2 files changed, 47 insertions, 0 deletions
diff --git a/meta/recipes-kernel/kexec/kexec-tools/0001-kexec.c-add-MFD_NOEXEC_SEAL-flag-explicitly.patch b/meta/recipes-kernel/kexec/kexec-tools/0001-kexec.c-add-MFD_NOEXEC_SEAL-flag-explicitly.patch
new file mode 100644
index 0000000000..dc52981025
--- /dev/null
+++ b/meta/recipes-kernel/kexec/kexec-tools/0001-kexec.c-add-MFD_NOEXEC_SEAL-flag-explicitly.patch
@@ -0,0 +1,46 @@
+From a6a9e17dfeb5627f3e6f569b66f243f50f8a3645 Mon Sep 17 00:00:00 2001
+From: Chen Qi <Qi.Chen@windriver.com>
+Date: Tue, 6 Aug 2024 21:42:43 -0700
+Subject: [PATCH] kexec.c: add MFD_NOEXEC_SEAL flag explicitly
+Add MFD_NOEXEC_SEAL to avoid kernel warning like below:
+  kexec[970]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set
+For old kernels, there will be no MFD_NOEXEC_SEAL definition, so fallback
+to define it to 0.
+Upstream-Status: Submitted [https://github.com/horms/kexec-tools/pull/7]
+Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
+---
+ kexec/kexec.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+diff --git a/kexec/kexec.c b/kexec/kexec.c
+index 7c614b0..41d285d 100644
+--- a/kexec/kexec.c
+++ b/kexec/kexec.c
+@@ -60,6 +60,10 @@
+ #define KEXEC_LOADED_PATH "/sys/kernel/kexec_loaded"
+ #define KEXEC_CRASH_LOADED_PATH "/sys/kernel/kexec_crash_loaded"
+ 
+#ifndef MFD_NOEXEC_SEAL
+#define MFD_NOEXEC_SEAL 0
+#endif
+
+ unsigned long long mem_min = 0;
+ unsigned long long mem_max = ULONG_MAX;
+ unsigned long elfcorehdrsz = 0;
+@@ -655,7 +659,7 @@ static int copybuf_memfd(const char *kernel_buf, size_t size)
+ {
+        int fd, count;
+ 
+-       fd = memfd_create("kernel", MFD_ALLOW_SEALING);
+       fd = memfd_create("kernel", MFD_ALLOW_SEALING | MFD_NOEXEC_SEAL);
+        if (fd == -1)
+                return fd;
+ 
+-- 
+2.25.1
diff --git a/meta/recipes-kernel/kexec/kexec-tools_2.0.29.bb b/meta/recipes-kernel/kexec/kexec-tools_2.0.29.bb
index b88db60ee8..2c2901f19e 100644
--- a/meta/recipes-kernel/kexec/kexec-tools_2.0.29.bb
+++ b/meta/recipes-kernel/kexec/kexec-tools_2.0.29.bb
@@ -16,6 +16,7 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/utils/kernel/kexec/kexec-tools-${PV}.tar.gz
           file://0002-purgatory-Pass-r-directly-to-linker.patch \
           file://0005-Disable-PIE-during-link.patch \
           file://0001-arm64-kexec-disabled-check-if-kaslr-seed-dtb-propert.patch \
+           file://0001-kexec.c-add-MFD_NOEXEC_SEAL-flag-explicitly.patch \
           "
 SRC_URI[sha256sum] = "0756dd54dab2f2a437e5d4df64b9760c3e6cf6a7d29fb296bdeeeb749f6ea28e"

diff --git a/meta/recipes-kernel/kexec/kexec-tools/0001-kexec.c-add-MFD_NOEXEC_SEAL-flag-explicitly.patch b/meta/recipes-kernel/kexec/kexec-tools/0001-kexec.c-add-MFD_NOEXEC_SEAL-flag-explicitly.patch new file mode 100644 index 0000000000..dc52981025 --- /dev/null +++ b/meta/recipes-kernel/kexec/kexec-tools/0001-kexec.c-add-MFD_NOEXEC_SEAL-flag-explicitly.patch
@@ -0,0 +1,46 @@
		1	From a6a9e17dfeb5627f3e6f569b66f243f50f8a3645 Mon Sep 17 00:00:00 2001
		2	From: Chen Qi <Qi.Chen@windriver.com>
		3	Date: Tue, 6 Aug 2024 21:42:43 -0700
		4	Subject: [PATCH] kexec.c: add MFD_NOEXEC_SEAL flag explicitly
		5
		6	Add MFD_NOEXEC_SEAL to avoid kernel warning like below:
		7
		8	kexec[970]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set
		9
		10	For old kernels, there will be no MFD_NOEXEC_SEAL definition, so fallback
		11	to define it to 0.
