1 /*
2 * Kexec Image
3 *
4 * Copyright (C) 2013 Citrix Systems R&D Ltd.
5 *
6 * Derived from kernel/kexec.c from Linux:
7 *
8 * Copyright (C) 2002-2004 Eric Biederman <ebiederm@xmission.com>
9 *
10 * This source code is licensed under the GNU General Public License,
11 * Version 2. See the file COPYING for more details.
12 */
13
14 #include <xen/types.h>
15 #include <xen/init.h>
16 #include <xen/kernel.h>
17 #include <xen/errno.h>
18 #include <xen/spinlock.h>
19 #include <xen/guest_access.h>
20 #include <xen/mm.h>
21 #include <xen/kexec.h>
22 #include <xen/kimage.h>
23
24 #include <asm/page.h>
25
26 /* Override macros from asm/page.h to make them work with mfn_t */
27 #undef mfn_to_page
28 #define mfn_to_page(mfn) __mfn_to_page(mfn_x(mfn))
29 #undef page_to_mfn
30 #define page_to_mfn(pg) _mfn(__page_to_mfn(pg))
31
32 /*
33 * When kexec transitions to the new kernel there is a one-to-one
34 * mapping between physical and virtual addresses. On processors
35 * where you can disable the MMU this is trivial, and easy. For
36 * others it is still a simple predictable page table to setup.
37 *
38 * The code for the transition from the current kernel to the the new
39 * kernel is placed in the page-size control_code_buffer. This memory
40 * must be identity mapped in the transition from virtual to physical
41 * addresses.
42 *
43 * The assembly stub in the control code buffer is passed a linked list
44 * of descriptor pages detailing the source pages of the new kernel,
45 * and the destination addresses of those source pages. As this data
46 * structure is not used in the context of the current OS, it must
47 * be self-contained.
48 *
49 * The code has been made to work with highmem pages and will use a
50 * destination page in its final resting place (if it happens
51 * to allocate it). The end product of this is that most of the
52 * physical address space, and most of RAM can be used.
53 *
54 * Future directions include:
55 * - allocating a page table with the control code buffer identity
56 * mapped, to simplify machine_kexec and make kexec_on_panic more
57 * reliable.
58 */
59
60 /*
61 * KIMAGE_NO_DEST is an impossible destination address..., for
62 * allocating pages whose destination address we do not care about.
63 */
64 #define KIMAGE_NO_DEST (-1UL)
65
66 /*
67 * Offset of the last entry in an indirection page.
68 */
69 #define KIMAGE_LAST_ENTRY (PAGE_SIZE/sizeof(kimage_entry_t) - 1)
70
71
72 static int kimage_is_destination_range(struct kexec_image *image,
73 paddr_t start, paddr_t end);
74 static struct page_info *kimage_alloc_page(struct kexec_image *image,
75 paddr_t dest);
76
kimage_alloc_zeroed_page(unsigned memflags)77 static struct page_info *kimage_alloc_zeroed_page(unsigned memflags)
78 {
79 struct page_info *page;
80
81 page = alloc_domheap_page(NULL, memflags);
82 if ( !page )
83 return NULL;
84
85 clear_domain_page(page_to_mfn(page));
86
87 return page;
88 }
89
do_kimage_alloc(struct kexec_image ** rimage,paddr_t entry,unsigned long nr_segments,xen_kexec_segment_t * segments,uint8_t type)90 static int do_kimage_alloc(struct kexec_image **rimage, paddr_t entry,
91 unsigned long nr_segments,
92 xen_kexec_segment_t *segments, uint8_t type)
93 {
94 struct kexec_image *image;
95 unsigned long i;
96 int result;
97
98 /* Allocate a controlling structure */
99 result = -ENOMEM;
100 image = xzalloc(typeof(*image));
101 if ( !image )
102 goto out;
103
104 image->entry_maddr = entry;
105 image->type = type;
106 image->nr_segments = nr_segments;
107 image->segments = segments;
108
109 image->next_crash_page = kexec_crash_area.start;
110
111 INIT_PAGE_LIST_HEAD(&image->control_pages);
112 INIT_PAGE_LIST_HEAD(&image->dest_pages);
113 INIT_PAGE_LIST_HEAD(&image->unusable_pages);
114
115 /*
116 * Verify we have good destination addresses. The caller is
117 * responsible for making certain we don't attempt to load the new
118 * image into invalid or reserved areas of RAM. This just
119 * verifies it is an address we can use.
