2005-06-26 05:57:52 +08:00
|
|
|
#ifndef LINUX_KEXEC_H
|
|
|
|
#define LINUX_KEXEC_H
|
|
|
|
|
2015-02-18 05:45:56 +08:00
|
|
|
#define IND_DESTINATION_BIT 0
|
|
|
|
#define IND_INDIRECTION_BIT 1
|
|
|
|
#define IND_DONE_BIT 2
|
|
|
|
#define IND_SOURCE_BIT 3
|
|
|
|
|
|
|
|
#define IND_DESTINATION (1 << IND_DESTINATION_BIT)
|
|
|
|
#define IND_INDIRECTION (1 << IND_INDIRECTION_BIT)
|
|
|
|
#define IND_DONE (1 << IND_DONE_BIT)
|
|
|
|
#define IND_SOURCE (1 << IND_SOURCE_BIT)
|
2015-02-18 05:45:58 +08:00
|
|
|
#define IND_FLAGS (IND_DESTINATION | IND_INDIRECTION | IND_DONE | IND_SOURCE)
|
2015-02-18 05:45:56 +08:00
|
|
|
|
|
|
|
#if !defined(__ASSEMBLY__)
|
|
|
|
|
crash: move crashkernel parsing and vmcore related code under CONFIG_CRASH_CORE
Patch series "kexec/fadump: remove dependency with CONFIG_KEXEC and
reuse crashkernel parameter for fadump", v4.
Traditionally, kdump is used to save vmcore in case of a crash. Some
architectures like powerpc can save vmcore using architecture specific
support instead of kexec/kdump mechanism. Such architecture specific
support also needs to reserve memory, to be used by dump capture kernel.
crashkernel parameter can be a reused, for memory reservation, by such
architecture specific infrastructure.
This patchset removes dependency with CONFIG_KEXEC for crashkernel
parameter and vmcoreinfo related code as it can be reused without kexec
support. Also, crashkernel parameter is reused instead of
fadump_reserve_mem to reserve memory for fadump.
The first patch moves crashkernel parameter parsing and vmcoreinfo
related code under CONFIG_CRASH_CORE instead of CONFIG_KEXEC_CORE. The
second patch reuses the definitions of append_elf_note() & final_note()
functions under CONFIG_CRASH_CORE in IA64 arch code. The third patch
removes dependency on CONFIG_KEXEC for firmware-assisted dump (fadump)
in powerpc. The next patch reuses crashkernel parameter for reserving
memory for fadump, instead of the fadump_reserve_mem parameter. This
has the advantage of using all syntaxes crashkernel parameter supports,
for fadump as well. The last patch updates fadump kernel documentation
about use of crashkernel parameter.
This patch (of 5):
Traditionally, kdump is used to save vmcore in case of a crash. Some
architectures like powerpc can save vmcore using architecture specific
support instead of kexec/kdump mechanism. Such architecture specific
support also needs to reserve memory, to be used by dump capture kernel.
crashkernel parameter can be a reused, for memory reservation, by such
architecture specific infrastructure.
But currently, code related to vmcoreinfo and parsing of crashkernel
parameter is built under CONFIG_KEXEC_CORE. This patch introduces
CONFIG_CRASH_CORE and moves the above mentioned code under this config,
allowing code reuse without dependency on CONFIG_KEXEC. There is no
functional change with this patch.
