1
// SPDX-License-Identifier: GPL-2.0-only
2
/*
3
 * crash.c - kernel crash support code.
4
 * Copyright (C) 2002-2004 Eric Biederman  <[email protected]>
5
 */
6

7
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
8

9
#include <linux/buildid.h>
10
#include <linux/init.h>
11
#include <linux/utsname.h>
12
#include <linux/vmalloc.h>
13
#include <linux/sizes.h>
14
#include <linux/kexec.h>
15
#include <linux/memory.h>
16
#include <linux/mm.h>
17
#include <linux/cpuhotplug.h>
18
#include <linux/memblock.h>
19
#include <linux/kmemleak.h>
20
#include <linux/crash_core.h>
21
#include <linux/reboot.h>
22
#include <linux/btf.h>
23
#include <linux/objtool.h>
24
#include <linux/delay.h>
25

26
#include <asm/page.h>
27
#include <asm/sections.h>
28

29
#include <crypto/sha1.h>
30

31
#include "kallsyms_internal.h"
32
#include "kexec_internal.h"
33

34
/* Per cpu memory for storing cpu states in case of system crash. */
35
note_buf_t __percpu *crash_notes;
36

37
/* time to wait for possible DMA to finish before starting the kdump kernel
38
 * when a CMA reservation is used
39
 */
40
#define CMA_DMA_TIMEOUT_SEC 10
41

42
#ifdef CONFIG_CRASH_DUMP
43

44
int kimage_crash_copy_vmcoreinfo(struct kimage *image)
45
{
46
	struct page *vmcoreinfo_page;
47
	void *safecopy;
48

49
	if (!IS_ENABLED(CONFIG_CRASH_DUMP))
50
		return 0;
51
	if (image->type != KEXEC_TYPE_CRASH)
52
		return 0;
53

54
	/*
55
	 * For kdump, allocate one vmcoreinfo safe copy from the
56
	 * crash memory. as we have arch_kexec_protect_crashkres()
57
	 * after kexec syscall, we naturally protect it from write
58
	 * (even read) access under kernel direct mapping. But on
59
	 * the other hand, we still need to operate it when crash
60
	 * happens to generate vmcoreinfo note, hereby we rely on
61
	 * vmap for this purpose.
62
	 */
63
	vmcoreinfo_page = kimage_alloc_control_pages(image, 0);
64
	if (!vmcoreinfo_page) {
65
		pr_warn("Could not allocate vmcoreinfo buffer\n");
66
		return -ENOMEM;
67
	}
68
	safecopy = vmap(&vmcoreinfo_page, 1, VM_MAP, PAGE_KERNEL);
69
	if (!safecopy) {
70
		pr_warn("Could not vmap vmcoreinfo buffer\n");
71
		return -ENOMEM;
72
	}
73

74
	image->vmcoreinfo_data_copy = safecopy;
75
	crash_update_vmcoreinfo_safecopy(safecopy);
76

77
	return 0;
78
}
79

80

81

82
int kexec_should_crash(struct task_struct *p)
83
{
84
	/*
85
	 * If crash_kexec_post_notifiers is enabled, don't run
86
	 * crash_kexec() here yet, which must be run after panic
87
	 * notifiers in panic().
88
	 */
89
	if (crash_kexec_post_notifiers)
90
		return 0;
91
	/*
92
	 * There are 4 panic() calls in make_task_dead() path, each of which
93
	 * corresponds to each of these 4 conditions.
94
	 */
95
	if (in_interrupt() || !p->pid || is_global_init(p) || panic_on_oops)
96
		return 1;
97
	return 0;
98
}
99

100
int kexec_crash_loaded(void)
101
{
102
	return !!kexec_crash_image;
103
}
104
EXPORT_SYMBOL_GPL(kexec_crash_loaded);
105

106
static void crash_cma_clear_pending_dma(void)
107
{
108
	if (!crashk_cma_cnt)
109
		return;
110

