1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * kexec_handover.c - kexec handover metadata processing
4 * Copyright (C) 2023 Alexander Graf <graf@amazon.com>
5 * Copyright (C) 2025 Microsoft Corporation, Mike Rapoport <rppt@kernel.org>
6 * Copyright (C) 2025 Google LLC, Changyuan Lyu <changyuanl@google.com>
7 * Copyright (C) 2025 Pasha Tatashin <pasha.tatashin@soleen.com>
8 */
9
10 #define pr_fmt(fmt) "KHO: " fmt
11
12 #include <linux/cleanup.h>
13 #include <linux/cma.h>
14 #include <linux/kmemleak.h>
15 #include <linux/count_zeros.h>
16 #include <linux/kexec.h>
17 #include <linux/kexec_handover.h>
18 #include <linux/kho/abi/kexec_handover.h>
19 #include <linux/libfdt.h>
20 #include <linux/list.h>
21 #include <linux/memblock.h>
22 #include <linux/page-isolation.h>
23 #include <linux/unaligned.h>
24 #include <linux/vmalloc.h>
25
26 #include <asm/early_ioremap.h>
27
28 /*
29 * KHO is tightly coupled with mm init and needs access to some of mm
30 * internal APIs.
31 */
32 #include "../../mm/internal.h"
33 #include "../kexec_internal.h"
34 #include "kexec_handover_internal.h"
35
36 /* The magic token for preserved pages */
37 #define KHO_PAGE_MAGIC 0x4b484f50U /* ASCII for 'KHOP' */
38
39 /*
40 * KHO uses page->private, which is an unsigned long, to store page metadata.
41 * Use it to store both the magic and the order.
42 */
43 union kho_page_info {
44 unsigned long page_private;
45 struct {
46 unsigned int order;
47 unsigned int magic;
48 };
49 };
50
51 static_assert(sizeof(union kho_page_info) == sizeof(((struct page *)0)->private));
52
53 static bool kho_enable __ro_after_init = IS_ENABLED(CONFIG_KEXEC_HANDOVER_ENABLE_DEFAULT);
54
kho_is_enabled(void)55 bool kho_is_enabled(void)
56 {
57 return kho_enable;
58 }
59 EXPORT_SYMBOL_GPL(kho_is_enabled);
60
kho_parse_enable(char * p)61 static int __init kho_parse_enable(char *p)
62 {
63 return kstrtobool(p, &kho_enable);
64 }
65 early_param("kho", kho_parse_enable);
66
67 /*
68 * Keep track of memory that is to be preserved across KHO.
69 *
70 * The serializing side uses two levels of xarrays to manage chunks of per-order
71 * PAGE_SIZE byte bitmaps. For instance if PAGE_SIZE = 4096, the entire 1G order
72 * of a 8TB system would fit inside a single 4096 byte bitmap. For order 0
73 * allocations each bitmap will cover 128M of address space. Thus, for 16G of
74 * memory at most 512K of bitmap memory will be needed for order 0.
75 *
76 * This approach is fully incremental, as the serialization progresses folios
77 * can continue be aggregated to the tracker. The final step, immediately prior
78 * to kexec would serialize the xarray information into a linked list for the
79 * successor kernel to parse.
80 */
81
82 #define PRESERVE_BITS (PAGE_SIZE * 8)
83
84 struct kho_mem_phys_bits {
85 DECLARE_BITMAP(preserve, PRESERVE_BITS);
86 };
87
88 static_assert(sizeof(struct kho_mem_phys_bits) == PAGE_SIZE);
89
90 struct kho_mem_phys {
91 /*
92 * Points to kho_mem_phys_bits, a sparse bitmap array. Each bit is sized
93 * to order.
