License cleanup: add SPDX GPL-2.0 license identifier to files with no license
Many source files in the tree are missing licensing information, which
makes it harder for compliance tools to determine the correct license.
By default all files without license information are under the default
license of the kernel, which is GPL version 2.
Update the files which contain no license information with the 'GPL-2.0'
SPDX license identifier. The SPDX identifier is a legally binding
shorthand, which can be used instead of the full boiler plate text.
This patch is based on work done by Thomas Gleixner and Kate Stewart and
Philippe Ombredanne.
How this work was done:
Patches were generated and checked against linux-4.14-rc6 for a subset of
the use cases:
- file had no licensing information it it.
- file was a */uapi/* one with no licensing information in it,
- file was a */uapi/* one with existing licensing information,
Further patches will be generated in subsequent months to fix up cases
where non-standard license headers were used, and references to license
had to be inferred by heuristics based on keywords.
The analysis to determine which SPDX License Identifier to be applied to
a file was done in a spreadsheet of side by side results from of the
output of two independent scanners (ScanCode & Windriver) producing SPDX
tag:value files created by Philippe Ombredanne. Philippe prepared the
base worksheet, and did an initial spot review of a few 1000 files.
The 4.13 kernel was the starting point of the analysis with 60,537 files
assessed. Kate Stewart did a file by file comparison of the scanner
results in the spreadsheet to determine which SPDX license identifier(s)
to be applied to the file. She confirmed any determination that was not
immediately clear with lawyers working with the Linux Foundation.
Criteria used to select files for SPDX license identifier tagging was:
- Files considered eligible had to be source code files.
- Make and config files were included as candidates if they contained >5
lines of source
- File already had some variant of a license header in it (even if <5
lines).
All documentation files were explicitly excluded.
The following heuristics were used to determine which SPDX license
identifiers to apply.
- when both scanners couldn't find any license traces, file was
considered to have no license information in it, and the top level
COPYING file license applied.
For non */uapi/* files that summary was:
SPDX license identifier # files
---------------------------------------------------|-------
GPL-2.0 11139
and resulted in the first patch in this series.
If that file was a */uapi/* path one, it was "GPL-2.0 WITH
Linux-syscall-note" otherwise it was "GPL-2.0". Results of that was:
SPDX license identifier # files
---------------------------------------------------|-------
GPL-2.0 WITH Linux-syscall-note 930
and resulted in the second patch in this series.
- if a file had some form of licensing information in it, and was one
of the */uapi/* ones, it was denoted with the Linux-syscall-note if
any GPL family license was found in the file or had no licensing in
it (per prior point). Results summary:
SPDX license identifier # files
---------------------------------------------------|------
GPL-2.0 WITH Linux-syscall-note 270
GPL-2.0+ WITH Linux-syscall-note 169
((GPL-2.0 WITH Linux-syscall-note) OR BSD-2-Clause) 21
((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Clause) 17
LGPL-2.1+ WITH Linux-syscall-note 15
GPL-1.0+ WITH Linux-syscall-note 14
((GPL-2.0+ WITH Linux-syscall-note) OR BSD-3-Clause) 5
LGPL-2.0+ WITH Linux-syscall-note 4
LGPL-2.1 WITH Linux-syscall-note 3
((GPL-2.0 WITH Linux-syscall-note) OR MIT) 3
((GPL-2.0 WITH Linux-syscall-note) AND MIT) 1
and that resulted in the third patch in this series.
- when the two scanners agreed on the detected license(s), that became
the concluded license(s).
- when there was disagreement between the two scanners (one detected a
license but the other didn't, or they both detected different
licenses) a manual inspection of the file occurred.
- In most cases a manual inspection of the information in the file
resulted in a clear resolution of the license that should apply (and
which scanner probably needed to revisit its heuristics).
- When it was not immediately clear, the license identifier was
confirmed with lawyers working with the Linux Foundation.
- If there was any question as to the appropriate license identifier,
the file was flagged for further research and to be revisited later
in time.
In total, over 70 hours of logged manual review was done on the
spreadsheet to determine the SPDX license identifiers to apply to the
source files by Kate, Philippe, Thomas and, in some cases, confirmation
by lawyers working with the Linux Foundation.
Kate also obtained a third independent scan of the 4.13 code base from
FOSSology, and compared selected files where the other two scanners
disagreed against that SPDX file, to see if there was new insights. The
Windriver scanner is based on an older version of FOSSology in part, so
they are related.
Thomas did random spot checks in about 500 files from the spreadsheets
for the uapi headers and agreed with SPDX license identifier in the
files he inspected. For the non-uapi files Thomas did random spot checks
in about 15000 files.
In initial set of patches against 4.14-rc6, 3 files were found to have
copy/paste license identifier errors, and have been fixed to reflect the
correct identifier.