Link: http://lkml.kernel.org/r/149035338104.6881.4550894432615189948.stgit@hbathini.in.ibm.com
Signed-off-by: Hari Bathini <hbathini@linux.vnet.ibm.com>
Acked-by: Dave Young <dyoung@redhat.com>
Cc: Fenghua Yu <fenghua.yu@intel.com>
Cc: Tony Luck <tony.luck@intel.com>
Cc: Eric Biederman <ebiederm@xmission.com>
Cc: Mahesh Salgaonkar <mahesh@linux.vnet.ibm.com>
Cc: Vivek Goyal <vgoyal@redhat.com>
Cc: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2017-05-09 06:56:18 +08:00
|
|
|
#include <linux/crash_core.h>
|
2016-08-03 05:06:04 +08:00
|
|
|
#include <asm/io.h>
|
|
|
|
|
2012-10-13 17:46:48 +08:00
|
|
|
#include <uapi/linux/kexec.h>
|
2012-06-01 07:26:27 +08:00
|
|
|
|
2015-09-10 06:38:55 +08:00
|
|
|
#ifdef CONFIG_KEXEC_CORE
|
2005-06-26 05:57:52 +08:00
|
|
|
#include <linux/list.h>
|
|
|
|
#include <linux/compat.h>
|
2006-02-10 17:51:05 +08:00
|
|
|
#include <linux/ioport.h>
|
2014-08-09 05:26:04 +08:00
|
|
|
#include <linux/module.h>
|
2005-06-26 05:57:52 +08:00
|
|
|
#include <asm/kexec.h>
|
|
|
|
|
|
|
|
/* Verify architecture specific macros are defined */
|
|
|
|
|
|
|
|
#ifndef KEXEC_SOURCE_MEMORY_LIMIT
|
|
|
|
#error KEXEC_SOURCE_MEMORY_LIMIT not defined
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#ifndef KEXEC_DESTINATION_MEMORY_LIMIT
|
|
|
|
#error KEXEC_DESTINATION_MEMORY_LIMIT not defined
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#ifndef KEXEC_CONTROL_MEMORY_LIMIT
|
|
|
|
#error KEXEC_CONTROL_MEMORY_LIMIT not defined
|
|
|
|
#endif
|
|
|
|
|
2015-04-16 20:47:33 +08:00
|
|
|
#ifndef KEXEC_CONTROL_MEMORY_GFP
|
2016-08-03 05:05:54 +08:00
|
|
|
#define KEXEC_CONTROL_MEMORY_GFP (GFP_KERNEL | __GFP_NORETRY)
|
2015-04-16 20:47:33 +08:00
|
|
|
#endif
|
|
|
|
|
2008-08-15 15:40:22 +08:00
|
|
|
#ifndef KEXEC_CONTROL_PAGE_SIZE
|
|
|
|
#error KEXEC_CONTROL_PAGE_SIZE not defined
|
2005-06-26 05:57:52 +08:00
|
|
|
#endif
|
|
|
|
|
|
|
|
#ifndef KEXEC_ARCH
|
|
|
|
#error KEXEC_ARCH not defined
|
|
|
|
#endif
|
|
|
|
|
2011-10-30 22:16:36 +08:00
|
|
|
#ifndef KEXEC_CRASH_CONTROL_MEMORY_LIMIT
|
|
|
|
#define KEXEC_CRASH_CONTROL_MEMORY_LIMIT KEXEC_CONTROL_MEMORY_LIMIT
|
|
|
|
#endif
|
|
|
|
|
2011-10-30 22:16:43 +08:00
|
|
|
#ifndef KEXEC_CRASH_MEM_ALIGN
|
|
|
|
#define KEXEC_CRASH_MEM_ALIGN PAGE_SIZE
|
|
|
|
#endif
|
|
|
|
|
crash: move crashkernel parsing and vmcore related code under CONFIG_CRASH_CORE
Patch series "kexec/fadump: remove dependency with CONFIG_KEXEC and
reuse crashkernel parameter for fadump", v4.
Traditionally, kdump is used to save vmcore in case of a crash. Some
architectures like powerpc can save vmcore using architecture specific
support instead of kexec/kdump mechanism. Such architecture specific
support also needs to reserve memory, to be used by dump capture kernel.
crashkernel parameter can be a reused, for memory reservation, by such
architecture specific infrastructure.
This patchset removes dependency with CONFIG_KEXEC for crashkernel
parameter and vmcoreinfo related code as it can be reused without kexec
support. Also, crashkernel parameter is reused instead of
fadump_reserve_mem to reserve memory for fadump.
The first patch moves crashkernel parameter parsing and vmcoreinfo
related code under CONFIG_CRASH_CORE instead of CONFIG_KEXEC_CORE. The
second patch reuses the definitions of append_elf_note() & final_note()
functions under CONFIG_CRASH_CORE in IA64 arch code. The third patch
removes dependency on CONFIG_KEXEC for firmware-assisted dump (fadump)
in powerpc. The next patch reuses crashkernel parameter for reserving
memory for fadump, instead of the fadump_reserve_mem parameter. This
has the advantage of using all syntaxes crashkernel parameter supports,
for fadump as well. The last patch updates fadump kernel documentation
about use of crashkernel parameter.
