Bug#1030248: kexec-tools: please make kexec -a the default

[Khalid Aziz]

For a code change that changes the default behavior, I would like to see 
the change go into upstream project first. Please submit this proposed 
code change to upstream kexec project on the mailing list 
ke...@lists.infradead.org

Thanks,
Khalid
On 2/1/23 08:16, наб wrote:
Package: kexec-tools
Version: 1:2.0.25-3+b1
Severity: normal
Tags: patch

Dear Maintainer,

AFAICT, there's no downside to this, and running into this each time
I want to kexec (and, presumably, a significant chunk of the population,
since lockdown is quite popular), then going to the manual, then finding
out I want the /auto/ flag(!!!) is quite annoying:
-- >8 --
# kexec -l /boot/vmlinuz-6.1.0-3-amd64 --initrd /boot/initrd.img-6.1.0-3-amd64 
--reuse-cmdline
kexec_load failed: Operation not permitted
entry       = 0x46eff7760 flags = 0x3e0000
nr_segments = 7
segment[0].buf   = 0x557cd303efa0
segment[0].bufsz = 0x70
segment[0].mem   = 0x100000
segment[0].memsz = 0x1000
segment[1].buf   = 0x557cd3046fe0
segment[1].bufsz = 0x190
segment[1].mem   = 0x101000
segment[1].memsz = 0x1000
segment[2].buf   = 0x557cd303f6e0
segment[2].bufsz = 0x30
segment[2].mem   = 0x102000
segment[2].memsz = 0x1000
segment[3].buf   = 0x7f658fa37010
segment[3].bufsz = 0x12a51b5
segment[3].mem   = 0x46a55a000
segment[3].memsz = 0x12a6000
segment[4].buf   = 0x7f6590ce1210
segment[4].bufsz = 0x7e99e0
segment[4].mem   = 0x46b800000
segment[4].memsz = 0x377c000
segment[5].buf   = 0x557cd3039350
segment[5].bufsz = 0x42fa
segment[5].mem   = 0x46eff2000
segment[5].memsz = 0x5000
segment[6].buf   = 0x557cd3032000
segment[6].bufsz = 0x70e0
segment[6].mem   = 0x46eff7000
segment[6].memsz = 0x9000
-- >8 --

I'm attaching a patch I've validated works as expected.

Best,
наб

-- System Information:
Debian Release: bookworm/sid
   APT prefers unstable-debug
   APT policy: (500, 'unstable-debug'), (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.0.0-5-amd64 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages kexec-tools depends on:
ii  debconf [debconf-2.0]      1.5.82
ii  dpkg                       1.21.19
ii  libc6                      2.36-8
ii  libxenmisc4.17             4.17.0-1+b1
ii  lsb-base                   11.5
ii  sysvinit-utils [lsb-base]  3.06-2

kexec-tools recommends no packages.

kexec-tools suggests no packages.

-- debconf information excluded

--- kexec-tools-2.0.25.orig/kexec/kexec.c
+++ kexec-tools-2.0.25/kexec/kexec.c
@@ -1049,11 +1049,11 @@ void usage(void)
               "                      to original kernel.\n"
               " -s, --kexec-file-syscall Use file based syscall for kexec 
operation\n"
               " -c, --kexec-syscall  Use the kexec_load syscall for for 
compatibility\n"
-              "                      with systems that don't support -s 
(default)\n"
+              "                      with systems that don't support -s\n"
               " -a, --kexec-syscall-auto  Use file based syscall for kexec and 
fall\n"
               "                      back to the compatibility syscall when file 
based\n"
               "                      syscall is not supported or the kernel did 
not\n"
-              "                      understand the image\n"
+              "                      understand the image (default)\n"
               " -d, --debug          Enable debugging to help spot a 
failure.\n"
               " -S, --status         Return 1 if the type (by default crash) is 
loaded,\n"
               "                      0 if not.\n"
@@ -1407,8 +1407,8 @@ int main(int argc, char *argv[])
        int do_ifdown = 0, skip_ifdown = 0;
        int do_unload = 0;
        int do_reuse_initrd = 0;
-       int do_kexec_file_syscall = 0;
-       int do_kexec_fallback = 0;
+       int do_kexec_file_syscall = 1;
+       int do_kexec_fallback = 1;
        int skip_checks = 0;
        int do_status = 0;
        void *entry = 0;
--- kexec-tools-2.0.25.orig/kexec/kexec.8
+++ kexec-tools-2.0.25/kexec/kexec.8
@@ -151,14 +151,14 @@ Specify that the new kernel is of this
  Specify that the new KEXEC_FILE_LOAD syscall should be used exclusively.
  .TP
  .BI \-c\ (\-\-kexec-syscall)
-Specify that the old KEXEC_LOAD syscall should be used exclusively (the 
default).
+Specify that the old KEXEC_LOAD syscall should be used exclusively.
  .TP
  .BI \-a\ (\-\-kexec-syscall-auto)
  Try the new KEXEC_FILE_LOAD syscall first and when it is not supported or the
  kernel does not understand the supplied image fall back to the old KEXEC_LOAD
  interface.
  
-There is no one single interface that always works.
+There is no one single interface that always works, so this is the default.
  
  KEXEC_FILE_LOAD is required on systems that use locked-down secure boot to
  verify the kernel signature.  KEXEC_LOAD may be also disabled in the kernel