162306a36Sopenharmony_ci/* SPDX-License-Identifier: GPL-2.0 */ 262306a36Sopenharmony_ci/* 362306a36Sopenharmony_ci * Purgatory setup code 462306a36Sopenharmony_ci * 562306a36Sopenharmony_ci * Copyright IBM Corp. 2018 662306a36Sopenharmony_ci * 762306a36Sopenharmony_ci * Author(s): Philipp Rudo <prudo@linux.vnet.ibm.com> 862306a36Sopenharmony_ci */ 962306a36Sopenharmony_ci 1062306a36Sopenharmony_ci#include <linux/linkage.h> 1162306a36Sopenharmony_ci#include <asm/asm-offsets.h> 1262306a36Sopenharmony_ci#include <asm/page.h> 1362306a36Sopenharmony_ci#include <asm/sigp.h> 1462306a36Sopenharmony_ci#include <asm/ptrace.h> 1562306a36Sopenharmony_ci 1662306a36Sopenharmony_ci/* The purgatory is the code running between two kernels. It's main purpose 1762306a36Sopenharmony_ci * is to verify that the next kernel was not corrupted after load and to 1862306a36Sopenharmony_ci * start it. 1962306a36Sopenharmony_ci * 2062306a36Sopenharmony_ci * If the next kernel is a crash kernel there are some peculiarities to 2162306a36Sopenharmony_ci * consider: 2262306a36Sopenharmony_ci * 2362306a36Sopenharmony_ci * First the purgatory is called twice. Once only to verify the 2462306a36Sopenharmony_ci * sha digest. So if the crash kernel got corrupted the old kernel can try 2562306a36Sopenharmony_ci * to trigger a stand-alone dumper. And once to actually load the crash kernel. 2662306a36Sopenharmony_ci * 2762306a36Sopenharmony_ci * Second the purgatory also has to swap the crash memory region with its 2862306a36Sopenharmony_ci * destination at address 0. As the purgatory is part of crash memory this 2962306a36Sopenharmony_ci * requires some finesse. The tactic here is that the purgatory first copies 3062306a36Sopenharmony_ci * itself to the end of the destination and then swaps the rest of the 3162306a36Sopenharmony_ci * memory running from there. 3262306a36Sopenharmony_ci */ 3362306a36Sopenharmony_ci 3462306a36Sopenharmony_ci#define bufsz purgatory_end-stack 3562306a36Sopenharmony_ci 3662306a36Sopenharmony_ci.macro MEMCPY dst,src,len 3762306a36Sopenharmony_ci lgr %r0,\dst 3862306a36Sopenharmony_ci lgr %r1,\len 3962306a36Sopenharmony_ci lgr %r2,\src 4062306a36Sopenharmony_ci lgr %r3,\len 4162306a36Sopenharmony_ci 4262306a36Sopenharmony_ci20: mvcle %r0,%r2,0 4362306a36Sopenharmony_ci jo 20b 4462306a36Sopenharmony_ci.endm 4562306a36Sopenharmony_ci 4662306a36Sopenharmony_ci.macro MEMSWAP dst,src,buf,len 4762306a36Sopenharmony_ci10: larl %r0,purgatory_end 4862306a36Sopenharmony_ci larl %r1,stack 4962306a36Sopenharmony_ci slgr %r0,%r1 5062306a36Sopenharmony_ci cgr \len,%r0 5162306a36Sopenharmony_ci jh 11f 5262306a36Sopenharmony_ci lgr %r4,\len 5362306a36Sopenharmony_ci j 12f 5462306a36Sopenharmony_ci11: lgr %r4,%r0 5562306a36Sopenharmony_ci 5662306a36Sopenharmony_ci12: MEMCPY \buf,\dst,%r4 5762306a36Sopenharmony_ci MEMCPY \dst,\src,%r4 5862306a36Sopenharmony_ci MEMCPY \src,\buf,%r4 5962306a36Sopenharmony_ci 6062306a36Sopenharmony_ci agr \dst,%r4 6162306a36Sopenharmony_ci agr \src,%r4 6262306a36Sopenharmony_ci sgr \len,%r4 6362306a36Sopenharmony_ci 6462306a36Sopenharmony_ci cghi \len,0 6562306a36Sopenharmony_ci jh 10b 6662306a36Sopenharmony_ci.endm 6762306a36Sopenharmony_ci 6862306a36Sopenharmony_ci.macro START_NEXT_KERNEL base subcode 