This patch (of 5):
Traditionally, kdump is used to save vmcore in case of a crash. Some
architectures like powerpc can save vmcore using architecture specific
support instead of kexec/kdump mechanism. Such architecture specific
support also needs to reserve memory, to be used by dump capture kernel.
crashkernel parameter can be a reused, for memory reservation, by such
architecture specific infrastructure.
But currently, code related to vmcoreinfo and parsing of crashkernel
parameter is built under CONFIG_KEXEC_CORE. This patch introduces
CONFIG_CRASH_CORE and moves the above mentioned code under this config,
allowing code reuse without dependency on CONFIG_KEXEC. There is no
functional change with this patch.
Link: http://lkml.kernel.org/r/149035338104.6881.4550894432615189948.stgit@hbathini.in.ibm.com
Signed-off-by: Hari Bathini <hbathini@linux.vnet.ibm.com>
Acked-by: Dave Young <dyoung@redhat.com>
Cc: Fenghua Yu <fenghua.yu@intel.com>
Cc: Tony Luck <tony.luck@intel.com>
Cc: Eric Biederman <ebiederm@xmission.com>
Cc: Mahesh Salgaonkar <mahesh@linux.vnet.ibm.com>
Cc: Vivek Goyal <vgoyal@redhat.com>
Cc: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2017-05-09 06:56:18 +08:00
|
|
|
#define KEXEC_CORE_NOTE_NAME CRASH_CORE_NOTE_NAME
|
|
|
|
|
2005-06-26 05:57:52 +08:00
|
|
|
/*
|
|
|
|
* This structure is used to hold the arguments that are used when loading
|
|
|
|
* kernel binaries.
|
|
|
|
*/
|
|
|
|
|
|
|
|
typedef unsigned long kimage_entry_t;
|
|
|
|
|
|
|
|
struct kexec_segment {
|
2014-08-09 05:25:52 +08:00
|
|
|
/*
|
|
|
|
* This pointer can point to user memory if kexec_load() system
|
|
|
|
* call is used or will point to kernel memory if
|
|
|
|
* kexec_file_load() system call is used.
|
|
|
|
*
|
|
|
|
* Use ->buf when expecting to deal with user memory and use ->kbuf
|
|
|
|
* when expecting to deal with kernel memory.
|
|
|
|
*/
|
|
|
|
union {
|
|
|
|
void __user *buf;
|
|
|
|
void *kbuf;
|
|
|
|
};
|
2005-06-26 05:57:52 +08:00
|
|
|
size_t bufsz;
|
2012-06-01 07:26:27 +08:00
|
|
|
unsigned long mem;
|
2005-06-26 05:57:52 +08:00
|
|
|
size_t memsz;
|
|
|
|
};
|
|
|
|
|
|
|
|
#ifdef CONFIG_COMPAT
|
|
|
|
struct compat_kexec_segment {
|
|
|
|
compat_uptr_t buf;
|
|
|
|
compat_size_t bufsz;
|
|
|
|
compat_ulong_t mem; /* User space sees this as a (void *) ... */
|
|
|
|
compat_size_t memsz;
|
|
|
|
};
|
|
|
|
#endif
|
|
|
|
|
2016-01-21 07:00:36 +08:00
|
|
|
#ifdef CONFIG_KEXEC_FILE
|
2014-08-09 05:26:04 +08:00
|
|
|
struct purgatory_info {
|
|
|
|
/* Pointer to elf header of read only purgatory */
|
|
|
|
Elf_Ehdr *ehdr;
|
|
|
|
|
|
|
|
/* Pointer to purgatory sechdrs which are modifiable */
|
|
|
|
Elf_Shdr *sechdrs;
|
|
|
|
/*
|
|
|
|
* Temporary buffer location where purgatory is loaded and relocated
|
|
|
|
* This memory can be freed post image load
|
|
|
|
*/
|
|
|
|
void *purgatory_buf;
|
|
|
|
|
|
|
|
/* Address where purgatory is finally loaded and is executed from */
|
|
|
|
unsigned long purgatory_load_addr;
|
|
|
|
};
|
|
|
|
|
2016-01-21 07:00:36 +08:00
