1 /*
2 * Kexec Image
3 *
4 * Copyright (C) 2013 Citrix Systems R&D Ltd.
5 *
6 * Derived from kernel/kexec.c from Linux:
7 *
8 * Copyright (C) 2002-2004 Eric Biederman <ebiederm@xmission.com>
9 *
10 * This source code is licensed under the GNU General Public License,
11 * Version 2. See the file COPYING for more details.
12 */
13
14 #include <xen/types.h>
15 #include <xen/init.h>
16 #include <xen/kernel.h>
17 #include <xen/errno.h>
18 #include <xen/spinlock.h>
19 #include <xen/guest_access.h>
20 #include <xen/mm.h>
21 #include <xen/kexec.h>
22 #include <xen/kimage.h>
23
24 #include <asm/page.h>
25
26 /*
27 * When kexec transitions to the new kernel there is a one-to-one
28 * mapping between physical and virtual addresses. On processors
29 * where you can disable the MMU this is trivial, and easy. For
30 * others it is still a simple predictable page table to setup.
31 *
32 * The code for the transition from the current kernel to the the new
33 * kernel is placed in the page-size control_code_buffer. This memory
34 * must be identity mapped in the transition from virtual to physical
35 * addresses.
36 *
37 * The assembly stub in the control code buffer is passed a linked list
38 * of descriptor pages detailing the source pages of the new kernel,
39 * and the destination addresses of those source pages. As this data
40 * structure is not used in the context of the current OS, it must
41 * be self-contained.
42 *
43 * The code has been made to work with highmem pages and will use a
44 * destination page in its final resting place (if it happens
45 * to allocate it). The end product of this is that most of the
46 * physical address space, and most of RAM can be used.
47 *
48 * Future directions include:
49 * - allocating a page table with the control code buffer identity
50 * mapped, to simplify machine_kexec and make kexec_on_panic more
51 * reliable.
52 */
53
54 /*
55 * KIMAGE_NO_DEST is an impossible destination address..., for
56 * allocating pages whose destination address we do not care about.
57 */
58 #define KIMAGE_NO_DEST (-1UL)
59
60 /*
61 * Offset of the last entry in an indirection page.
62 */
63 #define KIMAGE_LAST_ENTRY (PAGE_SIZE/sizeof(kimage_entry_t) - 1)
64
65
66 static int kimage_is_destination_range(struct kexec_image *image,
67 paddr_t start, paddr_t end);
68 static struct page_info *kimage_alloc_page(struct kexec_image *image,
69 paddr_t dest);
70
kimage_alloc_zeroed_page(unsigned memflags)71 static struct page_info *kimage_alloc_zeroed_page(unsigned memflags)
72 {
73 struct page_info *page;
74
75 page = alloc_domheap_page(NULL, memflags);
76 if ( !page )
77 return NULL;
78
79 clear_domain_page(page_to_mfn(page));
80
81 return page;
82 }
83
do_kimage_alloc(struct kexec_image ** rimage,paddr_t entry,unsigned long nr_segments,xen_kexec_segment_t * segments,uint8_t type)84 static int do_kimage_alloc(struct kexec_image **rimage, paddr_t entry,
85 unsigned long nr_segments,
86 xen_kexec_segment_t *segments, uint8_t type)
87 {
88 struct kexec_image *image;
89 unsigned long i;
90 int result;
91
92 /* Allocate a controlling structure */
93 result = -ENOMEM;
94 image = xzalloc(typeof(*image));
95 if ( !image )
96 goto out;
97
98 image->entry_maddr = entry;
99 image->type = type;
100 image->nr_segments = nr_segments;
101 image->segments = segments;
102
103 image->next_crash_page = kexec_crash_area.start;
104
105 INIT_PAGE_LIST_HEAD(&image->control_pages);
106 INIT_PAGE_LIST_HEAD(&image->dest_pages);
107 INIT_PAGE_LIST_HEAD(&image->unusable_pages);
108
109 /*
110 * Verify we have good destination addresses. The caller is
111 * responsible for making certain we don't attempt to load the new
112 * image into invalid or reserved areas of RAM. This just
113 * verifies it is an address we can use.