		12
		13	Upstream-Status: Submitted [https://github.com/horms/kexec-tools/pull/7]
		14
		15	Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
		16	---
		17	kexec/kexec.c \| 6 +++++-
		18	1 file changed, 5 insertions(+), 1 deletion(-)
		19
		20	diff --git a/kexec/kexec.c b/kexec/kexec.c
		21	index 7c614b0..41d285d 100644
		22	--- a/kexec/kexec.c
		23	+++ b/kexec/kexec.c
		24	@@ -60,6 +60,10 @@
		25	#define KEXEC_LOADED_PATH "/sys/kernel/kexec_loaded"
		26	#define KEXEC_CRASH_LOADED_PATH "/sys/kernel/kexec_crash_loaded"
		27
		28	+#ifndef MFD_NOEXEC_SEAL
		29	+#define MFD_NOEXEC_SEAL 0
		30	+#endif
		31	+
		32	unsigned long long mem_min = 0;
		33	unsigned long long mem_max = ULONG_MAX;
		34	unsigned long elfcorehdrsz = 0;
		35	@@ -655,7 +659,7 @@ static int copybuf_memfd(const char *kernel_buf, size_t size)
		36	{
		37	int fd, count;
		38
		39	- fd = memfd_create("kernel", MFD_ALLOW_SEALING);
		40	+ fd = memfd_create("kernel", MFD_ALLOW_SEALING \| MFD_NOEXEC_SEAL);
		41	if (fd == -1)
		42	return fd;
		43
		44	--
		45	2.25.1
		46


diff --git a/meta/recipes-kernel/kexec/kexec-tools_2.0.29.bb b/meta/recipes-kernel/kexec/kexec-tools_2.0.29.bb index b88db60ee8..2c2901f19e 100644 --- a/meta/recipes-kernel/kexec/kexec-tools_2.0.29.bb +++ b/meta/recipes-kernel/kexec/kexec-tools_2.0.29.bb
@@ -16,6 +16,7 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/utils/kernel/kexec/kexec-tools-${PV}.tar.gz
16	file://0002-purgatory-Pass-r-directly-to-linker.patch \	16	file://0002-purgatory-Pass-r-directly-to-linker.patch \
17	file://0005-Disable-PIE-during-link.patch \	17	file://0005-Disable-PIE-during-link.patch \
18	file://0001-arm64-kexec-disabled-check-if-kaslr-seed-dtb-propert.patch \	18	file://0001-arm64-kexec-disabled-check-if-kaslr-seed-dtb-propert.patch \
		19	file://0001-kexec.c-add-MFD_NOEXEC_SEAL-flag-explicitly.patch \
19	"	20	"
20		21
21	SRC_URI[sha256sum] = "0756dd54dab2f2a437e5d4df64b9760c3e6cf6a7d29fb296bdeeeb749f6ea28e"	22	SRC_URI[sha256sum] = "0756dd54dab2f2a437e5d4df64b9760c3e6cf6a7d29fb296bdeeeb749f6ea28e"