Path: blob/master/arch/s390/kernel/machine_kexec_file.c
26424 views
// SPDX-License-Identifier: GPL-2.01/*2* s390 code for kexec_file_load system call3*4* Copyright IBM Corp. 20185*6* Author(s): Philipp Rudo <[email protected]>7*/89#define pr_fmt(fmt) "kexec: " fmt1011#include <linux/elf.h>12#include <linux/errno.h>13#include <linux/kexec.h>14#include <linux/module_signature.h>15#include <linux/verification.h>16#include <linux/vmalloc.h>17#include <asm/boot_data.h>18#include <asm/ipl.h>19#include <asm/setup.h>2021const struct kexec_file_ops * const kexec_file_loaders[] = {22&s390_kexec_elf_ops,23&s390_kexec_image_ops,24NULL,25};2627#ifdef CONFIG_KEXEC_SIG28int s390_verify_sig(const char *kernel, unsigned long kernel_len)29{30const unsigned long marker_len = sizeof(MODULE_SIG_STRING) - 1;31struct module_signature *ms;32unsigned long sig_len;33int ret;3435/* Skip signature verification when not secure IPLed. */36if (!ipl_secure_flag)37return 0;3839if (marker_len > kernel_len)40return -EKEYREJECTED;4142if (memcmp(kernel + kernel_len - marker_len, MODULE_SIG_STRING,43marker_len))44return -EKEYREJECTED;45kernel_len -= marker_len;4647ms = (void *)kernel + kernel_len - sizeof(*ms);48kernel_len -= sizeof(*ms);4950sig_len = be32_to_cpu(ms->sig_len);51if (sig_len >= kernel_len)52return -EKEYREJECTED;53kernel_len -= sig_len;5455if (ms->id_type != PKEY_ID_PKCS7)56return -EKEYREJECTED;5758if (ms->algo != 0 ||59ms->hash != 0 ||60ms->signer_len != 0 ||61ms->key_id_len != 0 ||62ms->__pad[0] != 0 ||63ms->__pad[1] != 0 ||64ms->__pad[2] != 0) {65return -EBADMSG;66}6768ret = verify_pkcs7_signature(kernel, kernel_len,69kernel + kernel_len, sig_len,70VERIFY_USE_SECONDARY_KEYRING,71VERIFYING_MODULE_SIGNATURE,72NULL, NULL);73if (ret == -ENOKEY && IS_ENABLED(CONFIG_INTEGRITY_PLATFORM_KEYRING))74ret = verify_pkcs7_signature(kernel, kernel_len,75kernel + kernel_len, sig_len,76VERIFY_USE_PLATFORM_KEYRING,77VERIFYING_MODULE_SIGNATURE,78NULL, NULL);79return ret;80}81#endif /* CONFIG_KEXEC_SIG */8283static int kexec_file_update_purgatory(struct kimage *image,84struct s390_load_data *data)85{86u64 entry, type;87int ret;8889if (image->type == KEXEC_TYPE_CRASH) {90entry = STARTUP_KDUMP_OFFSET;91type = KEXEC_TYPE_CRASH;92} else {93entry = STARTUP_NORMAL_OFFSET;94type = KEXEC_TYPE_DEFAULT;95}9697ret = kexec_purgatory_get_set_symbol(image, "kernel_entry", &entry,98sizeof(entry), false);99if (ret)100return ret;101102ret = kexec_purgatory_get_set_symbol(image, "kernel_type", &type,103sizeof(type), false);104if (ret)105return ret;106107#ifdef CONFIG_CRASH_DUMP108if (image->type == KEXEC_TYPE_CRASH) {109u64 crash_size;110111ret = kexec_purgatory_get_set_symbol(image, "crash_start",112&crashk_res.start,113sizeof(crashk_res.start),114false);115if (ret)116return ret;117118crash_size = crashk_res.end - crashk_res.start + 1;119ret = kexec_purgatory_get_set_symbol(image, "crash_size",120&crash_size,121sizeof(crash_size),122false);123}124#endif125return ret;126}127128static int kexec_file_add_purgatory(struct kimage *image,129struct s390_load_data *data)130{131struct kexec_buf buf;132int