]> Git Repo - linux.git/blame - kernel/kexec_core.c
projects / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
lockdep: Fix block chain corruption
[linux.git] / kernel / kexec_core.c
CommitLineData
40b0b3f8 1// SPDX-License-Identifier: GPL-2.0-only
2965faa5
DY		 2/*
3 * kexec.c - kexec system call core code.
4 * Copyright (C) 2002-2004 Eric Biederman <[email protected]>
2965faa5
DY		 5 */
6
de90a6bc 7#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
2965faa5 8
400031e0 9#include <linux/btf.h>
2965faa5
DY		 10#include <linux/capability.h>
11#include <linux/mm.h>
12#include <linux/file.h>
13#include <linux/slab.h>
14#include <linux/fs.h>
15#include <linux/kexec.h>
16#include <linux/mutex.h>
17#include <linux/list.h>
18#include <linux/highmem.h>
19#include <linux/syscalls.h>
20#include <linux/reboot.h>
21#include <linux/ioport.h>
22#include <linux/hardirq.h>
23#include <linux/elf.h>
24#include <linux/elfcore.h>
25#include <linux/utsname.h>
26#include <linux/numa.h>
27#include <linux/suspend.h>
28#include <linux/device.h>
29#include <linux/freezer.h>
f39650de 30#include <linux/panic_notifier.h>
2965faa5
DY		 31#include <linux/pm.h>
32#include <linux/cpu.h>
33#include <linux/uaccess.h>
34#include <linux/io.h>
35#include <linux/console.h>
36#include <linux/vmalloc.h>
37#include <linux/swap.h>
38#include <linux/syscore_ops.h>
39#include <linux/compiler.h>
40#include <linux/hugetlb.h>
00089c04 41#include <linux/objtool.h>
b2075dbb 42#include <linux/kmsg_dump.h>
2965faa5
DY		 43
44#include <asm/page.h>
45#include <asm/sections.h>
46
47#include <crypto/hash.h>
2965faa5
DY		 48#include "kexec_internal.h"
49
05c62574 50atomic_t __kexec_lock = ATOMIC_INIT(0);
2965faa5 51
2965faa5
DY		 52/* Flag to indicate we are going to kexec a new kernel */
53bool kexec_in_progress = false;
54
2965faa5
DY		 55int kexec_should_crash(struct task_struct *p)
56{
57 /*
58 * If crash_kexec_post_notifiers is enabled, don't run
59 * crash_kexec() here yet, which must be run after panic
60 * notifiers in panic().
61 */
62 if (crash_kexec_post_notifiers)
63 return 0;
64 /*
05ea0424 65 * There are 4 panic() calls in make_task_dead() path, each of which
2965faa5
DY		 66 * corresponds to each of these 4 conditions.
67 */
68 if (in_interrupt() || !p->pid || is_global_init(p) || panic_on_oops)
69 return 1;
70 return 0;
71}
72
21db79e8
PT		 73int kexec_crash_loaded(void)
74{
75 return !!kexec_crash_image;
76}
77EXPORT_SYMBOL_GPL(kexec_crash_loaded);
78
2965faa5
DY		 79/*
80 * When kexec transitions to the new kernel there is a one-to-one
81 * mapping between physical and virtual addresses. On processors
82 * where you can disable the MMU this is trivial, and easy. For
83 * others it is still a simple predictable page table to setup.
84 *
85 * In that environment kexec copies the new kernel to its final
86 * resting place. This means I can only support memory whose
87 * physical address can fit in an unsigned long. In particular
88 * addresses where (pfn << PAGE_SHIFT) > ULONG_MAX cannot be handled.
89 * If the assembly stub has more restrictive requirements
90 * KEXEC_SOURCE_MEMORY_LIMIT and KEXEC_DEST_MEMORY_LIMIT can be
91 * defined more restrictively in <asm/kexec.h>.
92 *
93 * The code for the transition from the current kernel to the
7b7b8a2c 94 * new kernel is placed in the control_code_buffer, whose size
2965faa5
DY		 95 * is given by KEXEC_CONTROL_PAGE_SIZE. In the best case only a single
96 * page of memory is necessary, but some architectures require more.
97 * Because this memory must be identity mapped in the transition from
98 * virtual to physical addresses it must live in the range
99 * 0 - TASK_SIZE, as only the user space mappings are arbitrarily
100 * modifiable.
101 *
102 * The assembly stub in the control code buffer is passed a linked list
103 * of descriptor pages detailing the source pages of the new kernel,
104 * and the destination addresses of those source pages. As this data
105 * structure is not used in the context of the current OS, it must
106 * be self-contained.
107 *
108 * The code has been made to work with highmem pages and will use a
109 * destination page in its final resting place (if it happens
110 * to allocate it). The end product of this is that most of the
111 * physical address space, and most of RAM can be used.
112 *
113 * Future directions include:
114 * - allocating a page table with the control code buffer identity
115 * mapped, to simplify machine_kexec and make kexec_on_panic more
116 * reliable.
117 */
118
119/*
120 * KIMAGE_NO_DEST is an impossible destination address..., for
121 * allocating pages whose destination address we do not care about.
122 */
123#define KIMAGE_NO_DEST (-1UL)
1730f146 124#define PAGE_COUNT(x) (((x) + PAGE_SIZE - 1) >> PAGE_SHIFT)
2965faa5
DY		 125
126static struct page *kimage_alloc_page(struct kimage *image,
127 gfp_t gfp_mask,
128 unsigned long dest);
129
130int sanity_check_segment_list(struct kimage *image)
131{
4caf9615 132 int i;
2965faa5 133 unsigned long nr_segments = image->nr_segments;
1730f146 134 unsigned long total_pages = 0;
ca79b0c2 135 unsigned long nr_pages = totalram_pages();
2965faa5
DY		 136
137 /*
138 * Verify we have good destination addresses. The caller is
139 * responsible for making certain we don't attempt to load
140 * the new image into invalid or reserved areas of RAM. This
141 * just verifies it is an address we can use.