94 */
95 struct xarray phys_bits;
96 };
97
98 struct kho_mem_track {
99 /* Points to kho_mem_phys, each order gets its own bitmap tree */
100 struct xarray orders;
101 };
102
103 struct khoser_mem_chunk;
104
105 struct kho_out {
106 void *fdt;
107 bool finalized;
108 struct mutex lock; /* protects KHO FDT finalization */
109
110 struct kho_mem_track track;
111 struct kho_debugfs dbg;
112 };
113
114 static struct kho_out kho_out = {
115 .lock = __MUTEX_INITIALIZER(kho_out.lock),
116 .track = {
117 .orders = XARRAY_INIT(kho_out.track.orders, 0),
118 },
119 .finalized = false,
120 };
121
xa_load_or_alloc(struct xarray * xa,unsigned long index)122 static void *xa_load_or_alloc(struct xarray *xa, unsigned long index)
123 {
124 void *res = xa_load(xa, index);
125
126 if (res)
127 return res;
128
129 void *elm __free(free_page) = (void *)get_zeroed_page(GFP_KERNEL);
130
131 if (!elm)
132 return ERR_PTR(-ENOMEM);
133
134 if (WARN_ON(kho_scratch_overlap(virt_to_phys(elm), PAGE_SIZE)))
135 return ERR_PTR(-EINVAL);
136
137 res = xa_cmpxchg(xa, index, NULL, elm, GFP_KERNEL);
138 if (xa_is_err(res))
139 return ERR_PTR(xa_err(res));
140 else if (res)
141 return res;
142
143 return no_free_ptr(elm);
144 }
145
__kho_unpreserve_order(struct kho_mem_track * track,unsigned long pfn,unsigned int order)146 static void __kho_unpreserve_order(struct kho_mem_track *track, unsigned long pfn,
147 unsigned int order)
148 {
149 struct kho_mem_phys_bits *bits;
150 struct kho_mem_phys *physxa;
151 const unsigned long pfn_high = pfn >> order;
152
153 physxa = xa_load(&track->orders, order);
154 if (WARN_ON_ONCE(!physxa))
155 return;
156
157 bits = xa_load(&physxa->phys_bits, pfn_high / PRESERVE_BITS);
158 if (WARN_ON_ONCE(!bits))
159 return;
160
161 clear_bit(pfn_high % PRESERVE_BITS, bits->preserve);
162 }
163
__kho_unpreserve(struct kho_mem_track * track,unsigned long pfn,unsigned long end_pfn)164 static void __kho_unpreserve(struct kho_mem_track *track, unsigned long pfn,
165 unsigned long end_pfn)
166 {
167 unsigned int order;
168
169 while (pfn < end_pfn) {
170 order = min(count_trailing_zeros(pfn), ilog2(end_pfn - pfn));
171
172 __kho_unpreserve_order(track, pfn, order);
173
174 pfn += 1 << order;
175 }
176 }
177
__kho_preserve_order(struct kho_mem_track * track,unsigned long pfn,unsigned int order)178 static int __kho_preserve_order(struct kho_mem_track *track, unsigned long pfn,
179 unsigned int order)
180 {
181 struct kho_mem_phys_bits *bits;
182 struct kho_mem_phys *physxa, *new_physxa;
183 const unsigned long pfn_high = pfn >> order;
184
185 might_sleep();
186 physxa = xa_load(&track->orders, order);
187 if (!physxa) {
188 int err;
189
190 new_physxa = kzalloc_obj(*physxa, GFP_KERNEL);
191 if (!new_physxa)
192 return -ENOMEM;
193
194 xa_init(&new_physxa->phys_bits);
195 physxa = xa_cmpxchg(&track->orders, order, NULL, new_physxa,
196 GFP_KERNEL);
197
198 err = xa_err(physxa);
199 if (err || physxa) {
200 xa_destroy(&new_physxa->phys_bits);
201 kfree(new_physxa);
202
203 if (err)
204 return err;
205 } else {
206 physxa = new_physxa;
207 }
208 }
209
210 bits = xa_load_or_alloc(&physxa->phys_bits, pfn_high / PRESERVE_BITS);
211 if (IS_ERR(bits))
212 return PTR_ERR(bits);
213
214 set_bit(pfn_high % PRESERVE_BITS, bits->preserve);
215
216 return 0;
217 }
218
219 /* For physically contiguous 0-order pages. */
kho_init_pages(struct page * page,unsigned long nr_pages)220 static void kho_init_pages(struct page *page, unsigned long nr_pages)
221 {
222 for (unsigned long i = 0; i < nr_pages; i++)
223 set_page_count(page + i, 1);
224 }
225
