]> git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/blame - kernel/kexec_file.c
projects / mirror_ubuntu-bionic-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
tracing: Get trace_array reference for available_tracers files
[mirror_ubuntu-bionic-kernel.git] / kernel / kexec_file.c
CommitLineData
a43cac0d
DY		 1/*
2 * kexec: kexec_file_load system call
3 *
4 * Copyright (C) 2014 Red Hat Inc.
5 * Authors:
6 * Vivek Goyal <vgoyal@redhat.com>
7 *
8 * This source code is licensed under the GNU General Public License,
9 * Version 2. See the file COPYING for more details.
10 */
11
de90a6bc
MH		 12#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
13
a43cac0d
DY		 14#include <linux/capability.h>
15#include <linux/mm.h>
16#include <linux/file.h>
17#include <linux/slab.h>
18#include <linux/kexec.h>
19#include <linux/mutex.h>
20#include <linux/list.h>
b804defe 21#include <linux/fs.h>
7b8589cc 22#include <linux/ima.h>
a43cac0d
DY		 23#include <crypto/hash.h>
24#include <crypto/sha.h>
25#include <linux/syscalls.h>
26#include <linux/vmalloc.h>
27#include "kexec_internal.h"
28
a43cac0d
DY		 29static int kexec_calculate_store_digests(struct kimage *image);
30
a43cac0d
DY		 31/* Architectures can provide this probe function */
32int __weak arch_kexec_kernel_image_probe(struct kimage *image, void *buf,
33 unsigned long buf_len)
34{
35 return -ENOEXEC;
36}
37
38void * __weak arch_kexec_kernel_image_load(struct kimage *image)
39{
40 return ERR_PTR(-ENOEXEC);
41}
42
43int __weak arch_kimage_file_post_load_cleanup(struct kimage *image)
44{
45 return -EINVAL;
46}
47
978e30c9 48#ifdef CONFIG_KEXEC_VERIFY_SIG
a43cac0d
DY		 49int __weak arch_kexec_kernel_verify_sig(struct kimage *image, void *buf,
50 unsigned long buf_len)
51{
52 return -EKEYREJECTED;
53}
978e30c9 54#endif
a43cac0d
DY		 55
56/* Apply relocations of type RELA */
57int __weak
58arch_kexec_apply_relocations_add(const Elf_Ehdr *ehdr, Elf_Shdr *sechdrs,
59 unsigned int relsec)
60{
61 pr_err("RELA relocation unsupported.\n");
62 return -ENOEXEC;
63}
64
65/* Apply relocations of type REL */
66int __weak
67arch_kexec_apply_relocations(const Elf_Ehdr *ehdr, Elf_Shdr *sechdrs,
68 unsigned int relsec)
69{
70 pr_err("REL relocation unsupported.\n");
71 return -ENOEXEC;
72}
73
74/*
75 * Free up memory used by kernel, initrd, and command line. This is temporary
76 * memory allocation which is not needed any more after these buffers have
77 * been loaded into separate segments and have been copied elsewhere.
78 */
79void kimage_file_post_load_cleanup(struct kimage *image)
80{
81 struct purgatory_info *pi = &image->purgatory_info;
82
83 vfree(image->kernel_buf);
84 image->kernel_buf = NULL;
85
86 vfree(image->initrd_buf);
87 image->initrd_buf = NULL;
88
89 kfree(image->cmdline_buf);
90 image->cmdline_buf = NULL;
91
92 vfree(pi->purgatory_buf);
93 pi->purgatory_buf = NULL;
94
95 vfree(pi->sechdrs);
96 pi->sechdrs = NULL;
97
98 /* See if architecture has anything to cleanup post load */
99 arch_kimage_file_post_load_cleanup(image);
100
101 /*
102 * Above call should have called into bootloader to free up
103 * any data stored in kimage->image_loader_data. It should
104 * be ok now to free it up.