Additionally Philippe spent 10 hours this week doing a detailed manual
inspection and review of the 12,461 patched files from the initial patch
version early this week with:
- a full scancode scan run, collecting the matched texts, detected
license ids and scores
- reviewing anything where there was a license detected (about 500+
files) to ensure that the applied SPDX license was correct
- reviewing anything where there was no detection but the patch license
was not GPL-2.0 WITH Linux-syscall-note to ensure that the applied
SPDX license was correct
This produced a worksheet with 20 files needing minor correction. This
worksheet was then exported into 3 different .csv files for the
different types of files to be modified.
These .csv files were then reviewed by Greg. Thomas wrote a script to
parse the csv files and add the proper SPDX tag to the file, in the
format that the file expected. This script was further refined by Greg
based on the output to detect more types of files automatically and to
distinguish between header and source .c files (which need different
comment types.) Finally Greg ran the script using the .csv files to
generate the patches.
Reviewed-by: Kate Stewart <kstewart@linuxfoundation.org>
Reviewed-by: Philippe Ombredanne <pombredanne@nexb.com>
Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-11-01 21:07:57 +07:00
|
|
|
/* SPDX-License-Identifier: GPL-2.0 */
|
2005-06-26 04:57:52 +07:00
|
|
|
#ifndef LINUX_KEXEC_H
|
|
|
|
#define LINUX_KEXEC_H
|
|
|
|
|
2015-02-18 04:45:56 +07:00
|
|
|
#define IND_DESTINATION_BIT 0
|
|
|
|
#define IND_INDIRECTION_BIT 1
|
|
|
|
#define IND_DONE_BIT 2
|
|
|
|
#define IND_SOURCE_BIT 3
|
|
|
|
|
|
|
|
#define IND_DESTINATION (1 << IND_DESTINATION_BIT)
|
|
|
|
#define IND_INDIRECTION (1 << IND_INDIRECTION_BIT)
|
|
|
|
#define IND_DONE (1 << IND_DONE_BIT)
|
|
|
|
#define IND_SOURCE (1 << IND_SOURCE_BIT)
|
2015-02-18 04:45:58 +07:00
|
|
|
#define IND_FLAGS (IND_DESTINATION | IND_INDIRECTION | IND_DONE | IND_SOURCE)
|
2015-02-18 04:45:56 +07:00
|
|
|
|
|
|
|
#if !defined(__ASSEMBLY__)
|
|
|
|
|
crash: move crashkernel parsing and vmcore related code under CONFIG_CRASH_CORE
Patch series "kexec/fadump: remove dependency with CONFIG_KEXEC and
reuse crashkernel parameter for fadump", v4.
Traditionally, kdump is used to save vmcore in case of a crash. Some
architectures like powerpc can save vmcore using architecture specific
support instead of kexec/kdump mechanism. Such architecture specific
support also needs to reserve memory, to be used by dump capture kernel.
crashkernel parameter can be a reused, for memory reservation, by such
architecture specific infrastructure.
This patchset removes dependency with CONFIG_KEXEC for crashkernel
parameter and vmcoreinfo related code as it can be reused without kexec
support. Also, crashkernel parameter is reused instead of
fadump_reserve_mem to reserve memory for fadump.
The first patch moves crashkernel parameter parsing and vmcoreinfo
related code under CONFIG_CRASH_CORE instead of CONFIG_KEXEC_CORE. The
second patch reuses the definitions of append_elf_note() & final_note()
functions under CONFIG_CRASH_CORE in IA64 arch code. The third patch
removes dependency on CONFIG_KEXEC for firmware-assisted dump (fadump)
in powerpc. The next patch reuses crashkernel parameter for reserving
memory for fadump, instead of the fadump_reserve_mem parameter. This
has the advantage of using all syntaxes crashkernel parameter supports,
for fadump as well. The last patch updates fadump kernel documentation
about use of crashkernel parameter.
This patch (of 5):
Traditionally, kdump is used to save vmcore in case of a crash. Some
architectures like powerpc can save vmcore using architecture specific
support instead of kexec/kdump mechanism. Such architecture specific
support also needs to reserve memory, to be used by dump capture kernel.
crashkernel parameter can be a reused, for memory reservation, by such
architecture specific infrastructure.
But currently, code related to vmcoreinfo and parsing of crashkernel
parameter is built under CONFIG_KEXEC_CORE. This patch introduces
CONFIG_CRASH_CORE and moves the above mentioned code under this config,
allowing code reuse without dependency on CONFIG_KEXEC. There is no
functional change with this patch.