111
	mdelay(CMA_DMA_TIMEOUT_SEC * 1000);
112
}
113

114
/*
115
 * No panic_cpu check version of crash_kexec().  This function is called
116
 * only when panic_cpu holds the current CPU number; this is the only CPU
117
 * which processes crash_kexec routines.
118
 */
119
void __noclone __crash_kexec(struct pt_regs *regs)
120
{
121
	/* Take the kexec_lock here to prevent sys_kexec_load
122
	 * running on one cpu from replacing the crash kernel
123
	 * we are using after a panic on a different cpu.
124
	 *
125
	 * If the crash kernel was not located in a fixed area
126
	 * of memory the xchg(&kexec_crash_image) would be
127
	 * sufficient.  But since I reuse the memory...
128
	 */
129
	if (kexec_trylock()) {
130
		if (kexec_crash_image) {
131
			struct pt_regs fixed_regs;
132

133
			crash_setup_regs(&fixed_regs, regs);
134
			crash_save_vmcoreinfo();
135
			machine_crash_shutdown(&fixed_regs);
136
			crash_cma_clear_pending_dma();
137
			machine_kexec(kexec_crash_image);
138
		}
139
		kexec_unlock();
140
	}
141
}
142
STACK_FRAME_NON_STANDARD(__crash_kexec);
143

144
__bpf_kfunc void crash_kexec(struct pt_regs *regs)
145
{
146
	int old_cpu, this_cpu;
147

148
	/*
149
	 * Only one CPU is allowed to execute the crash_kexec() code as with
150
	 * panic().  Otherwise parallel calls of panic() and crash_kexec()
151
	 * may stop each other.  To exclude them, we use panic_cpu here too.
152
	 */
153
	old_cpu = PANIC_CPU_INVALID;
154
	this_cpu = raw_smp_processor_id();
155

156
	if (atomic_try_cmpxchg(&panic_cpu, &old_cpu, this_cpu)) {
157
		/* This is the 1st CPU which comes here, so go ahead. */
158
		__crash_kexec(regs);
159

160
		/*
161
		 * Reset panic_cpu to allow another panic()/crash_kexec()
162
		 * call.
163
		 */
164
		atomic_set(&panic_cpu, PANIC_CPU_INVALID);
165
	}
166
}
167

168
static inline resource_size_t crash_resource_size(const struct resource *res)
169
{
170
	return !res->end ? 0 : resource_size(res);
171
}
172

173

174

175

176
int crash_prepare_elf64_headers(struct crash_mem *mem, int need_kernel_map,
177
			  void **addr, unsigned long *sz)
178
{
179
	Elf64_Ehdr *ehdr;
180
	Elf64_Phdr *phdr;
181
	unsigned long nr_cpus = num_possible_cpus(), nr_phdr, elf_sz;
182
	unsigned char *buf;
183
	unsigned int cpu, i;
184
	unsigned long long notes_addr;
185
	unsigned long mstart, mend;
186

187
	/* extra phdr for vmcoreinfo ELF note */
188
	nr_phdr = nr_cpus + 1;
189
	nr_phdr += mem->nr_ranges;
190

191
	/*
192
	 * kexec-tools creates an extra PT_LOAD phdr for kernel text mapping
193
	 * area (for example, ffffffff80000000 - ffffffffa0000000 on x86_64).
194
	 * I think this is required by tools like gdb. So same physical
195
	 * memory will be mapped in two ELF headers. One will contain kernel
196
	 * text virtual addresses and other will have __va(physical) addresses.
197
	 */
198

199
	nr_phdr++;
200
	elf_sz = sizeof(Elf64_Ehdr) + nr_phdr * sizeof(Elf64_Phdr);
201
	elf_sz = ALIGN(elf_sz, ELF_CORE_HEADER_ALIGN);
202