120 *
121 * Since the kernel does everything in page size chunks ensure the
122 * destination addresses are page aligned. Too many special cases
123 * crop of when we don't do this. The most insidious is getting
124 * overlapping destination addresses simply because addresses are
125 * changed to page size granularity.
126 */
127 result = -EADDRNOTAVAIL;
128 for ( i = 0; i < nr_segments; i++ )
129 {
130 paddr_t mstart, mend;
131
132 mstart = image->segments[i].dest_maddr;
133 mend = mstart + image->segments[i].dest_size;
134 if ( (mstart & ~PAGE_MASK) || (mend & ~PAGE_MASK) )
135 goto out;
136 }
137
138 /*
139 * Verify our destination addresses do not overlap. If we allowed
140 * overlapping destination addresses through very weird things can
141 * happen with no easy explanation as one segment stops on
142 * another.
143 */
144 result = -EINVAL;
145 for ( i = 0; i < nr_segments; i++ )
146 {
147 paddr_t mstart, mend;
148 unsigned long j;
149
150 mstart = image->segments[i].dest_maddr;
151 mend = mstart + image->segments[i].dest_size;
152 for (j = 0; j < i; j++ )
153 {
154 paddr_t pstart, pend;
155 pstart = image->segments[j].dest_maddr;
156 pend = pstart + image->segments[j].dest_size;
157 /* Do the segments overlap? */
158 if ( (mend > pstart) && (mstart < pend) )
159 goto out;
160 }
161 }
162
163 /*
164 * Ensure our buffer sizes are strictly less than our memory
165 * sizes. This should always be the case, and it is easier to
166 * check up front than to be surprised later on.
167 */
168 result = -EINVAL;
169 for ( i = 0; i < nr_segments; i++ )
170 {
171 if ( image->segments[i].buf_size > image->segments[i].dest_size )
172 goto out;
173 }
174
175 /*
176 * Page for the relocation code must still be accessible after the
177 * processor has switched to 32-bit mode.
178 */
179 result = -ENOMEM;
180 image->control_code_page = kimage_alloc_control_page(image, MEMF_bits(32));
181 if ( !image->control_code_page )
182 goto out;
183 result = machine_kexec_add_page(image,
184 page_to_maddr(image->control_code_page),
185 page_to_maddr(image->control_code_page));
186 if ( result < 0 )
187 goto out;
188
189 /* Add an empty indirection page. */
190 result = -ENOMEM;
191 image->entry_page = kimage_alloc_control_page(image, 0);
192 if ( !image->entry_page )
193 goto out;
194 result = machine_kexec_add_page(image, page_to_maddr(image->entry_page),
195 page_to_maddr(image->entry_page));
196 if ( result < 0 )
197 goto out;
198
199 image->head = page_to_maddr(image->entry_page);
200
201 result = 0;
202 out:
203 if ( result == 0 )
204 *rimage = image;
205 else if ( image )
206 {
207 image->segments = NULL; /* caller frees segments after an error */
208 kimage_free(image);
209 }
210
211 return result;
212
213 }
214
kimage_normal_alloc(struct kexec_image ** rimage,paddr_t entry,unsigned long nr_segments,xen_kexec_segment_t * segments)215 static int kimage_normal_alloc(struct kexec_image **rimage, paddr_t entry,
216 unsigned long nr_segments,
217 xen_kexec_segment_t *segments)
218 {
219 return do_kimage_alloc(rimage, entry, nr_segments, segments,
220 KEXEC_TYPE_DEFAULT);
221 }
222
kimage_crash_alloc(struct kexec_image ** rimage,paddr_t entry,unsigned long nr_segments,xen_kexec_segment_t * segments)223 static int kimage_crash_alloc(struct kexec_image **rimage, paddr_t entry,
224 unsigned long nr_segments,
225 xen_kexec_segment_t *segments)
226 {
227 unsigned long i;
228
229 /* Verify we have a valid entry point */
230 if ( (entry < kexec_crash_area.start)
231 || (entry > kexec_crash_area.start + kexec_crash_area.size))
232 return -EADDRNOTAVAIL;
233
234 /*
235 * Verify we have good destination addresses. Normally
236 * the caller is responsible for making certain we don't
237 * attempt to load the new image into invalid or reserved
238 * areas of RAM. But crash kernels are preloaded into a
239 * reserved area of ram. We must ensure the addresses
240 * are in the reserved area otherwise preloading the
241 * kernel could corrupt things.