105 */
106 kfree(image->image_loader_data);
107 image->image_loader_data = NULL;
108}
109
110/*
111 * In file mode list of segments is prepared by kernel. Copy relevant
112 * data from user space, do error checking, prepare segment list
113 */
114static int
115kimage_file_prepare_segments(struct kimage *image, int kernel_fd, int initrd_fd,
116 const char __user *cmdline_ptr,
117 unsigned long cmdline_len, unsigned flags)
118{
119 int ret = 0;
120 void *ldata;
b804defe 121 loff_t size;
a43cac0d 122
b804defe
MZ		 123 ret = kernel_read_file_from_fd(kernel_fd, &image->kernel_buf,
124 &size, INT_MAX, READING_KEXEC_IMAGE);
a43cac0d
DY		 125 if (ret)
126 return ret;
b804defe 127 image->kernel_buf_len = size;
a43cac0d 128
7b8589cc
MZ		 129 /* IMA needs to pass the measurement list to the next kernel. */
130 ima_add_kexec_buffer(image);
131
a43cac0d
DY		 132 /* Call arch image probe handlers */
133 ret = arch_kexec_kernel_image_probe(image, image->kernel_buf,
134 image->kernel_buf_len);
a43cac0d
DY		 135 if (ret)
136 goto out;
137
138#ifdef CONFIG_KEXEC_VERIFY_SIG
139 ret = arch_kexec_kernel_verify_sig(image, image->kernel_buf,
140 image->kernel_buf_len);
141 if (ret) {
142 pr_debug("kernel signature verification failed.\n");
143 goto out;
144 }
145 pr_debug("kernel signature verification successful.\n");
146#endif
147 /* It is possible that there no initramfs is being loaded */
148 if (!(flags & KEXEC_FILE_NO_INITRAMFS)) {
b804defe
MZ		 149 ret = kernel_read_file_from_fd(initrd_fd, &image->initrd_buf,
150 &size, INT_MAX,
151 READING_KEXEC_INITRAMFS);
a43cac0d
DY		 152 if (ret)
153 goto out;
b804defe 154 image->initrd_buf_len = size;
a43cac0d
DY		 155 }
156
157 if (cmdline_len) {
a9bd8dfa
AV		 158 image->cmdline_buf = memdup_user(cmdline_ptr, cmdline_len);
159 if (IS_ERR(image->cmdline_buf)) {
160 ret = PTR_ERR(image->cmdline_buf);
161 image->cmdline_buf = NULL;
a43cac0d
DY		 162 goto out;
163 }
164
165 image->cmdline_buf_len = cmdline_len;
166
167 /* command line should be a string with last byte null */
168 if (image->cmdline_buf[cmdline_len - 1] != '\0') {
169 ret = -EINVAL;
170 goto out;
171 }
172 }
173
174 /* Call arch image load handlers */
175 ldata = arch_kexec_kernel_image_load(image);
176
177 if (IS_ERR(ldata)) {
178 ret = PTR_ERR(ldata);
179 goto out;
180 }
181
182 image->image_loader_data = ldata;
183out:
184 /* In case of error, free up all allocated memory in this function */
185 if (ret)
186 kimage_file_post_load_cleanup(image);
187 return ret;
188}
189
190static int
191kimage_file_alloc_init(struct kimage **rimage, int kernel_fd,
192 int initrd_fd, const char __user *cmdline_ptr,
193 unsigned long cmdline_len, unsigned long flags)
194{
195 int ret;
196 struct kimage *image;
197 bool kexec_on_panic = flags & KEXEC_FILE_ON_CRASH;
198
199 image = do_kimage_alloc_init();
200 if (!image)
201 return -ENOMEM;
202
203 image->file_mode = 1;
204
205 if (kexec_on_panic) {
206 /* Enable special crash kernel control page alloc policy. */
207 image->control_page = crashk_res.start;
208 image->type = KEXEC_TYPE_CRASH;
209 }
210
211 ret = kimage_file_prepare_segments(image, kernel_fd, initrd_fd,
212 cmdline_ptr, cmdline_len, flags);
213 if (ret)
214 goto out_free_image;
215
216 ret = sanity_check_segment_list(image);
217 if (ret)
218 goto out_free_post_load_bufs;
219
220 ret = -ENOMEM;
221 image->control_code_page = kimage_alloc_control_pages(image,
222 get_order(KEXEC_CONTROL_PAGE_SIZE));
223 if (!image->control_code_page) {
224 pr_err("Could not allocate control_code_buffer\n");
225 goto out_free_post_load_bufs;
226 }
227
228 if (!kexec_on_panic) {
229 image->swap_page = kimage_alloc_control_pages(image, 0);
230 if (!image->swap_page) {
231 pr_err("Could not allocate swap buffer\n");
232 goto out_free_control_pages;
233 }
234 }
235
236 *rimage = image;
237 return 0;
238out_free_control_pages:
239 kimage_free_page_list(&image->control_pages);
240out_free_post_load_bufs:
241 kimage_file_post_load_cleanup(image);
242out_free_image:
243 kfree(image);
244 return ret;
245}
246
247SYSCALL_DEFINE5(kexec_file_load, int, kernel_fd, int, initrd_fd,
248 unsigned long, cmdline_len, const char __user *, cmdline_ptr,
249 unsigned long, flags)
250{
251 int ret = 0, i;
252 struct kimage **dest_image, *image;
253
254 /* We only trust the superuser with rebooting the system. */
255 if (!capable(CAP_SYS_BOOT) || kexec_load_disabled)
256 return -EPERM;
257
857fee5b
CYL		 258 /* Don't permit images to be loaded into trusted kernels if we're not
259 * going to verify the signature on them
260 */
261 if (!IS_ENABLED(CONFIG_KEXEC_VERIFY_SIG) &&
262 kernel_is_locked_down("kexec of unsigned images"))
263 return -EPERM;
264
a43cac0d
DY		 265 /* Make sure we have a legal set of flags */
266 if (flags != (flags & KEXEC_FILE_FLAGS))
267 return -EINVAL;
268
269 image = NULL;
270
271 if (!mutex_trylock(&kexec_mutex))
272 return -EBUSY;
273
274 dest_image = &kexec_image;
9b492cf5 275 if (flags & KEXEC_FILE_ON_CRASH) {
a43cac0d 276 dest_image = &kexec_crash_image;
9b492cf5
XP		 277 if (kexec_crash_image)
278 arch_kexec_unprotect_crashkres();
279 }
a43cac0d
DY		 280
281 if (flags & KEXEC_FILE_UNLOAD)
282 goto exchange;
283
284 /*
285 * In case of crash, new kernel gets loaded in reserved region. It is
286 * same memory where old crash kernel might be loaded. Free any
287 * current crash dump kernel before we corrupt it.