|
|
|
typedef int (kexec_probe_t)(const char *kernel_buf, unsigned long kernel_size);
|
|
|
|
typedef void *(kexec_load_t)(struct kimage *image, char *kernel_buf,
|
|
|
|
unsigned long kernel_len, char *initrd,
|
|
|
|
unsigned long initrd_len, char *cmdline,
|
|
|
|
unsigned long cmdline_len);
|
|
|
|
typedef int (kexec_cleanup_t)(void *loader_data);
|
|
|
|
|
|
|
|
#ifdef CONFIG_KEXEC_VERIFY_SIG
|
|
|
|
typedef int (kexec_verify_sig_t)(const char *kernel_buf,
|
|
|
|
unsigned long kernel_len);
|
|
|
|
#endif
|
|
|
|
|
|
|
|
struct kexec_file_ops {
|
|
|
|
kexec_probe_t *probe;
|
|
|
|
kexec_load_t *load;
|
|
|
|
kexec_cleanup_t *cleanup;
|
|
|
|
#ifdef CONFIG_KEXEC_VERIFY_SIG
|
|
|
|
kexec_verify_sig_t *verify_sig;
|
|
|
|
#endif
|
|
|
|
};
|
2016-11-29 20:45:47 +08:00
|
|
|
|
|
|
|
/**
|
|
|
|
* struct kexec_buf - parameters for finding a place for a buffer in memory
|
|
|
|
* @image: kexec image in which memory to search.
|
|
|
|
* @buffer: Contents which will be copied to the allocated memory.
|
|
|
|
* @bufsz: Size of @buffer.
|
|
|
|
* @mem: On return will have address of the buffer in memory.
|
|
|
|
* @memsz: Size for the buffer in memory.
|
|
|
|
* @buf_align: Minimum alignment needed.
|
|
|
|
* @buf_min: The buffer can't be placed below this address.
|
|
|
|
* @buf_max: The buffer can't be placed above this address.
|
|
|
|
* @top_down: Allocate from top of memory.
|
|
|
|
*/
|
|
|
|
struct kexec_buf {
|
|
|
|
struct kimage *image;
|
2016-11-29 20:45:48 +08:00
|
|
|
void *buffer;
|
2016-11-29 20:45:47 +08:00
|
|
|
unsigned long bufsz;
|
|
|
|
unsigned long mem;
|
|
|
|
unsigned long memsz;
|
|
|
|
unsigned long buf_align;
|
|
|
|
unsigned long buf_min;
|
|
|
|
unsigned long buf_max;
|
|
|
|
bool top_down;
|
|
|
|
};
|
|
|
|
|
|
|
|
int __weak arch_kexec_walk_mem(struct kexec_buf *kbuf,
|
|
|
|
int (*func)(u64, u64, void *));
|
2016-11-29 20:45:48 +08:00
|
|
|
extern int kexec_add_buffer(struct kexec_buf *kbuf);
|
2016-11-29 20:45:49 +08:00
|
|
|
int kexec_locate_mem_hole(struct kexec_buf *kbuf);
|
2016-11-29 20:45:47 +08:00
|
|
|
#endif /* CONFIG_KEXEC_FILE */
|
2016-01-21 07:00:36 +08:00
|
|
|
|
2005-06-26 05:57:52 +08:00
|
|
|
struct kimage {
|
|
|
|
kimage_entry_t head;
|
|
|
|
kimage_entry_t *entry;
|
|
|
|
kimage_entry_t *last_entry;
|
|
|
|
|
|
|
|
unsigned long start;
|
|
|
|
struct page *control_code_page;
|
2008-07-26 10:45:07 +08:00
|
|
|
struct page *swap_page;
|
kdump: protect vmcoreinfo data under the crash memory
Currently vmcoreinfo data is updated at boot time subsys_initcall(), it
has the risk of being modified by some wrong code during system is
running.
As a result, vmcore dumped may contain the wrong vmcoreinfo. Later on,
when using "crash", "makedumpfile", etc utility to parse this vmcore, we
probably will get "Segmentation fault" or other unexpected errors.
E.g. 1) wrong code overwrites vmcoreinfo_data; 2) further crashes the
system; 3) trigger kdump, then we obviously will fail to recognize the
crash context correctly due to the corrupted vmcoreinfo.