114 *
115 * Since the kernel does everything in page size chunks ensure the
116 * destination addresses are page aligned. Too many special cases
117 * crop of when we don't do this. The most insidious is getting
118 * overlapping destination addresses simply because addresses are
119 * changed to page size granularity.
120 */
121 result = -EADDRNOTAVAIL;
122 for ( i = 0; i < nr_segments; i++ )
123 {
124 paddr_t mstart, mend;
125
126 mstart = image->segments[i].dest_maddr;
127 mend = mstart + image->segments[i].dest_size;
128 if ( (mstart & ~PAGE_MASK) || (mend & ~PAGE_MASK) )
129 goto out;
130 }
131
132 /*
133 * Verify our destination addresses do not overlap. If we allowed
134 * overlapping destination addresses through very weird things can
135 * happen with no easy explanation as one segment stops on
136 * another.
137 */
138 result = -EINVAL;
139 for ( i = 0; i < nr_segments; i++ )
140 {
141 paddr_t mstart, mend;
142 unsigned long j;
143
144 mstart = image->segments[i].dest_maddr;
145 mend = mstart + image->segments[i].dest_size;
146 for (j = 0; j < i; j++ )
147 {
148 paddr_t pstart, pend;
149 pstart = image->segments[j].dest_maddr;
150 pend = pstart + image->segments[j].dest_size;
151 /* Do the segments overlap? */
152 if ( (mend > pstart) && (mstart < pend) )
153 goto out;
154 }
155 }
156
157 /*
158 * Ensure our buffer sizes are strictly less than our memory
159 * sizes. This should always be the case, and it is easier to
160 * check up front than to be surprised later on.
161 */
162 result = -EINVAL;
163 for ( i = 0; i < nr_segments; i++ )
164 {
165 if ( image->segments[i].buf_size > image->segments[i].dest_size )
166 goto out;
167 }
168
169 /*
170 * Page for the relocation code must still be accessible after the
171 * processor has switched to 32-bit mode.
172 */
173 result = -ENOMEM;
174 image->control_code_page = kimage_alloc_control_page(image, MEMF_bits(32));
175 if ( !image->control_code_page )
176 goto out;
177 result = machine_kexec_add_page(image,
178 page_to_maddr(image->control_code_page),
179 page_to_maddr(image->control_code_page));
180 if ( result < 0 )
181 goto out;
182
183 /* Add an empty indirection page. */
184 result = -ENOMEM;
185 image->entry_page = kimage_alloc_control_page(image, 0);
186 if ( !image->entry_page )
187 goto out;
188 result = machine_kexec_add_page(image, page_to_maddr(image->entry_page),
189 page_to_maddr(image->entry_page));
190 if ( result < 0 )
191 goto out;
192
193 image->head = page_to_maddr(image->entry_page);
194
195 result = 0;
196 out:
197 if ( result == 0 )
198 *rimage = image;
199 else if ( image )
200 {
201 image->segments = NULL; /* caller frees segments after an error */
202 kimage_free(image);
203 }
204
205 return result;
206
207 }
208
kimage_normal_alloc(struct kexec_image ** rimage,paddr_t entry,unsigned long nr_segments,xen_kexec_segment_t * segments)209 static int kimage_normal_alloc(struct kexec_image **rimage, paddr_t entry,
210 unsigned long nr_segments,
211 xen_kexec_segment_t *segments)
212 {
213 return do_kimage_alloc(rimage, entry, nr_segments, segments,
214 KEXEC_TYPE_DEFAULT);
215 }
216
kimage_crash_alloc(struct kexec_image ** rimage,paddr_t entry,unsigned long nr_segments,xen_kexec_segment_t * segments)217 static int kimage_crash_alloc(struct kexec_image **rimage, paddr_t entry,
218 unsigned long nr_segments,
219 xen_kexec_segment_t *segments)
220 {
221 unsigned long i;
222
223 /* Verify we have a valid entry point */
224 if ( (entry < kexec_crash_area.start)
225 || (entry > kexec_crash_area.start + kexec_crash_area.size))
226 return -EADDRNOTAVAIL;
227
228 /*
229 * Verify we have good destination addresses. Normally
230 * the caller is responsible for making certain we don't
231 * attempt to load the new image into invalid or reserved
232 * areas of RAM. But crash kernels are preloaded into a
233 * reserved area of ram. We must ensure the addresses
234 * are in the reserved area otherwise preloading the
235 * kernel could corrupt things.