Link: http://lkml.kernel.org/r/149035338104.6881.4550894432615189948.stgit@hbathini.in.ibm.com
Signed-off-by: Hari Bathini <hbathini@linux.vnet.ibm.com>
Acked-by: Dave Young <dyoung@redhat.com>
Cc: Fenghua Yu <fenghua.yu@intel.com>
Cc: Tony Luck <tony.luck@intel.com>
Cc: Eric Biederman <ebiederm@xmission.com>
Cc: Mahesh Salgaonkar <mahesh@linux.vnet.ibm.com>
Cc: Vivek Goyal <vgoyal@redhat.com>
Cc: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2017-05-09 05:56:18 +07:00
|
|
|
#include <linux/crash_core.h>
|
2016-08-03 04:06:04 +07:00
|
|
|
#include <asm/io.h>
|
|
|
|
|
2012-10-13 16:46:48 +07:00
|
|
|
#include <uapi/linux/kexec.h>
|
2012-06-01 06:26:27 +07:00
|
|
|
|
2015-09-10 05:38:55 +07:00
|
|
|
#ifdef CONFIG_KEXEC_CORE
|
2005-06-26 04:57:52 +07:00
|
|
|
#include <linux/list.h>
|
|
|
|
#include <linux/compat.h>
|
2006-02-10 16:51:05 +07:00
|
|
|
#include <linux/ioport.h>
|
2014-08-09 04:26:04 +07:00
|
|
|
#include <linux/module.h>
|
2005-06-26 04:57:52 +07:00
|
|
|
#include <asm/kexec.h>
|
|
|
|
|
|
|
|
/* Verify architecture specific macros are defined */
|
|
|
|
|
|
|
|
#ifndef KEXEC_SOURCE_MEMORY_LIMIT
|
|
|
|
#error KEXEC_SOURCE_MEMORY_LIMIT not defined
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#ifndef KEXEC_DESTINATION_MEMORY_LIMIT
|
|
|
|
#error KEXEC_DESTINATION_MEMORY_LIMIT not defined
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#ifndef KEXEC_CONTROL_MEMORY_LIMIT
|
|
|
|
#error KEXEC_CONTROL_MEMORY_LIMIT not defined
|
|
|
|
#endif
|
|
|
|
|
2015-04-16 19:47:33 +07:00
|
|
|
#ifndef KEXEC_CONTROL_MEMORY_GFP
|
2016-08-03 04:05:54 +07:00
|
|
|
#define KEXEC_CONTROL_MEMORY_GFP (GFP_KERNEL | __GFP_NORETRY)
|
2015-04-16 19:47:33 +07:00
|
|
|
#endif
|
|
|
|
|
2008-08-15 14:40:22 +07:00
|
|
|
#ifndef KEXEC_CONTROL_PAGE_SIZE
|
|
|
|
#error KEXEC_CONTROL_PAGE_SIZE not defined
|
2005-06-26 04:57:52 +07:00
|
|
|
#endif
|
|
|
|
|
|
|
|
#ifndef KEXEC_ARCH
|
|
|
|
#error KEXEC_ARCH not defined
|
|
|
|
#endif
|
|
|
|
|
2011-10-30 21:16:36 +07:00
|
|
|
#ifndef KEXEC_CRASH_CONTROL_MEMORY_LIMIT
|
|
|
|
#define KEXEC_CRASH_CONTROL_MEMORY_LIMIT KEXEC_CONTROL_MEMORY_LIMIT
|
|
|
|
#endif
|
|
|
|
|
2011-10-30 21:16:43 +07:00
|
|
|
#ifndef KEXEC_CRASH_MEM_ALIGN
|
|
|
|
#define KEXEC_CRASH_MEM_ALIGN PAGE_SIZE
|
|
|
|
#endif
|
|
|
|
|
crash: move crashkernel parsing and vmcore related code under CONFIG_CRASH_CORE
Patch series "kexec/fadump: remove dependency with CONFIG_KEXEC and
reuse crashkernel parameter for fadump", v4.
Traditionally, kdump is used to save vmcore in case of a crash. Some
architectures like powerpc can save vmcore using architecture specific
support instead of kexec/kdump mechanism. Such architecture specific
support also needs to reserve memory, to be used by dump capture kernel.
crashkernel parameter can be a reused, for memory reservation, by such
architecture specific infrastructure.
This patchset removes dependency with CONFIG_KEXEC for crashkernel
parameter and vmcoreinfo related code as it can be reused without kexec
support. Also, crashkernel parameter is reused instead of
fadump_reserve_mem to reserve memory for fadump.
The first patch moves crashkernel parameter parsing and vmcoreinfo
related code under CONFIG_CRASH_CORE instead of CONFIG_KEXEC_CORE. The
second patch reuses the definitions of append_elf_note() & final_note()
functions under CONFIG_CRASH_CORE in IA64 arch code. The third patch
removes dependency on CONFIG_KEXEC for firmware-assisted dump (fadump)
in powerpc. The next patch reuses crashkernel parameter for reserving
memory for fadump, instead of the fadump_reserve_mem parameter. This
has the advantage of using all syntaxes crashkernel parameter supports,
for fadump as well. The last patch updates fadump kernel documentation
about use of crashkernel parameter.
This patch (of 5):
Traditionally, kdump is used to save vmcore in case of a crash. Some
architectures like powerpc can save vmcore using architecture specific
support instead of kexec/kdump mechanism. Such architecture specific
support also needs to reserve memory, to be used by dump capture kernel.
crashkernel parameter can be a reused, for memory reservation, by such
architecture specific infrastructure.
But currently, code related to vmcoreinfo and parsing of crashkernel
parameter is built under CONFIG_KEXEC_CORE. This patch introduces
CONFIG_CRASH_CORE and moves the above mentioned code under this config,
allowing code reuse without dependency on CONFIG_KEXEC. There is no
functional change with this patch.