142 *
143 * Since the kernel does everything in page size chunks ensure
144 * the destination addresses are page aligned. Too many
145 * special cases crop of when we don't do this. The most
146 * insidious is getting overlapping destination addresses
147 * simply because addresses are changed to page size
148 * granularity.
149 */
2965faa5
DY		 150 for (i = 0; i < nr_segments; i++) {
151 unsigned long mstart, mend;
152
153 mstart = image->segment[i].mem;
154 mend = mstart + image->segment[i].memsz;
465d3777
RK		 155 if (mstart > mend)
156 return -EADDRNOTAVAIL;
2965faa5 157 if ((mstart & ~PAGE_MASK) || (mend & ~PAGE_MASK))
4caf9615 158 return -EADDRNOTAVAIL;
2965faa5 159 if (mend >= KEXEC_DESTINATION_MEMORY_LIMIT)
4caf9615 160 return -EADDRNOTAVAIL;
2965faa5
DY		 161 }
162
163 /* Verify our destination addresses do not overlap.
164 * If we alloed overlapping destination addresses
165 * through very weird things can happen with no
166 * easy explanation as one segment stops on another.
167 */
2965faa5
DY		 168 for (i = 0; i < nr_segments; i++) {
169 unsigned long mstart, mend;
170 unsigned long j;
171
172 mstart = image->segment[i].mem;
173 mend = mstart + image->segment[i].memsz;
174 for (j = 0; j < i; j++) {
175 unsigned long pstart, pend;
176
177 pstart = image->segment[j].mem;
178 pend = pstart + image->segment[j].memsz;
179 /* Do the segments overlap ? */
180 if ((mend > pstart) && (mstart < pend))
4caf9615 181 return -EINVAL;
2965faa5
DY		 182 }
183 }
184
185 /* Ensure our buffer sizes are strictly less than
186 * our memory sizes. This should always be the case,
187 * and it is easier to check up front than to be surprised
188 * later on.
189 */
2965faa5
DY		 190 for (i = 0; i < nr_segments; i++) {
191 if (image->segment[i].bufsz > image->segment[i].memsz)
4caf9615 192 return -EINVAL;
2965faa5
DY		 193 }
194
1730f146 195 /*
196 * Verify that no more than half of memory will be consumed. If the
197 * request from userspace is too large, a large amount of time will be
198 * wasted allocating pages, which can cause a soft lockup.
199 */
200 for (i = 0; i < nr_segments; i++) {
3d6357de 201 if (PAGE_COUNT(image->segment[i].memsz) > nr_pages / 2)
1730f146 202 return -EINVAL;
203
204 total_pages += PAGE_COUNT(image->segment[i].memsz);
205 }
206
3d6357de 207 if (total_pages > nr_pages / 2)
1730f146 208 return -EINVAL;
209
2965faa5
DY		 210 /*
211 * Verify we have good destination addresses. Normally
212 * the caller is responsible for making certain we don't
213 * attempt to load the new image into invalid or reserved
214 * areas of RAM. But crash kernels are preloaded into a
215 * reserved area of ram. We must ensure the addresses
216 * are in the reserved area otherwise preloading the
217 * kernel could corrupt things.
218 */
219
220 if (image->type == KEXEC_TYPE_CRASH) {
2965faa5
DY		 221 for (i = 0; i < nr_segments; i++) {
222 unsigned long mstart, mend;
223
224 mstart = image->segment[i].mem;
225 mend = mstart + image->segment[i].memsz - 1;
226 /* Ensure we are within the crash kernel limits */
43546d86
RK		 227 if ((mstart < phys_to_boot_phys(crashk_res.start)) ||
228 (mend > phys_to_boot_phys(crashk_res.end)))
4caf9615 229 return -EADDRNOTAVAIL;
2965faa5
DY		 230 }
231 }
232
233 return 0;
234}
235
236struct kimage *do_kimage_alloc_init(void)
237{
238 struct kimage *image;
239
240 /* Allocate a controlling structure */
241 image = kzalloc(sizeof(*image), GFP_KERNEL);
242 if (!image)
243 return NULL;
244
245 image->head = 0;
246 image->entry = &image->head;
247 image->last_entry = &image->head;
248 image->control_page = ~0; /* By default this does not apply */
249 image->type = KEXEC_TYPE_DEFAULT;
250
251 /* Initialize the list of control pages */
252 INIT_LIST_HEAD(&image->control_pages);
253
254 /* Initialize the list of destination pages */
255 INIT_LIST_HEAD(&image->dest_pages);
256
257 /* Initialize the list of unusable pages */
258 INIT_LIST_HEAD(&image->unusable_pages);
259
24726275
ED		 260#ifdef CONFIG_CRASH_HOTPLUG
261 image->hp_action = KEXEC_CRASH_HP_NONE;
262 image->elfcorehdr_index = -1;
263 image->elfcorehdr_updated = false;
264#endif
265
2965faa5
DY		 266 return image;
267}
268
269int kimage_is_destination_range(struct kimage *image,
270 unsigned long start,
271 unsigned long end)
272{
273 unsigned long i;
274
275 for (i = 0; i < image->nr_segments; i++) {
276 unsigned long mstart, mend;
277
278 mstart = image->segment[i].mem;
279 mend = mstart + image->segment[i].memsz;
280 if ((end > mstart) && (start < mend))
281 return 1;
282 }
283
284 return 0;
285}
286
287static struct page *kimage_alloc_pages(gfp_t gfp_mask, unsigned int order)
288{
289 struct page *pages;
290
7c3a6aed
TH		 291 if (fatal_signal_pending(current))
292 return NULL;
bba4ed01 293 pages = alloc_pages(gfp_mask & ~__GFP_ZERO, order);
2965faa5
DY		 294 if (pages) {
295 unsigned int count, i;
296
297 pages->mapping = NULL;
298 set_page_private(pages, order);
299 count = 1 << order;
300 for (i = 0; i < count; i++)
301 SetPageReserved(pages + i);
bba4ed01
TL		 302
303 arch_kexec_post_alloc_pages(page_address(pages), count,
304 gfp_mask);
305
306 if (gfp_mask & __GFP_ZERO)
307 for (i = 0; i < count; i++)
308 clear_highpage(pages + i);
2965faa5
DY		 309 }
310
311 return pages;
312}
313
314static void kimage_free_pages(struct page *page)
315{
316 unsigned int order, count, i;
317
318 order = page_private(page);
319 count = 1 << order;
bba4ed01
TL		 320
321 arch_kexec_pre_free_pages(page_address(page), count);
322
2965faa5
DY		 323 for (i = 0; i < count; i++)
324 ClearPageReserved(page + i);
325 __free_pages(page, order);
326}
327
328void kimage_free_page_list(struct list_head *list)
329{
2b24692b 330 struct page *page, *next;
2965faa5 331
2b24692b 332 list_for_each_entry_safe(page, next, list, lru) {
2965faa5
DY		 333 list_del(&page->lru);
334 kimage_free_pages(page);
335 }
336}
337
338static struct page *kimage_alloc_normal_control_pages(struct kimage *image,
339 unsigned int order)
340{
341 /* Control pages are special, they are the intermediaries
342 * that are needed while we copy the rest of the pages
343 * to their final resting place. As such they must
344 * not conflict with either the destination addresses
345 * or memory the kernel is already using.
