diff --git a/.github/workflows/build_test.sh b/.github/workflows/build_test.sh index b60db29efc..1eed81600c 100755 --- a/.github/workflows/build_test.sh +++ b/.github/workflows/build_test.sh @@ -42,6 +42,7 @@ PACKAGES=( libqrencode-dev libssl-dev libtss2-dev + libxen-dev libxkbcommon-dev libxtables-dev libzstd-dev diff --git a/meson.build b/meson.build index ce23181cb4..b128d6b00b 100644 --- a/meson.build +++ b/meson.build @@ -1273,6 +1273,18 @@ else endif conf.set10('HAVE_KMOD', have) +want_xenctrl = get_option('xenctrl') +if want_xenctrl != 'false' and not skip_deps + libxenctrl = dependency('xencontrol', + version : '>= 4.9', + required : want_xenctrl == 'true') + have = libxenctrl.found() +else + have = false + libxenctrl = [] +endif +conf.set10('HAVE_XENCTRL', have) + want_pam = get_option('pam') if want_pam != 'false' and not skip_deps libpam = cc.find_library('pam', required : want_pam == 'true') @@ -4398,6 +4410,7 @@ foreach tuple : [ ['nscd'], ['legacy-pkla', install_polkit_pkla], ['kmod'], + ['xenctrl'], ['dbus'], ['glib'], ['tpm'], diff --git a/meson_options.txt b/meson_options.txt index 814f340840..19e9c2d990 100644 --- a/meson_options.txt +++ b/meson_options.txt @@ -371,6 +371,8 @@ option('fdisk', type : 'combo', choices : ['auto', 'true', 'false'], description : 'libfdisk support') option('kmod', type : 'combo', choices : ['auto', 'true', 'false'], description : 'support for loadable modules') +option('xenctrl', type : 'combo', choices : ['auto', 'true', 'false'], + description : 'support for Xen kexec') option('pam', type : 'combo', choices : ['auto', 'true', 'false'], description : 'PAM support') option('pwquality', type : 'combo', choices : ['auto', 'true', 'false'], diff --git a/mkosi.default.d/debian/10-mkosi.debian b/mkosi.default.d/debian/10-mkosi.debian index 3eea0c74b9..fcde20e8fb 100644 --- a/mkosi.default.d/debian/10-mkosi.debian +++ b/mkosi.default.d/debian/10-mkosi.debian @@ -61,6 +61,7 @@ BuildPackages= libseccomp-dev libsmartcols-dev libssl-dev + libxen-dev libxkbcommon-dev libzstd-dev pahole diff --git a/mkosi.default.d/fedora/10-mkosi.fedora b/mkosi.default.d/fedora/10-mkosi.fedora index ab230f0b24..8154bd1b74 100644 --- a/mkosi.default.d/fedora/10-mkosi.fedora +++ b/mkosi.default.d/fedora/10-mkosi.fedora @@ -67,6 +67,7 @@ BuildPackages= pkgconfig(tss2-mu) pkgconfig(tss2-rc) pkgconfig(valgrind) + pkgconfig(xencontrol) pkgconfig(xkbcommon) python3dist(jinja2) python3dist(lxml) diff --git a/mkosi.default.d/opensuse/10-mkosi.opensuse b/mkosi.default.d/opensuse/10-mkosi.opensuse index 804213baab..b59e7b2333 100644 --- a/mkosi.default.d/opensuse/10-mkosi.opensuse +++ b/mkosi.default.d/opensuse/10-mkosi.opensuse @@ -80,4 +80,5 @@ BuildPackages= systemd-sysvinit timezone tpm2-0-tss-devel + xen-devel zlib-devel diff --git a/mkosi.default.d/ubuntu/10-mkosi.ubuntu b/mkosi.default.d/ubuntu/10-mkosi.ubuntu index 14f337b7ea..192c378886 100644 --- a/mkosi.default.d/ubuntu/10-mkosi.ubuntu +++ b/mkosi.default.d/ubuntu/10-mkosi.ubuntu @@ -62,6 +62,7 @@ BuildPackages= libseccomp-dev libsmartcols-dev libssl-dev + libxen-dev libxkbcommon-dev libzstd-dev pahole diff --git a/src/basic/util.c b/src/basic/util.c index d7ef382737..fbcb87001a 100644 --- a/src/basic/util.c +++ b/src/basic/util.c @@ -23,15 +23,6 @@ int saved_argc = 0; char **saved_argv = NULL; static int saved_in_initrd = -1; -bool kexec_loaded(void) { - _cleanup_free_ char *s = NULL; - - if (read_one_line_file("/sys/kernel/kexec_loaded", &s) < 0) - return false; - - return s[0] == '1'; -} - int prot_from_flags(int flags) { switch (flags & O_ACCMODE) { diff --git a/src/basic/util.h b/src/basic/util.h index 68ae3b51e0..5d5d821610 100644 --- a/src/basic/util.h +++ b/src/basic/util.h @@ -19,8 +19,6 @@ static inline void save_argc_argv(int argc, char **argv) { saved_argv = argv; } -bool kexec_loaded(void); - int prot_from_flags(int flags) _const_; bool in_initrd(void); diff --git a/src/initctl/initctl.c b/src/initctl/initctl.c index 52b1ba199a..e1b85d5218 100644 --- a/src/initctl/initctl.c +++ b/src/initctl/initctl.c @@ -24,6 +24,7 @@ #include "main-func.h" #include "memory-util.h" #include "process-util.h" +#include "reboot-util.h" #include "special.h" #define SERVER_FD_MAX 16 diff --git a/src/shared/meson.build b/src/shared/meson.build index 9e11e13934..97e52c2335 100644 --- a/src/shared/meson.build +++ b/src/shared/meson.build @@ -465,7 +465,8 @@ libshared_deps = [threads, libseccomp, libselinux, libzstd, - libxz] + libxz, + libxenctrl] libshared_sym_path = '@0@/libshared.sym'.format(meson.current_source_dir()) diff --git a/src/shared/reboot-util.c b/src/shared/reboot-util.c index 756f9d30e0..e761bc25a4 100644 --- a/src/shared/reboot-util.c +++ b/src/shared/reboot-util.c @@ -1,11 +1,28 @@ /* SPDX-License-Identifier: LGPL-2.1-or-later */ #include +#include +#include +#include +#include +#include +#include +#include #include +#if HAVE_XENCTRL +#define __XEN_INTERFACE_VERSION__ 0x00040900 +#include +#include +#include +#endif + #include "alloc-util.h" +#include "errno-util.h" +#include "fd-util.h" #include "fileio.h" #include "log.h" +#include "memory-util.h" #include "proc-cmdline.h" #include "raw-reboot.h" #include "reboot-util.h" @@ -107,3 +124,74 @@ int shall_restore_state(void) { return r > 0 ? ret : true; } + +static int xen_kexec_loaded(void) { +#if HAVE_XENCTRL + size_t size; + _cleanup_close_ int privcmd_fd = -1, buf_fd = -1; + void *buffer; + int r; + + if (access("/proc/xen", F_OK) < 0) { + if (errno == ENOENT) + return -EOPNOTSUPP; + return log_debug_errno(errno, "Unable to test whether /proc/xen exists: %m"); + } + + size = page_size(); + if (sizeof(xen_kexec_status_t) > size) + return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "page_size is too small for hypercall"); + + privcmd_fd = open("/dev/xen/privcmd", O_RDWR|O_CLOEXEC); + if (privcmd_fd < 0) + return log_debug_errno(errno, "Cannot access /dev/xen/privcmd: %m"); + + buf_fd = open("/dev/xen/hypercall", O_RDWR|O_CLOEXEC); + if (buf_fd < 0) + return log_debug_errno(errno, "Cannot access /dev/xen/hypercall: %m"); + + buffer = mmap(NULL, size, PROT_READ|PROT_WRITE, MAP_SHARED, buf_fd, 0); + if (buffer == MAP_FAILED) + return log_debug_errno(errno, "Cannot allocate buffer for hypercall: %m"); + + *(xen_kexec_status_t*) buffer = (xen_kexec_status_t) { + .type = KEXEC_TYPE_DEFAULT, + }; + + privcmd_hypercall_t call = { + .op = __HYPERVISOR_kexec_op, + .arg = { + KEXEC_CMD_kexec_status, + PTR_TO_UINT64(buffer), + }, + }; + + r = RET_NERRNO(ioctl(privcmd_fd, IOCTL_PRIVCMD_HYPERCALL, &call)); + if (r < 0) + log_debug_errno(r, "kexec_status failed: %m"); + + munmap(buffer, size); + + return r; +#else + return -EOPNOTSUPP; +#endif +} + +bool kexec_loaded(void) { + _cleanup_free_ char *s = NULL; + int r; + + r = xen_kexec_loaded(); + if (r >= 0) + return r; + + r = read_one_line_file("/sys/kernel/kexec_loaded", &s); + if (r < 0) { + if (r != -ENOENT) + log_debug_errno(r, "Unable to read /sys/kernel/kexec_loaded, ignoring: %m"); + return false; + } + + return s[0] == '1'; +} diff --git a/src/shared/reboot-util.h b/src/shared/reboot-util.h index bbca8b858d..9e6366206e 100644 --- a/src/shared/reboot-util.h +++ b/src/shared/reboot-util.h @@ -13,3 +13,5 @@ int read_reboot_parameter(char **parameter); int reboot_with_parameter(RebootFlags flags); int shall_restore_state(void); + +bool kexec_loaded(void); diff --git a/src/systemctl/systemctl-compat-shutdown.c b/src/systemctl/systemctl-compat-shutdown.c index 6571802f95..9d39e362ea 100644 --- a/src/systemctl/systemctl-compat-shutdown.c +++ b/src/systemctl/systemctl-compat-shutdown.c @@ -4,6 +4,7 @@ #include "alloc-util.h" #include "pretty-print.h" +#include "reboot-util.h" #include "systemctl-compat-shutdown.h" #include "systemctl-sysv-compat.h" #include "systemctl.h" diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c index 5858c3f6d3..02a298d572 100644 --- a/src/systemctl/systemctl.c +++ b/src/systemctl/systemctl.c @@ -17,6 +17,7 @@ #include "path-util.h" #include "pretty-print.h" #include "process-util.h" +#include "reboot-util.h" #include "rlimit-util.h" #include "sigbus.h" #include "signal-util.h"