Link: http://lkml.kernel.org/r/149035338104.6881.4550894432615189948.stgit@hbathini.in.ibm.com
Signed-off-by: Hari Bathini <hbathini@linux.vnet.ibm.com>
Acked-by: Dave Young <dyoung@redhat.com>
Cc: Fenghua Yu <fenghua.yu@intel.com>
Cc: Tony Luck <tony.luck@intel.com>
Cc: Eric Biederman <ebiederm@xmission.com>
Cc: Mahesh Salgaonkar <mahesh@linux.vnet.ibm.com>
Cc: Vivek Goyal <vgoyal@redhat.com>
Cc: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2017-05-09 05:56:18 +07:00
|
|
|
#define KEXEC_CORE_NOTE_NAME CRASH_CORE_NOTE_NAME
|
|
|
|
|
2005-06-26 04:57:52 +07:00
|
|
|
/*
|
|
|
|
* This structure is used to hold the arguments that are used when loading
|
|
|
|
* kernel binaries.
|
|
|
|
*/
|
|
|
|
|
|
|
|
typedef unsigned long kimage_entry_t;
|
|
|
|
|
|
|
|
struct kexec_segment {
|
2014-08-09 04:25:52 +07:00
|
|
|
/*
|
|
|
|
* This pointer can point to user memory if kexec_load() system
|
|
|
|
* call is used or will point to kernel memory if
|
|
|
|
* kexec_file_load() system call is used.
|
|
|
|
*
|
|
|
|
* Use ->buf when expecting to deal with user memory and use ->kbuf
|
|
|
|
* when expecting to deal with kernel memory.
|
|
|
|
*/
|
|
|
|
union {
|
|
|
|
void __user *buf;
|
|
|
|
void *kbuf;
|
|
|
|
};
|
2005-06-26 04:57:52 +07:00
|
|
|
size_t bufsz;
|
2012-06-01 06:26:27 +07:00
|
|
|
unsigned long mem;
|
2005-06-26 04:57:52 +07:00
|
|
|
size_t memsz;
|
|
|
|
};
|
|
|
|
|
|
|
|
#ifdef CONFIG_COMPAT
|
|
|
|
struct compat_kexec_segment {
|
|
|
|
compat_uptr_t buf;
|
|
|
|
compat_size_t bufsz;
|
|
|
|
compat_ulong_t mem; /* User space sees this as a (void *) ... */
|
|
|
|
compat_size_t memsz;
|
|
|
|
};
|
|
|
|
#endif
|
|
|
|
|
2016-01-21 06:00:36 +07:00
|
|
|
#ifdef CONFIG_KEXEC_FILE
|
2014-08-09 04:26:04 +07:00
|
|
|
struct purgatory_info {
|
|
|
|
/* Pointer to elf header of read only purgatory */
|
|
|
|
Elf_Ehdr *ehdr;
|
|
|
|
|
|
|
|
/* Pointer to purgatory sechdrs which are modifiable */
|
|
|
|
Elf_Shdr *sechdrs;
|
|
|
|
/*
|
|
|
|
* Temporary buffer location where purgatory is loaded and relocated
|
|
|
|
* This memory can be freed post image load
|
|
|
|
*/
|
|
|
|
void *purgatory_buf;
|
|
|
|
|
|
|
|
/* Address where purgatory is finally loaded and is executed from */
|
|
|
|
unsigned long purgatory_load_addr;
|
|
|
|
};
|
|
|
|
|
2016-01-21 06:00:36 +07:00
|
|
|
typedef int (kexec_probe_t)(const char *kernel_buf, unsigned long kernel_size);
|
|
|
|
typedef void *(kexec_load_t)(struct kimage *image, char *kernel_buf,
|
|
|
|
unsigned long kernel_len, char *initrd,
|
|
|
|
unsigned long initrd_len, char *cmdline,
|
|
|
|
unsigned long cmdline_len);
|
|
|
|
typedef int (kexec_cleanup_t)(void *loader_data);
|
|
|
|
|
|
|
|
#ifdef CONFIG_KEXEC_VERIFY_SIG
|
|
|
|
typedef int (kexec_verify_sig_t)(const char *kernel_buf,
|
|
|
|
unsigned long kernel_len);
|
|
|
|
#endif
|
|
|
|
|
|
|
|
struct kexec_file_ops {
|
|
|
|
kexec_probe_t *probe;
|
|
|
|
kexec_load_t *load;
|
|
|
|
kexec_cleanup_t *cleanup;
|
|
|
|
#ifdef CONFIG_KEXEC_VERIFY_SIG
|
|
|
|
kexec_verify_sig_t *verify_sig;
|
|
|
|
#endif
|
|
|
|
};
|
2016-11-29 19:45:47 +07:00
|
|
|
|
|
|
|
/**
|
|
|
|
* struct kexec_buf - parameters for finding a place for a buffer in memory
|
|
|
|
* @image: kexec image in which memory to search.
|
|
|
|
* @buffer: Contents which will be copied to the allocated memory.