203
	buf = vzalloc(elf_sz);
204
	if (!buf)
205
		return -ENOMEM;
206

207
	ehdr = (Elf64_Ehdr *)buf;
208
	phdr = (Elf64_Phdr *)(ehdr + 1);
209
	memcpy(ehdr->e_ident, ELFMAG, SELFMAG);
210
	ehdr->e_ident[EI_CLASS] = ELFCLASS64;
211
	ehdr->e_ident[EI_DATA] = ELFDATA2LSB;
212
	ehdr->e_ident[EI_VERSION] = EV_CURRENT;
213
	ehdr->e_ident[EI_OSABI] = ELF_OSABI;
214
	memset(ehdr->e_ident + EI_PAD, 0, EI_NIDENT - EI_PAD);
215
	ehdr->e_type = ET_CORE;
216
	ehdr->e_machine = ELF_ARCH;
217
	ehdr->e_version = EV_CURRENT;
218
	ehdr->e_phoff = sizeof(Elf64_Ehdr);
219
	ehdr->e_ehsize = sizeof(Elf64_Ehdr);
220
	ehdr->e_phentsize = sizeof(Elf64_Phdr);
221

222
	/* Prepare one phdr of type PT_NOTE for each possible CPU */
223
	for_each_possible_cpu(cpu) {
224
		phdr->p_type = PT_NOTE;
225
		notes_addr = per_cpu_ptr_to_phys(per_cpu_ptr(crash_notes, cpu));
226
		phdr->p_offset = phdr->p_paddr = notes_addr;
227
		phdr->p_filesz = phdr->p_memsz = sizeof(note_buf_t);
228
		(ehdr->e_phnum)++;
229
		phdr++;
230
	}
231

232
	/* Prepare one PT_NOTE header for vmcoreinfo */
233
	phdr->p_type = PT_NOTE;
234
	phdr->p_offset = phdr->p_paddr = paddr_vmcoreinfo_note();
235
	phdr->p_filesz = phdr->p_memsz = VMCOREINFO_NOTE_SIZE;
236
	(ehdr->e_phnum)++;
237
	phdr++;
238

239
	/* Prepare PT_LOAD type program header for kernel text region */
240
	if (need_kernel_map) {
241
		phdr->p_type = PT_LOAD;
242
		phdr->p_flags = PF_R|PF_W|PF_X;
243
		phdr->p_vaddr = (unsigned long) _text;
244
		phdr->p_filesz = phdr->p_memsz = _end - _text;
245
		phdr->p_offset = phdr->p_paddr = __pa_symbol(_text);
246
		ehdr->e_phnum++;
247
		phdr++;
248
	}
249

250
	/* Go through all the ranges in mem->ranges[] and prepare phdr */
251
	for (i = 0; i < mem->nr_ranges; i++) {
252
		mstart = mem->ranges[i].start;
253
		mend = mem->ranges[i].end;
254

255
		phdr->p_type = PT_LOAD;
256
		phdr->p_flags = PF_R|PF_W|PF_X;
257
		phdr->p_offset  = mstart;
258

259
		phdr->p_paddr = mstart;
260
		phdr->p_vaddr = (unsigned long) __va(mstart);
261
		phdr->p_filesz = phdr->p_memsz = mend - mstart + 1;
262
		phdr->p_align = 0;
263
		ehdr->e_phnum++;
264
#ifdef CONFIG_KEXEC_FILE
265
		kexec_dprintk("Crash PT_LOAD ELF header. phdr=%p vaddr=0x%llx, paddr=0x%llx, sz=0x%llx e_phnum=%d p_offset=0x%llx\n",
266
			      phdr, phdr->p_vaddr, phdr->p_paddr, phdr->p_filesz,
267
			      ehdr->e_phnum, phdr->p_offset);
268
#endif
269
		phdr++;
270
	}
271

