From: Chen Qi <Qi.Chen@windriver.com>
Date: Wed, 7 Aug 2024 05:27:13 +0000 (-0700)
Subject: kexec-tools: avoid kernel warning
X-Git-Tag: yocto-5.1~340
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c1bcebf4ca0176d69e6dfd589871944352eec449;p=thirdparty%2Fopenembedded%2Fopenembedded-core.git

kexec-tools: avoid kernel warning

Running command 'kexec -p /path/to/crash-kernel --reuse-cmdline' will
give out the following warning:

  kexec[970]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set

Add MFD_NOEXEC_SEAL explicitly to avoid such warning.

Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---

diff --git a/meta/recipes-kernel/kexec/kexec-tools/0001-kexec.c-add-MFD_NOEXEC_SEAL-flag-explicitly.patch b/meta/recipes-kernel/kexec/kexec-tools/0001-kexec.c-add-MFD_NOEXEC_SEAL-flag-explicitly.patch
new file mode 100644
index 00000000000..dc52981025a
--- /dev/null
+++ b/meta/recipes-kernel/kexec/kexec-tools/0001-kexec.c-add-MFD_NOEXEC_SEAL-flag-explicitly.patch
@@ -0,0 +1,46 @@
+From a6a9e17dfeb5627f3e6f569b66f243f50f8a3645 Mon Sep 17 00:00:00 2001
+From: Chen Qi <Qi.Chen@windriver.com>
+Date: Tue, 6 Aug 2024 21:42:43 -0700
+Subject: [PATCH] kexec.c: add MFD_NOEXEC_SEAL flag explicitly
+
+Add MFD_NOEXEC_SEAL to avoid kernel warning like below:
+
+  kexec[970]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set
+
+For old kernels, there will be no MFD_NOEXEC_SEAL definition, so fallback
+to define it to 0.
+
+Upstream-Status: Submitted [https://github.com/horms/kexec-tools/pull/7]
+
+Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
+---
+ kexec/kexec.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/kexec/kexec.c b/kexec/kexec.c
+index 7c614b0..41d285d 100644
+--- a/kexec/kexec.c
++++ b/kexec/kexec.c
+@@ -60,6 +60,10 @@
+ #define KEXEC_LOADED_PATH "/sys/kernel/kexec_loaded"
+ #define KEXEC_CRASH_LOADED_PATH "/sys/kernel/kexec_crash_loaded"
+ 
++#ifndef MFD_NOEXEC_SEAL
++#define MFD_NOEXEC_SEAL 0
++#endif
++
+ unsigned long long mem_min = 0;
+ unsigned long long mem_max = ULONG_MAX;
+ unsigned long elfcorehdrsz = 0;
+@@ -655,7 +659,7 @@ static int copybuf_memfd(const char *kernel_buf, size_t size)
+ {
+ 	int fd, count;
+ 
+-	fd = memfd_create("kernel", MFD_ALLOW_SEALING);
++	fd = memfd_create("kernel", MFD_ALLOW_SEALING | MFD_NOEXEC_SEAL);
+ 	if (fd == -1)
+ 		return fd;
+ 
+-- 
+2.25.1
+
diff --git a/meta/recipes-kernel/kexec/kexec-tools_2.0.29.bb b/meta/recipes-kernel/kexec/kexec-tools_2.0.29.bb
index b88db60ee86..2c2901f19eb 100644
--- a/meta/recipes-kernel/kexec/kexec-tools_2.0.29.bb
+++ b/meta/recipes-kernel/kexec/kexec-tools_2.0.29.bb
@@ -16,6 +16,7 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/utils/kernel/kexec/kexec-tools-${PV}.tar.gz
            file://0002-purgatory-Pass-r-directly-to-linker.patch \
            file://0005-Disable-PIE-during-link.patch \
            file://0001-arm64-kexec-disabled-check-if-kaslr-seed-dtb-propert.patch \
+           file://0001-kexec.c-add-MFD_NOEXEC_SEAL-flag-explicitly.patch \
            "
 
 SRC_URI[sha256sum] = "0756dd54dab2f2a437e5d4df64b9760c3e6cf6a7d29fb296bdeeeb749f6ea28e"