242 */
243 for ( i = 0; i < nr_segments; i++ )
244 {
245 paddr_t mstart, mend;
246
247 if ( guest_handle_is_null(segments[i].buf.h) )
248 continue;
249
250 mstart = segments[i].dest_maddr;
251 mend = mstart + segments[i].dest_size;
252 /* Ensure we are within the crash kernel limits. */
253 if ( (mstart < kexec_crash_area.start )
254 || (mend > kexec_crash_area.start + kexec_crash_area.size))
255 return -EADDRNOTAVAIL;
256 }
257
258 /* Allocate and initialize a controlling structure. */
259 return do_kimage_alloc(rimage, entry, nr_segments, segments,
260 KEXEC_TYPE_CRASH);
261 }
262
kimage_is_destination_range(struct kexec_image * image,paddr_t start,paddr_t end)263 static int kimage_is_destination_range(struct kexec_image *image,
264 paddr_t start,
265 paddr_t end)
266 {
267 unsigned long i;
268
269 for ( i = 0; i < image->nr_segments; i++ )
270 {
271 paddr_t mstart, mend;
272
273 mstart = image->segments[i].dest_maddr;
274 mend = mstart + image->segments[i].dest_size;
275 if ( (end > mstart) && (start < mend) )
276 return 1;
277 }
278
279 return 0;
280 }
281
kimage_free_page_list(struct page_list_head * list)282 static void kimage_free_page_list(struct page_list_head *list)
283 {
284 struct page_info *page, *next;
285
286 page_list_for_each_safe(page, next, list)
287 {
288 page_list_del(page, list);
289 free_domheap_page(page);
290 }
291 }
292
kimage_alloc_normal_control_page(struct kexec_image * image,unsigned memflags)293 static struct page_info *kimage_alloc_normal_control_page(
294 struct kexec_image *image, unsigned memflags)
295 {
296 /*
297 * Control pages are special, they are the intermediaries that are
298 * needed while we copy the rest of the pages to their final
299 * resting place. As such they must not conflict with either the
300 * destination addresses or memory the kernel is already using.
301 *
302 * The only case where we really need more than one of these are
303 * for architectures where we cannot disable the MMU and must
304 * instead generate an identity mapped page table for all of the
305 * memory.
306 *
307 * At worst this runs in O(N) of the image size.
308 */
309 struct page_list_head extra_pages;
310 struct page_info *page = NULL;
311
312 INIT_PAGE_LIST_HEAD(&extra_pages);
313
314 /*
315 * Loop while I can allocate a page and the page allocated is a
316 * destination page.
317 */
318 do {
319 paddr_t addr, eaddr;
320
321 page = kimage_alloc_zeroed_page(memflags);
322 if ( !page )
323 break;
324 addr = page_to_maddr(page);
325 eaddr = addr + PAGE_SIZE;
326 if ( kimage_is_destination_range(image, addr, eaddr) )
327 {
328 page_list_add(page, &extra_pages);
329 page = NULL;
330 }
331 } while ( !page );
332
333 if ( page )
334 {
335 /* Remember the allocated page... */
336 page_list_add(page, &image->control_pages);
337
338 /*
339 * Because the page is already in it's destination location we
340 * will never allocate another page at that address.