236 */
237 for ( i = 0; i < nr_segments; i++ )
238 {
239 paddr_t mstart, mend;
240
241 if ( guest_handle_is_null(segments[i].buf.h) )
242 continue;
243
244 mstart = segments[i].dest_maddr;
245 mend = mstart + segments[i].dest_size;
246 /* Ensure we are within the crash kernel limits. */
247 if ( (mstart < kexec_crash_area.start )
248 || (mend > kexec_crash_area.start + kexec_crash_area.size))
249 return -EADDRNOTAVAIL;
250 }
251
252 /* Allocate and initialize a controlling structure. */
253 return do_kimage_alloc(rimage, entry, nr_segments, segments,
254 KEXEC_TYPE_CRASH);
255 }
256
kimage_is_destination_range(struct kexec_image * image,paddr_t start,paddr_t end)257 static int kimage_is_destination_range(struct kexec_image *image,
258 paddr_t start,
259 paddr_t end)
260 {
261 unsigned long i;
262
263 for ( i = 0; i < image->nr_segments; i++ )
264 {
265 paddr_t mstart, mend;
266
267 mstart = image->segments[i].dest_maddr;
268 mend = mstart + image->segments[i].dest_size;
269 if ( (end > mstart) && (start < mend) )
270 return 1;
271 }
272
273 return 0;
274 }
275
kimage_free_page_list(struct page_list_head * list)276 static void kimage_free_page_list(struct page_list_head *list)
277 {
278 struct page_info *page, *next;
279
280 page_list_for_each_safe(page, next, list)
281 {
282 page_list_del(page, list);
283 free_domheap_page(page);
284 }
285 }
286
kimage_alloc_normal_control_page(struct kexec_image * image,unsigned memflags)287 static struct page_info *kimage_alloc_normal_control_page(
288 struct kexec_image *image, unsigned memflags)
289 {
290 /*
291 * Control pages are special, they are the intermediaries that are
292 * needed while we copy the rest of the pages to their final
293 * resting place. As such they must not conflict with either the
294 * destination addresses or memory the kernel is already using.
295 *
296 * The only case where we really need more than one of these are
297 * for architectures where we cannot disable the MMU and must
298 * instead generate an identity mapped page table for all of the
299 * memory.
300 *
301 * At worst this runs in O(N) of the image size.
302 */
303 struct page_list_head extra_pages;
304 struct page_info *page = NULL;
305
306 INIT_PAGE_LIST_HEAD(&extra_pages);
307
308 /*
309 * Loop while I can allocate a page and the page allocated is a
310 * destination page.
311 */
312 do {
313 paddr_t addr, eaddr;
314
315 page = kimage_alloc_zeroed_page(memflags);
316 if ( !page )
317 break;
318 addr = page_to_maddr(page);
319 eaddr = addr + PAGE_SIZE;
320 if ( kimage_is_destination_range(image, addr, eaddr) )
321 {
322 page_list_add(page, &extra_pages);
323 page = NULL;
324 }
325 } while ( !page );
326
327 if ( page )
328 {
329 /* Remember the allocated page... */
330 page_list_add(page, &image->control_pages);
331
332 /*
333 * Because the page is already in it's destination location we
334 * will never allocate another page at that address.
335 * Therefore kimage_alloc_page will not return it (again) and
336 * we don't need to give it an entry in image->segments[].