Now except for vmcoreinfo, all the crash data is well
protected(including the cpu note which is fully updated in the crash
path, thus its correctness is guaranteed). Given that vmcoreinfo data
is a large chunk prepared for kdump, we better protect it as well.
To solve this, we relocate and copy vmcoreinfo_data to the crash memory
when kdump is loading via kexec syscalls. Because the whole crash
memory will be protected by existing arch_kexec_protect_crashkres()
mechanism, we naturally protect vmcoreinfo_data from write(even read)
access under kernel direct mapping after kdump is loaded.
Since kdump is usually loaded at the very early stage after boot, we can
trust the correctness of the vmcoreinfo data copied.
On the other hand, we still need to operate the vmcoreinfo safe copy
when crash happens to generate vmcoreinfo_note again, we rely on vmap()
to map out a new kernel virtual address and update to use this new one
instead in the following crash_save_vmcoreinfo().
BTW, we do not touch vmcoreinfo_note, because it will be fully updated
using the protected vmcoreinfo_data after crash which is surely correct
just like the cpu crash note.
Link: http://lkml.kernel.org/r/1493281021-20737-3-git-send-email-xlpang@redhat.com
Signed-off-by: Xunlei Pang <xlpang@redhat.com>
Tested-by: Michael Holzheu <holzheu@linux.vnet.ibm.com>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Dave Young <dyoung@redhat.com>
Cc: Eric Biederman <ebiederm@xmission.com>
Cc: Hari Bathini <hbathini@linux.vnet.ibm.com>
Cc: Juergen Gross <jgross@suse.com>
Cc: Mahesh Salgaonkar <mahesh@linux.vnet.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2017-07-13 05:33:21 +08:00
|
|
|
void *vmcoreinfo_data_copy; /* locates in the crash memory */
|
2005-06-26 05:57:52 +08:00
|
|
|
|
|
|
|
unsigned long nr_segments;
|
|
|
|
struct kexec_segment segment[KEXEC_SEGMENT_MAX];
|
|
|
|
|
|
|
|
struct list_head control_pages;
|
|
|
|
struct list_head dest_pages;
|
2014-08-09 05:25:43 +08:00
|
|
|
struct list_head unusable_pages;
|
2005-06-26 05:57:52 +08:00
|
|
|
|
|
|
|
/* Address of next control page to allocate for crash kernels. */
|
|
|
|
unsigned long control_page;
|
|
|
|
|
|
|
|
/* Flags to indicate special processing */
|
|
|
|
unsigned int type : 1;
|
|
|
|
#define KEXEC_TYPE_DEFAULT 0
|
|
|
|
#define KEXEC_TYPE_CRASH 1
|
2008-07-26 10:45:07 +08:00
|
|
|
unsigned int preserve_context : 1;
|
2014-08-09 05:25:57 +08:00
|
|
|
/* If set, we are using file mode kexec syscall */
|
|
|
|
unsigned int file_mode:1;
|
2008-10-31 09:48:08 +08:00
|
|
|
|
|
|
|
#ifdef ARCH_HAS_KIMAGE_ARCH
|
|
|
|
struct kimage_arch arch;
|
|
|
|
#endif
|
2014-08-09 05:25:57 +08:00
|
|
|
|
2016-01-21 07:00:36 +08:00
|
|
|
#ifdef CONFIG_KEXEC_FILE
|
2014-08-09 05:25:57 +08:00
|
|
|
/* Additional fields for file based kexec syscall */
|
|
|
|
void *kernel_buf;
|
|
|
|
unsigned long kernel_buf_len;
|
|
|
|
|
|
|
|
void *initrd_buf;
|
|
|
|
unsigned long initrd_buf_len;
|
|
|
|
|
|
|
|
char *cmdline_buf;
|
|
|
|
unsigned long cmdline_buf_len;
|
|
|
|
|
|
|
|
/* File operations provided by image loader */
|
|
|
|
struct kexec_file_ops *fops;
|
|
|
|
|
|
|
|
/* Image loader handling the kernel can store a pointer here */
|
|
|
|
void *image_loader_data;
|
2014-08-09 05:26:04 +08:00
|
|
|
|
|
|
|
/* Information for loading purgatory */
|
|
|
|
struct purgatory_info purgatory_info;