341 * Therefore kimage_alloc_page will not return it (again) and
342 * we don't need to give it an entry in image->segments[].
343 */
344 }
345 /*
346 * Deal with the destination pages I have inadvertently allocated.
347 *
348 * Ideally I would convert multi-page allocations into single page
349 * allocations, and add everything to image->dest_pages.
350 *
351 * For now it is simpler to just free the pages.
352 */
353 kimage_free_page_list(&extra_pages);
354
355 return page;
356 }
357
kimage_alloc_crash_control_page(struct kexec_image * image)358 static struct page_info *kimage_alloc_crash_control_page(struct kexec_image *image)
359 {
360 /*
361 * Control pages are special, they are the intermediaries that are
362 * needed while we copy the rest of the pages to their final
363 * resting place. As such they must not conflict with either the
364 * destination addresses or memory the kernel is already using.
365 *
366 * Control pages are also the only pags we must allocate when
367 * loading a crash kernel. All of the other pages are specified
368 * by the segments and we just memcpy into them directly.
369 *
370 * The only case where we really need more than one of these are
371 * for architectures where we cannot disable the MMU and must
372 * instead generate an identity mapped page table for all of the
373 * memory.
374 *
375 * Given the low demand this implements a very simple allocator
376 * that finds the first hole of the appropriate size in the
377 * reserved memory region, and allocates all of the memory up to
378 * and including the hole.
379 */
380 paddr_t hole_start, hole_end;
381 struct page_info *page = NULL;
382
383 hole_start = PAGE_ALIGN(image->next_crash_page);
384 hole_end = hole_start + PAGE_SIZE;
385 while ( hole_end <= kexec_crash_area.start + kexec_crash_area.size )
386 {
387 unsigned long i;
388
389 /* See if I overlap any of the segments. */
390 for ( i = 0; i < image->nr_segments; i++ )
391 {
392 paddr_t mstart, mend;
393
394 mstart = image->segments[i].dest_maddr;
395 mend = mstart + image->segments[i].dest_size;
396 if ( (hole_end > mstart) && (hole_start < mend) )
397 {
398 /* Advance the hole to the end of the segment. */
399 hole_start = PAGE_ALIGN(mend);
400 hole_end = hole_start + PAGE_SIZE;
401 break;
402 }
403 }
404 /* If I don't overlap any segments I have found my hole! */
405 if ( i == image->nr_segments )
406 {
407 page = maddr_to_page(hole_start);
408 break;
409 }
410 }
411 if ( page )
412 {
413 image->next_crash_page = hole_end;
414 clear_domain_page(page_to_mfn(page));
415 }
416
417 return page;
418 }
419
420
kimage_alloc_control_page(struct kexec_image * image,unsigned memflags)421 struct page_info *kimage_alloc_control_page(struct kexec_image *image,
422 unsigned memflags)
423 {
424 struct page_info *pages = NULL;
425
426 switch ( image->type )
427 {
428 case KEXEC_TYPE_DEFAULT:
429 pages = kimage_alloc_normal_control_page(image, memflags);
430 break;
431 case KEXEC_TYPE_CRASH:
432 pages = kimage_alloc_crash_control_page(image);
433 break;
434 }
435 return pages;
436 }
437
kimage_add_entry(struct kexec_image * image,kimage_entry_t entry)438 static int kimage_add_entry(struct kexec_image *image, kimage_entry_t entry)
439 {
440 kimage_entry_t *entries;
441
442 if ( image->next_entry == KIMAGE_LAST_ENTRY )
443 {
444 struct page_info *page;
445
446 page = kimage_alloc_page(image, KIMAGE_NO_DEST);
447 if ( !page )
448 return -ENOMEM;
449
450 entries = __map_domain_page(image->entry_page);
451 entries[image->next_entry] = page_to_maddr(page) | IND_INDIRECTION;
452 unmap_domain_page(entries);
453
454 image->entry_page = page;
455 image->next_entry = 0;
456 }
457
458 entries = __map_domain_page(image->entry_page);