ret;133134buf.image = image;135136data->memsz = ALIGN(data->memsz, PAGE_SIZE);137buf.mem = data->memsz;138#ifdef CONFIG_CRASH_DUMP139if (image->type == KEXEC_TYPE_CRASH)140buf.mem += crashk_res.start;141#endif142143ret = kexec_load_purgatory(image, &buf);144if (ret)145return ret;146data->memsz += buf.memsz;147148return kexec_file_update_purgatory(image, data);149}150151static int kexec_file_add_initrd(struct kimage *image,152struct s390_load_data *data)153{154struct kexec_buf buf;155int ret;156157buf.image = image;158159buf.buffer = image->initrd_buf;160buf.bufsz = image->initrd_buf_len;161162data->memsz = ALIGN(data->memsz, PAGE_SIZE);163buf.mem = data->memsz;164#ifdef CONFIG_CRASH_DUMP165if (image->type == KEXEC_TYPE_CRASH)166buf.mem += crashk_res.start;167#endif168buf.memsz = buf.bufsz;169170data->parm->initrd_start = data->memsz;171data->parm->initrd_size = buf.memsz;172data->memsz += buf.memsz;173174ret = kexec_add_buffer(&buf);175if (ret)176return ret;177178return ipl_report_add_component(data->report, &buf, 0, 0);179}180181static int kexec_file_add_ipl_report(struct kimage *image,182struct s390_load_data *data)183{184__u32 *lc_ipl_parmblock_ptr;185unsigned int len, ncerts;186struct kexec_buf buf;187unsigned long addr;188void *ptr, *end;189int ret;190191buf.image = image;192193data->memsz = ALIGN(data->memsz, PAGE_SIZE);194buf.mem = data->memsz;195196ptr = __va(ipl_cert_list_addr);197end = ptr + ipl_cert_list_size;198ncerts = 0;199while (ptr < end) {200ncerts++;201len = *(unsigned int *)ptr;202ptr += sizeof(len);203ptr += len;204}205206addr = data->memsz + data->report->size;207addr += ncerts * sizeof(struct ipl_rb_certificate_entry);208ptr = __va(ipl_cert_list_addr);209while (ptr < end) {210len = *(unsigned int *)ptr;211ptr += sizeof(len);212ipl_report_add_certificate(data->report, ptr, addr, len);213addr += len;214ptr += len;215}216217ret = -ENOMEM;218buf.buffer = ipl_report_finish(data->report);219if (!buf.buffer)220goto out;221buf.bufsz = data->report->size;222buf.memsz = buf.bufsz;223image->arch.ipl_buf = buf.buffer;224225data->memsz += buf.memsz;226227lc_ipl_parmblock_ptr =228data->kernel_buf + offsetof(struct lowcore, ipl_parmblock_ptr);229*lc_ipl_parmblock_ptr = (__u32)buf.mem;230231#ifdef CONFIG_CRASH_DUMP232if (image->type == KEXEC_TYPE_CRASH)233buf.mem += crashk_res.start;234#endif235236ret = kexec_add_buffer(&buf);237out:238return ret;239}240241void *kexec_file_add_components(struct kimage *image,242int (*add_kernel)(struct kimage *image,243struct s390_load_data *data))244{245unsigned long max_command_line_size = LEGACY_COMMAND_LINE_SIZE;246struct s390_load_data data = {0};247unsigned long minsize;248int ret;249250data.report = ipl_report_init(&ipl_block);251if (IS_ERR(data.report))252return data.report;253254ret = add_kernel(image, &data);255if (ret)256goto out;257258ret = -EINVAL;259minsize = PARMAREA + offsetof(struct parmarea, command_line);260if (image->kernel_buf_len < minsize)261goto out;262263if (data.parm->max_command_line_size)264max_command_line_size = data.parm->max_command_line_size;265266if (minsize + max_command_line_size < minsize)267goto out;268269if (image->kernel_buf_len < minsize + max_command_line_size)270goto out;271272if (image->cmdline_buf_len >= max_command_line_size)273goto out;274275memcpy(data.parm->command_line, image->cmdline_buf,276image->cmdline_buf_len);277278#ifdef CONFIG_CRASH_DUMP279if (image->type == KEXEC_TYPE_CRASH) {280data.parm->oldmem_base = crashk_res.start;281data.parm->oldmem_size = crashk_res.end - crashk_res.start + 1;282}283#endif284285if (image->initrd_buf) {286ret = kexec_file_add_initrd(image, &data);287if (ret)288goto out;289}290291ret = kexec_file_add_purgatory(image, &data);292if (ret)293goto out;294295if (data.kernel_mem == 0) {296unsigned long restart_psw = 0x0008000080000000UL;297restart_psw += image->start;298memcpy(data.kernel_buf, &restart_psw, sizeof(restart_psw));299image->start = 0;300}301302ret = kexec_file_add_ipl_report(image, &data);303out:304ipl_report_free(data.report);305return ERR_PTR(ret);306}307308int arch_kexec_apply_relocations_add(struct purgatory_info *pi,309Elf_Shdr *section,310const Elf_Shdr *relsec,311const Elf_Shdr *symtab)312{313const char *strtab, *name, *shstrtab;314const Elf_Shdr *sechdrs;315Elf_Rela *relas;316int i, r_type;317int ret;318319/* String & section header string table */320sechdrs = (void *)pi->ehdr + pi->ehdr->e_shoff;321strtab = (char *)pi->ehdr + sechdrs[symtab->sh_link].sh_offset;322shstrtab = (char *)pi->ehdr + sechdrs[pi->ehdr->e_shstrndx].sh_offset;323324relas = (void *)pi->ehdr + relsec->sh_offset;325326for (i = 0; i < relsec->sh_size / sizeof(*relas); i++) {327const Elf_Sym *sym; /* symbol to relocate */328unsigned long addr; /* final location after relocation */329unsigned long val; /* relocated symbol value */330void *loc; /* tmp location to modify */331332sym = (void *)pi->ehdr + symtab->sh_offset;333sym += ELF64_R_SYM(relas[i].r_info);334335if (sym->st_name)336name = strtab + sym->st_name;337else338name = shstrtab + sechdrs[sym->st_shndx].sh_name;339340if (sym->st_shndx == SHN_UNDEF) {341pr_err("Undefined symbol: %s\n", name);342return -ENOEXEC;343}344345if (sym->st_shndx == SHN_COMMON) {346pr_err("symbol '%s' in common section\n", name);347return -ENOEXEC;348}349350if (sym->st_shndx >= pi->ehdr->e_shnum &&351sym->st_shndx != SHN_ABS) {352pr_err("Invalid section %d for symbol %s\n",353sym->st_shndx, name);354return -ENOEXEC;355}356357loc = pi->purgatory_buf;358loc += section->sh_offset;359loc += relas[i].r_offset;360361val = sym->st_value;362if (sym->st_shndx != SHN_ABS)363val += pi->sechdrs[sym->st_shndx].sh_addr;364val += relas[i].r_addend;365366addr = section->sh_addr + relas[i].r_offset;367368r_type = ELF64_R_TYPE(relas[i].r_info);369370if (r_type == R_390_PLT32DBL)371r_type = R_390_PC32DBL;372373ret = arch_kexec_do_relocs(r_type, loc, val, addr);374if (ret) {375pr_err("Unknown rela relocation: %d\n", r_type);376return -ENOEXEC;377}378}379return 0;380}381382int arch_kimage_file_post_load_cleanup(struct kimage *image)383{384vfree(image->arch.ipl_buf);385image->arch.ipl_buf = NULL;386387return kexec_image_post_load_cleanup_default(image);388}389390391