mirrors/talos
1
0
Fork 0
mirror of https://github.com/siderolabs/talos.git synced 2025-10-27 06:21:11 +01:00
Code Issues Packages Projects Releases Wiki Activity

chore: support arm64 kexec from zboot kernel images

Browse Source 
When using kernel images that are using ZBOOT for arm64 we need to
extract the vmlinux from the vmlinuz EFI file and pass it on the the
kexec call.

Ref: https://git.kernel.org/pub/scm/utils/kernel/kexec/kexec-tools.git/tree/kexec/kexec-pe-zboot.c

Fixes: #8907

Signed-off-by: Noel Georgi <git@frezbo.dev>
This commit is contained in:
Noel Georgi 2024-08-13 10:24:54 +05:30
parent 73511c1ef3
commit 091da163b7
No known key found for this signature in database
GPG Key ID: 21A9F444075C9E36
2 changed files with 100 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
internal/app/machined/pkg/runtime/v1alpha1/v1alpha1_sequencer_tasks.go
View File

@ -15,6 +15,7 @@ import (
"log" "log"
"os" "os"
"path/filepath" "path/filepath"
goruntime "runtime"
"slices" "slices"
"strconv" "strconv"
"strings" "strings"
@ -64,6 +65,7 @@ import (
"github.com/siderolabs/talos/internal/pkg/partition" "github.com/siderolabs/talos/internal/pkg/partition"
"github.com/siderolabs/talos/internal/pkg/secureboot" "github.com/siderolabs/talos/internal/pkg/secureboot"
"github.com/siderolabs/talos/internal/pkg/secureboot/tpm2" "github.com/siderolabs/talos/internal/pkg/secureboot/tpm2"
"github.com/siderolabs/talos/internal/zboot"
"github.com/siderolabs/talos/pkg/conditions" "github.com/siderolabs/talos/pkg/conditions"
"github.com/siderolabs/talos/pkg/images" "github.com/siderolabs/talos/pkg/images"
"github.com/siderolabs/talos/pkg/kernel/kspp" "github.com/siderolabs/talos/pkg/kernel/kspp"
@ -2141,6 +2143,24 @@ func KexecPrepare(_ runtime.Sequence, data any) (runtime.TaskExecutionFunc, stri
defer kernel.Close() //nolint:errcheck defer kernel.Close() //nolint:errcheck
fd := int(kernel.Fd())
// on arm64 we need to extract the kernel from the zboot image if it's compressed
if goruntime.GOARCH == "arm64" {
var fileCloser io.Closer
fd, fileCloser, err = zboot.Extract(kernel)
if err != nil {
return err
}
defer func() {
if fileCloser != nil {
fileCloser.Close() //nolint:errcheck
}
}()
}
initrd, err := os.Open(initrdPath) initrd, err := os.Open(initrdPath)
if err != nil { if err != nil {
return err return err
@ -2150,7 +2170,7 @@ func KexecPrepare(_ runtime.Sequence, data any) (runtime.TaskExecutionFunc, stri
cmdline := strings.TrimSpace(defaultEntry.Cmdline) cmdline := strings.TrimSpace(defaultEntry.Cmdline)
if err = unix.KexecFileLoad(int(kernel.Fd()), int(initrd.Fd()), cmdline, 0); err != nil { if err = unix.KexecFileLoad(fd, int(initrd.Fd()), cmdline, 0); err != nil {
switch { switch {
case errors.Is(err, unix.ENOSYS): case errors.Is(err, unix.ENOSYS):
log.Printf("kexec support is disabled in the kernel") log.Printf("kexec support is disabled in the kernel")

79
internal/zboot/zboot.go Normal file
View File

@ -0,0 +1,79 @@
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
// file, You can obtain one at http://mozilla.org/MPL/2.0/.
// Package zboot provides a function to extract the kernel from a Zboot image.
package zboot
import (
"bytes"
"encoding/binary"
"fmt"
"io"
"os"
"github.com/klauspost/compress/zstd"
"golang.org/x/sys/unix"
)
// fileCloser is an interface that wraps the Close method.
type fileCloser interface {
Close() error
}
// Extract extracts the kernel from a Zboot image and returns a file descriptor of the extracted kernel.
func Extract(kernel *os.File) (int, fileCloser, error) {
// https://git.kernel.org/pub/scm/utils/kernel/kexec/kexec-tools.git/tree/include/kexec-pe-zboot.h
var peZbootheaderData [28]byte
if _, err := io.ReadFull(kernel, peZbootheaderData[:]); err != nil {
return 0, nil, err
}
// https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/drivers/firmware/efi/libstub/zboot-header.S
// https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/include/linux/pe.h#n42
if !bytes.Equal(peZbootheaderData[:2], []byte("MZ")) {
return 0, nil, fmt.Errorf("invalid PE Zboot header")
}
// not a Zboot image, return
if !bytes.Equal(peZbootheaderData[4:8], []byte("zimg")) {
return int(kernel.Fd()), nil, nil
}
payloadOffset := binary.LittleEndian.Uint32(peZbootheaderData[8:12])
payloadSize := binary.LittleEndian.Uint32(peZbootheaderData[12:16])
if _, err := kernel.Seek(int64(payloadOffset), io.SeekStart); err != nil {
return 0, nil, fmt.Errorf("failed to seek to kernel zstd data from vmlinuz.efi: %w", err)
}
z, err := zstd.NewReader(io.LimitReader(kernel, int64(payloadSize)))
if err != nil {
return 0, nil, fmt.Errorf("failed to create zstd reader: %w", err)
}
defer z.Close()
fd, err := unix.MemfdCreate("vmlinux", 0)
if err != nil {
return 0, nil, fmt.Errorf("memfdCreate: %v", err)
}
kernelMemfd := os.NewFile(uintptr(fd), "vmlinux")
if _, err := io.Copy(kernelMemfd, z); err != nil {
kernelMemfd.Close() //nolint:errcheck
return 0, nil, fmt.Errorf("failed to copy zstd data to memfd: %w", err)
}
if _, err := kernelMemfd.Seek(0, io.SeekStart); err != nil {
kernelMemfd.Close() //nolint:errcheck
return 0, nil, fmt.Errorf("failed to seek to start of memfd: %w", err)
}
return fd, kernelMemfd, nil
}