459 entries[image->next_entry] = entry;
460 image->next_entry++;
461 unmap_domain_page(entries);
462
463 return 0;
464 }
465
kimage_set_destination(struct kexec_image * image,paddr_t destination)466 static int kimage_set_destination(struct kexec_image *image,
467 paddr_t destination)
468 {
469 return kimage_add_entry(image, (destination & PAGE_MASK) | IND_DESTINATION);
470 }
471
472
kimage_add_page(struct kexec_image * image,paddr_t maddr)473 static int kimage_add_page(struct kexec_image *image, paddr_t maddr)
474 {
475 return kimage_add_entry(image, (maddr & PAGE_MASK) | IND_SOURCE);
476 }
477
478
kimage_free_extra_pages(struct kexec_image * image)479 static void kimage_free_extra_pages(struct kexec_image *image)
480 {
481 kimage_free_page_list(&image->dest_pages);
482 kimage_free_page_list(&image->unusable_pages);
483 }
484
kimage_terminate(struct kexec_image * image)485 static void kimage_terminate(struct kexec_image *image)
486 {
487 kimage_entry_t *entries;
488
489 entries = __map_domain_page(image->entry_page);
490 entries[image->next_entry] = IND_DONE;
491 unmap_domain_page(entries);
492 }
493
494 /*
495 * Iterate over all the entries in the indirection pages.
496 *
497 * Call unmap_domain_page(ptr) after the loop exits.
498 */
499 #define for_each_kimage_entry(image, ptr, entry) \
500 for ( ptr = map_domain_page(_mfn(paddr_to_pfn(image->head))); \
501 (entry = *ptr) && !(entry & IND_DONE); \
502 ptr = (entry & IND_INDIRECTION) ? \
503 (unmap_domain_page(ptr), map_domain_page(_mfn(paddr_to_pfn(entry)))) \
504 : ptr + 1 )
505
kimage_free_entry(kimage_entry_t entry)506 static void kimage_free_entry(kimage_entry_t entry)
507 {
508 struct page_info *page;
509
510 page = maddr_to_page(entry);
511 free_domheap_page(page);
512 }
513
kimage_free_all_entries(struct kexec_image * image)514 static void kimage_free_all_entries(struct kexec_image *image)
515 {
516 kimage_entry_t *ptr, entry;
517 kimage_entry_t ind = 0;
518
519 if ( !image->head )
520 return;
521
522 for_each_kimage_entry(image, ptr, entry)
523 {
524 if ( entry & IND_INDIRECTION )
525 {
526 /* Free the previous indirection page */
527 if ( ind & IND_INDIRECTION )
528 kimage_free_entry(ind);
529 /* Save this indirection page until we are done with it. */
530 ind = entry;
531 }
532 else if ( entry & IND_SOURCE )
533 kimage_free_entry(entry);
534 }
535 unmap_domain_page(ptr);
536
537 /* Free the final indirection page. */
538 if ( ind & IND_INDIRECTION )
539 kimage_free_entry(ind);
540 }
541
kimage_free(struct kexec_image * image)542 void kimage_free(struct kexec_image *image)
543 {
544 if ( !image )
545 return;
546
547 kimage_free_extra_pages(image);
548 kimage_free_all_entries(image);
549 kimage_free_page_list(&image->control_pages);
550 xfree(image->segments);
551 xfree(image);
552 }
553
kimage_dst_used(struct kexec_image * image,paddr_t maddr)554 static kimage_entry_t *kimage_dst_used(struct kexec_image *image,
555 paddr_t maddr)
556 {
557 kimage_entry_t *ptr, entry;
558 unsigned long destination = 0;
559
560 for_each_kimage_entry(image, ptr, entry)
561 {
562 if ( entry & IND_DESTINATION )
563 destination = entry & PAGE_MASK;
564 else if ( entry & IND_SOURCE )
565 {
566 if ( maddr == destination )
567 return ptr;
568 destination += PAGE_SIZE;
569 }
570 }
571 unmap_domain_page(ptr);
572
573 return NULL;
574 }
575
kimage_alloc_page(struct kexec_image * image,paddr_t destination)576 static struct page_info *kimage_alloc_page(struct kexec_image *image,
577 paddr_t destination)
578 {
579 /*
580 * Here we implement safeguards to ensure that a source page is
581 * not copied to its destination page before the data on the
582 * destination page is no longer useful.