kho_init_folio(struct page * page,unsigned int order)226 static void kho_init_folio(struct page *page, unsigned int order)
227 {
228 unsigned long nr_pages = (1 << order);
229
230 /* Head page gets refcount of 1. */
231 set_page_count(page, 1);
232
233 /* For higher order folios, tail pages get a page count of zero. */
234 for (unsigned long i = 1; i < nr_pages; i++)
235 set_page_count(page + i, 0);
236
237 if (order > 0)
238 prep_compound_page(page, order);
239 }
240
kho_restore_page(phys_addr_t phys,bool is_folio)241 static struct page *kho_restore_page(phys_addr_t phys, bool is_folio)
242 {
243 struct page *page = pfn_to_online_page(PHYS_PFN(phys));
244 unsigned long nr_pages;
245 union kho_page_info info;
246
247 if (!page)
248 return NULL;
249
250 info.page_private = page->private;
251 /*
252 * deserialize_bitmap() only sets the magic on the head page. This magic
253 * check also implicitly makes sure phys is order-aligned since for
254 * non-order-aligned phys addresses, magic will never be set.
255 */
256 if (WARN_ON_ONCE(info.magic != KHO_PAGE_MAGIC || info.order > MAX_PAGE_ORDER))
257 return NULL;
258 nr_pages = (1 << info.order);
259
260 /* Clear private to make sure later restores on this page error out. */
261 page->private = 0;
262
263 if (is_folio)
264 kho_init_folio(page, info.order);
265 else
266 kho_init_pages(page, nr_pages);
267
268 /* Always mark headpage's codetag as empty to avoid accounting mismatch */
269 clear_page_tag_ref(page);
270 if (!is_folio) {
271 /* Also do that for the non-compound tail pages */
272 for (unsigned int i = 1; i < nr_pages; i++)
273 clear_page_tag_ref(page + i);
274 }
275
276 adjust_managed_page_count(page, nr_pages);
277 return page;
278 }
279
280 /**
281 * kho_restore_folio - recreates the folio from the preserved memory.
282 * @phys: physical address of the folio.
283 *
284 * Return: pointer to the struct folio on success, NULL on failure.
285 */
kho_restore_folio(phys_addr_t phys)286 struct folio *kho_restore_folio(phys_addr_t phys)
287 {
288 struct page *page = kho_restore_page(phys, true);
289
290 return page ? page_folio(page) : NULL;
291 }
292 EXPORT_SYMBOL_GPL(kho_restore_folio);
293
294 /**
295 * kho_restore_pages - restore list of contiguous order 0 pages.
296 * @phys: physical address of the first page.
297 * @nr_pages: number of pages.
298 *
299 * Restore a contiguous list of order 0 pages that was preserved with
300 * kho_preserve_pages().
301 *
302 * Return: the first page on success, NULL on failure.
303 */
kho_restore_pages(phys_addr_t phys,unsigned long nr_pages)304 struct page *kho_restore_pages(phys_addr_t phys, unsigned long nr_pages)
305 {
306 const unsigned long start_pfn = PHYS_PFN(phys);
307 const unsigned long end_pfn = start_pfn + nr_pages;
308 unsigned long pfn = start_pfn;
309
310 while (pfn < end_pfn) {
311 const unsigned int order =
312 min(count_trailing_zeros(pfn), ilog2(end_pfn - pfn));
313 struct page *page = kho_restore_page(PFN_PHYS(pfn), false);
314
315 if (!page)
316 return NULL;
317 pfn += 1 << order;
318 }
319
320 return pfn_to_page(start_pfn);
321 }
322 EXPORT_SYMBOL_GPL(kho_restore_pages);
323
324 /* Serialize and deserialize struct kho_mem_phys across kexec
325 *
326 * Record all the bitmaps in a linked list of pages for the next kernel to
327 * process. Each chunk holds bitmaps of the same order and each block of bitmaps
328 * starts at a given physical address. This allows the bitmaps to be sparse. The
329 * xarray is used to store them in a tree while building up the data structure,
330 * but the KHO successor kernel only needs to process them once in order.