346 *
347 * The only case where we really need more than one of
348 * these are for architectures where we cannot disable
349 * the MMU and must instead generate an identity mapped
350 * page table for all of the memory.
351 *
352 * At worst this runs in O(N) of the image size.
353 */
354 struct list_head extra_pages;
355 struct page *pages;
356 unsigned int count;
357
358 count = 1 << order;
359 INIT_LIST_HEAD(&extra_pages);
360
361 /* Loop while I can allocate a page and the page allocated
362 * is a destination page.
363 */
364 do {
365 unsigned long pfn, epfn, addr, eaddr;
366
367 pages = kimage_alloc_pages(KEXEC_CONTROL_MEMORY_GFP, order);
368 if (!pages)
369 break;
43546d86 370 pfn = page_to_boot_pfn(pages);
2965faa5
DY		 371 epfn = pfn + count;
372 addr = pfn << PAGE_SHIFT;
373 eaddr = epfn << PAGE_SHIFT;
374 if ((epfn >= (KEXEC_CONTROL_MEMORY_LIMIT >> PAGE_SHIFT)) ||
375 kimage_is_destination_range(image, addr, eaddr)) {
376 list_add(&pages->lru, &extra_pages);
377 pages = NULL;
378 }
379 } while (!pages);
380
381 if (pages) {
382 /* Remember the allocated page... */
383 list_add(&pages->lru, &image->control_pages);
384
385 /* Because the page is already in it's destination
386 * location we will never allocate another page at
387 * that address. Therefore kimage_alloc_pages
388 * will not return it (again) and we don't need
389 * to give it an entry in image->segment[].
390 */
391 }
392 /* Deal with the destination pages I have inadvertently allocated.
393 *
394 * Ideally I would convert multi-page allocations into single
395 * page allocations, and add everything to image->dest_pages.
396 *
397 * For now it is simpler to just free the pages.
398 */
399 kimage_free_page_list(&extra_pages);
400
401 return pages;
402}
403
404static struct page *kimage_alloc_crash_control_pages(struct kimage *image,
405 unsigned int order)
406{
407 /* Control pages are special, they are the intermediaries
408 * that are needed while we copy the rest of the pages
409 * to their final resting place. As such they must
410 * not conflict with either the destination addresses
411 * or memory the kernel is already using.
412 *
413 * Control pages are also the only pags we must allocate
414 * when loading a crash kernel. All of the other pages
415 * are specified by the segments and we just memcpy
416 * into them directly.
417 *
418 * The only case where we really need more than one of
419 * these are for architectures where we cannot disable
420 * the MMU and must instead generate an identity mapped
421 * page table for all of the memory.
422 *
423 * Given the low demand this implements a very simple
424 * allocator that finds the first hole of the appropriate
425 * size in the reserved memory region, and allocates all
426 * of the memory up to and including the hole.
427 */
428 unsigned long hole_start, hole_end, size;
429 struct page *pages;
430
431 pages = NULL;
432 size = (1 << order) << PAGE_SHIFT;
433 hole_start = (image->control_page + (size - 1)) & ~(size - 1);
434 hole_end = hole_start + size - 1;
435 while (hole_end <= crashk_res.end) {
436 unsigned long i;
437
8e53c073 438 cond_resched();
439
2965faa5
DY		 440 if (hole_end > KEXEC_CRASH_CONTROL_MEMORY_LIMIT)
441 break;
442 /* See if I overlap any of the segments */
443 for (i = 0; i < image->nr_segments; i++) {
444 unsigned long mstart, mend;
445
446 mstart = image->segment[i].mem;
447 mend = mstart + image->segment[i].memsz - 1;
448 if ((hole_end >= mstart) && (hole_start <= mend)) {
449 /* Advance the hole to the end of the segment */
450 hole_start = (mend + (size - 1)) & ~(size - 1);
451 hole_end = hole_start + size - 1;
452 break;
453 }
454 }
455 /* If I don't overlap any segments I have found my hole! */
456 if (i == image->nr_segments) {
457 pages = pfn_to_page(hole_start >> PAGE_SHIFT);
04e9949b 458 image->control_page = hole_end;
2965faa5
DY		 459 break;
460 }
461 }
2965faa5 462
9cf38d55
LJ		 463 /* Ensure that these pages are decrypted if SME is enabled. */
464 if (pages)
465 arch_kexec_post_alloc_pages(page_address(pages), 1 << order, 0);
466
2965faa5
DY		 467 return pages;
468}
469
470
471struct page *kimage_alloc_control_pages(struct kimage *image,
472 unsigned int order)
473{
474 struct page *pages = NULL;
475
476 switch (image->type) {
477 case KEXEC_TYPE_DEFAULT:
478 pages = kimage_alloc_normal_control_pages(image, order);
479 break;
480 case KEXEC_TYPE_CRASH:
481 pages = kimage_alloc_crash_control_pages(image, order);
482 break;
483 }
484
485 return pages;
486}
487
1229384f
XP		 488int kimage_crash_copy_vmcoreinfo(struct kimage *image)
489{
490 struct page *vmcoreinfo_page;
491 void *safecopy;
492
493 if (image->type != KEXEC_TYPE_CRASH)
494 return 0;
495
496 /*
497 * For kdump, allocate one vmcoreinfo safe copy from the
498 * crash memory. as we have arch_kexec_protect_crashkres()
499 * after kexec syscall, we naturally protect it from write
500 * (even read) access under kernel direct mapping. But on
501 * the other hand, we still need to operate it when crash
502 * happens to generate vmcoreinfo note, hereby we rely on
503 * vmap for this purpose.
