From patchwork Tue Jan 24 08:49:59 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: AKASHI Takahiro X-Patchwork-Id: 92302 Delivered-To: patch@linaro.org Received: by 10.140.20.99 with SMTP id 90csp1617008qgi; Tue, 24 Jan 2017 01:04:57 -0800 (PST) X-Received: by 10.237.39.222 with SMTP id m30mr26463323qtg.118.1485248697697; Tue, 24 Jan 2017 01:04:57 -0800 (PST) Return-Path: Received: from bombadil.infradead.org (bombadil.infradead.org. [65.50.211.133]) by mx.google.com with ESMTPS id v144si12687015qkb.327.2017.01.24.01.04.57 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 24 Jan 2017 01:04:57 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-arm-kernel-bounces+patch=linaro.org@lists.infradead.org designates 65.50.211.133 as permitted sender) client-ip=65.50.211.133; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org; spf=pass (google.com: best guess record for domain of linux-arm-kernel-bounces+patch=linaro.org@lists.infradead.org designates 65.50.211.133 as permitted sender) smtp.mailfrom=linux-arm-kernel-bounces+patch=linaro.org@lists.infradead.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.87 #1 (Red Hat Linux)) id 1cVx26-0001Cu-U2; Tue, 24 Jan 2017 09:04:54 +0000 Received: from casper.infradead.org ([85.118.1.10]) by bombadil.infradead.org with esmtps (Exim 4.87 #1 (Red Hat Linux)) id 1cVx25-000152-Ad for linux-arm-kernel@bombadil.infradead.org; Tue, 24 Jan 2017 09:04:53 +0000 Received: from mail-pf0-x233.google.com ([2607:f8b0:400e:c00::233]) by casper.infradead.org with esmtps (Exim 4.87 #1 (Red Hat Linux)) id 1cVwor-0000Vm-Si for linux-arm-kernel@lists.infradead.org; Tue, 24 Jan 2017 08:51:15 +0000 Received: by mail-pf0-x233.google.com with SMTP id e4so48668508pfg.1 for ; Tue, 24 Jan 2017 00:50:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=yF10t225wjBuPwfHzgu+QRvB4nO8nfwn8f+En1S8SQE=; b=iAAYGiM1Jc4ygU/9ghQe85OmC698NPr3cco9bLAqihKXc53gJemL+vsaIVgHTjbKR4 dmht1XpAsvf131p+M//ooKn4PKps3/sjR1b/4AM/QDEi7KsorNDmlUlI8VL9++Z/MTra m5+gVHHyeYdN+hY35aXnHIhCVn9BSPxmRGi/0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=yF10t225wjBuPwfHzgu+QRvB4nO8nfwn8f+En1S8SQE=; b=r6j0jq/3TtRQtMptzCwER0Z5ZPP+QmVufAEtPKjGMyRoaT4mNgxcgTmRWk2HQnKtbC 8Yazmy62K8LfpEHAuSInNtEx6+OVzhHx31qUvVTCPYSy4UXvsRVpqTPoirrW7Sv4oFKM opeqmX4N0f7intmajDTeJtPh5anVWP9fT4HFXYneA7cJVq+dvRauE2wyHYXF6E8dnNB3 hwplkft1NSMOEE3+Ikydarccv6aj4ZvBMQa6krMsxg0HaLKQM2ZB9goFgM/Gy6nRp2w3 cfNeZIdFzdyvBTpvDV7q1iDHN0fYsQXqfftCg+bLaNUOzDSBUpXpKiSYVAjZ7cCNzopq Sx0A== X-Gm-Message-State: AIkVDXJL9I9fvyXmuyMrTbAKyUXIHuWu6NONuuRFz+95ITm9BA5OIqbwrhBwlxwdIO84fht1 X-Received: by 10.98.252.203 with SMTP id e194mr36745699pfh.8.1485247791716; Tue, 24 Jan 2017 00:49:51 -0800 (PST) Received: from linaro.org ([121.95.100.191]) by smtp.googlemail.com with ESMTPSA id o18sm3583538pgn.36.2017.01.24.00.49.50 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 24 Jan 2017 00:49:51 -0800 (PST) From: AKASHI Takahiro To: catalin.marinas@arm.com, will.deacon@arm.com Subject: [PATCH v30 05/11] arm64: kdump: protect crash dump kernel memory Date: Tue, 24 Jan 2017 17:49:59 +0900 Message-Id: <20170124085004.3892-4-takahiro.akashi@linaro.org> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20170124084638.3770-1-takahiro.akashi@linaro.org> References: <20170124084638.3770-1-takahiro.akashi@linaro.org> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20170124_085114_094934_E25DEA6E X-CRM114-Status: GOOD ( 20.85 ) X-Spam-Score: -2.7 (--) X-Spam-Report: SpamAssassin version 3.4.1 on casper.infradead.org summary: Content analysis details: (-2.7 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low trust [2607:f8b0:400e:c00:0:0:0:233 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: mark.rutland@arm.com, geoff@infradead.org, kexec@lists.infradead.org, AKASHI Takahiro , james.morse@arm.com, bauerman@linux.vnet.ibm.com, dyoung@redhat.com, linux-arm-kernel@lists.infradead.org MIME-Version: 1.0 Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patch=linaro.org@lists.infradead.org To protect the memory reserved for crash dump kernel once after loaded, arch_kexec_protect_crashres/unprotect_crashres() are meant to deal with permissions of the corresponding kernel mappings. We also have to - put the region in an isolated mapping, and - move copying kexec's control_code_page to machine_kexec_prepare() so that the region will be completely read-only after loading. Note that the region must reside in linear mapping and have corresponding page structures in order to be potentially freed by shrinking it through /sys/kernel/kexec_crash_size. Signed-off-by: AKASHI Takahiro --- arch/arm64/kernel/machine_kexec.c | 68 +++++++++++++++++++++++++-------------- arch/arm64/mm/mmu.c | 34 ++++++++++++++++++++ 2 files changed, 77 insertions(+), 25 deletions(-) -- 2.11.0 _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel diff --git a/arch/arm64/kernel/machine_kexec.c b/arch/arm64/kernel/machine_kexec.c index bc96c8a7fc79..f7938fecf3ff 100644 --- a/arch/arm64/kernel/machine_kexec.c +++ b/arch/arm64/kernel/machine_kexec.c @@ -14,6 +14,7 @@ #include #include +#include #include #include "cpu-reset.h" @@ -22,8 +23,6 @@ extern const unsigned char arm64_relocate_new_kernel[]; extern const unsigned long arm64_relocate_new_kernel_size; -static unsigned long kimage_start; - /** * kexec_image_info - For debugging output. */ @@ -64,7 +63,7 @@ void machine_kexec_cleanup(struct kimage *kimage) */ int machine_kexec_prepare(struct kimage *kimage) { - kimage_start = kimage->start; + void *reboot_code_buffer; kexec_image_info(kimage); @@ -73,6 +72,21 @@ int machine_kexec_prepare(struct kimage *kimage) return -EBUSY; } + reboot_code_buffer = + phys_to_virt(page_to_phys(kimage->control_code_page)); + + /* + * Copy arm64_relocate_new_kernel to the reboot_code_buffer for use + * after the kernel is shut down. + */ + memcpy(reboot_code_buffer, arm64_relocate_new_kernel, + arm64_relocate_new_kernel_size); + + /* Flush the reboot_code_buffer in preparation for its execution. */ + __flush_dcache_area(reboot_code_buffer, arm64_relocate_new_kernel_size); + flush_icache_range((uintptr_t)reboot_code_buffer, + arm64_relocate_new_kernel_size); + return 0; } @@ -143,7 +157,6 @@ static void kexec_segment_flush(const struct kimage *kimage) void machine_kexec(struct kimage *kimage) { phys_addr_t reboot_code_buffer_phys; - void *reboot_code_buffer; /* * New cpus may have become stuck_in_kernel after we loaded the image. @@ -151,7 +164,6 @@ void machine_kexec(struct kimage *kimage) BUG_ON(cpus_are_stuck_in_kernel() || (num_online_cpus() > 1)); reboot_code_buffer_phys = page_to_phys(kimage->control_code_page); - reboot_code_buffer = phys_to_virt(reboot_code_buffer_phys); kexec_image_info(kimage); @@ -159,32 +171,20 @@ void machine_kexec(struct kimage *kimage) kimage->control_code_page); pr_debug("%s:%d: reboot_code_buffer_phys: %pa\n", __func__, __LINE__, &reboot_code_buffer_phys); - pr_debug("%s:%d: reboot_code_buffer: %p\n", __func__, __LINE__, - reboot_code_buffer); pr_debug("%s:%d: relocate_new_kernel: %p\n", __func__, __LINE__, arm64_relocate_new_kernel); pr_debug("%s:%d: relocate_new_kernel_size: 0x%lx(%lu) bytes\n", __func__, __LINE__, arm64_relocate_new_kernel_size, arm64_relocate_new_kernel_size); - /* - * Copy arm64_relocate_new_kernel to the reboot_code_buffer for use - * after the kernel is shut down. - */ - memcpy(reboot_code_buffer, arm64_relocate_new_kernel, - arm64_relocate_new_kernel_size); - - /* Flush the reboot_code_buffer in preparation for its execution. */ - __flush_dcache_area(reboot_code_buffer, arm64_relocate_new_kernel_size); - flush_icache_range((uintptr_t)reboot_code_buffer, - arm64_relocate_new_kernel_size); - - /* Flush the kimage list and its buffers. */ - kexec_list_flush(kimage); + if (kimage != kexec_crash_image) { + /* Flush the kimage list and its buffers. */ + kexec_list_flush(kimage); - /* Flush the new image if already in place. */ - if (kimage->head & IND_DONE) - kexec_segment_flush(kimage); + /* Flush the new image if already in place. */ + if (kimage->head & IND_DONE) + kexec_segment_flush(kimage); + } pr_info("Bye!\n"); @@ -201,7 +201,7 @@ void machine_kexec(struct kimage *kimage) */ cpu_soft_restart(1, reboot_code_buffer_phys, kimage->head, - kimage_start, 0); + kimage->start, 0); BUG(); /* Should never get here. */ } @@ -210,3 +210,21 @@ void machine_crash_shutdown(struct pt_regs *regs) { /* Empty routine needed to avoid build errors. */ } + +void arch_kexec_protect_crashkres(void) +{ + kexec_segment_flush(kexec_crash_image); + + create_mapping_late(crashk_res.start, __phys_to_virt(crashk_res.start), + resource_size(&crashk_res), PAGE_KERNEL_INVALID); + + flush_tlb_all(); +} + +void arch_kexec_unprotect_crashkres(void) +{ + create_mapping_late(crashk_res.start, __phys_to_virt(crashk_res.start), + resource_size(&crashk_res), PAGE_KERNEL); + + flush_tlb_all(); +} diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c index 9c7adcce8e4e..2d4a0b68a852 100644 --- a/arch/arm64/mm/mmu.c +++ b/arch/arm64/mm/mmu.c @@ -22,6 +22,7 @@ #include #include #include +#include #include #include #include @@ -367,6 +368,39 @@ static void __init __map_memblock(pgd_t *pgd, phys_addr_t start, phys_addr_t end unsigned long kernel_start = __pa(_text); unsigned long kernel_end = __pa(__init_begin); +#ifdef CONFIG_KEXEC_CORE + /* + * While crash dump kernel memory is contained in a single memblock + * for now, it should appear in an isolated mapping so that we can + * independently unmap the region later. + */ + if (crashk_res.end && crashk_res.start >= start && + crashk_res.end <= end) { + if (crashk_res.start != start) + __create_pgd_mapping(pgd, start, __phys_to_virt(start), + crashk_res.start - start, + PAGE_KERNEL, + early_pgtable_alloc, + debug_pagealloc_enabled()); + + /* before kexec_load(), the region can be read-writable. */ + __create_pgd_mapping(pgd, crashk_res.start, + __phys_to_virt(crashk_res.start), + crashk_res.end - crashk_res.start + 1, + PAGE_KERNEL, early_pgtable_alloc, + debug_pagealloc_enabled()); + + if (crashk_res.end != end) + __create_pgd_mapping(pgd, crashk_res.end + 1, + __phys_to_virt(crashk_res.end + 1), + end - crashk_res.end - 1, + PAGE_KERNEL, + early_pgtable_alloc, + debug_pagealloc_enabled()); + return; + } +#endif + /* * Take care not to create a writable alias for the * read-only text and rodata sections of the kernel image.