331 *
332 * All of this memory is normal kmalloc() memory and is not marked for
333 * preservation. The successor kernel will remain isolated to the scratch space
334 * until it completes processing this list. Once processed all the memory
335 * storing these ranges will be marked as free.
336 */
337
338 struct khoser_mem_bitmap_ptr {
339 phys_addr_t phys_start;
340 DECLARE_KHOSER_PTR(bitmap, struct kho_mem_phys_bits *);
341 };
342
343 struct khoser_mem_chunk_hdr {
344 DECLARE_KHOSER_PTR(next, struct khoser_mem_chunk *);
345 unsigned int order;
346 unsigned int num_elms;
347 };
348
349 #define KHOSER_BITMAP_SIZE \
350 ((PAGE_SIZE - sizeof(struct khoser_mem_chunk_hdr)) / \
351 sizeof(struct khoser_mem_bitmap_ptr))
352
353 struct khoser_mem_chunk {
354 struct khoser_mem_chunk_hdr hdr;
355 struct khoser_mem_bitmap_ptr bitmaps[KHOSER_BITMAP_SIZE];
356 };
357
358 static_assert(sizeof(struct khoser_mem_chunk) == PAGE_SIZE);
359
new_chunk(struct khoser_mem_chunk * cur_chunk,unsigned long order)360 static struct khoser_mem_chunk *new_chunk(struct khoser_mem_chunk *cur_chunk,
361 unsigned long order)
362 {
363 struct khoser_mem_chunk *chunk __free(free_page) = NULL;
364
365 chunk = (void *)get_zeroed_page(GFP_KERNEL);
366 if (!chunk)
367 return ERR_PTR(-ENOMEM);
368
369 if (WARN_ON(kho_scratch_overlap(virt_to_phys(chunk), PAGE_SIZE)))
370 return ERR_PTR(-EINVAL);
371
372 chunk->hdr.order = order;
373 if (cur_chunk)
374 KHOSER_STORE_PTR(cur_chunk->hdr.next, chunk);
375 return no_free_ptr(chunk);
376 }
377
kho_mem_ser_free(struct khoser_mem_chunk * first_chunk)378 static void kho_mem_ser_free(struct khoser_mem_chunk *first_chunk)
379 {
380 struct khoser_mem_chunk *chunk = first_chunk;
381
382 while (chunk) {
383 struct khoser_mem_chunk *tmp = chunk;
384
385 chunk = KHOSER_LOAD_PTR(chunk->hdr.next);
386 free_page((unsigned long)tmp);
387 }
388 }
389
390 /*
391 * Update memory map property, if old one is found discard it via
392 * kho_mem_ser_free().