504 */
505 vmcoreinfo_page = kimage_alloc_control_pages(image, 0);
506 if (!vmcoreinfo_page) {
507 pr_warn("Could not allocate vmcoreinfo buffer\n");
508 return -ENOMEM;
509 }
510 safecopy = vmap(&vmcoreinfo_page, 1, VM_MAP, PAGE_KERNEL);
511 if (!safecopy) {
512 pr_warn("Could not vmap vmcoreinfo buffer\n");
513 return -ENOMEM;
514 }
515
516 image->vmcoreinfo_data_copy = safecopy;
517 crash_update_vmcoreinfo_safecopy(safecopy);
518
519 return 0;
520}
521
2965faa5
DY		 522static int kimage_add_entry(struct kimage *image, kimage_entry_t entry)
523{
524 if (*image->entry != 0)
525 image->entry++;
526
527 if (image->entry == image->last_entry) {
528 kimage_entry_t *ind_page;
529 struct page *page;
530
531 page = kimage_alloc_page(image, GFP_KERNEL, KIMAGE_NO_DEST);
532 if (!page)
533 return -ENOMEM;
534
535 ind_page = page_address(page);
43546d86 536 *image->entry = virt_to_boot_phys(ind_page) | IND_INDIRECTION;
2965faa5
DY		 537 image->entry = ind_page;
538 image->last_entry = ind_page +
539 ((PAGE_SIZE/sizeof(kimage_entry_t)) - 1);
540 }
541 *image->entry = entry;
542 image->entry++;
543 *image->entry = 0;
544
545 return 0;
546}
547
548static int kimage_set_destination(struct kimage *image,
549 unsigned long destination)
550{
2965faa5 551 destination &= PAGE_MASK;
2965faa5 552
32d0c98e 553 return kimage_add_entry(image, destination | IND_DESTINATION);
2965faa5
DY		 554}
555
556
557static int kimage_add_page(struct kimage *image, unsigned long page)
558{
2965faa5 559 page &= PAGE_MASK;
2965faa5 560
32d0c98e 561 return kimage_add_entry(image, page | IND_SOURCE);
2965faa5
DY		 562}
563
564
565static void kimage_free_extra_pages(struct kimage *image)
566{
567 /* Walk through and free any extra destination pages I may have */
568 kimage_free_page_list(&image->dest_pages);
569
570 /* Walk through and free any unusable pages I have cached */
571 kimage_free_page_list(&image->unusable_pages);
572
573}
de68e4da 574
2965faa5
DY		 575void kimage_terminate(struct kimage *image)
576{
577 if (*image->entry != 0)
578 image->entry++;
579
580 *image->entry = IND_DONE;
581}
582
583#define for_each_kimage_entry(image, ptr, entry) \
584 for (ptr = &image->head; (entry = *ptr) && !(entry & IND_DONE); \
585 ptr = (entry & IND_INDIRECTION) ? \
43546d86 586 boot_phys_to_virt((entry & PAGE_MASK)) : ptr + 1)
2965faa5
DY		 587
588static void kimage_free_entry(kimage_entry_t entry)
589{
590 struct page *page;
591
43546d86 592 page = boot_pfn_to_page(entry >> PAGE_SHIFT);
2965faa5
DY		 593 kimage_free_pages(page);
594}
595
596void kimage_free(struct kimage *image)
597{
598 kimage_entry_t *ptr, entry;
599 kimage_entry_t ind = 0;
600
601 if (!image)
602 return;
603
1229384f
XP		 604 if (image->vmcoreinfo_data_copy) {
605 crash_update_vmcoreinfo_safecopy(NULL);
606 vunmap(image->vmcoreinfo_data_copy);
607 }
608
2965faa5
DY		 609 kimage_free_extra_pages(image);
610 for_each_kimage_entry(image, ptr, entry) {
611 if (entry & IND_INDIRECTION) {
612 /* Free the previous indirection page */
613 if (ind & IND_INDIRECTION)
614 kimage_free_entry(ind);
615 /* Save this indirection page until we are
616 * done with it.
617 */
618 ind = entry;
619 } else if (entry & IND_SOURCE)
620 kimage_free_entry(entry);
621 }
622 /* Free the final indirection page */
623 if (ind & IND_INDIRECTION)
624 kimage_free_entry(ind);
625
626 /* Handle any machine specific cleanup */
627 machine_kexec_cleanup(image);
628
629 /* Free the kexec control pages... */
630 kimage_free_page_list(&image->control_pages);
631
632 /*
633 * Free up any temporary buffers allocated. This might hit if
634 * error occurred much later after buffer allocation.