288 */
289 if (flags & KEXEC_FILE_ON_CRASH)
290 kimage_free(xchg(&kexec_crash_image, NULL));
291
292 ret = kimage_file_alloc_init(&image, kernel_fd, initrd_fd, cmdline_ptr,
293 cmdline_len, flags);
294 if (ret)
295 goto out;
296
297 ret = machine_kexec_prepare(image);
298 if (ret)
299 goto out;
300
1229384f
XP		 301 /*
302 * Some architecture(like S390) may touch the crash memory before
303 * machine_kexec_prepare(), we must copy vmcoreinfo data after it.
304 */
305 ret = kimage_crash_copy_vmcoreinfo(image);
306 if (ret)
307 goto out;
308
a43cac0d
DY		 309 ret = kexec_calculate_store_digests(image);
310 if (ret)
311 goto out;
312
313 for (i = 0; i < image->nr_segments; i++) {
314 struct kexec_segment *ksegment;
315
316 ksegment = &image->segment[i];
317 pr_debug("Loading segment %d: buf=0x%p bufsz=0x%zx mem=0x%lx memsz=0x%zx\n",
318 i, ksegment->buf, ksegment->bufsz, ksegment->mem,
319 ksegment->memsz);
320
321 ret = kimage_load_segment(image, &image->segment[i]);
322 if (ret)
323 goto out;
324 }
325
326 kimage_terminate(image);
327
328 /*
329 * Free up any temporary buffers allocated which are not needed
330 * after image has been loaded
331 */
332 kimage_file_post_load_cleanup(image);
333exchange:
334 image = xchg(dest_image, image);
335out:
9b492cf5
XP		 336 if ((flags & KEXEC_FILE_ON_CRASH) && kexec_crash_image)
337 arch_kexec_protect_crashkres();
338
a43cac0d
DY		 339 mutex_unlock(&kexec_mutex);
340 kimage_free(image);
341 return ret;
342}
343
344static int locate_mem_hole_top_down(unsigned long start, unsigned long end,
345 struct kexec_buf *kbuf)
346{
347 struct kimage *image = kbuf->image;
348 unsigned long temp_start, temp_end;
349
350 temp_end = min(end, kbuf->buf_max);
351 temp_start = temp_end - kbuf->memsz;
352
353 do {
354 /* align down start */
355 temp_start = temp_start & (~(kbuf->buf_align - 1));
356
357 if (temp_start < start || temp_start < kbuf->buf_min)
358 return 0;
359
360 temp_end = temp_start + kbuf->memsz - 1;
361
362 /*
363 * Make sure this does not conflict with any of existing
364 * segments
365 */
366 if (kimage_is_destination_range(image, temp_start, temp_end)) {
367 temp_start = temp_start - PAGE_SIZE;
368 continue;
369 }
370
371 /* We found a suitable memory range */
372 break;
373 } while (1);
374
375 /* If we are here, we found a suitable memory range */
376 kbuf->mem = temp_start;
377
378 /* Success, stop navigating through remaining System RAM ranges */
379 return 1;
380}
381
382static int locate_mem_hole_bottom_up(unsigned long start, unsigned long end,
383 struct kexec_buf *kbuf)
384{
385 struct kimage *image = kbuf->image;
386 unsigned long temp_start, temp_end;
387
388 temp_start = max(start, kbuf->buf_min);
389
390 do {
391 temp_start = ALIGN(temp_start, kbuf->buf_align);
392 temp_end = temp_start + kbuf->memsz - 1;
393
394 if (temp_end > end || temp_end > kbuf->buf_max)
395 return 0;
396 /*
397 * Make sure this does not conflict with any of existing
398 * segments
399 */
400 if (kimage_is_destination_range(image, temp_start, temp_end)) {
401 temp_start = temp_start + PAGE_SIZE;
402 continue;
403 }
404
405 /* We found a suitable memory range */
406 break;
407 } while (1);
408
409 /* If we are here, we found a suitable memory range */
410 kbuf->mem = temp_start;
411
412 /* Success, stop navigating through remaining System RAM ranges */
413 return 1;
414}
415
1d2e733b 416static int locate_mem_hole_callback(struct resource *res, void *arg)
a43cac0d
DY		 417{
418 struct kexec_buf *kbuf = (struct kexec_buf *)arg;
1d2e733b 419 u64 start = res->start, end = res->end;
a43cac0d
DY		 420 unsigned long sz = end - start + 1;
421
422 /* Returning 0 will take to next memory range */
423 if (sz < kbuf->memsz)
424 return 0;
425
426 if (end < kbuf->buf_min || start > kbuf->buf_max)
427 return 0;
428
429 /*
430 * Allocate memory top down with-in ram range. Otherwise bottom up
431 * allocation.