393 */
kho_update_memory_map(struct khoser_mem_chunk * first_chunk)394 static void kho_update_memory_map(struct khoser_mem_chunk *first_chunk)
395 {
396 void *ptr;
397 u64 phys;
398
399 ptr = fdt_getprop_w(kho_out.fdt, 0, KHO_FDT_MEMORY_MAP_PROP_NAME, NULL);
400
401 /* Check and discard previous memory map */
402 phys = get_unaligned((u64 *)ptr);
403 if (phys)
404 kho_mem_ser_free((struct khoser_mem_chunk *)phys_to_virt(phys));
405
406 /* Update with the new value */
407 phys = first_chunk ? (u64)virt_to_phys(first_chunk) : 0;
408 put_unaligned(phys, (u64 *)ptr);
409 }
410
kho_mem_serialize(struct kho_out * kho_out)411 static int kho_mem_serialize(struct kho_out *kho_out)
412 {
413 struct khoser_mem_chunk *first_chunk = NULL;
414 struct khoser_mem_chunk *chunk = NULL;
415 struct kho_mem_phys *physxa;
416 unsigned long order;
417 int err = -ENOMEM;
418
419 xa_for_each(&kho_out->track.orders, order, physxa) {
420 struct kho_mem_phys_bits *bits;
421 unsigned long phys;
422
423 chunk = new_chunk(chunk, order);
424 if (IS_ERR(chunk)) {
425 err = PTR_ERR(chunk);
426 goto err_free;
427 }
428
429 if (!first_chunk)
430 first_chunk = chunk;
431
432 xa_for_each(&physxa->phys_bits, phys, bits) {
433 struct khoser_mem_bitmap_ptr *elm;
434
435 if (chunk->hdr.num_elms == ARRAY_SIZE(chunk->bitmaps)) {
436 chunk = new_chunk(chunk, order);
437 if (IS_ERR(chunk)) {
438 err = PTR_ERR(chunk);
439 goto err_free;
440 }
441 }
442
443 elm = &chunk->bitmaps[chunk->hdr.num_elms];
444 chunk->hdr.num_elms++;
445 elm->phys_start = (phys * PRESERVE_BITS)
446 << (order + PAGE_SHIFT);
447 KHOSER_STORE_PTR(elm->bitmap, bits);
448 }
449 }
450
451 kho_update_memory_map(first_chunk);
452
453 return 0;
454
455 err_free:
456 kho_mem_ser_free(first_chunk);
457 return err;
458 }
459
deserialize_bitmap(unsigned int order,struct khoser_mem_bitmap_ptr * elm)460 static void __init deserialize_bitmap(unsigned int order,
461 struct khoser_mem_bitmap_ptr *elm)
462 {
463 struct kho_mem_phys_bits *bitmap = KHOSER_LOAD_PTR(elm->bitmap);
464 unsigned long bit;
465
466 for_each_set_bit(bit, bitmap->preserve, PRESERVE_BITS) {
467 int sz = 1 << (order + PAGE_SHIFT);
468 phys_addr_t phys =
469 elm->phys_start + (bit << (order + PAGE_SHIFT));
470 struct page *page = phys_to_page(phys);
471 union kho_page_info info;
472
473 memblock_reserve(phys, sz);
474 memblock_reserved_mark_noinit(phys, sz);
475 info.magic = KHO_PAGE_MAGIC;
476 info.order = order;
477 page->private = info.page_private;
478 }
479 }
480
481 /* Returns physical address of the preserved memory map from FDT */
kho_get_mem_map_phys(const void * fdt)482 static phys_addr_t __init kho_get_mem_map_phys(const void *fdt)
483 {
484 const void *mem_ptr;
485 int len;
486
487 mem_ptr = fdt_getprop(fdt, 0, KHO_FDT_MEMORY_MAP_PROP_NAME, &len);
488 if (!mem_ptr || len != sizeof(u64)) {
489 pr_err("failed to get preserved memory bitmaps\n");
490 return 0;
491 }
492
493 return get_unaligned((const u64 *)mem_ptr);
494 }
495
kho_mem_deserialize(struct khoser_mem_chunk * chunk)496 static void __init kho_mem_deserialize(struct khoser_mem_chunk *chunk)
497 {
498 while (chunk) {
499 unsigned int i;
500
501 for (i = 0; i != chunk->hdr.num_elms; i++)
502 deserialize_bitmap(chunk->hdr.order,
503 &chunk->bitmaps[i]);
504 chunk = KHOSER_LOAD_PTR(chunk->hdr.next);
505 }
506 }
507
508 /*
509 * With KHO enabled, memory can become fragmented because KHO regions may
510 * be anywhere in physical address space. The scratch regions give us a
511 * safe zones that we will never see KHO allocations from. This is where we
512 * can later safely load our new kexec images into and then use the scratch
513 * area for early allocations that happen before page allocator is
514 * initialized.
