasivam: "Re: [PATCH] MAINTAINERS: Step down as PCI ENDPOINT maintainer"
In reply to: Nikolay Borisov: "Re: [PATCHv6 00/16] x86/tdx: Add kexec support"
Next in thread: Baoquan He: "Re: [PATCHv6 00/16] x86/tdx: Add kexec support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]