1 /* SPDX-License-Identifier: GPL-2.0 */
5 * Copyright IBM Corp. 2018
7 * Author(s): Philipp Rudo <prudo@linux.vnet.ibm.com>
10 #include <linux/linkage.h>
11 #include <asm/asm-offsets.h>
14 #include <asm/ptrace.h>
16 /* The purgatory is the code running between two kernels. It's main purpose
17 * is to verify that the next kernel was not corrupted after load and to
20 * If the next kernel is a crash kernel there are some peculiarities to
23 * First the purgatory is called twice. Once only to verify the
24 * sha digest. So if the crash kernel got corrupted the old kernel can try
25 * to trigger a stand-alone dumper. And once to actually load the crash kernel.
27 * Second the purgatory also has to swap the crash memory region with its
28 * destination at address 0. As the purgatory is part of crash memory this
29 * requires some finesse. The tactic here is that the purgatory first copies
30 * itself to the end of the destination and then swaps the rest of the
31 * memory running from there.
34 #define bufsz purgatory_end-stack
36 .macro MEMCPY dst,src,len
46 .macro MEMSWAP dst,src,buf,len
53 12: MEMCPY \buf,\dst,%r4
65 .macro START_NEXT_KERNEL base
66 lg %r4,kernel_entry-\base(%r13)
67 lg %r5,load_psw_mask-\base(%r13)
77 ENTRY(purgatory_start)
78 /* The purgatory might be called after a diag308 so better set
79 * architecture and addressing mode.
82 sigp %r1,%r0,SIGP_SET_ARCHITECTURE
92 larl %r15,purgatory_end-STACK_FRAME_OVERHEAD
94 /* If the next kernel is KEXEC_TYPE_CRASH the purgatory is called
95 * directly with a flag passed in %r2 whether the purgatory shall do
96 * checksum verification only (%r2 = 0 -> verification only).
98 * Check now and preserve over C function call by storing in
100 * 1 -> checksum verification only
101 * 0 -> load new kernel
104 lg %r11,kernel_type-.base_crash(%r13)
105 cghi %r11,1 /* KEXEC_TYPE_CRASH */
106 jne .do_checksum_verification
107 cghi %r2,0 /* checksum verification only */
108 jne .do_checksum_verification
111 .do_checksum_verification:
112 brasl %r14,verify_sha256_digest
114 cghi %r10,1 /* checksum verification only */
115 je .return_old_kernel
116 cghi %r2,0 /* checksum match */
119 /* If the next kernel is a crash kernel the purgatory has to swap
120 * the mem regions first.
122 cghi %r11,1 /* KEXEC_TYPE_CRASH */
123 je .start_crash_kernel
125 /* start normal kernel */
126 START_NEXT_KERNEL .base_crash
129 lmg %r6,%r15,gprregs-.base_crash(%r13)
133 lpswe disabled_wait_psw-.base_crash(%r13)
136 /* Location of purgatory_start in crash memory */
138 aghi %r8,-(.base_crash-purgatory_start)
140 /* Destination for this code i.e. end of memory to be swapped. */
141 lg %r9,crash_size-.base_crash(%r13)
142 aghi %r9,-(purgatory_end-purgatory_start)
144 /* Destination in crash memory, i.e. same as r9 but in crash memory. */
145 lg %r10,crash_start-.base_crash(%r13)
148 /* Buffer location (in crash memory) and size. As the purgatory is
149 * behind the point of no return it can re-use the stack as buffer.
154 MEMCPY %r12,%r9,%r11 /* dst -> (crash) buf */
155 MEMCPY %r9,%r8,%r11 /* self -> dst */
157 /* Jump to new location. */
159 aghi %r7,.jump_to_dst-purgatory_start
167 MEMCPY %r12,%r10,%r11 /* (crash) buf -> (crash) dst */
169 /* Load new buffer location after jump */
171 aghi %r10,stack-purgatory_start
172 MEMCPY %r10,%r7,%r11 /* (new) buf -> (crash) buf */
174 /* Now the code is set up to run from its designated location. Start
175 * swapping the rest of crash memory now.
177 * The registers will be used as follow:
179 * %r0-%r4 reserved for macros defined above
180 * %r5-%r6 tmp registers
181 * %r7 pointer to current struct sha region
182 * %r8 index to iterate over all sha regions
183 * %r9 pointer in crash memory
184 * %r10 pointer in old kernel
185 * %r11 total size (still) to be moved
186 * %r12 pointer to buffer
191 lg %r9,crash_start-.base_dst(%r13)
192 lghi %r8,16 /* KEXEC_SEGMENTS_MAX */
193 larl %r7,purgatory_sha_regions
197 /* Loop over all purgatory_sha_regions. */
203 aghi %r7,__KEXEC_SHA_REGION_SIZE
206 lg %r5,__KEXEC_SHA_REGION_START(%r7)
210 /* Copy [end last sha region, start current sha region) */
211 /* Note: kexec_sha_region->start points in crash memory */
219 /* Swap sha region */
220 lg %r6,__KEXEC_SHA_REGION_LEN(%r7)
221 MEMSWAP %r9,%r10,%r12,%r6
222 sg %r11,__KEXEC_SHA_REGION_LEN(%r7)
226 /* Copy rest of crash memory */
229 /* start crash kernel */
230 START_NEXT_KERNEL .base_dst
234 .long 0x00080000,0x80000000
238 .quad 0x0002000180000000
239 .quad 0x0000000000000000 + .do_checksum_verification
246 /* Macro to define a global variable with name and size (in bytes) to be
247 * shared with C code.
249 * Add the .size and .type attribute to satisfy checks on the Elf_Sym during
252 .macro GLOBAL_VARIABLE name,size
260 GLOBAL_VARIABLE purgatory_sha256_digest,32
261 GLOBAL_VARIABLE purgatory_sha_regions,16*__KEXEC_SHA_REGION_SIZE
262 GLOBAL_VARIABLE kernel_entry,8
263 GLOBAL_VARIABLE kernel_type,8
264 GLOBAL_VARIABLE crash_start,8
265 GLOBAL_VARIABLE crash_size,8
269 /* The buffer to move this code must be as big as the code. */
270 .skip stack-purgatory_start