432 */
433 if (kbuf->top_down)
434 return locate_mem_hole_top_down(start, end, kbuf);
435 return locate_mem_hole_bottom_up(start, end, kbuf);
436}
437
60fe3910
TJB		 438/**
439 * arch_kexec_walk_mem - call func(data) on free memory regions
440 * @kbuf: Context info for the search. Also passed to @func.
441 * @func: Function to call for each memory region.
442 *
443 * Return: The memory walk will stop when func returns a non-zero value
444 * and that value will be returned. If all free regions are visited without
445 * func returning non-zero, then zero will be returned.
446 */
447int __weak arch_kexec_walk_mem(struct kexec_buf *kbuf,
1d2e733b 448 int (*func)(struct resource *, void *))
60fe3910
TJB		 449{
450 if (kbuf->image->type == KEXEC_TYPE_CRASH)
451 return walk_iomem_res_desc(crashk_res.desc,
452 IORESOURCE_SYSTEM_RAM | IORESOURCE_BUSY,
453 crashk_res.start, crashk_res.end,
454 kbuf, func);
455 else
456 return walk_system_ram_res(0, ULONG_MAX, kbuf, func);
457}
458
e2e806f9
TJB		 459/**
460 * kexec_locate_mem_hole - find free memory for the purgatory or the next kernel
461 * @kbuf: Parameters for the memory search.
462 *
463 * On success, kbuf->mem will have the start address of the memory region found.
464 *
465 * Return: 0 on success, negative errno on error.
466 */
467int kexec_locate_mem_hole(struct kexec_buf *kbuf)
468{
469 int ret;
470
471 ret = arch_kexec_walk_mem(kbuf, locate_mem_hole_callback);
472
473 return ret == 1 ? 0 : -EADDRNOTAVAIL;
474}
475
ec2b9bfa
TJB		 476/**
477 * kexec_add_buffer - place a buffer in a kexec segment
478 * @kbuf: Buffer contents and memory parameters.
479 *
480 * This function assumes that kexec_mutex is held.
481 * On successful return, @kbuf->mem will have the physical address of
482 * the buffer in memory.
483 *
484 * Return: 0 on success, negative errno on error.
a43cac0d 485 */
ec2b9bfa 486int kexec_add_buffer(struct kexec_buf *kbuf)
a43cac0d
DY		 487{
488
489 struct kexec_segment *ksegment;
a43cac0d
DY		 490 int ret;
491
492 /* Currently adding segment this way is allowed only in file mode */
ec2b9bfa 493 if (!kbuf->image->file_mode)
a43cac0d
DY		 494 return -EINVAL;
495
ec2b9bfa 496 if (kbuf->image->nr_segments >= KEXEC_SEGMENT_MAX)
a43cac0d
DY		 497 return -EINVAL;
498
499 /*
500 * Make sure we are not trying to add buffer after allocating
501 * control pages. All segments need to be placed first before
502 * any control pages are allocated. As control page allocation
503 * logic goes through list of segments to make sure there are
504 * no destination overlaps.