337 */
338 }
339 /*
340 * Deal with the destination pages I have inadvertently allocated.
341 *
342 * Ideally I would convert multi-page allocations into single page
343 * allocations, and add everything to image->dest_pages.
344 *
345 * For now it is simpler to just free the pages.
346 */
347 kimage_free_page_list(&extra_pages);
348
349 return page;
350 }
351
kimage_alloc_crash_control_page(struct kexec_image * image)352 static struct page_info *kimage_alloc_crash_control_page(struct kexec_image *image)
353 {
354 /*
355 * Control pages are special, they are the intermediaries that are
356 * needed while we copy the rest of the pages to their final
357 * resting place. As such they must not conflict with either the
358 * destination addresses or memory the kernel is already using.
359 *
360 * Control pages are also the only pags we must allocate when
361 * loading a crash kernel. All of the other pages are specified
362 * by the segments and we just memcpy into them directly.
363 *
364 * The only case where we really need more than one of these are
365 * for architectures where we cannot disable the MMU and must
366 * instead generate an identity mapped page table for all of the
367 * memory.
368 *
369 * Given the low demand this implements a very simple allocator
370 * that finds the first hole of the appropriate size in the
371 * reserved memory region, and allocates all of the memory up to
372 * and including the hole.
373 */
374 paddr_t hole_start, hole_end;
375 struct page_info *page = NULL;
376
377 hole_start = PAGE_ALIGN(image->next_crash_page);
378 hole_end = hole_start + PAGE_SIZE;
379 while ( hole_end <= kexec_crash_area.start + kexec_crash_area.size )
380 {
381 unsigned long i;
382
383 /* See if I overlap any of the segments. */
384 for ( i = 0; i < image->nr_segments; i++ )
385 {
386 paddr_t mstart, mend;
387
388 mstart = image->segments[i].dest_maddr;
389 mend = mstart + image->segments[i].dest_size;
390 if ( (hole_end > mstart) && (hole_start < mend) )
391 {
392 /* Advance the hole to the end of the segment. */
393 hole_start = PAGE_ALIGN(mend);
394 hole_end = hole_start + PAGE_SIZE;
395 break;
396 }
397 }
398 /* If I don't overlap any segments I have found my hole! */
399 if ( i == image->nr_segments )
400 {
401 page = maddr_to_page(hole_start);
402 break;
403 }
404 }
405 if ( page )
406 {
407 image->next_crash_page = hole_end;
408 clear_domain_page(page_to_mfn(page));
409 }
410
411 return page;
412 }
413
414
kimage_alloc_control_page(struct kexec_image * image,unsigned memflags)415 struct page_info *kimage_alloc_control_page(struct kexec_image *image,
416 unsigned memflags)
417 {
418 struct page_info *pages = NULL;
419
420 switch ( image->type )
421 {
422 case KEXEC_TYPE_DEFAULT:
423 pages = kimage_alloc_normal_control_page(image, memflags);
424 break;
425 case KEXEC_TYPE_CRASH:
426 pages = kimage_alloc_crash_control_page(image);
427 break;
428 }
429 return pages;
430 }
431
kimage_add_entry(struct kexec_image * image,kimage_entry_t entry)432 static int kimage_add_entry(struct kexec_image *image, kimage_entry_t entry)
433 {
434 kimage_entry_t *entries;
435
436 if ( image->next_entry == KIMAGE_LAST_ENTRY )
437 {
438 struct page_info *page;
439
440 page = kimage_alloc_page(image, KIMAGE_NO_DEST);
441 if ( !page )
442 return -ENOMEM;
443
444 entries = __map_domain_page(image->entry_page);
445 entries[image->next_entry] = page_to_maddr(page) | IND_INDIRECTION;
446 unmap_domain_page(entries);
447
448 image->entry_page = page;
449 image->next_entry = 0;
450 }
451
452 entries = __map_domain_page(image->entry_page);
453 entries[image->next_entry] = entry;
