Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 196d7e7c authored by Russell King's avatar Russell King Committed by Greg Kroah-Hartman
Browse files

ARM: kexec: fix oops after TLB are invalidated 



[ Upstream commit 4d62e81b60d4025e2dfcd5ea531cc1394ce9226f ]

Giancarlo Ferrari reports the following oops while trying to use kexec:

 Unable to handle kernel paging request at virtual address 80112f38
 pgd = fd7ef03e
 [80112f38] *pgd=0001141e(bad)
 Internal error: Oops: 80d [#1] PREEMPT SMP ARM
 ...

This is caused by machine_kexec() trying to set the kernel text to be
read/write, so it can poke values into the relocation code before
copying it - and an interrupt occuring which changes the page tables.
The subsequent writes then hit read-only sections that trigger a
data abort resulting in the above oops.

Fix this by copying the relocation code, and then writing the variables
into the destination, thereby avoiding the need to make the kernel text
read/write.

Reported-by: default avatarGiancarlo Ferrari <giancarlo.ferrari89@gmail.com>
Tested-by: default avatarGiancarlo Ferrari <giancarlo.ferrari89@gmail.com>
Signed-off-by: default avatarRussell King <rmk+kernel@armlinux.org.uk>
Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
parent 80ef523d

arch/arm/include/asm/kexec-internal.h

0 → 100644
+12 −0
Original line number Diff line number Diff line 
/* SPDX-License-Identifier: GPL-2.0 */

#ifndef _ARM_KEXEC_INTERNAL_H

#define _ARM_KEXEC_INTERNAL_H



struct kexec_relocate_data {

	unsigned long kexec_start_address;

	unsigned long kexec_indirection_page;

	unsigned long kexec_mach_type;

	unsigned long kexec_r2;

};



#endif

arch/arm/kernel/asm-offsets.c

+5 −0
Original line number Diff line number Diff line
@@ -18,6 +18,7 @@ 
#include <linux/kvm_host.h>

#endif

#include <asm/cacheflush.h>

#include <asm/kexec-internal.h>

#include <asm/glue-df.h>

#include <asm/glue-pf.h>

#include <asm/mach/arch.h>
@@ -189,5 +190,9 @@ int main(void) 
  DEFINE(MPU_RGN_PRBAR,	offsetof(struct mpu_rgn, prbar));

  DEFINE(MPU_RGN_PRLAR,	offsetof(struct mpu_rgn, prlar));

#endif

  DEFINE(KEXEC_START_ADDR,	offsetof(struct kexec_relocate_data, kexec_start_address));

  DEFINE(KEXEC_INDIR_PAGE,	offsetof(struct kexec_relocate_data, kexec_indirection_page));

  DEFINE(KEXEC_MACH_TYPE,	offsetof(struct kexec_relocate_data, kexec_mach_type));

  DEFINE(KEXEC_R2,		offsetof(struct kexec_relocate_data, kexec_r2));

  return 0; 

}

arch/arm/kernel/machine_kexec.c

+8 −12
Original line number Diff line number Diff line
@@ -15,6 +15,7 @@ 
#include <asm/pgalloc.h>

#include <asm/mmu_context.h>

#include <asm/cacheflush.h>

#include <asm/kexec-internal.h>

#include <asm/fncpy.h>

#include <asm/mach-types.h>

#include <asm/smp_plat.h>
@@ -24,11 +25,6 @@ 
extern void relocate_new_kernel(void);

extern const unsigned int relocate_new_kernel_size;



extern unsigned long kexec_start_address;

extern unsigned long kexec_indirection_page;

extern unsigned long kexec_mach_type;

extern unsigned long kexec_boot_atags;



static atomic_t waiting_for_crash_ipi;



/*
@@ -161,6 +157,7 @@ void (*kexec_reinit)(void); 
void machine_kexec(struct kimage *image)

{

	unsigned long page_list, reboot_entry_phys;

	struct kexec_relocate_data *data;

	void (*reboot_entry)(void);

	void *reboot_code_buffer;
@@ -176,18 +173,17 @@ void machine_kexec(struct kimage *image) 


	reboot_code_buffer = page_address(image->control_code_page);



	/* Prepare parameters for reboot_code_buffer*/

	set_kernel_text_rw();

	kexec_start_address = image->start;

	kexec_indirection_page = page_list;

	kexec_mach_type = machine_arch_type;

	kexec_boot_atags = image->arch.kernel_r2;



	/* copy our kernel relocation code to the control code page */

	reboot_entry = fncpy(reboot_code_buffer,

			     &relocate_new_kernel,

			     relocate_new_kernel_size);



	data = reboot_code_buffer + relocate_new_kernel_size;

	data->kexec_start_address = image->start;

	data->kexec_indirection_page = page_list;

	data->kexec_mach_type = machine_arch_type;

	data->kexec_r2 = image->arch.kernel_r2;



	/* get the identity mapping physical address for the reboot code */

	reboot_entry_phys = virt_to_idmap(reboot_entry);

arch/arm/kernel/relocate_kernel.S

+11 −27
Original line number Diff line number Diff line
@@ -5,14 +5,16 @@ 


#include <linux/linkage.h>

#include <asm/assembler.h>

#include <asm/asm-offsets.h>

#include <asm/kexec.h>



	.align	3	/* not needed for this code, but keeps fncpy() happy */



ENTRY(relocate_new_kernel)



	ldr	r0,kexec_indirection_page

	ldr	r1,kexec_start_address

	adr	r7, relocate_new_kernel_end

	ldr	r0, [r7, #KEXEC_INDIR_PAGE]

	ldr	r1, [r7, #KEXEC_START_ADDR]



	/*

	 * If there is no indirection page (we are doing crashdumps)
@@ -59,32 +61,14 @@ ENTRY(relocate_new_kernel) 
	/* Jump to relocated kernel */

	mov	lr, r1

	mov	r0, #0

	ldr r1,kexec_mach_type

	ldr r2,kexec_boot_atags

	ldr	r1, [r7, #KEXEC_MACH_TYPE]

	ldr	r2, [r7, #KEXEC_R2]

 ARM(	ret	lr	)

 THUMB(	bx	lr	)



	.align



	.globl kexec_start_address

kexec_start_address:

	.long	0x0



	.globl kexec_indirection_page

kexec_indirection_page:

	.long	0x0



	.globl kexec_mach_type

kexec_mach_type:

	.long	0x0



	/* phy addr of the atags for the new kernel */

	.globl kexec_boot_atags

kexec_boot_atags:

	.long	0x0



ENDPROC(relocate_new_kernel)



	.align	3

relocate_new_kernel_end:



	.globl relocate_new_kernel_size