505 */
ec2b9bfa 506 if (!list_empty(&kbuf->image->control_pages)) {
a43cac0d
DY		 507 WARN_ON(1);
508 return -EINVAL;
509 }
510
ec2b9bfa
TJB		 511 /* Ensure minimum alignment needed for segments. */
512 kbuf->memsz = ALIGN(kbuf->memsz, PAGE_SIZE);
513 kbuf->buf_align = max(kbuf->buf_align, PAGE_SIZE);
a43cac0d
DY		 514
515 /* Walk the RAM ranges and allocate a suitable range for the buffer */
e2e806f9
TJB		 516 ret = kexec_locate_mem_hole(kbuf);
517 if (ret)
518 return ret;
a43cac0d
DY		 519
520 /* Found a suitable memory range */
ec2b9bfa 521 ksegment = &kbuf->image->segment[kbuf->image->nr_segments];
a43cac0d
DY		 522 ksegment->kbuf = kbuf->buffer;
523 ksegment->bufsz = kbuf->bufsz;
524 ksegment->mem = kbuf->mem;
525 ksegment->memsz = kbuf->memsz;
ec2b9bfa 526 kbuf->image->nr_segments++;
a43cac0d
DY		 527 return 0;
528}
529
530/* Calculate and store the digest of segments */
531static int kexec_calculate_store_digests(struct kimage *image)
532{
533 struct crypto_shash *tfm;
534 struct shash_desc *desc;
535 int ret = 0, i, j, zero_buf_sz, sha_region_sz;
536 size_t desc_size, nullsz;
537 char *digest;
538 void *zero_buf;
539 struct kexec_sha_region *sha_regions;
540 struct purgatory_info *pi = &image->purgatory_info;
541
542 zero_buf = __va(page_to_pfn(ZERO_PAGE(0)) << PAGE_SHIFT);
543 zero_buf_sz = PAGE_SIZE;
544
545 tfm = crypto_alloc_shash("sha256", 0, 0);
546 if (IS_ERR(tfm)) {
547 ret = PTR_ERR(tfm);
548 goto out;
549 }
550
551 desc_size = crypto_shash_descsize(tfm) + sizeof(*desc);
552 desc = kzalloc(desc_size, GFP_KERNEL);
553 if (!desc) {
554 ret = -ENOMEM;
555 goto out_free_tfm;
556 }
557
558 sha_region_sz = KEXEC_SEGMENT_MAX * sizeof(struct kexec_sha_region);
559 sha_regions = vzalloc(sha_region_sz);
560 if (!sha_regions)
561 goto out_free_desc;
562
563 desc->tfm = tfm;
564 desc->flags = 0;
565
566 ret = crypto_shash_init(desc);
567 if (ret < 0)
568 goto out_free_sha_regions;
569
570 digest = kzalloc(SHA256_DIGEST_SIZE, GFP_KERNEL);
571 if (!digest) {
572 ret = -ENOMEM;
573 goto out_free_sha_regions;
574 }
575
576 for (j = i = 0; i < image->nr_segments; i++) {
577 struct kexec_segment *ksegment;
578
579 ksegment = &image->segment[i];
580 /*
581 * Skip purgatory as it will be modified once we put digest
582 * info in purgatory.
583 */
584 if (ksegment->kbuf == pi->purgatory_buf)
585 continue;
586
587 ret = crypto_shash_update(desc, ksegment->kbuf,
588 ksegment->bufsz);
589 if (ret)
590 break;
591
592 /*
593 * Assume rest of the buffer is filled with zero and
594 * update digest accordingly.
595 */
596 nullsz = ksegment->memsz - ksegment->bufsz;
597 while (nullsz) {
598 unsigned long bytes = nullsz;
599
600 if (bytes > zero_buf_sz)
601 bytes = zero_buf_sz;
602 ret = crypto_shash_update(desc, zero_buf, bytes);
603 if (ret)
604 break;
605 nullsz -= bytes;
606 }
607
608 if (ret)
609 break;
610
611 sha_regions[j].start = ksegment->mem;
612 sha_regions[j].len = ksegment->memsz;
613 j++;
614 }
615
616 if (!ret) {
617 ret = crypto_shash_final(desc, digest);
618 if (ret)
619 goto out_free_digest;
40c50c1f
TG		 620 ret = kexec_purgatory_get_set_symbol(image, "purgatory_sha_regions",
621 sha_regions, sha_region_sz, 0);
a43cac0d
DY		 622 if (ret)
623 goto out_free_digest;
624
40c50c1f
TG		 625 ret = kexec_purgatory_get_set_symbol(image, "purgatory_sha256_digest",
626 digest, SHA256_DIGEST_SIZE, 0);
a43cac0d
DY		 627 if (ret)
628 goto out_free_digest;
629 }
630
631out_free_digest:
632 kfree(digest);
633out_free_sha_regions:
634 vfree(sha_regions);
635out_free_desc:
636 kfree(desc);
637out_free_tfm:
638 kfree(tfm);
639out:
640 return ret;
641}
642
643/* Actually load purgatory. Lot of code taken from kexec-tools */
644static int __kexec_load_purgatory(struct kimage *image, unsigned long min,
645 unsigned long max, int top_down)
646{
647 struct purgatory_info *pi = &image->purgatory_info;
ec2b9bfa
TJB		 648 unsigned long align, bss_align, bss_sz, bss_pad;
649 unsigned long entry, load_addr, curr_load_addr, bss_addr, offset;
a43cac0d
DY		 650 unsigned char *buf_addr, *src;
651 int i, ret = 0, entry_sidx = -1;
652 const Elf_Shdr *sechdrs_c;
653 Elf_Shdr *sechdrs = NULL;
ec2b9bfa
TJB		 654 struct kexec_buf kbuf = { .image = image, .bufsz = 0, .buf_align = 1,
655 .buf_min = min, .buf_max = max,
656 .top_down = top_down };
a43cac0d
DY		 657
658 /*
659 * sechdrs_c points to section headers in purgatory and are read
660 * only. No modifications allowed.