454 image->next_entry++;
455 unmap_domain_page(entries);
456
457 return 0;
458 }
459
kimage_set_destination(struct kexec_image * image,paddr_t destination)460 static int kimage_set_destination(struct kexec_image *image,
461 paddr_t destination)
462 {
463 return kimage_add_entry(image, (destination & PAGE_MASK) | IND_DESTINATION);
464 }
465
466
kimage_add_page(struct kexec_image * image,paddr_t maddr)467 static int kimage_add_page(struct kexec_image *image, paddr_t maddr)
468 {
469 return kimage_add_entry(image, (maddr & PAGE_MASK) | IND_SOURCE);
470 }
471
472
kimage_free_extra_pages(struct kexec_image * image)473 static void kimage_free_extra_pages(struct kexec_image *image)
474 {
475 kimage_free_page_list(&image->dest_pages);
476 kimage_free_page_list(&image->unusable_pages);
477 }
478
kimage_terminate(struct kexec_image * image)479 static void kimage_terminate(struct kexec_image *image)
480 {
481 kimage_entry_t *entries;
482
483 entries = __map_domain_page(image->entry_page);
484 entries[image->next_entry] = IND_DONE;
485 unmap_domain_page(entries);
486 }
487
488 /*
489 * Iterate over all the entries in the indirection pages.
490 *
491 * Call unmap_domain_page(ptr) after the loop exits.
492 */
493 #define for_each_kimage_entry(image, ptr, entry) \
494 for ( ptr = map_domain_page(_mfn(paddr_to_pfn(image->head))); \
495 (entry = *ptr) && !(entry & IND_DONE); \
496 ptr = (entry & IND_INDIRECTION) ? \
497 (unmap_domain_page(ptr), map_domain_page(_mfn(paddr_to_pfn(entry)))) \
498 : ptr + 1 )
499
kimage_free_entry(kimage_entry_t entry)500 static void kimage_free_entry(kimage_entry_t entry)
501 {
502 struct page_info *page;
503
504 page = maddr_to_page(entry);
505 free_domheap_page(page);
506 }
507
kimage_free_all_entries(struct kexec_image * image)508 static void kimage_free_all_entries(struct kexec_image *image)
509 {
510 kimage_entry_t *ptr, entry;
511 kimage_entry_t ind = 0;
512
513 if ( !image->head )
514 return;
515
516 for_each_kimage_entry(image, ptr, entry)
517 {
518 if ( entry & IND_INDIRECTION )
519 {
520 /* Free the previous indirection page */
521 if ( ind & IND_INDIRECTION )
522 kimage_free_entry(ind);
523 /* Save this indirection page until we are done with it. */
524 ind = entry;
525 }
526 else if ( entry & IND_SOURCE )
527 kimage_free_entry(entry);
528 }
529 unmap_domain_page(ptr);
530
531 /* Free the final indirection page. */
532 if ( ind & IND_INDIRECTION )
533 kimage_free_entry(ind);
534 }
535
kimage_free(struct kexec_image * image)536 void kimage_free(struct kexec_image *image)
537 {
538 if ( !image )
539 return;
540
541 kimage_free_extra_pages(image);
542 kimage_free_all_entries(image);
543 kimage_free_page_list(&image->control_pages);
544 xfree(image->segments);
545 xfree(image);
546 }
547
kimage_dst_used(struct kexec_image * image,paddr_t maddr)548 static kimage_entry_t *kimage_dst_used(struct kexec_image *image,
549 paddr_t maddr)
550 {
551 kimage_entry_t *ptr, entry;
552 unsigned long destination = 0;
553
554 for_each_kimage_entry(image, ptr, entry)
555 {
556 if ( entry & IND_DESTINATION )
557 destination = entry & PAGE_MASK;
558 else if ( entry & IND_SOURCE )
559 {
560 if ( maddr == destination )
561 return ptr;
562 destination += PAGE_SIZE;
563 }
564 }
565 unmap_domain_page(ptr);
566
567 return NULL;
568 }
569
kimage_alloc_page(struct kexec_image * image,paddr_t destination)570 static struct page_info *kimage_alloc_page(struct kexec_image *image,
571 paddr_t destination)
572 {
573 /*
574 * Here we implement safeguards to ensure that a source page is
575 * not copied to its destination page before the data on the
576 * destination page is no longer useful.