635 */
636 if (image->file_mode)
637 kimage_file_post_load_cleanup(image);
638
639 kfree(image);
640}
641
642static kimage_entry_t *kimage_dst_used(struct kimage *image,
643 unsigned long page)
644{
645 kimage_entry_t *ptr, entry;
646 unsigned long destination = 0;
647
648 for_each_kimage_entry(image, ptr, entry) {
649 if (entry & IND_DESTINATION)
650 destination = entry & PAGE_MASK;
651 else if (entry & IND_SOURCE) {
652 if (page == destination)
653 return ptr;
654 destination += PAGE_SIZE;
655 }
656 }
657
658 return NULL;
659}
660
661static struct page *kimage_alloc_page(struct kimage *image,
662 gfp_t gfp_mask,
663 unsigned long destination)
664{
665 /*
666 * Here we implement safeguards to ensure that a source page
667 * is not copied to its destination page before the data on
668 * the destination page is no longer useful.
669 *
670 * To do this we maintain the invariant that a source page is
671 * either its own destination page, or it is not a
672 * destination page at all.
673 *
674 * That is slightly stronger than required, but the proof
675 * that no problems will not occur is trivial, and the
676 * implementation is simply to verify.
677 *
678 * When allocating all pages normally this algorithm will run
679 * in O(N) time, but in the worst case it will run in O(N^2)
680 * time. If the runtime is a problem the data structures can
681 * be fixed.
682 */
683 struct page *page;
684 unsigned long addr;
685
686 /*
687 * Walk through the list of destination pages, and see if I
688 * have a match.
689 */
690 list_for_each_entry(page, &image->dest_pages, lru) {
43546d86 691 addr = page_to_boot_pfn(page) << PAGE_SHIFT;
2965faa5
DY		 692 if (addr == destination) {
693 list_del(&page->lru);
694 return page;
695 }
696 }
697 page = NULL;
698 while (1) {
699 kimage_entry_t *old;
700
701 /* Allocate a page, if we run out of memory give up */
702 page = kimage_alloc_pages(gfp_mask, 0);
703 if (!page)
704 return NULL;
705 /* If the page cannot be used file it away */
43546d86 706 if (page_to_boot_pfn(page) >
2965faa5
DY		 707 (KEXEC_SOURCE_MEMORY_LIMIT >> PAGE_SHIFT)) {
708 list_add(&page->lru, &image->unusable_pages);
709 continue;
710 }
43546d86 711 addr = page_to_boot_pfn(page) << PAGE_SHIFT;
2965faa5
DY		 712
713 /* If it is the destination page we want use it */
714 if (addr == destination)
715 break;
716
717 /* If the page is not a destination page use it */
718 if (!kimage_is_destination_range(image, addr,
719 addr + PAGE_SIZE))
720 break;
721
722 /*
723 * I know that the page is someones destination page.
724 * See if there is already a source page for this
725 * destination page. And if so swap the source pages.
726 */
727 old = kimage_dst_used(image, addr);
728 if (old) {
729 /* If so move it */
730 unsigned long old_addr;
731 struct page *old_page;
732
733 old_addr = *old & PAGE_MASK;
43546d86 734 old_page = boot_pfn_to_page(old_addr >> PAGE_SHIFT);
2965faa5
DY		 735 copy_highpage(page, old_page);
736 *old = addr | (*old & ~PAGE_MASK);
737
738 /* The old page I have found cannot be a
739 * destination page, so return it if it's
740 * gfp_flags honor the ones passed in.
741 */
742 if (!(gfp_mask & __GFP_HIGHMEM) &&
743 PageHighMem(old_page)) {
744 kimage_free_pages(old_page);
745 continue;
746 }
2965faa5
DY		 747 page = old_page;
748 break;
749 }
750 /* Place the page on the destination list, to be used later */
751 list_add(&page->lru, &image->dest_pages);
752 }
753
754 return page;
755}
756
757static int kimage_load_normal_segment(struct kimage *image,
758 struct kexec_segment *segment)
759{
760 unsigned long maddr;
761 size_t ubytes, mbytes;
762 int result;
763 unsigned char __user *buf = NULL;
764 unsigned char *kbuf = NULL;
765
2965faa5
DY		 766 if (image->file_mode)
767 kbuf = segment->kbuf;
768 else
769 buf = segment->buf;
770 ubytes = segment->bufsz;
771 mbytes = segment->memsz;
772 maddr = segment->mem;
773
774 result = kimage_set_destination(image, maddr);
775 if (result < 0)
776 goto out;
777
778 while (mbytes) {
779 struct page *page;
780 char *ptr;
781 size_t uchunk, mchunk;
782
783 page = kimage_alloc_page(image, GFP_HIGHUSER, maddr);
784 if (!page) {
785 result = -ENOMEM;
786 goto out;
787 }
43546d86 788 result = kimage_add_page(image, page_to_boot_pfn(page)
2965faa5
DY		 789 << PAGE_SHIFT);
790 if (result < 0)
791 goto out;
792
948084f0 793 ptr = kmap_local_page(page);
2965faa5
DY		 794 /* Start with a clear page */
795 clear_page(ptr);
796 ptr += maddr & ~PAGE_MASK;
797 mchunk = min_t(size_t, mbytes,
798 PAGE_SIZE - (maddr & ~PAGE_MASK));
799 uchunk = min(ubytes, mchunk);
800
801 /* For file based kexec, source pages are in kernel memory */
802 if (image->file_mode)
803 memcpy(ptr, kbuf, uchunk);
804 else
805 result = copy_from_user(ptr, buf, uchunk);
948084f0 806 kunmap_local(ptr);
2965faa5
DY		 807 if (result) {
808 result = -EFAULT;
809 goto out;
810 }
811 ubytes -= uchunk;
812 maddr += mchunk;
813 if (image->file_mode)
814 kbuf += mchunk;
815 else
816 buf += mchunk;
817 mbytes -= mchunk;
a8311f64
JF		 818
819 cond_resched();
2965faa5
DY		 820 }
821out:
822 return result;
823}
824
825static int kimage_load_crash_segment(struct kimage *image,
826 struct kexec_segment *segment)
827{
828 /* For crash dumps kernels we simply copy the data from
829 * user space to it's destination.