272
	*addr = buf;
273
	*sz = elf_sz;
274
	return 0;
275
}
276

277
int crash_exclude_mem_range(struct crash_mem *mem,
278
			    unsigned long long mstart, unsigned long long mend)
279
{
280
	int i;
281
	unsigned long long start, end, p_start, p_end;
282

283
	for (i = 0; i < mem->nr_ranges; i++) {
284
		start = mem->ranges[i].start;
285
		end = mem->ranges[i].end;
286
		p_start = mstart;
287
		p_end = mend;
288

289
		if (p_start > end)
290
			continue;
291

292
		/*
293
		 * Because the memory ranges in mem->ranges are stored in
294
		 * ascending order, when we detect `p_end < start`, we can
295
		 * immediately exit the for loop, as the subsequent memory
296
		 * ranges will definitely be outside the range we are looking
297
		 * for.
298
		 */
299
		if (p_end < start)
300
			break;
301

302
		/* Truncate any area outside of range */
303
		if (p_start < start)
304
			p_start = start;
305
		if (p_end > end)
306
			p_end = end;
307

308
		/* Found completely overlapping range */
309
		if (p_start == start && p_end == end) {
310
			memmove(&mem->ranges[i], &mem->ranges[i + 1],
311
				(mem->nr_ranges - (i + 1)) * sizeof(mem->ranges[i]));
312
			i--;
313
			mem->nr_ranges--;
314
		} else if (p_start > start && p_end < end) {
315
			/* Split original range */
316
			if (mem->nr_ranges >= mem->max_nr_ranges)
317
				return -ENOMEM;
318

319
			memmove(&mem->ranges[i + 2], &mem->ranges[i + 1],
320
				(mem->nr_ranges - (i + 1)) * sizeof(mem->ranges[i]));
321

322
			mem->ranges[i].end = p_start - 1;
323
			mem->ranges[i + 1].start = p_end + 1;
324
			mem->ranges[i + 1].end = end;
325

326
			i++;
327
			mem->nr_ranges++;
328
		} else if (p_start != start)
329
			mem->ranges[i].end = p_start - 1;
330
		else
331
			mem->ranges[i].start = p_end + 1;
332
	}
333

334
	return 0;
335
}
336

337
ssize_t crash_get_memory_size(void)
338
{
339
	ssize_t size = 0;
340

341
	if (!kexec_trylock())
342
		return -EBUSY;
343

344
	size += crash_resource_size(&crashk_res);
345
	size += crash_resource_size(&crashk_low_res);
346

347
	kexec_unlock();
348
	return size;
349
}
350

351
static int __crash_shrink_memory(struct resource *old_res,
352
				 unsigned long new_size)
353
{
354
	struct resource *ram_res;
355

356
	ram_res = kzalloc(sizeof(*ram_res), GFP_KERNEL);
357
	if (!ram_res)
358
		return -ENOMEM;
359

360
	ram_res->start = old_res->start + new_size;
361
	ram_res->end   = old_res->end;
362
	ram_res->flags = IORESOURCE_BUSY | IORESOURCE_SYSTEM_RAM;
363
	ram_res->name  = "System RAM";
364

365
	if (!new_size) {
366
		release_resource(old_res);
367
		old_res->start = 0;
368
		old_res->end   = 0;
369
	} else {
370
		crashk_res.end = ram_res->start - 1;
371
	}
372

373
	crash_free_reserved_phys_range(ram_res->start, ram_res->end);
374
	insert_resource(&iomem_resource, ram_res);
375

376
	return 0;
377
}
378

379
int crash_shrink_memory(unsigned long new_size)
380
{
381
	int ret = 0;
382
	unsigned long old_size, low_size;
383

384
	if (!kexec_trylock())
385
		return -EBUSY;
386

387
	if (kexec_crash_image) {
388
		ret = -ENOENT;
389
		goto unlock;
390
	}
391

392
	low_size = crash_resource_size(&crashk_low_res);
393
	old_size = crash_resource_size(&crashk_res) + low_size;
394
	new_size = roundup(new_size, KEXEC_CRASH_MEM_ALIGN);
395
	if (new_size >= old_size) {
396
		ret = (new_size == old_size) ? 0 : -EINVAL;
397
		goto unlock;
398
	}
399

