init: allow CONFIG_INIT_FALLBACK=n to disable defaults if init= fails

If a user puts init=/whatever on the command line and /whatever can't be
run, then the kernel will try a few default options before giving up.  If
init=/whatever came from a bootloader prompt, then this is unexpected but
probably harmless.  On the other hand, if it comes from a script (e.g.  a
tool like virtme or perhaps a future kselftest script), then the fallbacks
are likely to exist, but they'll do the wrong thing.  For example, they
might unexpectedly invoke systemd.

This adds a config option CONFIG_INIT_FALLBACK.  If unset, then a failure
to run the specified init= process be fatal.

The tentative plan is to remove CONFIG_INIT_FALLBACK for 3.20.

[akpm@linux-foundation.org: coding-style fixes]
Signed-off-by: Andy Lutomirski <luto@amacapital.net>
Cc: Rob Landley <rob@landley.net>
Cc: Chuck Ebbert <cebbert.lkml@gmail.com>
Cc: Randy Dunlap <rdunlap@infradead.org>
Cc: Shuah Khan <shuah.kh@samsung.com>
Cc: Frank Rowand <frowand.list@gmail.com>
Cc: Josh Triplett <josh@joshtriplett.org>
Acked-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

diff --git a/init/Kconfig b/init/Kconfig
index 7e9fbd4..9afb971 100644 (file)
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -1280,6 +1280,22 @@ source "usr/Kconfig"
 
 endif
 
 
 endif
 

+config INIT_FALLBACK
+       bool "Fall back to defaults if init= parameter is bad"
+       default y
+       help
+         If enabled, the kernel will try the default init binaries if an
+         explicit request from the init= parameter fails.
+
+         This can have unexpected effects.  For example, booting
+         with init=/sbin/kiosk_app will run /sbin/init or even /bin/sh
+         if /sbin/kiosk_app cannot be executed.
+
+         The default value of Y is consistent with historical behavior.
+         Selecting N is likely to be more appropriate for most uses,
+         especially on kiosks and on kernels that are intended to be
+         run under the control of a script.
+

 config CC_OPTIMIZE_FOR_SIZE
        bool "Optimize for size"
        help
 config CC_OPTIMIZE_FOR_SIZE
        bool "Optimize for size"
        help

diff --git a/init/main.c b/init/main.c
index d2e4ead..ca380ec 100644 (file)
--- a/init/main.c
+++ b/init/main.c
@@ -952,8 +952,13 @@ static int __ref kernel_init(void *unused)
                ret = run_init_process(execute_command);
                if (!ret)
                        return 0;
                ret = run_init_process(execute_command);
                if (!ret)
                        return 0;

+#ifndef CONFIG_INIT_FALLBACK
+               panic("Requested init %s failed (error %d).",
+                     execute_command, ret);
+#else

                pr_err("Failed to execute %s (error %d).  Attempting defaults...\n",
                pr_err("Failed to execute %s (error %d).  Attempting defaults...\n",

-                       execute_command, ret);
+                      execute_command, ret);
+#endif

        }
        if (!try_to_run_init_process("/sbin/init") ||
            !try_to_run_init_process("/etc/init") ||
        }
        if (!try_to_run_init_process("/sbin/init") ||
            !try_to_run_init_process("/etc/init") ||