830 * We do things a page at a time for the sake of kmap.
831 */
832 unsigned long maddr;
833 size_t ubytes, mbytes;
834 int result;
835 unsigned char __user *buf = NULL;
836 unsigned char *kbuf = NULL;
837
838 result = 0;
839 if (image->file_mode)
840 kbuf = segment->kbuf;
841 else
842 buf = segment->buf;
843 ubytes = segment->bufsz;
844 mbytes = segment->memsz;
845 maddr = segment->mem;
846 while (mbytes) {
847 struct page *page;
848 char *ptr;
849 size_t uchunk, mchunk;
850
43546d86 851 page = boot_pfn_to_page(maddr >> PAGE_SHIFT);
2965faa5
DY		 852 if (!page) {
853 result = -ENOMEM;
854 goto out;
855 }
9cf38d55 856 arch_kexec_post_alloc_pages(page_address(page), 1, 0);
948084f0 857 ptr = kmap_local_page(page);
2965faa5
DY		 858 ptr += maddr & ~PAGE_MASK;
859 mchunk = min_t(size_t, mbytes,
860 PAGE_SIZE - (maddr & ~PAGE_MASK));
861 uchunk = min(ubytes, mchunk);
862 if (mchunk > uchunk) {
863 /* Zero the trailing part of the page */
864 memset(ptr + uchunk, 0, mchunk - uchunk);
865 }
866
867 /* For file based kexec, source pages are in kernel memory */
868 if (image->file_mode)
869 memcpy(ptr, kbuf, uchunk);
870 else
871 result = copy_from_user(ptr, buf, uchunk);
872 kexec_flush_icache_page(page);
948084f0 873 kunmap_local(ptr);
9cf38d55 874 arch_kexec_pre_free_pages(page_address(page), 1);
2965faa5
DY		 875 if (result) {
876 result = -EFAULT;
877 goto out;
878 }
879 ubytes -= uchunk;
880 maddr += mchunk;
881 if (image->file_mode)
882 kbuf += mchunk;
883 else
884 buf += mchunk;
885 mbytes -= mchunk;
a8311f64
JF		 886
887 cond_resched();
2965faa5
DY		 888 }
889out:
890 return result;
891}
892
893int kimage_load_segment(struct kimage *image,
894 struct kexec_segment *segment)
895{
896 int result = -ENOMEM;
897
898 switch (image->type) {
899 case KEXEC_TYPE_DEFAULT:
900 result = kimage_load_normal_segment(image, segment);
901 break;
902 case KEXEC_TYPE_CRASH:
903 result = kimage_load_crash_segment(image, segment);
904 break;
905 }
906
907 return result;
908}
909
a42aaad2
RR		 910struct kexec_load_limit {
911 /* Mutex protects the limit count. */
912 struct mutex mutex;
913 int limit;
914};
915
916static struct kexec_load_limit load_limit_reboot = {
917 .mutex = __MUTEX_INITIALIZER(load_limit_reboot.mutex),
918 .limit = -1,
919};
920
921static struct kexec_load_limit load_limit_panic = {
922 .mutex = __MUTEX_INITIALIZER(load_limit_panic.mutex),
923 .limit = -1,
924};
925
2965faa5
DY		 926struct kimage *kexec_image;
927struct kimage *kexec_crash_image;
7e99f8b6 928static int kexec_load_disabled;
a42aaad2 929
a467257f 930#ifdef CONFIG_SYSCTL
a42aaad2
RR		 931static int kexec_limit_handler(struct ctl_table *table, int write,
932 void *buffer, size_t *lenp, loff_t *ppos)
933{
934 struct kexec_load_limit *limit = table->data;
935 int val;
936 struct ctl_table tmp = {
937 .data = &val,
938 .maxlen = sizeof(val),
939 .mode = table->mode,
940 };
941 int ret;
942
943 if (write) {
944 ret = proc_dointvec(&tmp, write, buffer, lenp, ppos);
945 if (ret)
946 return ret;
947
948 if (val < 0)
949 return -EINVAL;
950
951 mutex_lock(&limit->mutex);
952 if (limit->limit != -1 && val >= limit->limit)
953 ret = -EINVAL;
954 else
955 limit->limit = val;
956 mutex_unlock(&limit->mutex);
957
958 return ret;
959 }
960
961 mutex_lock(&limit->mutex);
962 val = limit->limit;
963 mutex_unlock(&limit->mutex);
964
965 return proc_dointvec(&tmp, write, buffer, lenp, ppos);
966}
967
a467257f 968static struct ctl_table kexec_core_sysctls[] = {
969 {
970 .procname = "kexec_load_disabled",
971 .data = &kexec_load_disabled,
972 .maxlen = sizeof(int),
973 .mode = 0644,
974 /* only handle a transition from default "0" to "1" */
975 .proc_handler = proc_dointvec_minmax,
976 .extra1 = SYSCTL_ONE,
977 .extra2 = SYSCTL_ONE,
978 },
a42aaad2
RR		 979 {
980 .procname = "kexec_load_limit_panic",
981 .data = &load_limit_panic,
982 .mode = 0644,
983 .proc_handler = kexec_limit_handler,
984 },
985 {
986 .procname = "kexec_load_limit_reboot",
987 .data = &load_limit_reboot,
988 .mode = 0644,
989 .proc_handler = kexec_limit_handler,
990 },
a467257f 991 { }
992};
993
994static int __init kexec_core_sysctl_init(void)
995{
996 register_sysctl_init("kernel", kexec_core_sysctls);
997 return 0;
998}
999late_initcall(kexec_core_sysctl_init);
1000#endif
2965faa5 1001
a42aaad2 1002bool kexec_load_permitted(int kexec_image_type)
7e99f8b6 1003{
a42aaad2
RR		 1004 struct kexec_load_limit *limit;
1005
7e99f8b6
RR		 1006 /*
1007 * Only the superuser can use the kexec syscall and if it has not
1008 * been disabled.