661 */
662 sechdrs_c = (void *)pi->ehdr + pi->ehdr->e_shoff;
663
664 /*
665 * We can not modify sechdrs_c[] and its fields. It is read only.
666 * Copy it over to a local copy where one can store some temporary
667 * data and free it at the end. We need to modify ->sh_addr and
668 * ->sh_offset fields to keep track of permanent and temporary
669 * locations of sections.
670 */
671 sechdrs = vzalloc(pi->ehdr->e_shnum * sizeof(Elf_Shdr));
672 if (!sechdrs)
673 return -ENOMEM;
674
675 memcpy(sechdrs, sechdrs_c, pi->ehdr->e_shnum * sizeof(Elf_Shdr));
676
677 /*
678 * We seem to have multiple copies of sections. First copy is which
679 * is embedded in kernel in read only section. Some of these sections
680 * will be copied to a temporary buffer and relocated. And these
681 * sections will finally be copied to their final destination at
682 * segment load time.
683 *
684 * Use ->sh_offset to reflect section address in memory. It will
685 * point to original read only copy if section is not allocatable.
686 * Otherwise it will point to temporary copy which will be relocated.
687 *
688 * Use ->sh_addr to contain final address of the section where it
689 * will go during execution time.
690 */
691 for (i = 0; i < pi->ehdr->e_shnum; i++) {
692 if (sechdrs[i].sh_type == SHT_NOBITS)
693 continue;
694
695 sechdrs[i].sh_offset = (unsigned long)pi->ehdr +
696 sechdrs[i].sh_offset;
697 }
698
699 /*
700 * Identify entry point section and make entry relative to section
701 * start.
702 */
703 entry = pi->ehdr->e_entry;
704 for (i = 0; i < pi->ehdr->e_shnum; i++) {
705 if (!(sechdrs[i].sh_flags & SHF_ALLOC))
706 continue;
707
708 if (!(sechdrs[i].sh_flags & SHF_EXECINSTR))
709 continue;
710
711 /* Make entry section relative */
712 if (sechdrs[i].sh_addr <= pi->ehdr->e_entry &&
713 ((sechdrs[i].sh_addr + sechdrs[i].sh_size) >
714 pi->ehdr->e_entry)) {
715 entry_sidx = i;
716 entry -= sechdrs[i].sh_addr;
717 break;
718 }
719 }
720
721 /* Determine how much memory is needed to load relocatable object. */
a43cac0d 722 bss_align = 1;
a43cac0d
DY		 723 bss_sz = 0;
724
725 for (i = 0; i < pi->ehdr->e_shnum; i++) {
726 if (!(sechdrs[i].sh_flags & SHF_ALLOC))
727 continue;
728
729 align = sechdrs[i].sh_addralign;
730 if (sechdrs[i].sh_type != SHT_NOBITS) {
ec2b9bfa
TJB		 731 if (kbuf.buf_align < align)
732 kbuf.buf_align = align;
733 kbuf.bufsz = ALIGN(kbuf.bufsz, align);
734 kbuf.bufsz += sechdrs[i].sh_size;
a43cac0d
DY		 735 } else {
736 /* bss section */
737 if (bss_align < align)
738 bss_align = align;
739 bss_sz = ALIGN(bss_sz, align);
740 bss_sz += sechdrs[i].sh_size;
741 }
742 }
743
744 /* Determine the bss padding required to align bss properly */
745 bss_pad = 0;
ec2b9bfa
TJB		 746 if (kbuf.bufsz & (bss_align - 1))
747 bss_pad = bss_align - (kbuf.bufsz & (bss_align - 1));
a43cac0d 748
ec2b9bfa 749 kbuf.memsz = kbuf.bufsz + bss_pad + bss_sz;
a43cac0d
DY		 750
751 /* Allocate buffer for purgatory */
ec2b9bfa
TJB		 752 kbuf.buffer = vzalloc(kbuf.bufsz);
753 if (!kbuf.buffer) {
a43cac0d
DY		 754 ret = -ENOMEM;
755 goto out;
756 }
757
ec2b9bfa
TJB		 758 if (kbuf.buf_align < bss_align)
759 kbuf.buf_align = bss_align;
a43cac0d
DY		 760
761 /* Add buffer to segment list */
ec2b9bfa 762 ret = kexec_add_buffer(&kbuf);
a43cac0d
DY		 763 if (ret)
764 goto out;
ec2b9bfa 765 pi->purgatory_load_addr = kbuf.mem;
a43cac0d
DY		 766
767 /* Load SHF_ALLOC sections */
ec2b9bfa 768 buf_addr = kbuf.buffer;
a43cac0d 769 load_addr = curr_load_addr = pi->purgatory_load_addr;
ec2b9bfa 770 bss_addr = load_addr + kbuf.bufsz + bss_pad;
a43cac0d
DY		 771
772 for (i = 0; i < pi->ehdr->e_shnum; i++) {
773 if (!(sechdrs[i].sh_flags & SHF_ALLOC))
774 continue;
775
776 align = sechdrs[i].sh_addralign;
777 if (sechdrs[i].sh_type != SHT_NOBITS) {
778 curr_load_addr = ALIGN(curr_load_addr, align);
779 offset = curr_load_addr - load_addr;
780 /* We already modifed ->sh_offset to keep src addr */
781 src = (char *) sechdrs[i].sh_offset;
782 memcpy(buf_addr + offset, src, sechdrs[i].sh_size);
783
784 /* Store load address and source address of section */
785 sechdrs[i].sh_addr = curr_load_addr;
786
787 /*
788 * This section got copied to temporary buffer. Update
789 * ->sh_offset accordingly.