583 *
584 * To do this we maintain the invariant that a source page is
585 * either its own destination page, or it is not a destination
586 * page at all.
587 *
588 * That is slightly stronger than required, but the proof that no
589 * problems will not occur is trivial, and the implementation is
590 * simply to verify.
591 *
592 * When allocating all pages normally this algorithm will run in
593 * O(N) time, but in the worst case it will run in O(N^2) time.
594 * If the runtime is a problem the data structures can be fixed.
595 */
596 struct page_info *page;
597 paddr_t addr;
598 int ret;
599
600 /*
601 * Walk through the list of destination pages, and see if I have a
602 * match.
603 */
604 page_list_for_each(page, &image->dest_pages)
605 {
606 addr = page_to_maddr(page);
607 if ( addr == destination )
608 {
609 page_list_del(page, &image->dest_pages);
610 goto found;
611 }
612 }
613 page = NULL;
614 for (;;)
615 {
616 kimage_entry_t *old;
617
618 /* Allocate a page, if we run out of memory give up. */
619 page = kimage_alloc_zeroed_page(0);
620 if ( !page )
621 return NULL;
622 addr = page_to_maddr(page);
623
624 /* If it is the destination page we want use it. */
625 if ( addr == destination )
626 break;
627
628 /* If the page is not a destination page use it. */
629 if ( !kimage_is_destination_range(image, addr,
630 addr + PAGE_SIZE) )
631 break;
632
633 /*
634 * I know that the page is someones destination page. See if
635 * there is already a source page for this destination page.
636 * And if so swap the source pages.
637 */
638 old = kimage_dst_used(image, addr);
639 if ( old )
640 {
641 /* If so move it. */
642 mfn_t old_mfn = maddr_to_mfn(*old);
643 mfn_t mfn = maddr_to_mfn(addr);
644
645 copy_domain_page(mfn, old_mfn);
646 clear_domain_page(old_mfn);
647 *old = (addr & ~PAGE_MASK) | IND_SOURCE;
648 unmap_domain_page(old);
649
650 page = mfn_to_page(old_mfn);
651 break;
652 }
653 else
654 {
655 /*
656 * Place the page on the destination list; I will use it
657 * later.
658 */
659 page_list_add(page, &image->dest_pages);
660 }
661 }
662 found:
663 ret = machine_kexec_add_page(image, page_to_maddr(page),
664 page_to_maddr(page));
665 if ( ret < 0 )
666 {
667 free_domheap_page(page);
668 return NULL;
669 }
670 return page;
671 }
672
kimage_load_normal_segment(struct kexec_image * image,xen_kexec_segment_t * segment)673 static int kimage_load_normal_segment(struct kexec_image *image,
674 xen_kexec_segment_t *segment)
675 {
676 unsigned long to_copy;
677 unsigned long src_offset;
678 paddr_t dest, end;
679 int ret;
680
681 to_copy = segment->buf_size;
682 src_offset = 0;
683 dest = segment->dest_maddr;
684
685 ret = kimage_set_destination(image, dest);
686 if ( ret < 0 )
687 return ret;
688
689 while ( to_copy )
690 {
691 unsigned long dest_mfn;
692 struct page_info *page;
693 void *dest_va;
694 size_t size;
695
696 dest_mfn = dest >> PAGE_SHIFT;
697
698 size = min_t(unsigned long, PAGE_SIZE, to_copy);
699
700 page = kimage_alloc_page(image, dest);
701 if ( !page )
702 return -ENOMEM;
703 ret = kimage_add_page(image, page_to_maddr(page));
704 if ( ret < 0 )
705 return ret;
706
707 dest_va = __map_domain_page(page);
708 ret = copy_from_guest_offset(dest_va, segment->buf.h, src_offset, size);
709 unmap_domain_page(dest_va);
710 if ( ret )
711 return -EFAULT;
712
713 to_copy -= size;
714 src_offset += size;
715 dest += PAGE_SIZE;
716 }
717
718 /* Remainder of the destination should be zeroed. */
719 end = segment->dest_maddr + segment->dest_size;
720 for ( ; dest < end; dest += PAGE_SIZE )
721 kimage_add_entry(image, IND_ZERO);
722
723 return 0;
724 }
725
kimage_load_crash_segment(struct kexec_image * image,xen_kexec_segment_t * segment)726 static int kimage_load_crash_segment(struct kexec_image *image,
727 xen_kexec_segment_t *segment)
728 {
729 /*
730 * For crash dumps kernels we simply copy the data from user space
731 * to it's destination.