515 */
516 struct kho_scratch *kho_scratch;
517 unsigned int kho_scratch_cnt;
518
519 /*
520 * The scratch areas are scaled by default as percent of memory allocated from
521 * memblock. A user can override the scale with command line parameter:
522 *
523 * kho_scratch=N%
524 *
525 * It is also possible to explicitly define size for a lowmem, a global and
526 * per-node scratch areas:
527 *
528 * kho_scratch=l[KMG],n[KMG],m[KMG]
529 *
530 * The explicit size definition takes precedence over scale definition.
531 */
532 static unsigned int scratch_scale __initdata = 200;
533 static phys_addr_t scratch_size_global __initdata;
534 static phys_addr_t scratch_size_pernode __initdata;
535 static phys_addr_t scratch_size_lowmem __initdata;
536
kho_parse_scratch_size(char * p)537 static int __init kho_parse_scratch_size(char *p)
538 {
539 size_t len;
540 unsigned long sizes[3];
541 size_t total_size = 0;
542 int i;
543
544 if (!p)
545 return -EINVAL;
546
547 len = strlen(p);
548 if (!len)
549 return -EINVAL;
550
551 /* parse nn% */
552 if (p[len - 1] == '%') {
553 /* unsigned int max is 4,294,967,295, 10 chars */
554 char s_scale[11] = {};
555 int ret = 0;
556
557 if (len > ARRAY_SIZE(s_scale))
558 return -EINVAL;
559
560 memcpy(s_scale, p, len - 1);
561 ret = kstrtouint(s_scale, 10, &scratch_scale);
562 if (!ret)
563 pr_notice("scratch scale is %d%%\n", scratch_scale);
564 return ret;
565 }
566
567 /* parse ll[KMG],mm[KMG],nn[KMG] */
568 for (i = 0; i < ARRAY_SIZE(sizes); i++) {
569 char *endp = p;
570
571 if (i > 0) {
572 if (*p != ',')
573 return -EINVAL;
574 p += 1;
575 }
576
577 sizes[i] = memparse(p, &endp);
578 if (endp == p)
579 return -EINVAL;
580 p = endp;
581 total_size += sizes[i];
582 }
583
584 if (!total_size)
585 return -EINVAL;
586
587 /* The string should be fully consumed by now. */
588 if (*p)
589 return -EINVAL;
590
591 scratch_size_lowmem = sizes[0];
592 scratch_size_global = sizes[1];
593 scratch_size_pernode = sizes[2];
594 scratch_scale = 0;
595
596 pr_notice("scratch areas: lowmem: %lluMiB global: %lluMiB pernode: %lldMiB\n",
597 (u64)(scratch_size_lowmem >> 20),
598 (u64)(scratch_size_global >> 20),
599 (u64)(scratch_size_pernode >> 20));
600
601 return 0;
602 }
603 early_param("kho_scratch", kho_parse_scratch_size);
604
scratch_size_update(void)605 static void __init scratch_size_update(void)
606 {
607 phys_addr_t size;
608
609 if (!scratch_scale)
610 return;
611
612 size = memblock_reserved_kern_size(ARCH_LOW_ADDRESS_LIMIT,
613 NUMA_NO_NODE);
614 size = size * scratch_scale / 100;
615 scratch_size_lowmem = round_up(size, CMA_MIN_ALIGNMENT_BYTES);
616
617 size = memblock_reserved_kern_size(MEMBLOCK_ALLOC_ANYWHERE,
618 NUMA_NO_NODE);
619 size = size * scratch_scale / 100 - scratch_size_lowmem;
620 scratch_size_global = round_up(size, CMA_MIN_ALIGNMENT_BYTES);
621 }
622
scratch_size_node(int nid)623 static phys_addr_t __init scratch_size_node(int nid)
624 {
625 phys_addr_t size;
626
627 if (scratch_scale) {
628 size = memblock_reserved_kern_size(MEMBLOCK_ALLOC_ANYWHERE,
629 nid);
630 size = size * scratch_scale / 100;
631 } else {
632 size = scratch_size_pernode;
633 }
634
635 return round_up(size, CMA_MIN_ALIGNMENT_BYTES);
636 }
637
638 /**
639 * kho_reserve_scratch - Reserve a contiguous chunk of memory for kexec
640 *
641 * With KHO we can preserve arbitrary pages in the system. To ensure we still
642 * have a large contiguous region of memory when we search the physical address
643 * space for target memory, let's make sure we always have a large CMA region
644 * active. This CMA region will only be used for movable pages which are not a
645 * problem for us during KHO because we can just move them somewhere else.