577 *
578 * To do this we maintain the invariant that a source page is
579 * either its own destination page, or it is not a destination
580 * page at all.
581 *
582 * That is slightly stronger than required, but the proof that no
583 * problems will not occur is trivial, and the implementation is
584 * simply to verify.
585 *
586 * When allocating all pages normally this algorithm will run in
587 * O(N) time, but in the worst case it will run in O(N^2) time.
588 * If the runtime is a problem the data structures can be fixed.
589 */
590 struct page_info *page;
591 paddr_t addr;
592 int ret;
593
594 /*
595 * Walk through the list of destination pages, and see if I have a
596 * match.
597 */
598 page_list_for_each(page, &image->dest_pages)
599 {
600 addr = page_to_maddr(page);
601 if ( addr == destination )
602 {
603 page_list_del(page, &image->dest_pages);
604 goto found;
605 }
606 }
607 page = NULL;
608 for (;;)
609 {
610 kimage_entry_t *old;
611
612 /* Allocate a page, if we run out of memory give up. */
613 page = kimage_alloc_zeroed_page(0);
614 if ( !page )
615 return NULL;
616 addr = page_to_maddr(page);
617
618 /* If it is the destination page we want use it. */
619 if ( addr == destination )
620 break;
621
622 /* If the page is not a destination page use it. */
623 if ( !kimage_is_destination_range(image, addr,
624 addr + PAGE_SIZE) )
625 break;
626
627 /*
628 * I know that the page is someones destination page. See if
629 * there is already a source page for this destination page.
630 * And if so swap the source pages.
631 */
632 old = kimage_dst_used(image, addr);
633 if ( old )
634 {
635 /* If so move it. */
636 mfn_t old_mfn = maddr_to_mfn(*old);
637 mfn_t mfn = maddr_to_mfn(addr);
638
639 copy_domain_page(mfn, old_mfn);
640 clear_domain_page(old_mfn);
641 *old = (addr & ~PAGE_MASK) | IND_SOURCE;
642 unmap_domain_page(old);
643
644 page = mfn_to_page(old_mfn);
645 break;
646 }
647 else
648 {
649 /*
650 * Place the page on the destination list; I will use it
651 * later.
652 */
653 page_list_add(page, &image->dest_pages);
654 }
655 }
656 found:
657 ret = machine_kexec_add_page(image, page_to_maddr(page),
658 page_to_maddr(page));
659 if ( ret < 0 )
660 {
661 free_domheap_page(page);
662 return NULL;
663 }
664 return page;
665 }
666
kimage_load_normal_segment(struct kexec_image * image,xen_kexec_segment_t * segment)667 static int kimage_load_normal_segment(struct kexec_image *image,
668 xen_kexec_segment_t *segment)
669 {
670 unsigned long to_copy;
671 unsigned long src_offset;
672 paddr_t dest, end;
673 int ret;
674
675 to_copy = segment->buf_size;
676 src_offset = 0;
677 dest = segment->dest_maddr;
678
679 ret = kimage_set_destination(image, dest);
680 if ( ret < 0 )
681 return ret;
682
683 while ( to_copy )
684 {
685 unsigned long dest_mfn;
686 struct page_info *page;
687 void *dest_va;
688 size_t size;
689
690 dest_mfn = dest >> PAGE_SHIFT;
691
692 size = min_t(unsigned long, PAGE_SIZE, to_copy);
693
694 page = kimage_alloc_page(image, dest);
695 if ( !page )
696 return -ENOMEM;
697 ret = kimage_add_page(image, page_to_maddr(page));
698 if ( ret < 0 )
699 return ret;
700
701 dest_va = __map_domain_page(page);
702 ret = copy_from_guest_offset(dest_va, segment->buf.h, src_offset, size);
703 unmap_domain_page(dest_va);
704 if ( ret )
705 return -EFAULT;
706
707 to_copy -= size;
708 src_offset += size;
709 dest += PAGE_SIZE;
710 }
711
712 /* Remainder of the destination should be zeroed. */
713 end = segment->dest_maddr + segment->dest_size;
714 for ( ; dest < end; dest += PAGE_SIZE )
715 kimage_add_entry(image, IND_ZERO);
716
717 return 0;
718 }
719
kimage_load_crash_segment(struct kexec_image * image,xen_kexec_segment_t * segment)720 static int kimage_load_crash_segment(struct kexec_image *image,
721 xen_kexec_segment_t *segment)
722 {
723 /*
724 * For crash dumps kernels we simply copy the data from user space
725 * to it's destination.