6962306a36Sopenharmony_ci lg %r4,kernel_entry-\base(%r13) 7062306a36Sopenharmony_ci lg %r5,load_psw_mask-\base(%r13) 7162306a36Sopenharmony_ci ogr %r4,%r5 7262306a36Sopenharmony_ci stg %r4,0(%r0) 7362306a36Sopenharmony_ci 7462306a36Sopenharmony_ci xgr %r0,%r0 7562306a36Sopenharmony_ci lghi %r1,\subcode 7662306a36Sopenharmony_ci diag %r0,%r1,0x308 7762306a36Sopenharmony_ci.endm 7862306a36Sopenharmony_ci 7962306a36Sopenharmony_ci .text 8062306a36Sopenharmony_ci .balign PAGE_SIZE 8162306a36Sopenharmony_ciSYM_CODE_START(purgatory_start) 8262306a36Sopenharmony_ci /* The purgatory might be called after a diag308 so better set 8362306a36Sopenharmony_ci * architecture and addressing mode. 8462306a36Sopenharmony_ci */ 8562306a36Sopenharmony_ci lhi %r1,1 8662306a36Sopenharmony_ci sigp %r1,%r0,SIGP_SET_ARCHITECTURE 8762306a36Sopenharmony_ci sam64 8862306a36Sopenharmony_ci 8962306a36Sopenharmony_ci larl %r5,gprregs 9062306a36Sopenharmony_ci stmg %r6,%r15,0(%r5) 9162306a36Sopenharmony_ci 9262306a36Sopenharmony_ci basr %r13,0 9362306a36Sopenharmony_ci.base_crash: 9462306a36Sopenharmony_ci 9562306a36Sopenharmony_ci /* Setup stack */ 9662306a36Sopenharmony_ci larl %r15,purgatory_end-STACK_FRAME_OVERHEAD 9762306a36Sopenharmony_ci 9862306a36Sopenharmony_ci /* If the next kernel is KEXEC_TYPE_CRASH the purgatory is called 9962306a36Sopenharmony_ci * directly with a flag passed in %r2 whether the purgatory shall do 10062306a36Sopenharmony_ci * checksum verification only (%r2 = 0 -> verification only). 10162306a36Sopenharmony_ci * 10262306a36Sopenharmony_ci * Check now and preserve over C function call by storing in 10362306a36Sopenharmony_ci * %r10 with 10462306a36Sopenharmony_ci * 1 -> checksum verification only 10562306a36Sopenharmony_ci * 0 -> load new kernel 10662306a36Sopenharmony_ci */ 10762306a36Sopenharmony_ci lghi %r10,0 10862306a36Sopenharmony_ci lg %r11,kernel_type-.base_crash(%r13) 10962306a36Sopenharmony_ci cghi %r11,1 /* KEXEC_TYPE_CRASH */ 11062306a36Sopenharmony_ci jne .do_checksum_verification 11162306a36Sopenharmony_ci cghi %r2,0 /* checksum verification only */ 11262306a36Sopenharmony_ci jne .do_checksum_verification 11362306a36Sopenharmony_ci lghi %r10,1 11462306a36Sopenharmony_ci 11562306a36Sopenharmony_ci.do_checksum_verification: 11662306a36Sopenharmony_ci brasl %r14,verify_sha256_digest 11762306a36Sopenharmony_ci 11862306a36Sopenharmony_ci cghi %r10,1 /* checksum verification only */ 11962306a36Sopenharmony_ci je .return_old_kernel 12062306a36Sopenharmony_ci cghi %r2,0 /* checksum match */ 12162306a36Sopenharmony_ci jne .disabled_wait 12262306a36Sopenharmony_ci 12362306a36Sopenharmony_ci /* If the next kernel is a crash kernel the purgatory has to swap 12462306a36Sopenharmony_ci * the mem regions first. 12562306a36Sopenharmony_ci */ 12662306a36Sopenharmony_ci cghi %r11,1 /* KEXEC_TYPE_CRASH */ 12762306a36Sopenharmony_ci je .start_crash_kernel 12862306a36Sopenharmony_ci 12962306a36Sopenharmony_ci /* start normal kernel */ 13062306a36Sopenharmony_ci START_NEXT_KERNEL .base_crash 0 13162306a36Sopenharmony_ci 13262306a36Sopenharmony_ci.return_old_kernel: 13362306a36Sopenharmony_ci lmg %r6,%r15,gprregs-.base_crash(%r13) 13462306a36Sopenharmony_ci br %r14 13562306a36Sopenharmony_ci 13662306a36Sopenharmony_ci.disabled_wait: 