400
	/*
401
	 * (low_size > new_size) implies that low_size is greater than zero.
402
	 * This also means that if low_size is zero, the else branch is taken.
403
	 *
404
	 * If low_size is greater than 0, (low_size > new_size) indicates that
405
	 * crashk_low_res also needs to be shrunken. Otherwise, only crashk_res
406
	 * needs to be shrunken.
407
	 */
408
	if (low_size > new_size) {
409
		ret = __crash_shrink_memory(&crashk_res, 0);
410
		if (ret)
411
			goto unlock;
412

413
		ret = __crash_shrink_memory(&crashk_low_res, new_size);
414
	} else {
415
		ret = __crash_shrink_memory(&crashk_res, new_size - low_size);
416
	}
417

418
	/* Swap crashk_res and crashk_low_res if needed */
419
	if (!crashk_res.end && crashk_low_res.end) {
420
		crashk_res.start = crashk_low_res.start;
421
		crashk_res.end   = crashk_low_res.end;
422
		release_resource(&crashk_low_res);
423
		crashk_low_res.start = 0;
424
		crashk_low_res.end   = 0;
425
		insert_resource(&iomem_resource, &crashk_res);
426
	}
427

428
unlock:
429
	kexec_unlock();
430
	return ret;
431
}
432

433
void crash_save_cpu(struct pt_regs *regs, int cpu)
434
{
435
	struct elf_prstatus prstatus;
436
	u32 *buf;
437

438
	if ((cpu < 0) || (cpu >= nr_cpu_ids))
439
		return;
440

441
	/* Using ELF notes here is opportunistic.
442
	 * I need a well defined structure format
443
	 * for the data I pass, and I need tags
444
	 * on the data to indicate what information I have
445
	 * squirrelled away.  ELF notes happen to provide
446
	 * all of that, so there is no need to invent something new.
447
	 */
448
	buf = (u32 *)per_cpu_ptr(crash_notes, cpu);
449
	if (!buf)
450
		return;
451
	memset(&prstatus, 0, sizeof(prstatus));
452
	prstatus.common.pr_pid = current->pid;
453
	elf_core_copy_regs(&prstatus.pr_reg, regs);
454
	buf = append_elf_note(buf, NN_PRSTATUS, NT_PRSTATUS,
455
			      &prstatus, sizeof(prstatus));
456
	final_note(buf);
457
}
458

459

460

461
static int __init crash_notes_memory_init(void)
462
{
463
	/* Allocate memory for saving cpu registers. */
464
	size_t size, align;
465

466
	/*
467
	 * crash_notes could be allocated across 2 vmalloc pages when percpu
468
	 * is vmalloc based . vmalloc doesn't guarantee 2 continuous vmalloc
469
	 * pages are also on 2 continuous physical pages. In this case the
470
	 * 2nd part of crash_notes in 2nd page could be lost since only the
471
	 * starting address and size of crash_notes are exported through sysfs.
472
	 * Here round up the size of crash_notes to the nearest power of two
473
	 * and pass it to __alloc_percpu as align value. This can make sure
474
	 * crash_notes is allocated inside one physical page.
475
	 */
476
	size = sizeof(note_buf_t);
477
	align = min(roundup_pow_of_two(sizeof(note_buf_t)), PAGE_SIZE);
478

479
	/*
480
	 * Break compile if size is bigger than PAGE_SIZE since crash_notes
481
	 * definitely will be in 2 pages with that.
482
	 */
483
	BUILD_BUG_ON(size > PAGE_SIZE);
484