790 */
791 sechdrs[i].sh_offset = (unsigned long)(buf_addr + offset);
792
793 /* Advance to the next address */
794 curr_load_addr += sechdrs[i].sh_size;
795 } else {
796 bss_addr = ALIGN(bss_addr, align);
797 sechdrs[i].sh_addr = bss_addr;
798 bss_addr += sechdrs[i].sh_size;
799 }
800 }
801
802 /* Update entry point based on load address of text section */
803 if (entry_sidx >= 0)
804 entry += sechdrs[entry_sidx].sh_addr;
805
806 /* Make kernel jump to purgatory after shutdown */
807 image->start = entry;
808
809 /* Used later to get/set symbol values */
810 pi->sechdrs = sechdrs;
811
812 /*
813 * Used later to identify which section is purgatory and skip it
814 * from checksumming.
815 */
ec2b9bfa 816 pi->purgatory_buf = kbuf.buffer;
a43cac0d
DY		 817 return ret;
818out:
819 vfree(sechdrs);
ec2b9bfa 820 vfree(kbuf.buffer);
a43cac0d
DY		 821 return ret;
822}
823
824static int kexec_apply_relocations(struct kimage *image)
825{
826 int i, ret;
827 struct purgatory_info *pi = &image->purgatory_info;
828 Elf_Shdr *sechdrs = pi->sechdrs;
829
830 /* Apply relocations */
831 for (i = 0; i < pi->ehdr->e_shnum; i++) {
832 Elf_Shdr *section, *symtab;
833
834 if (sechdrs[i].sh_type != SHT_RELA &&
835 sechdrs[i].sh_type != SHT_REL)
836 continue;
837
838 /*
839 * For section of type SHT_RELA/SHT_REL,
840 * ->sh_link contains section header index of associated
841 * symbol table. And ->sh_info contains section header
842 * index of section to which relocations apply.
843 */
844 if (sechdrs[i].sh_info >= pi->ehdr->e_shnum ||
845 sechdrs[i].sh_link >= pi->ehdr->e_shnum)
846 return -ENOEXEC;
847
848 section = &sechdrs[sechdrs[i].sh_info];
849 symtab = &sechdrs[sechdrs[i].sh_link];
850
851 if (!(section->sh_flags & SHF_ALLOC))
852 continue;
853
854 /*
855 * symtab->sh_link contain section header index of associated
856 * string table.
857 */
858 if (symtab->sh_link >= pi->ehdr->e_shnum)
859 /* Invalid section number? */
860 continue;
861
862 /*
863 * Respective architecture needs to provide support for applying
864 * relocations of type SHT_RELA/SHT_REL.