726 */
727 paddr_t dest;
728 unsigned long sbytes, dbytes;
729 int ret = 0;
730 unsigned long src_offset = 0;
731
732 sbytes = segment->buf_size;
733 dbytes = segment->dest_size;
734 dest = segment->dest_maddr;
735
736 while ( dbytes )
737 {
738 unsigned long dest_mfn;
739 void *dest_va;
740 size_t schunk, dchunk;
741
742 dest_mfn = dest >> PAGE_SHIFT;
743
744 dchunk = PAGE_SIZE;
745 schunk = min(dchunk, sbytes);
746
747 dest_va = map_domain_page(_mfn(dest_mfn));
748 if ( !dest_va )
749 return -EINVAL;
750
751 ret = copy_from_guest_offset(dest_va, segment->buf.h, src_offset, schunk);
752 memset(dest_va + schunk, 0, dchunk - schunk);
753
754 unmap_domain_page(dest_va);
755 if ( ret )
756 return -EFAULT;
757
758 dbytes -= dchunk;
759 sbytes -= schunk;
760 dest += dchunk;
761 src_offset += schunk;
762 }
763
764 return 0;
765 }
766
kimage_load_segment(struct kexec_image * image,xen_kexec_segment_t * segment)767 static int kimage_load_segment(struct kexec_image *image, xen_kexec_segment_t *segment)
768 {
769 int result = -ENOMEM;
770 paddr_t addr;
771
772 if ( !guest_handle_is_null(segment->buf.h) )
773 {
774 switch ( image->type )
775 {
776 case KEXEC_TYPE_DEFAULT:
777 result = kimage_load_normal_segment(image, segment);
778 break;
779 case KEXEC_TYPE_CRASH:
780 result = kimage_load_crash_segment(image, segment);
781 break;
782 }
783 }
784
785 for ( addr = segment->dest_maddr & PAGE_MASK;
786 addr < segment->dest_maddr + segment->dest_size; addr += PAGE_SIZE )
787 {
788 result = machine_kexec_add_page(image, addr, addr);
789 if ( result < 0 )
790 break;
791 }
792
793 return result;
794 }
795
kimage_alloc(struct kexec_image ** rimage,uint8_t type,uint16_t arch,uint64_t entry_maddr,uint32_t nr_segments,xen_kexec_segment_t * segment)796 int kimage_alloc(struct kexec_image **rimage, uint8_t type, uint16_t arch,
797 uint64_t entry_maddr,
798 uint32_t nr_segments, xen_kexec_segment_t *segment)
799 {
800 int result;
801
802 switch( type )
803 {
804 case KEXEC_TYPE_DEFAULT:
805 result = kimage_normal_alloc(rimage, entry_maddr, nr_segments, segment);
806 break;
807 case KEXEC_TYPE_CRASH:
808 result = kimage_crash_alloc(rimage, entry_maddr, nr_segments, segment);
809 break;
810 default:
811 result = -EINVAL;
812 break;
813 }
814 if ( result < 0 )
815 return result;
816
817 (*rimage)->arch = arch;
818
819 return result;
820 }
821
kimage_load_segments(struct kexec_image * image)822 int kimage_load_segments(struct kexec_image *image)
823 {
824 int s;
825 int result;
826
827 for ( s = 0; s < image->nr_segments; s++ ) {
828 result = kimage_load_segment(image, &image->segments[s]);
829 if ( result < 0 )
830 return result;
831 }
832 kimage_terminate(image);