485
	crash_notes = __alloc_percpu(size, align);
486
	if (!crash_notes) {
487
		pr_warn("Memory allocation for saving cpu register states failed\n");
488
		return -ENOMEM;
489
	}
490
	return 0;
491
}
492
subsys_initcall(crash_notes_memory_init);
493

494
#endif /*CONFIG_CRASH_DUMP*/
495

496
#ifdef CONFIG_CRASH_HOTPLUG
497
#undef pr_fmt
498
#define pr_fmt(fmt) "crash hp: " fmt
499

500
/*
501
 * Different than kexec/kdump loading/unloading/jumping/shrinking which
502
 * usually rarely happen, there will be many crash hotplug events notified
503
 * during one short period, e.g one memory board is hot added and memory
504
 * regions are online. So mutex lock  __crash_hotplug_lock is used to
505
 * serialize the crash hotplug handling specifically.
506
 */
507
static DEFINE_MUTEX(__crash_hotplug_lock);
508
#define crash_hotplug_lock() mutex_lock(&__crash_hotplug_lock)
509
#define crash_hotplug_unlock() mutex_unlock(&__crash_hotplug_lock)
510

511
/*
512
 * This routine utilized when the crash_hotplug sysfs node is read.
513
 * It reflects the kernel's ability/permission to update the kdump
514
 * image directly.
515
 */
516
int crash_check_hotplug_support(void)
517
{
518
	int rc = 0;
519

520
	crash_hotplug_lock();
521
	/* Obtain lock while reading crash information */
522
	if (!kexec_trylock()) {
523
		if (!kexec_in_progress)
524
			pr_info("kexec_trylock() failed, kdump image may be inaccurate\n");
525
		crash_hotplug_unlock();
526
		return 0;
527
	}
528
	if (kexec_crash_image) {
529
		rc = kexec_crash_image->hotplug_support;
530
	}
531
	/* Release lock now that update complete */
532
	kexec_unlock();
533
	crash_hotplug_unlock();
534

535
	return rc;
536
}
537

538
/*
539
 * To accurately reflect hot un/plug changes of CPU and Memory resources
540
 * (including onling and offlining of those resources), the relevant
541
 * kexec segments must be updated with latest CPU and Memory resources.
542
 *
543
 * Architectures must ensure two things for all segments that need
544
 * updating during hotplug events:
545
 *
546
 * 1. Segments must be large enough to accommodate a growing number of
547
 *    resources.
548
 * 2. Exclude the segments from SHA verification.
549
 *
550
 * For example, on most architectures, the elfcorehdr (which is passed
551
 * to the crash kernel via the elfcorehdr= parameter) must include the
552
 * new list of CPUs and memory. To make changes to the elfcorehdr, it
553
 * should be large enough to permit a growing number of CPU and Memory
554
 * resources. One can estimate the elfcorehdr memory size based on
555
 * NR_CPUS_DEFAULT and CRASH_MAX_MEMORY_RANGES. The elfcorehdr is
556
 * excluded from SHA verification by default if the architecture
557
 * supports crash hotplug.
558
 */
559
static void crash_handle_hotplug_event(unsigned int hp_action, unsigned int cpu, void *arg)
560
{
561
	struct kimage *image;
562

563
	crash_hotplug_lock();
564
	/* Obtain lock while changing crash information */
565
	if (!kexec_trylock()) {
566
		if (!kexec_in_progress)
567
			pr_info("kexec_trylock() failed, kdump image may be inaccurate\n");
568
		crash_hotplug_unlock();
569
		return;
570
	}
571

572
	/* Check kdump is not loaded */
573
	if (!kexec_crash_image)
574
		goto out;
575

576
	image = kexec_crash_image;
577

578
	/* Check that kexec segments update is permitted */
579
	if (!image->hotplug_support)
580
		goto out;
581

582
	if (hp_action == KEXEC_CRASH_HP_ADD_CPU ||
583
		hp_action == KEXEC_CRASH_HP_REMOVE_CPU)
584
		pr_debug("hp_action %u, cpu %u\n", hp_action, cpu);
585
	else
586
		pr_debug("hp_action %u\n", hp_action);
587