865 */
866 if (sechdrs[i].sh_type == SHT_RELA)
867 ret = arch_kexec_apply_relocations_add(pi->ehdr,
868 sechdrs, i);
869 else if (sechdrs[i].sh_type == SHT_REL)
870 ret = arch_kexec_apply_relocations(pi->ehdr,
871 sechdrs, i);
872 if (ret)
873 return ret;
874 }
875
876 return 0;
877}
878
879/* Load relocatable purgatory object and relocate it appropriately */
880int kexec_load_purgatory(struct kimage *image, unsigned long min,
881 unsigned long max, int top_down,
882 unsigned long *load_addr)
883{
884 struct purgatory_info *pi = &image->purgatory_info;
885 int ret;
886
887 if (kexec_purgatory_size <= 0)
888 return -EINVAL;
889
890 if (kexec_purgatory_size < sizeof(Elf_Ehdr))
891 return -ENOEXEC;
892
893 pi->ehdr = (Elf_Ehdr *)kexec_purgatory;
894
895 if (memcmp(pi->ehdr->e_ident, ELFMAG, SELFMAG) != 0
896 || pi->ehdr->e_type != ET_REL
897 || !elf_check_arch(pi->ehdr)
898 || pi->ehdr->e_shentsize != sizeof(Elf_Shdr))
899 return -ENOEXEC;
900
901 if (pi->ehdr->e_shoff >= kexec_purgatory_size
902 || (pi->ehdr->e_shnum * sizeof(Elf_Shdr) >
903 kexec_purgatory_size - pi->ehdr->e_shoff))
904 return -ENOEXEC;
905
906 ret = __kexec_load_purgatory(image, min, max, top_down);
907 if (ret)
908 return ret;
909
910 ret = kexec_apply_relocations(image);
911 if (ret)
912 goto out;
913
914 *load_addr = pi->purgatory_load_addr;
915 return 0;
916out:
917 vfree(pi->sechdrs);
070c43ee
TJB		 918 pi->sechdrs = NULL;
919
a43cac0d 920 vfree(pi->purgatory_buf);
070c43ee 921 pi->purgatory_buf = NULL;
a43cac0d
DY		 922 return ret;
923}
924
925static Elf_Sym *kexec_purgatory_find_symbol(struct purgatory_info *pi,
926 const char *name)
927{
928 Elf_Sym *syms;
929 Elf_Shdr *sechdrs;
930 Elf_Ehdr *ehdr;
931 int i, k;
932 const char *strtab;
933
934 if (!pi->sechdrs || !pi->ehdr)
935 return NULL;
936
937 sechdrs = pi->sechdrs;
938 ehdr = pi->ehdr;
939
940 for (i = 0; i < ehdr->e_shnum; i++) {
941 if (sechdrs[i].sh_type != SHT_SYMTAB)
942 continue;
943
944 if (sechdrs[i].sh_link >= ehdr->e_shnum)
945 /* Invalid strtab section number */
946 continue;
947 strtab = (char *)sechdrs[sechdrs[i].sh_link].sh_offset;
948 syms = (Elf_Sym *)sechdrs[i].sh_offset;
949
950 /* Go through symbols for a match */
951 for (k = 0; k < sechdrs[i].sh_size/sizeof(Elf_Sym); k++) {
952 if (ELF_ST_BIND(syms[k].st_info) != STB_GLOBAL)
953 continue;
954
955 if (strcmp(strtab + syms[k].st_name, name) != 0)
956 continue;
957
958 if (syms[k].st_shndx == SHN_UNDEF ||
959 syms[k].st_shndx >= ehdr->e_shnum) {
960 pr_debug("Symbol: %s has bad section index %d.\n",
961 name, syms[k].st_shndx);
962 return NULL;
963 }
964
965 /* Found the symbol we are looking for */
966 return &syms[k];
967 }
968 }
969
970 return NULL;
971}
972
973void *kexec_purgatory_get_symbol_addr(struct kimage *image, const char *name)
974{
975 struct purgatory_info *pi = &image->purgatory_info;
976 Elf_Sym *sym;
977 Elf_Shdr *sechdr;
978
979 sym = kexec_purgatory_find_symbol(pi, name);
980 if (!sym)
981 return ERR_PTR(-EINVAL);
982
983 sechdr = &pi->sechdrs[sym->st_shndx];
984
985 /*
986 * Returns the address where symbol will finally be loaded after
987 * kexec_load_segment()
988 */
989 return (void *)(sechdr->sh_addr + sym->st_value);
990}
991
992/*
993 * Get or set value of a symbol. If "get_value" is true, symbol value is
994 * returned in buf otherwise symbol value is set based on value in buf.
995 */
996int kexec_purgatory_get_set_symbol(struct kimage *image, const char *name,
997 void *buf, unsigned int size, bool get_value)
998{
999 Elf_Sym *sym;
1000 Elf_Shdr *sechdrs;
1001 struct purgatory_info *pi = &image->purgatory_info;
1002 char *sym_buf;
1003
1004 sym = kexec_purgatory_find_symbol(pi, name);
1005 if (!sym)
1006 return -EINVAL;
1007
1008 if (sym->st_size != size) {
1009 pr_err("symbol %s size mismatch: expected %lu actual %u\n",
1010 name, (unsigned long)sym->st_size, size);
1011 return -EINVAL;
1012 }
1013
1014 sechdrs = pi->sechdrs;
1015
1016 if (sechdrs[sym->st_shndx].sh_type == SHT_NOBITS) {
1017 pr_err("symbol %s is in a bss section. Cannot %s\n", name,
1018 get_value ? "get" : "set");
1019 return -EINVAL;
1020 }
1021
1022 sym_buf = (unsigned char *)sechdrs[sym->st_shndx].sh_offset +
1023 sym->st_value;
1024
1025 if (get_value)
1026 memcpy((void *)buf, sym_buf, size);
1027 else
1028 memcpy((void *)sym_buf, buf, size);
1029
1030 return 0;
1031}
ubuntu-bionic-kernel mirror