|
2016-01-21 07:00:36 +08:00
|
|
|
#endif
|
2014-08-09 05:25:57 +08:00
|
|
|
};
|
2005-06-26 05:57:52 +08:00
|
|
|
|
|
|
|
/* kexec interface functions */
|
2008-07-26 10:45:07 +08:00
|
|
|
extern void machine_kexec(struct kimage *image);
|
2005-06-26 05:57:52 +08:00
|
|
|
extern int machine_kexec_prepare(struct kimage *image);
|
|
|
|
extern void machine_kexec_cleanup(struct kimage *image);
|
|
|
|
extern asmlinkage long sys_kexec_load(unsigned long entry,
|
2005-06-26 05:58:28 +08:00
|
|
|
unsigned long nr_segments,
|
|
|
|
struct kexec_segment __user *segments,
|
|
|
|
unsigned long flags);
|
2008-07-26 10:45:07 +08:00
|
|
|
extern int kernel_kexec(void);
|
2005-06-26 05:58:28 +08:00
|
|
|
extern struct page *kimage_alloc_control_pages(struct kimage *image,
|
|
|
|
unsigned int order);
|
2014-08-09 05:26:04 +08:00
|
|
|
extern int kexec_load_purgatory(struct kimage *image, unsigned long min,
|
|
|
|
unsigned long max, int top_down,
|
|
|
|
unsigned long *load_addr);
|
|
|
|
extern int kexec_purgatory_get_set_symbol(struct kimage *image,
|
|
|
|
const char *name, void *buf,
|
|
|
|
unsigned int size, bool get_value);
|
|
|
|
extern void *kexec_purgatory_get_symbol_addr(struct kimage *image,
|
|
|
|
const char *name);
|
2015-12-14 18:19:11 +08:00
|
|
|
extern void __crash_kexec(struct pt_regs *);
|
2005-06-26 05:58:26 +08:00
|
|
|
extern void crash_kexec(struct pt_regs *);
|
|
|
|
int kexec_should_crash(struct task_struct *);
|
2016-08-03 05:06:16 +08:00
|
|
|
int kexec_crash_loaded(void);
|
2006-12-07 12:40:41 +08:00
|
|
|
void crash_save_cpu(struct pt_regs *regs, int cpu);
|
kdump: protect vmcoreinfo data under the crash memory
Currently vmcoreinfo data is updated at boot time subsys_initcall(), it
has the risk of being modified by some wrong code during system is
running.
As a result, vmcore dumped may contain the wrong vmcoreinfo. Later on,
when using "crash", "makedumpfile", etc utility to parse this vmcore, we
probably will get "Segmentation fault" or other unexpected errors.
E.g. 1) wrong code overwrites vmcoreinfo_data; 2) further crashes the
system; 3) trigger kdump, then we obviously will fail to recognize the
crash context correctly due to the corrupted vmcoreinfo.
Now except for vmcoreinfo, all the crash data is well
protected(including the cpu note which is fully updated in the crash
path, thus its correctness is guaranteed). Given that vmcoreinfo data
is a large chunk prepared for kdump, we better protect it as well.
To solve this, we relocate and copy vmcoreinfo_data to the crash memory
when kdump is loading via kexec syscalls. Because the whole crash
memory will be protected by existing arch_kexec_protect_crashkres()
mechanism, we naturally protect vmcoreinfo_data from write(even read)
access under kernel direct mapping after kdump is loaded.
Since kdump is usually loaded at the very early stage after boot, we can
trust the correctness of the vmcoreinfo data copied.
On the other hand, we still need to operate the vmcoreinfo safe copy
when crash happens to generate vmcoreinfo_note again, we rely on vmap()
to map out a new kernel virtual address and update to use this new one
instead in the following crash_save_vmcoreinfo().
BTW, we do not touch vmcoreinfo_note, because it will be fully updated
using the protected vmcoreinfo_data after crash which is surely correct
just like the cpu crash note.