732 */
733 paddr_t dest;
734 unsigned long sbytes, dbytes;
735 int ret = 0;
736 unsigned long src_offset = 0;
737
738 sbytes = segment->buf_size;
739 dbytes = segment->dest_size;
740 dest = segment->dest_maddr;
741
742 while ( dbytes )
743 {
744 unsigned long dest_mfn;
745 void *dest_va;
746 size_t schunk, dchunk;
747
748 dest_mfn = dest >> PAGE_SHIFT;
749
750 dchunk = PAGE_SIZE;
751 schunk = min(dchunk, sbytes);
752
753 dest_va = map_domain_page(_mfn(dest_mfn));
754 if ( !dest_va )
755 return -EINVAL;
756
757 ret = copy_from_guest_offset(dest_va, segment->buf.h, src_offset, schunk);
758 memset(dest_va + schunk, 0, dchunk - schunk);
759
760 unmap_domain_page(dest_va);
761 if ( ret )
762 return -EFAULT;
763
764 dbytes -= dchunk;
765 sbytes -= schunk;
766 dest += dchunk;
767 src_offset += schunk;
768 }
769
770 return 0;
771 }
772
kimage_load_segment(struct kexec_image * image,xen_kexec_segment_t * segment)773 static int kimage_load_segment(struct kexec_image *image, xen_kexec_segment_t *segment)
774 {
775 int result = -ENOMEM;
776 paddr_t addr;
777
778 if ( !guest_handle_is_null(segment->buf.h) )
779 {
780 switch ( image->type )
781 {
782 case KEXEC_TYPE_DEFAULT:
783 result = kimage_load_normal_segment(image, segment);
784 break;
785 case KEXEC_TYPE_CRASH:
786 result = kimage_load_crash_segment(image, segment);
787 break;
788 }
789 }
790
791 for ( addr = segment->dest_maddr & PAGE_MASK;
792 addr < segment->dest_maddr + segment->dest_size; addr += PAGE_SIZE )
793 {
794 result = machine_kexec_add_page(image, addr, addr);
795 if ( result < 0 )
796 break;
797 }
798
799 return result;
800 }
801
kimage_alloc(struct kexec_image ** rimage,uint8_t type,uint16_t arch,uint64_t entry_maddr,uint32_t nr_segments,xen_kexec_segment_t * segment)802 int kimage_alloc(struct kexec_image **rimage, uint8_t type, uint16_t arch,
803 uint64_t entry_maddr,
804 uint32_t nr_segments, xen_kexec_segment_t *segment)
805 {
806 int result;
807
808 switch( type )
809 {
810 case KEXEC_TYPE_DEFAULT:
811 result = kimage_normal_alloc(rimage, entry_maddr, nr_segments, segment);
812 break;
813 case KEXEC_TYPE_CRASH:
814 result = kimage_crash_alloc(rimage, entry_maddr, nr_segments, segment);
815 break;
816 default:
817 result = -EINVAL;
818 break;
819 }
820 if ( result < 0 )
821 return result;
822
823 (*rimage)->arch = arch;
824
825 return result;
826 }
827
kimage_load_segments(struct kexec_image * image)828 int kimage_load_segments(struct kexec_image *image)
829 {
830 int s;
831 int result;
832
833 for ( s = 0; s < image->nr_segments; s++ ) {
834 result = kimage_load_segment(image, &image->segments[s]);
835 if ( result < 0 )
836 return result;
837 }
838 kimage_terminate(image);