13762306a36Sopenharmony_ci lpswe disabled_wait_psw-.base_crash(%r13) 13862306a36Sopenharmony_ci 13962306a36Sopenharmony_ci.start_crash_kernel: 14062306a36Sopenharmony_ci /* Location of purgatory_start in crash memory */ 14162306a36Sopenharmony_ci larl %r0,.base_crash 14262306a36Sopenharmony_ci larl %r1,purgatory_start 14362306a36Sopenharmony_ci slgr %r0,%r1 14462306a36Sopenharmony_ci lgr %r8,%r13 14562306a36Sopenharmony_ci sgr %r8,%r0 14662306a36Sopenharmony_ci 14762306a36Sopenharmony_ci /* Destination for this code i.e. end of memory to be swapped. */ 14862306a36Sopenharmony_ci larl %r0,purgatory_end 14962306a36Sopenharmony_ci larl %r1,purgatory_start 15062306a36Sopenharmony_ci slgr %r0,%r1 15162306a36Sopenharmony_ci lg %r9,crash_size-.base_crash(%r13) 15262306a36Sopenharmony_ci sgr %r9,%r0 15362306a36Sopenharmony_ci 15462306a36Sopenharmony_ci /* Destination in crash memory, i.e. same as r9 but in crash memory. */ 15562306a36Sopenharmony_ci lg %r10,crash_start-.base_crash(%r13) 15662306a36Sopenharmony_ci agr %r10,%r9 15762306a36Sopenharmony_ci 15862306a36Sopenharmony_ci /* Buffer location (in crash memory) and size. As the purgatory is 15962306a36Sopenharmony_ci * behind the point of no return it can re-use the stack as buffer. 16062306a36Sopenharmony_ci */ 16162306a36Sopenharmony_ci larl %r11,purgatory_end 16262306a36Sopenharmony_ci larl %r12,stack 16362306a36Sopenharmony_ci slgr %r11,%r12 16462306a36Sopenharmony_ci 16562306a36Sopenharmony_ci MEMCPY %r12,%r9,%r11 /* dst -> (crash) buf */ 16662306a36Sopenharmony_ci MEMCPY %r9,%r8,%r11 /* self -> dst */ 16762306a36Sopenharmony_ci 16862306a36Sopenharmony_ci /* Jump to new location. */ 16962306a36Sopenharmony_ci lgr %r7,%r9 17062306a36Sopenharmony_ci larl %r0,.jump_to_dst 17162306a36Sopenharmony_ci larl %r1,purgatory_start 17262306a36Sopenharmony_ci slgr %r0,%r1 17362306a36Sopenharmony_ci agr %r7,%r0 17462306a36Sopenharmony_ci br %r7 17562306a36Sopenharmony_ci 17662306a36Sopenharmony_ci.jump_to_dst: 17762306a36Sopenharmony_ci basr %r13,0 17862306a36Sopenharmony_ci.base_dst: 17962306a36Sopenharmony_ci 18062306a36Sopenharmony_ci /* clear buffer */ 18162306a36Sopenharmony_ci MEMCPY %r12,%r10,%r11 /* (crash) buf -> (crash) dst */ 18262306a36Sopenharmony_ci 18362306a36Sopenharmony_ci /* Load new buffer location after jump */ 18462306a36Sopenharmony_ci larl %r7,stack 18562306a36Sopenharmony_ci lgr %r0,%r7 18662306a36Sopenharmony_ci larl %r1,purgatory_start 18762306a36Sopenharmony_ci slgr %r0,%r1 18862306a36Sopenharmony_ci agr %r10,%r0 18962306a36Sopenharmony_ci MEMCPY %r10,%r7,%r11 /* (new) buf -> (crash) buf */ 19062306a36Sopenharmony_ci 19162306a36Sopenharmony_ci /* Now the code is set up to run from its designated location. Start 19262306a36Sopenharmony_ci * swapping the rest of crash memory now. 19362306a36Sopenharmony_ci * 19462306a36Sopenharmony_ci * The registers will be used as follow: 19562306a36Sopenharmony_ci * 19662306a36Sopenharmony_ci * %r0-%r4 reserved for macros defined above 19762306a36Sopenharmony_ci * %r5-%r6 tmp registers 19862306a36Sopenharmony_ci * %r7 pointer to current struct sha region 19962306a36Sopenharmony_ci * %r8 index to iterate over all sha regions 20062306a36Sopenharmony_ci * %r9 pointer in crash memory 20162306a36Sopenharmony_ci * %r10 pointer in old kernel 20262306a36Sopenharmony_ci * %r11 total size (still) to be moved 20362306a36Sopenharmony_ci * %r12 pointer to buffer 20462306a36Sopenharmony_ci */ 20562306a36Sopenharmony_ci lgr %r12,%r7 20662306a36Sopenharmony_ci lgr %r11,%r9 20762306a36Sopenharmony_ci lghi %r10,0 20862306a36Sopenharmony_ci lg %r9,crash_start-.base_dst(%r13) 20962306a36Sopenharmony_ci lghi %r8,16 /* KEXEC_SEGMENTS_MAX */ 21062306a36Sopenharmony_ci larl %r7,purgatory_sha_regions 21162306a36Sopenharmony_ci 21262306a36Sopenharmony_ci j .loop_first 21362306a36Sopenharmony_ci 21462306a36Sopenharmony_ci /* Loop over all purgatory_sha_regions. */ 21562306a36Sopenharmony_ci.loop_next: 21662306a36Sopenharmony_ci aghi %r8,-1 21762306a36Sopenharmony_ci cghi %r8,0 21862306a36Sopenharmony_ci je .loop_out 21962306a36Sopenharmony_ci 22062306a36Sopenharmony_ci aghi %r7,__KEXEC_SHA_REGION_SIZE 22162306a36Sopenharmony_ci 22262306a36Sopenharmony_ci.loop_first: 22362306a36Sopenharmony_ci lg %r5,__KEXEC_SHA_REGION_START(%r7) 22462306a36Sopenharmony_ci cghi %r5,0 22562306a36Sopenharmony_ci je .loop_next 22662306a36Sopenharmony_ci 22762306a36Sopenharmony_ci /* Copy [end last sha region, start current sha region) */ 22862306a36Sopenharmony_ci /* Note: kexec_sha_region->start points in crash memory */ 22962306a36Sopenharmony_ci sgr %r5,%r9 23062306a36Sopenharmony_ci MEMCPY %r9,%r10,%r5 23162306a36Sopenharmony_ci 23262306a36Sopenharmony_ci agr %r9,%r5 23362306a36Sopenharmony_ci agr %r10,%r5 23462306a36Sopenharmony_ci sgr %r11,%r5 23562306a36Sopenharmony_ci 23662306a36Sopenharmony_ci /* Swap sha region */ 23762306a36Sopenharmony_ci lg %r6,__KEXEC_SHA_REGION_LEN(%r7) 23862306a36Sopenharmony_ci MEMSWAP %r9,%r10,%r12,%r6 23962306a36Sopenharmony_ci sg %r11,__KEXEC_SHA_REGION_LEN(%r7) 24062306a36Sopenharmony_ci j .loop_next 24162306a36Sopenharmony_ci 24262306a36Sopenharmony_ci.loop_out: 24362306a36Sopenharmony_ci /* Copy rest of crash memory */ 24462306a36Sopenharmony_ci MEMCPY %r9,%r10,%r11 24562306a36Sopenharmony_ci 24662306a36Sopenharmony_ci /* start crash kernel */ 24762306a36Sopenharmony_ci START_NEXT_KERNEL .base_dst 1 24862306a36Sopenharmony_ciSYM_CODE_END(purgatory_start) 24962306a36Sopenharmony_ci 25062306a36Sopenharmony_ciSYM_DATA_LOCAL(load_psw_mask, .long 0x00080000,0x80000000) 25162306a36Sopenharmony_ci .balign 8 25262306a36Sopenharmony_ciSYM_DATA_LOCAL(disabled_wait_psw, .quad 0x0002000180000000,.do_checksum_verification) 25362306a36Sopenharmony_ciSYM_DATA_LOCAL(gprregs, .fill 10,8,0) 25462306a36Sopenharmony_ciSYM_DATA(purgatory_sha256_digest, .skip 32) 25562306a36Sopenharmony_ciSYM_DATA(purgatory_sha_regions, .skip 16*__KEXEC_SHA_REGION_SIZE) 25662306a36Sopenharmony_ciSYM_DATA(kernel_entry, .skip 8) 25762306a36Sopenharmony_ciSYM_DATA(kernel_type, .skip 8) 25862306a36Sopenharmony_ciSYM_DATA(crash_start, .skip 8) 25962306a36Sopenharmony_ciSYM_DATA(crash_size, .skip 8) 26062306a36Sopenharmony_ci .balign PAGE_SIZE 26162306a36Sopenharmony_ciSYM_DATA_START_LOCAL(stack) 26262306a36Sopenharmony_ci /* The buffer to move this code must be as big as the code. */ 26362306a36Sopenharmony_ci .skip stack-purgatory_start 26462306a36Sopenharmony_ci .balign PAGE_SIZE 26562306a36Sopenharmony_ciSYM_DATA_END_LABEL(stack, SYM_L_LOCAL, purgatory_end) 266