588
	/*
589
	 * The elfcorehdr_index is set to -1 when the struct kimage
590
	 * is allocated. Find the segment containing the elfcorehdr,
591
	 * if not already found.
592
	 */
593
	if (image->elfcorehdr_index < 0) {
594
		unsigned long mem;
595
		unsigned char *ptr;
596
		unsigned int n;
597

598
		for (n = 0; n < image->nr_segments; n++) {
599
			mem = image->segment[n].mem;
600
			ptr = kmap_local_page(pfn_to_page(mem >> PAGE_SHIFT));
601
			if (ptr) {
602
				/* The segment containing elfcorehdr */
603
				if (memcmp(ptr, ELFMAG, SELFMAG) == 0)
604
					image->elfcorehdr_index = (int)n;
605
				kunmap_local(ptr);
606
			}
607
		}
608
	}
609

610
	if (image->elfcorehdr_index < 0) {
611
		pr_err("unable to locate elfcorehdr segment");
612
		goto out;
613
	}
614

615
	/* Needed in order for the segments to be updated */
616
	arch_kexec_unprotect_crashkres();
617

618
	/* Differentiate between normal load and hotplug update */
619
	image->hp_action = hp_action;
620

621
	/* Now invoke arch-specific update handler */
622
	arch_crash_handle_hotplug_event(image, arg);
623

624
	/* No longer handling a hotplug event */
625
	image->hp_action = KEXEC_CRASH_HP_NONE;
626
	image->elfcorehdr_updated = true;
627

628
	/* Change back to read-only */
629
	arch_kexec_protect_crashkres();
630

631
	/* Errors in the callback is not a reason to rollback state */
632
out:
633
	/* Release lock now that update complete */
634
	kexec_unlock();
635
	crash_hotplug_unlock();
636
}
637

638
static int crash_memhp_notifier(struct notifier_block *nb, unsigned long val, void *arg)
639
{
640
	switch (val) {
641
	case MEM_ONLINE:
642
		crash_handle_hotplug_event(KEXEC_CRASH_HP_ADD_MEMORY,
643
			KEXEC_CRASH_HP_INVALID_CPU, arg);
644
		break;
645

646
	case MEM_OFFLINE:
647
		crash_handle_hotplug_event(KEXEC_CRASH_HP_REMOVE_MEMORY,
648
			KEXEC_CRASH_HP_INVALID_CPU, arg);
649
		break;
650
	}
651
	return NOTIFY_OK;
652
}
653

654
static struct notifier_block crash_memhp_nb = {
655
	.notifier_call = crash_memhp_notifier,
656
	.priority = 0
657
};
658

659
static int crash_cpuhp_online(unsigned int cpu)
660
{
661
	crash_handle_hotplug_event(KEXEC_CRASH_HP_ADD_CPU, cpu, NULL);
662
	return 0;
663
}
664

665
static int crash_cpuhp_offline(unsigned int cpu)
666
{
667
	crash_handle_hotplug_event(KEXEC_CRASH_HP_REMOVE_CPU, cpu, NULL);
668
	return 0;
669
}
670

671
static int __init crash_hotplug_init(void)
672
{
673
	int result = 0;
674

675
	if (IS_ENABLED(CONFIG_MEMORY_HOTPLUG))
676
		register_memory_notifier(&crash_memhp_nb);
677

678
	if (IS_ENABLED(CONFIG_HOTPLUG_CPU)) {
679
		result = cpuhp_setup_state_nocalls(CPUHP_BP_PREPARE_DYN,
680
			"crash/cpuhp", crash_cpuhp_online, crash_cpuhp_offline);
681
	}
682

683
	return result;
684
}
685

686
subsys_initcall(crash_hotplug_init);
687
#endif
688

689