|
|
|
|
* @bufsz: Size of @buffer.
|
|
|
|
* @mem: On return will have address of the buffer in memory.
|
|
|
|
* @memsz: Size for the buffer in memory.
|
|
|
|
* @buf_align: Minimum alignment needed.
|
|
|
|
* @buf_min: The buffer can't be placed below this address.
|
|
|
|
* @buf_max: The buffer can't be placed above this address.
|
|
|
|
* @top_down: Allocate from top of memory.
|
|
|
|
*/
|
|
|
|
struct kexec_buf {
|
|
|
|
struct kimage *image;
|
2016-11-29 19:45:48 +07:00
|
|
|
void *buffer;
|
2016-11-29 19:45:47 +07:00
|
|
|
unsigned long bufsz;
|
|
|
|
unsigned long mem;
|
|
|
|
unsigned long memsz;
|
|
|
|
unsigned long buf_align;
|
|
|
|
unsigned long buf_min;
|
|
|
|
unsigned long buf_max;
|
|
|
|
bool top_down;
|
|
|
|
};
|
|
|
|
|
|
|
|
int __weak arch_kexec_walk_mem(struct kexec_buf *kbuf,
|
2017-10-20 21:30:51 +07:00
|
|
|
int (*func)(struct resource *, void *));
|
2016-11-29 19:45:48 +07:00
|
|
|
extern int kexec_add_buffer(struct kexec_buf *kbuf);
|
2016-11-29 19:45:49 +07:00
|
|
|
int kexec_locate_mem_hole(struct kexec_buf *kbuf);
|
2016-11-29 19:45:47 +07:00
|
|
|
#endif /* CONFIG_KEXEC_FILE */
|
2016-01-21 06:00:36 +07:00
|
|
|
|
2005-06-26 04:57:52 +07:00
|
|
|
struct kimage {
|
|
|
|
kimage_entry_t head;
|
|
|
|
kimage_entry_t *entry;
|
|
|
|
kimage_entry_t *last_entry;
|
|
|
|
|
|
|
|
unsigned long start;
|
|
|
|
struct page *control_code_page;
|
2008-07-26 09:45:07 +07:00
|
|
|
struct page *swap_page;
|
kdump: protect vmcoreinfo data under the crash memory
Currently vmcoreinfo data is updated at boot time subsys_initcall(), it
has the risk of being modified by some wrong code during system is
running.
As a result, vmcore dumped may contain the wrong vmcoreinfo. Later on,
when using "crash", "makedumpfile", etc utility to parse this vmcore, we
probably will get "Segmentation fault" or other unexpected errors.
E.g. 1) wrong code overwrites vmcoreinfo_data; 2) further crashes the
system; 3) trigger kdump, then we obviously will fail to recognize the
crash context correctly due to the corrupted vmcoreinfo.
Now except for vmcoreinfo, all the crash data is well
protected(including the cpu note which is fully updated in the crash
path, thus its correctness is guaranteed). Given that vmcoreinfo data
is a large chunk prepared for kdump, we better protect it as well.
To solve this, we relocate and copy vmcoreinfo_data to the crash memory
when kdump is loading via kexec syscalls. Because the whole crash
memory will be protected by existing arch_kexec_protect_crashkres()
mechanism, we naturally protect vmcoreinfo_data from write(even read)
access under kernel direct mapping after kdump is loaded.
Since kdump is usually loaded at the very early stage after boot, we can
trust the correctness of the vmcoreinfo data copied.
On the other hand, we still need to operate the vmcoreinfo safe copy
when crash happens to generate vmcoreinfo_note again, we rely on vmap()
to map out a new kernel virtual address and update to use this new one
instead in the following crash_save_vmcoreinfo().
BTW, we do not touch vmcoreinfo_note, because it will be fully updated
using the protected vmcoreinfo_data after crash which is surely correct
just like the cpu crash note.