1009 */
a42aaad2
RR		 1010 if (!capable(CAP_SYS_BOOT) || kexec_load_disabled)
1011 return false;
1012
1013 /* Check limit counter and decrease it.*/
1014 limit = (kexec_image_type == KEXEC_TYPE_CRASH) ?
1015 &load_limit_panic : &load_limit_reboot;
1016 mutex_lock(&limit->mutex);
1017 if (!limit->limit) {
1018 mutex_unlock(&limit->mutex);
1019 return false;
1020 }
1021 if (limit->limit != -1)
1022 limit->limit--;
1023 mutex_unlock(&limit->mutex);
1024
1025 return true;
7e99f8b6
RR		 1026}
1027
7bbee5ca
HK		 1028/*
1029 * No panic_cpu check version of crash_kexec(). This function is called
1030 * only when panic_cpu holds the current CPU number; this is the only CPU
1031 * which processes crash_kexec routines.
1032 */
c207aee4 1033void __noclone __crash_kexec(struct pt_regs *regs)
2965faa5 1034{
05c62574 1035 /* Take the kexec_lock here to prevent sys_kexec_load
2965faa5
DY		 1036 * running on one cpu from replacing the crash kernel
1037 * we are using after a panic on a different cpu.
1038 *
1039 * If the crash kernel was not located in a fixed area
1040 * of memory the xchg(&kexec_crash_image) would be
1041 * sufficient. But since I reuse the memory...
1042 */
05c62574 1043 if (kexec_trylock()) {
2965faa5
DY		 1044 if (kexec_crash_image) {
1045 struct pt_regs fixed_regs;
1046
1047 crash_setup_regs(&fixed_regs, regs);
1048 crash_save_vmcoreinfo();
1049 machine_crash_shutdown(&fixed_regs);
1050 machine_kexec(kexec_crash_image);
1051 }
05c62574 1052 kexec_unlock();
2965faa5
DY		 1053 }
1054}
c207aee4 1055STACK_FRAME_NON_STANDARD(__crash_kexec);
2965faa5 1056
400031e0 1057__bpf_kfunc void crash_kexec(struct pt_regs *regs)
7bbee5ca
HK		 1058{
1059 int old_cpu, this_cpu;
1060
1061 /*
1062 * Only one CPU is allowed to execute the crash_kexec() code as with
1063 * panic(). Otherwise parallel calls of panic() and crash_kexec()
1064 * may stop each other. To exclude them, we use panic_cpu here too.
1065 */
1066 this_cpu = raw_smp_processor_id();
1067 old_cpu = atomic_cmpxchg(&panic_cpu, PANIC_CPU_INVALID, this_cpu);
1068 if (old_cpu == PANIC_CPU_INVALID) {
1069 /* This is the 1st CPU which comes here, so go ahead. */
1070 __crash_kexec(regs);
1071
1072 /*
1073 * Reset panic_cpu to allow another panic()/crash_kexec()
1074 * call.
1075 */
1076 atomic_set(&panic_cpu, PANIC_CPU_INVALID);
1077 }
1078}
1079
16c6006a
ZL		 1080static inline resource_size_t crash_resource_size(const struct resource *res)
1081{
1082 return !res->end ? 0 : resource_size(res);
1083}
1084
7bb5da0d 1085ssize_t crash_get_memory_size(void)
2965faa5 1086{
7bb5da0d
VS		 1087 ssize_t size = 0;
1088
05c62574 1089 if (!kexec_trylock())
7bb5da0d 1090 return -EBUSY;
2965faa5 1091
16c6006a
ZL		 1092 size += crash_resource_size(&crashk_res);
1093 size += crash_resource_size(&crashk_low_res);
7bb5da0d 1094
05c62574 1095 kexec_unlock();
2965faa5
DY		 1096 return size;
1097}
1098
5b7bfb32
ZL		 1099static int __crash_shrink_memory(struct resource *old_res,
1100 unsigned long new_size)
1101{
1102 struct resource *ram_res;
1103
1104 ram_res = kzalloc(sizeof(*ram_res), GFP_KERNEL);
1105 if (!ram_res)
1106 return -ENOMEM;
1107
1108 ram_res->start = old_res->start + new_size;
1109 ram_res->end = old_res->end;
1110 ram_res->flags = IORESOURCE_BUSY | IORESOURCE_SYSTEM_RAM;
1111 ram_res->name = "System RAM";
1112
1113 if (!new_size) {
1114 release_resource(old_res);
1115 old_res->start = 0;
1116 old_res->end = 0;
1117 } else {
1118 crashk_res.end = ram_res->start - 1;
1119 }
1120
1121 crash_free_reserved_phys_range(ram_res->start, ram_res->end);
1122 insert_resource(&iomem_resource, ram_res);
1123
1124 return 0;
1125}
1126
2965faa5
DY		 1127int crash_shrink_memory(unsigned long new_size)
1128{
1129 int ret = 0;
16c6006a 1130 unsigned long old_size, low_size;
2965faa5 1131
05c62574 1132 if (!kexec_trylock())
7bb5da0d 1133 return -EBUSY;
2965faa5
DY		 1134
1135 if (kexec_crash_image) {
1136 ret = -ENOENT;
1137 goto unlock;
1138 }
16c6006a
ZL		 1139
1140 low_size = crash_resource_size(&crashk_low_res);
1141 old_size = crash_resource_size(&crashk_res) + low_size;
1cba6c43 1142 new_size = roundup(new_size, KEXEC_CRASH_MEM_ALIGN);
2965faa5
DY		 1143 if (new_size >= old_size) {
1144 ret = (new_size == old_size) ? 0 : -EINVAL;
1145 goto unlock;
1146 }
1147
16c6006a
ZL		 1148 /*
1149 * (low_size > new_size) implies that low_size is greater than zero.