Link: http://lkml.kernel.org/r/1493281021-20737-3-git-send-email-xlpang@redhat.com
Signed-off-by: Xunlei Pang <xlpang@redhat.com>
Tested-by: Michael Holzheu <holzheu@linux.vnet.ibm.com>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Dave Young <dyoung@redhat.com>
Cc: Eric Biederman <ebiederm@xmission.com>
Cc: Hari Bathini <hbathini@linux.vnet.ibm.com>
Cc: Juergen Gross <jgross@suse.com>
Cc: Mahesh Salgaonkar <mahesh@linux.vnet.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2017-07-13 05:33:21 +08:00
|
|
|
extern int kimage_crash_copy_vmcoreinfo(struct kimage *image);
|
2007-10-17 14:27:27 +08:00
|
|
|
|
2005-06-26 05:57:52 +08:00
|
|
|
extern struct kimage *kexec_image;
|
2006-06-23 17:05:07 +08:00
|
|
|
extern struct kimage *kexec_crash_image;
|
kexec: add sysctl to disable kexec_load
For general-purpose (i.e. distro) kernel builds it makes sense to build
with CONFIG_KEXEC to allow end users to choose what kind of things they
want to do with kexec. However, in the face of trying to lock down a
system with such a kernel, there needs to be a way to disable kexec_load
(much like module loading can be disabled). Without this, it is too easy
for the root user to modify kernel memory even when CONFIG_STRICT_DEVMEM
and modules_disabled are set. With this change, it is still possible to
load an image for use later, then disable kexec_load so the image (or lack
of image) can't be altered.
The intention is for using this in environments where "perfect"
enforcement is hard. Without a verified boot, along with verified
modules, and along with verified kexec, this is trying to give a system a
better chance to defend itself (or at least grow the window of
discoverability) against attack in the face of a privilege escalation.
In my mind, I consider several boot scenarios:
1) Verified boot of read-only verified root fs loading fd-based
verification of kexec images.
2) Secure boot of writable root fs loading signed kexec images.
3) Regular boot loading kexec (e.g. kcrash) image early and locking it.
4) Regular boot with no control of kexec image at all.
1 and 2 don't exist yet, but will soon once the verified kexec series has
landed. 4 is the state of things now. The gap between 2 and 4 is too
large, so this change creates scenario 3, a middle-ground above 4 when 2
and 1 are not possible for a system.
Signed-off-by: Kees Cook <keescook@chromium.org>
Acked-by: Rik van Riel <riel@redhat.com>
Cc: Vivek Goyal <vgoyal@redhat.com>
Cc: Eric Biederman <ebiederm@xmission.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-01-24 07:55:59 +08:00
|
|
|
extern int kexec_load_disabled;
|
2005-06-26 05:57:52 +08:00
|
|
|
|
2006-12-08 01:51:35 +08:00
|
|
|
#ifndef kexec_flush_icache_page
|
|
|
|
#define kexec_flush_icache_page(page)
|
|
|
|
#endif
|
|
|
|
|
2008-07-26 10:45:07 +08:00
|
|
|
/* List of defined/legal kexec flags */
|
|
|
|
#ifndef CONFIG_KEXEC_JUMP
|
|
|
|
#define KEXEC_FLAGS KEXEC_ON_CRASH
|
|
|
|
#else
|
|
|
|
#define KEXEC_FLAGS (KEXEC_ON_CRASH | KEXEC_PRESERVE_CONTEXT)
|
|
|
|
#endif
|
2005-06-26 05:57:52 +08:00
|
|
|
|
2014-08-09 05:25:57 +08:00
|
|
|
/* List of defined/legal kexec file flags */
|
|
|
|
#define KEXEC_FILE_FLAGS (KEXEC_FILE_UNLOAD | KEXEC_FILE_ON_CRASH | \
|
|
|
|
KEXEC_FILE_NO_INITRAMFS)
|
|
|
|
|
2005-06-26 05:57:52 +08:00
|
|
|
/* Location of a reserved region to hold the crash kernel.