Link: http://lkml.kernel.org/r/1493281021-20737-3-git-send-email-xlpang@redhat.com
Signed-off-by: Xunlei Pang <xlpang@redhat.com>
Tested-by: Michael Holzheu <holzheu@linux.vnet.ibm.com>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Dave Young <dyoung@redhat.com>
Cc: Eric Biederman <ebiederm@xmission.com>
Cc: Hari Bathini <hbathini@linux.vnet.ibm.com>
Cc: Juergen Gross <jgross@suse.com>
Cc: Mahesh Salgaonkar <mahesh@linux.vnet.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2017-07-13 04:33:21 +07:00
|
|
|
void *vmcoreinfo_data_copy; /* locates in the crash memory */
|
2005-06-26 04:57:52 +07:00
|
|
|
|
|
|
|
unsigned long nr_segments;
|
|
|
|
struct kexec_segment segment[KEXEC_SEGMENT_MAX];
|
|
|
|
|
|
|
|
struct list_head control_pages;
|
|
|
|
struct list_head dest_pages;
|
2014-08-09 04:25:43 +07:00
|
|
|
struct list_head unusable_pages;
|
2005-06-26 04:57:52 +07:00
|
|
|
|
|
|
|
/* Address of next control page to allocate for crash kernels. */
|
|
|
|
unsigned long control_page;
|
|
|
|
|
|
|
|
/* Flags to indicate special processing */
|
|
|
|
unsigned int type : 1;
|
|
|
|
#define KEXEC_TYPE_DEFAULT 0
|
|
|
|
#define KEXEC_TYPE_CRASH 1
|
2008-07-26 09:45:07 +07:00
|
|
|
unsigned int preserve_context : 1;
|
2014-08-09 04:25:57 +07:00
|
|
|
/* If set, we are using file mode kexec syscall */
|
|
|
|
unsigned int file_mode:1;
|
2008-10-31 08:48:08 +07:00
|
|
|
|
|
|
|
#ifdef ARCH_HAS_KIMAGE_ARCH
|
|
|
|
struct kimage_arch arch;
|
|
|
|
#endif
|
2014-08-09 04:25:57 +07:00
|
|
|
|
2016-01-21 06:00:36 +07:00
|
|
|
#ifdef CONFIG_KEXEC_FILE
|
2014-08-09 04:25:57 +07:00
|
|
|
/* Additional fields for file based kexec syscall */
|
|
|
|
void *kernel_buf;
|
|
|
|
unsigned long kernel_buf_len;
|
|
|
|
|
|
|
|
void *initrd_buf;
|
|
|
|
unsigned long initrd_buf_len;
|
|
|
|
|
|
|
|
char *cmdline_buf;
|
|
|
|
unsigned long cmdline_buf_len;
|
|
|
|
|
|
|
|
/* File operations provided by image loader */
|
|
|
|
struct kexec_file_ops *fops;
|
|
|
|
|
|
|
|
/* Image loader handling the kernel can store a pointer here */
|
|
|
|
void *image_loader_data;
|
2014-08-09 04:26:04 +07:00
|
|
|
|
|
|
|
/* Information for loading purgatory */
|
|
|
|
struct purgatory_info purgatory_info;
|
2016-01-21 06:00:36 +07:00
|
|
|
#endif
|
2014-08-09 04:25:57 +07:00
|
|
|
};
|
2005-06-26 04:57:52 +07:00
|
|
|
|
|
|
|
/* kexec interface functions */
|
2008-07-26 09:45:07 +07:00
|
|
|
extern void machine_kexec(struct kimage *image);
|
2005-06-26 04:57:52 +07:00
|
|
|
extern int machine_kexec_prepare(struct kimage *image);
|
|
|
|
extern void machine_kexec_cleanup(struct kimage *image);
|
|
|
|
extern asmlinkage long sys_kexec_load(unsigned long entry,
|
2005-06-26 04:58:28 +07:00
|
|
|
unsigned long nr_segments,
|
|
|
|
struct kexec_segment __user *segments,
|
|
|
|
unsigned long flags);
|
2008-07-26 09:45:07 +07:00
|
|
|
extern int kernel_kexec(void);
|
2005-06-26 04:58:28 +07:00
|
|
|
extern struct page *kimage_alloc_control_pages(struct kimage *image,
|
|
|
|
unsigned int order);
|
2014-08-09 04:26:04 +07:00
|
|
|
extern int kexec_load_purgatory(struct kimage *image, unsigned long min,
|
|
|
|
unsigned long max, int top_down,
|
|
|
|
unsigned long *load_addr);
|
|
|
|
extern int kexec_purgatory_get_set_symbol(struct kimage *image,
|
|
|
|
const char *name, void *buf,
|
|
|
|
unsigned int size, bool get_value);
|
|
|
|
extern void *kexec_purgatory_get_symbol_addr(struct kimage *image,
|
|
|
|
const char *name);
|
2015-12-14 17:19:11 +07:00
|
|
|
extern void __crash_kexec(struct pt_regs *);
|
2005-06-26 04:58:26 +07:00
|
|
|
extern void crash_kexec(struct pt_regs *);
|
|
|
|
int kexec_should_crash(struct task_struct *);
|
2016-08-03 04:06:16 +07:00
|
|
|
int kexec_crash_loaded(void);
|
2006-12-07 11:40:41 +07:00
|
|
|
void crash_save_cpu(struct pt_regs *regs, int cpu);
|
kdump: protect vmcoreinfo data under the crash memory
Currently vmcoreinfo data is updated at boot time subsys_initcall(), it
has the risk of being modified by some wrong code during system is
running.
As a result, vmcore dumped may contain the wrong vmcoreinfo. Later on,
when using "crash", "makedumpfile", etc utility to parse this vmcore, we
probably will get "Segmentation fault" or other unexpected errors.
E.g. 1) wrong code overwrites vmcoreinfo_data; 2) further crashes the
system; 3) trigger kdump, then we obviously will fail to recognize the
crash context correctly due to the corrupted vmcoreinfo.
Now except for vmcoreinfo, all the crash data is well
protected(including the cpu note which is fully updated in the crash
path, thus its correctness is guaranteed). Given that vmcoreinfo data
is a large chunk prepared for kdump, we better protect it as well.
