summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndy Lutomirski <luto@amacapital.net>2014-12-10 15:52:19 -0800
committerLinus Torvalds <torvalds@linux-foundation.org>2014-12-10 17:41:12 -0800
commit6ef4536e2f19c4dba3637413d73ea00b19764bc0 (patch)
treee286e65b4ba1ce1089a7dc87cf642cfb6fdbbe6b
parent52f5592e549c013feb9bb71cab3e6fd624633577 (diff)
downloadlwn-6ef4536e2f19c4dba3637413d73ea00b19764bc0.tar.gz
lwn-6ef4536e2f19c4dba3637413d73ea00b19764bc0.zip
init: allow CONFIG_INIT_FALLBACK=n to disable defaults if init= fails
If a user puts init=/whatever on the command line and /whatever can't be run, then the kernel will try a few default options before giving up. If init=/whatever came from a bootloader prompt, then this is unexpected but probably harmless. On the other hand, if it comes from a script (e.g. a tool like virtme or perhaps a future kselftest script), then the fallbacks are likely to exist, but they'll do the wrong thing. For example, they might unexpectedly invoke systemd. This adds a config option CONFIG_INIT_FALLBACK. If unset, then a failure to run the specified init= process be fatal. The tentative plan is to remove CONFIG_INIT_FALLBACK for 3.20. [akpm@linux-foundation.org: coding-style fixes] Signed-off-by: Andy Lutomirski <luto@amacapital.net> Cc: Rob Landley <rob@landley.net> Cc: Chuck Ebbert <cebbert.lkml@gmail.com> Cc: Randy Dunlap <rdunlap@infradead.org> Cc: Shuah Khan <shuah.kh@samsung.com> Cc: Frank Rowand <frowand.list@gmail.com> Cc: Josh Triplett <josh@joshtriplett.org> Acked-by: Rusty Russell <rusty@rustcorp.com.au> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-rw-r--r--init/Kconfig16
-rw-r--r--init/main.c7
2 files changed, 22 insertions, 1 deletions
diff --git a/init/Kconfig b/init/Kconfig
index 7e9fbd48e2ab..9afb971497f4 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -1280,6 +1280,22 @@ source "usr/Kconfig"
endif
+config INIT_FALLBACK
+ bool "Fall back to defaults if init= parameter is bad"
+ default y
+ help
+ If enabled, the kernel will try the default init binaries if an
+ explicit request from the init= parameter fails.
+
+ This can have unexpected effects. For example, booting
+ with init=/sbin/kiosk_app will run /sbin/init or even /bin/sh
+ if /sbin/kiosk_app cannot be executed.
+
+ The default value of Y is consistent with historical behavior.
+ Selecting N is likely to be more appropriate for most uses,
+ especially on kiosks and on kernels that are intended to be
+ run under the control of a script.
+
config CC_OPTIMIZE_FOR_SIZE
bool "Optimize for size"
help
diff --git a/init/main.c b/init/main.c
index d2e4ead4891f..ca380ec685de 100644
--- a/init/main.c
+++ b/init/main.c
@@ -952,8 +952,13 @@ static int __ref kernel_init(void *unused)
ret = run_init_process(execute_command);
if (!ret)
return 0;
+#ifndef CONFIG_INIT_FALLBACK
+ panic("Requested init %s failed (error %d).",
+ execute_command, ret);
+#else
pr_err("Failed to execute %s (error %d). Attempting defaults...\n",
- execute_command, ret);
+ execute_command, ret);
+#endif
}
if (!try_to_run_init_process("/sbin/init") ||
!try_to_run_init_process("/etc/init") ||