833 return 0;
834 }
835
kimage_entry_next(kimage_entry_t * entry,bool_t compat)836 kimage_entry_t *kimage_entry_next(kimage_entry_t *entry, bool_t compat)
837 {
838 if ( compat )
839 return (kimage_entry_t *)((uint32_t *)entry + 1);
840 return entry + 1;
841 }
842
kimage_entry_mfn(kimage_entry_t * entry,bool_t compat)843 mfn_t kimage_entry_mfn(kimage_entry_t *entry, bool_t compat)
844 {
845 if ( compat )
846 return maddr_to_mfn(*(uint32_t *)entry);
847 return maddr_to_mfn(*entry);
848 }
849
kimage_entry_ind(kimage_entry_t * entry,bool_t compat)850 unsigned long kimage_entry_ind(kimage_entry_t *entry, bool_t compat)
851 {
852 if ( compat )
853 return *(uint32_t *)entry & 0xf;
854 return *entry & 0xf;
855 }
856
kimage_build_ind(struct kexec_image * image,mfn_t ind_mfn,bool_t compat)857 int kimage_build_ind(struct kexec_image *image, mfn_t ind_mfn,
858 bool_t compat)
859 {
860 void *page;
861 kimage_entry_t *entry;
862 int ret = 0;
863 paddr_t dest = KIMAGE_NO_DEST;
864
865 page = map_domain_page(ind_mfn);
866 if ( !page )
867 return -ENOMEM;
868
869 /*
870 * Walk the guest-supplied indirection pages, adding entries to
871 * the image's indirection pages.
872 */
873 for ( entry = page; ; )
874 {
875 unsigned long ind;
876 mfn_t mfn;
877
878 ind = kimage_entry_ind(entry, compat);
879 mfn = kimage_entry_mfn(entry, compat);
880
881 switch ( ind )
882 {
883 case IND_DESTINATION:
884 dest = mfn_to_maddr(mfn);
885 ret = kimage_set_destination(image, dest);
886 if ( ret < 0 )
887 goto done;
888 break;
889 case IND_INDIRECTION:
890 unmap_domain_page(page);
891 page = map_domain_page(mfn);
892 entry = page;
893 continue;
894 case IND_DONE:
895 kimage_terminate(image);
896 goto done;
897 case IND_SOURCE:
898 {
899 struct page_info *guest_page, *xen_page;
900
901 guest_page = mfn_to_page(mfn);
902 if ( !get_page(guest_page, current->domain) )
903 {
904 ret = -EFAULT;
905 goto done;
906 }
907
908 xen_page = kimage_alloc_page(image, dest);
909 if ( !xen_page )
910 {
911 put_page(guest_page);
912 ret = -ENOMEM;
913 goto done;
914 }
915
916 copy_domain_page(page_to_mfn(xen_page), mfn);
917 put_page(guest_page);
918
919 ret = kimage_add_page(image, page_to_maddr(xen_page));
920 if ( ret < 0 )
921 goto done;
922
923 ret = machine_kexec_add_page(image, dest, dest);
924 if ( ret < 0 )
925 goto done;
926
927 dest += PAGE_SIZE;
928 break;
929 }
930 default:
931 ret = -EINVAL;
932 goto done;
933 }
934 entry = kimage_entry_next(entry, compat);
935 }
936 done:
937 unmap_domain_page(page);
938 return ret;
939 }
940
941 /*
942 * Local variables:
943 * mode: C
944 * c-file-style: "BSD"
945 * c-basic-offset: 4
946 * tab-width: 4
947 * indent-tabs-mode: nil
948 * End:
949 */
950