1150 * This also means that if low_size is zero, the else branch is taken.
1151 *
1152 * If low_size is greater than 0, (low_size > new_size) indicates that
1153 * crashk_low_res also needs to be shrunken. Otherwise, only crashk_res
1154 * needs to be shrunken.
1155 */
1156 if (low_size > new_size) {
1157 ret = __crash_shrink_memory(&crashk_res, 0);
1158 if (ret)
1159 goto unlock;
1160
1161 ret = __crash_shrink_memory(&crashk_low_res, new_size);
1162 } else {
1163 ret = __crash_shrink_memory(&crashk_res, new_size - low_size);
1164 }
1165
1166 /* Swap crashk_res and crashk_low_res if needed */
1167 if (!crashk_res.end && crashk_low_res.end) {
1168 crashk_res.start = crashk_low_res.start;
1169 crashk_res.end = crashk_low_res.end;
1170 release_resource(&crashk_low_res);
1171 crashk_low_res.start = 0;
1172 crashk_low_res.end = 0;
1173 insert_resource(&iomem_resource, &crashk_res);
1174 }
2965faa5
DY		 1175
1176unlock:
05c62574 1177 kexec_unlock();
2965faa5
DY		 1178 return ret;
1179}
1180
2965faa5
DY		 1181void crash_save_cpu(struct pt_regs *regs, int cpu)
1182{
1183 struct elf_prstatus prstatus;
1184 u32 *buf;
1185
1186 if ((cpu < 0) || (cpu >= nr_cpu_ids))
1187 return;
1188
1189 /* Using ELF notes here is opportunistic.
1190 * I need a well defined structure format
1191 * for the data I pass, and I need tags
1192 * on the data to indicate what information I have
1193 * squirrelled away. ELF notes happen to provide
1194 * all of that, so there is no need to invent something new.
1195 */
1196 buf = (u32 *)per_cpu_ptr(crash_notes, cpu);
1197 if (!buf)
1198 return;
1199 memset(&prstatus, 0, sizeof(prstatus));
f2485a2d 1200 prstatus.common.pr_pid = current->pid;
9554e908 1201 elf_core_copy_regs(&prstatus.pr_reg, regs);
2965faa5
DY		 1202 buf = append_elf_note(buf, KEXEC_CORE_NOTE_NAME, NT_PRSTATUS,
1203 &prstatus, sizeof(prstatus));
1204 final_note(buf);
1205}
1206
2965faa5
DY		 1207/*
1208 * Move into place and start executing a preloaded standalone
1209 * executable. If nothing was preloaded return an error.
1210 */
1211int kernel_kexec(void)
1212{
1213 int error = 0;
1214
05c62574 1215 if (!kexec_trylock())
2965faa5
DY		 1216 return -EBUSY;
1217 if (!kexec_image) {
1218 error = -EINVAL;
1219 goto Unlock;
1220 }
1221
1222#ifdef CONFIG_KEXEC_JUMP
1223 if (kexec_image->preserve_context) {
2965faa5
DY		 1224 pm_prepare_console();
1225 error = freeze_processes();
1226 if (error) {
1227 error = -EBUSY;
1228 goto Restore_console;
1229 }
1230 suspend_console();
1231 error = dpm_suspend_start(PMSG_FREEZE);
1232 if (error)
1233 goto Resume_console;
1234 /* At this point, dpm_suspend_start() has been called,
1235 * but *not* dpm_suspend_end(). We *must* call
1236 * dpm_suspend_end() now. Otherwise, drivers for
1237 * some devices (e.g. interrupt controllers) become
1238 * desynchronized with the actual state of the
1239 * hardware at resume time, and evil weirdness ensues.
1240 */
1241 error = dpm_suspend_end(PMSG_FREEZE);
1242 if (error)
1243 goto Resume_devices;
2f1a6fbb 1244 error = suspend_disable_secondary_cpus();
2965faa5
DY		 1245 if (error)
1246 goto Enable_cpus;
1247 local_irq_disable();
1248 error = syscore_suspend();
1249 if (error)
1250 goto Enable_irqs;
1251 } else
1252#endif
1253 {
1254 kexec_in_progress = true;
a119b4e5 1255 kernel_restart_prepare("kexec reboot");
2965faa5
DY		 1256 migrate_to_reboot_cpu();
1257
1258 /*
1259 * migrate_to_reboot_cpu() disables CPU hotplug assuming that
1260 * no further code needs to use CPU hotplug (which is true in
1261 * the reboot case). However, the kexec path depends on using
1262 * CPU hotplug again; so re-enable it here.
1263 */
1264 cpu_hotplug_enable();
d42cc530 1265 pr_notice("Starting new kernel\n");
2965faa5
DY		 1266 machine_shutdown();
1267 }
1268
b2075dbb 1269 kmsg_dump(KMSG_DUMP_SHUTDOWN);
2965faa5
DY		 1270 machine_kexec(kexec_image);
1271
1272#ifdef CONFIG_KEXEC_JUMP
1273 if (kexec_image->preserve_context) {
1274 syscore_resume();
1275 Enable_irqs:
1276 local_irq_enable();
1277 Enable_cpus:
2f1a6fbb 1278 suspend_enable_secondary_cpus();
2965faa5
DY		 1279 dpm_resume_start(PMSG_RESTORE);
1280 Resume_devices:
1281 dpm_resume_end(PMSG_RESTORE);
1282 Resume_console:
1283 resume_console();
1284 thaw_processes();
1285 Restore_console:
1286 pm_restore_console();
2965faa5
DY		 1287 }
1288#endif
1289
1290 Unlock:
05c62574 1291 kexec_unlock();
2965faa5
DY		 1292 return error;
1293}
Empty description
This page took 0.629406 seconds and 4 git commands to generate.