To solve this, we relocate and copy vmcoreinfo_data to the crash memory
when kdump is loading via kexec syscalls. Because the whole crash
memory will be protected by existing arch_kexec_protect_crashkres()
mechanism, we naturally protect vmcoreinfo_data from write(even read)
access under kernel direct mapping after kdump is loaded.
Since kdump is usually loaded at the very early stage after boot, we can
trust the correctness of the vmcoreinfo data copied.
On the other hand, we still need to operate the vmcoreinfo safe copy
when crash happens to generate vmcoreinfo_note again, we rely on vmap()
to map out a new kernel virtual address and update to use this new one
instead in the following crash_save_vmcoreinfo().
BTW, we do not touch vmcoreinfo_note, because it will be fully updated
using the protected vmcoreinfo_data after crash which is surely correct
just like the cpu crash note.
Link: http://lkml.kernel.org/r/1493281021-20737-3-git-send-email-xlpang@redhat.com
Signed-off-by: Xunlei Pang <xlpang@redhat.com>
Tested-by: Michael Holzheu <holzheu@linux.vnet.ibm.com>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Dave Young <dyoung@redhat.com>
Cc: Eric Biederman <ebiederm@xmission.com>
Cc: Hari Bathini <hbathini@linux.vnet.ibm.com>
Cc: Juergen Gross <jgross@suse.com>
Cc: Mahesh Salgaonkar <mahesh@linux.vnet.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2017-07-13 04:33:21 +07:00
|
|
|
extern int kimage_crash_copy_vmcoreinfo(struct kimage *image);
|
2007-10-17 13:27:27 +07:00
|
|
|
|
2005-06-26 04:57:52 +07:00
|
|
|
extern struct kimage *kexec_image;
|
2006-06-23 16:05:07 +07:00
|
|
|
extern struct kimage *kexec_crash_image;
|
kexec: add sysctl to disable kexec_load
For general-purpose (i.e. distro) kernel builds it makes sense to build
with CONFIG_KEXEC to allow end users to choose what kind of things they
want to do with kexec. However, in the face of trying to lock down a
system with such a kernel, there needs to be a way to disable kexec_load
(much like module loading can be disabled). Without this, it is too easy
for the root user to modify kernel memory even when CONFIG_STRICT_DEVMEM
and modules_disabled are set. With this change, it is still possible to
load an image for use later, then disable kexec_load so the image (or lack
of image) can't be altered.
The intention is for using this in environments where "perfect"
enforcement is hard. Without a verified boot, along with verified
modules, and along with verified kexec, this is trying to give a system a
better chance to defend itself (or at least grow the window of
discoverability) against attack in the face of a privilege escalation.
In my mind, I consider several boot scenarios:
1) Verified boot of read-only verified root fs loading fd-based
verification of kexec images.
2) Secure boot of writable root fs loading signed kexec images.
3) Regular boot loading kexec (e.g. kcrash) image early and locking it.
4) Regular boot with no control of kexec image at all.
1 and 2 don't exist yet, but will soon once the verified kexec series has
landed. 4 is the state of things now. The gap between 2 and 4 is too
large, so this change creates scenario 3, a middle-ground above 4 when 2
and 1 are not possible for a system.
Signed-off-by: Kees Cook <keescook@chromium.org>
Acked-by: Rik van Riel <riel@redhat.com>
Cc: Vivek Goyal <vgoyal@redhat.com>
Cc: Eric Biederman <ebiederm@xmission.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-01-24 06:55:59 +07:00
|
|
|
extern int kexec_load_disabled;
|
2005-06-26 04:57:52 +07:00
|
|
|
|
2006-12-08 00:51:35 +07:00
|
|
|
#ifndef kexec_flush_icache_page
|
|
|
|
#define kexec_flush_icache_page(page)
|
|
|
|
#endif
|
|
|
|
|
2008-07-26 09:45:07 +07:00
|
|
|
/* List of defined/legal kexec flags */
|
|
|
|
#ifndef CONFIG_KEXEC_JUMP
|
|
|
|
#define KEXEC_FLAGS KEXEC_ON_CRASH
|
|
|
|
#else
|
|
|
|
#define KEXEC_FLAGS (KEXEC_ON_CRASH | KEXEC_PRESERVE_CONTEXT)
|
|
|
|
#endif
|
2005-06-26 04:57:52 +07:00
|
|
|
|
2014-08-09 04:25:57 +07:00
|
|
|
/* List of defined/legal kexec file flags */
|
|
|
|
#define KEXEC_FILE_FLAGS (KEXEC_FILE_UNLOAD | KEXEC_FILE_ON_CRASH | \
|
|
|
|
KEXEC_FILE_NO_INITRAMFS)
|
|
|
|
|
2005-06-26 04:57:52 +07:00
|
|
|
/* Location of a reserved region to hold the crash kernel.