839 return 0;
840 }
841
kimage_entry_next(kimage_entry_t * entry,bool_t compat)842 kimage_entry_t *kimage_entry_next(kimage_entry_t *entry, bool_t compat)
843 {
844 if ( compat )
845 return (kimage_entry_t *)((uint32_t *)entry + 1);
846 return entry + 1;
847 }
848
kimage_entry_mfn(kimage_entry_t * entry,bool_t compat)849 mfn_t kimage_entry_mfn(kimage_entry_t *entry, bool_t compat)
850 {
851 if ( compat )
852 return maddr_to_mfn(*(uint32_t *)entry);
853 return maddr_to_mfn(*entry);
854 }
855
kimage_entry_ind(kimage_entry_t * entry,bool_t compat)856 unsigned long kimage_entry_ind(kimage_entry_t *entry, bool_t compat)
857 {
858 if ( compat )
859 return *(uint32_t *)entry & 0xf;
860 return *entry & 0xf;
861 }
862
kimage_build_ind(struct kexec_image * image,mfn_t ind_mfn,bool_t compat)863 int kimage_build_ind(struct kexec_image *image, mfn_t ind_mfn,
864 bool_t compat)
865 {
866 void *page;
867 kimage_entry_t *entry;
868 int ret = 0;
869 paddr_t dest = KIMAGE_NO_DEST;
870
871 page = map_domain_page(ind_mfn);
872 if ( !page )
873 return -ENOMEM;
874
875 /*
876 * Walk the guest-supplied indirection pages, adding entries to
877 * the image's indirection pages.
878 */
879 for ( entry = page; ; )
880 {
881 unsigned long ind;
882 mfn_t mfn;
883
884 ind = kimage_entry_ind(entry, compat);
885 mfn = kimage_entry_mfn(entry, compat);
886
887 switch ( ind )
888 {
889 case IND_DESTINATION:
890 dest = mfn_to_maddr(mfn);
891 ret = kimage_set_destination(image, dest);
892 if ( ret < 0 )
893 goto done;
894 break;
895 case IND_INDIRECTION:
896 unmap_domain_page(page);
897 page = map_domain_page(mfn);
898 entry = page;
899 continue;
900 case IND_DONE:
901 kimage_terminate(image);
902 goto done;
903 case IND_SOURCE:
904 {
905 struct page_info *guest_page, *xen_page;
906
907 guest_page = mfn_to_page(mfn);
908 if ( !get_page(guest_page, current->domain) )
909 {
910 ret = -EFAULT;
911 goto done;
912 }
913
914 xen_page = kimage_alloc_page(image, dest);
915 if ( !xen_page )
916 {
917 put_page(guest_page);
918 ret = -ENOMEM;
919 goto done;
920 }
921
922 copy_domain_page(page_to_mfn(xen_page), mfn);
923 put_page(guest_page);
924
925 ret = kimage_add_page(image, page_to_maddr(xen_page));
926 if ( ret < 0 )
927 goto done;
928
929 ret = machine_kexec_add_page(image, dest, dest);
930 if ( ret < 0 )
931 goto done;
932
933 dest += PAGE_SIZE;
934 break;
935 }
936 default:
937 ret = -EINVAL;
938 goto done;
939 }
940 entry = kimage_entry_next(entry, compat);
941 }
942 done:
943 unmap_domain_page(page);
944 return ret;
945 }
946
947 /*
948 * Local variables:
949 * mode: C
950 * c-file-style: "BSD"
951 * c-basic-offset: 4
952 * tab-width: 4
953 * indent-tabs-mode: nil
954 * End:
955 */
956