|
|
|
|
*/
|
|
|
|
extern struct resource crashk_res;
|
2013-01-25 04:20:11 +08:00
|
|
|
extern struct resource crashk_low_res;
|
2010-02-02 13:38:57 +08:00
|
|
|
extern note_buf_t __percpu *crash_notes;
|
2005-06-26 05:57:52 +08:00
|
|
|
|
2013-11-28 06:19:25 +08:00
|
|
|
/* flag to track if kexec reboot is in progress */
|
|
|
|
extern bool kexec_in_progress;
|
|
|
|
|
2009-12-16 08:47:46 +08:00
|
|
|
int crash_shrink_memory(unsigned long new_size);
|
|
|
|
size_t crash_get_memory_size(void);
|
2010-08-25 08:22:58 +08:00
|
|
|
void crash_free_reserved_phys_range(unsigned long begin, unsigned long end);
|
2006-12-08 01:51:35 +08:00
|
|
|
|
2015-09-10 06:38:51 +08:00
|
|
|
int __weak arch_kexec_kernel_image_probe(struct kimage *image, void *buf,
|
|
|
|
unsigned long buf_len);
|
|
|
|
void * __weak arch_kexec_kernel_image_load(struct kimage *image);
|
|
|
|
int __weak arch_kimage_file_post_load_cleanup(struct kimage *image);
|
|
|
|
int __weak arch_kexec_kernel_verify_sig(struct kimage *image, void *buf,
|
|
|
|
unsigned long buf_len);
|
|
|
|
int __weak arch_kexec_apply_relocations_add(const Elf_Ehdr *ehdr,
|
|
|
|
Elf_Shdr *sechdrs, unsigned int relsec);
|
|
|
|
int __weak arch_kexec_apply_relocations(const Elf_Ehdr *ehdr, Elf_Shdr *sechdrs,
|
|
|
|
unsigned int relsec);
|
2016-05-24 07:24:10 +08:00
|
|
|
void arch_kexec_protect_crashkres(void);
|
|
|
|
void arch_kexec_unprotect_crashkres(void);
|
2015-09-10 06:38:51 +08:00
|
|
|
|
2016-08-03 05:06:04 +08:00
|
|
|
#ifndef page_to_boot_pfn
|
|
|
|
static inline unsigned long page_to_boot_pfn(struct page *page)
|
|
|
|
{
|
|
|
|
return page_to_pfn(page);
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#ifndef boot_pfn_to_page
|
|
|
|
static inline struct page *boot_pfn_to_page(unsigned long boot_pfn)
|
|
|
|
{
|
|
|
|
return pfn_to_page(boot_pfn);
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#ifndef phys_to_boot_phys
|
|
|
|
static inline unsigned long phys_to_boot_phys(phys_addr_t phys)
|
|
|
|
{
|
|
|
|
return phys;
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#ifndef boot_phys_to_phys
|
|
|
|
static inline phys_addr_t boot_phys_to_phys(unsigned long boot_phys)
|
|
|
|
{
|
|
|
|
return boot_phys;
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
|
|
|
static inline unsigned long virt_to_boot_phys(void *addr)
|
|
|
|
{
|
|
|
|
return phys_to_boot_phys(__pa((unsigned long)addr));
|
|
|
|
}
|
|
|
|
|
|
|
|
static inline void *boot_phys_to_virt(unsigned long entry)
|
|
|
|
{
|
|
|
|
return phys_to_virt(boot_phys_to_phys(entry));
|
|
|
|
}
|
|
|
|
|
2015-09-10 06:38:55 +08:00
|
|
|
#else /* !CONFIG_KEXEC_CORE */
|
2005-06-26 05:58:26 +08:00
|
|
|
struct pt_regs;
|
|
|
|
struct task_struct;
|
2015-12-14 18:19:11 +08:00
|
|
|
static inline void __crash_kexec(struct pt_regs *regs) { }
|
2005-06-26 05:58:26 +08:00
|
|
|
static inline void crash_kexec(struct pt_regs *regs) { }
|
|
|
|
static inline int kexec_should_crash(struct task_struct *p) { return 0; }
|
2016-08-03 05:06:16 +08:00
|
|
|
static inline int kexec_crash_loaded(void) { return 0; }
|
2015-08-02 07:08:06 +08:00
|
|
|
#define kexec_in_progress false
|
2015-09-10 06:38:55 +08:00
|
|
|
#endif /* CONFIG_KEXEC_CORE */
|
2015-02-18 05:45:56 +08:00
|
|
|
|
|
|
|
#endif /* !defined(__ASSEBMLY__) */
|
|
|
|
|
2005-06-26 05:57:52 +08:00
|
|
|
#endif /* LINUX_KEXEC_H */
|