|
|
|
|
*/
|
|
|
|
extern struct resource crashk_res;
|
2013-01-25 03:20:11 +07:00
|
|
|
extern struct resource crashk_low_res;
|
2010-02-02 12:38:57 +07:00
|
|
|
extern note_buf_t __percpu *crash_notes;
|
2005-06-26 04:57:52 +07:00
|
|
|
|
2013-11-28 05:19:25 +07:00
|
|
|
/* flag to track if kexec reboot is in progress */
|
|
|
|
extern bool kexec_in_progress;
|
|
|
|
|
2009-12-16 07:47:46 +07:00
|
|
|
int crash_shrink_memory(unsigned long new_size);
|
|
|
|
size_t crash_get_memory_size(void);
|
2010-08-25 07:22:58 +07:00
|
|
|
void crash_free_reserved_phys_range(unsigned long begin, unsigned long end);
|
2006-12-08 00:51:35 +07:00
|
|
|
|
2015-09-10 05:38:51 +07:00
|
|
|
int __weak arch_kexec_kernel_image_probe(struct kimage *image, void *buf,
|
|
|
|
unsigned long buf_len);
|
|
|
|
void * __weak arch_kexec_kernel_image_load(struct kimage *image);
|
|
|
|
int __weak arch_kimage_file_post_load_cleanup(struct kimage *image);
|
|
|
|
int __weak arch_kexec_kernel_verify_sig(struct kimage *image, void *buf,
|
|
|
|
unsigned long buf_len);
|
|
|
|
int __weak arch_kexec_apply_relocations_add(const Elf_Ehdr *ehdr,
|
|
|
|
Elf_Shdr *sechdrs, unsigned int relsec);
|
|
|
|
int __weak arch_kexec_apply_relocations(const Elf_Ehdr *ehdr, Elf_Shdr *sechdrs,
|
|
|
|
unsigned int relsec);
|
2016-05-24 06:24:10 +07:00
|
|
|
void arch_kexec_protect_crashkres(void);
|
|
|
|
void arch_kexec_unprotect_crashkres(void);
|
2015-09-10 05:38:51 +07:00
|
|
|
|
2016-08-03 04:06:04 +07:00
|
|
|
#ifndef page_to_boot_pfn
|
|
|
|
static inline unsigned long page_to_boot_pfn(struct page *page)
|
|
|
|
{
|
|
|
|
return page_to_pfn(page);
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#ifndef boot_pfn_to_page
|
|
|
|
static inline struct page *boot_pfn_to_page(unsigned long boot_pfn)
|
|
|
|
{
|
|
|
|
return pfn_to_page(boot_pfn);
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#ifndef phys_to_boot_phys
|
|
|
|
static inline unsigned long phys_to_boot_phys(phys_addr_t phys)
|
|
|
|
{
|
|
|
|
return phys;
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#ifndef boot_phys_to_phys
|
|
|
|
static inline phys_addr_t boot_phys_to_phys(unsigned long boot_phys)
|
|
|
|
{
|
|
|
|
return boot_phys;
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
|
|
|
static inline unsigned long virt_to_boot_phys(void *addr)
|
|
|
|
{
|
|
|
|
return phys_to_boot_phys(__pa((unsigned long)addr));
|
|
|
|
}
|
|
|
|
|
|
|
|
static inline void *boot_phys_to_virt(unsigned long entry)
|
|
|
|
{
|
|
|
|
return phys_to_virt(boot_phys_to_phys(entry));
|
|
|
|
}
|
|
|
|
|
2017-07-18 04:10:28 +07:00
|
|
|
#ifndef arch_kexec_post_alloc_pages
|
|
|
|
static inline int arch_kexec_post_alloc_pages(void *vaddr, unsigned int pages, gfp_t gfp) { return 0; }
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#ifndef arch_kexec_pre_free_pages
|
|
|
|
static inline void arch_kexec_pre_free_pages(void *vaddr, unsigned int pages) { }
|
|
|
|
#endif
|
|
|
|
|
2015-09-10 05:38:55 +07:00
|
|
|
#else /* !CONFIG_KEXEC_CORE */
|
2005-06-26 04:58:26 +07:00
|
|
|
struct pt_regs;
|
|
|
|
struct task_struct;
|
2015-12-14 17:19:11 +07:00
|
|
|
static inline void __crash_kexec(struct pt_regs *regs) { }
|
2005-06-26 04:58:26 +07:00
|
|
|
static inline void crash_kexec(struct pt_regs *regs) { }
|
|
|
|
static inline int kexec_should_crash(struct task_struct *p) { return 0; }
|
2016-08-03 04:06:16 +07:00
|
|
|
static inline int kexec_crash_loaded(void) { return 0; }
|
2015-08-02 06:08:06 +07:00
|
|
|
#define kexec_in_progress false
|
2015-09-10 05:38:55 +07:00
|
|
|
#endif /* CONFIG_KEXEC_CORE */
|
2015-02-18 04:45:56 +07:00
|
|
|
|
|
|
|
#endif /* !defined(__ASSEBMLY__) */
|
|
|
|
|
2005-06-26 04:57:52 +07:00
|
|
|
#endif /* LINUX_KEXEC_H */
|