646 */
kho_reserve_scratch(void)647 static void __init kho_reserve_scratch(void)
648 {
649 phys_addr_t addr, size;
650 int nid, i = 0;
651
652 if (!kho_enable)
653 return;
654
655 scratch_size_update();
656
657 /* FIXME: deal with node hot-plug/remove */
658 kho_scratch_cnt = nodes_weight(node_states[N_MEMORY]) + 2;
659 size = kho_scratch_cnt * sizeof(*kho_scratch);
660 kho_scratch = memblock_alloc(size, PAGE_SIZE);
661 if (!kho_scratch) {
662 pr_err("Failed to reserve scratch array\n");
663 goto err_disable_kho;
664 }
665
666 /*
667 * reserve scratch area in low memory for lowmem allocations in the
668 * next kernel
669 */
670 size = scratch_size_lowmem;
671 addr = memblock_phys_alloc_range(size, CMA_MIN_ALIGNMENT_BYTES, 0,
672 ARCH_LOW_ADDRESS_LIMIT);
673 if (!addr) {
674 pr_err("Failed to reserve lowmem scratch buffer\n");
675 goto err_free_scratch_desc;
676 }
677
678 kho_scratch[i].addr = addr;
679 kho_scratch[i].size = size;
680 i++;
681
682 /* reserve large contiguous area for allocations without nid */
683 size = scratch_size_global;
684 addr = memblock_phys_alloc(size, CMA_MIN_ALIGNMENT_BYTES);
685 if (!addr) {
686 pr_err("Failed to reserve global scratch buffer\n");
687 goto err_free_scratch_areas;
688 }
689
690 kho_scratch[i].addr = addr;
691 kho_scratch[i].size = size;
692 i++;
693
694 /*
695 * Loop over nodes that have both memory and are online. Skip
696 * memoryless nodes, as we can not allocate scratch areas there.
697 */
698 for_each_node_state(nid, N_MEMORY) {
699 size = scratch_size_node(nid);
700 addr = memblock_alloc_range_nid(size, CMA_MIN_ALIGNMENT_BYTES,
701 0, MEMBLOCK_ALLOC_ACCESSIBLE,
702 nid, true);
703 if (!addr) {
704 pr_err("Failed to reserve nid %d scratch buffer\n", nid);
705 goto err_free_scratch_areas;
706 }
707
708 kho_scratch[i].addr = addr;
709 kho_scratch[i].size = size;
710 i++;
711 }
712
713 return;
714
715 err_free_scratch_areas:
716 for (i--; i >= 0; i--)
717 memblock_phys_free(kho_scratch[i].addr, kho_scratch[i].size);
718 err_free_scratch_desc:
719 memblock_free(kho_scratch, kho_scratch_cnt * sizeof(*kho_scratch));
720 err_disable_kho:
721 pr_warn("Failed to reserve scratch area, disabling kexec handover\n");
722 kho_enable = false;
723 }
724
725 /**
726 * kho_add_subtree - record the physical address of a sub FDT in KHO root tree.
727 * @name: name of the sub tree.
728 * @fdt: the sub tree blob.
729 *
730 * Creates a new child node named @name in KHO root FDT and records
731 * the physical address of @fdt. The pages of @fdt must also be preserved
732 * by KHO for the new kernel to retrieve it after kexec.
733 *
734 * A debugfs blob entry is also created at
735 * ``/sys/kernel/debug/kho/out/sub_fdts/@name`` when kernel is configured with
736 * CONFIG_KEXEC_HANDOVER_DEBUGFS
737 *
738 * Return: 0 on success, error code on failure
739 */
kho_add_subtree(const char * name,void * fdt)740 int kho_add_subtree(const char *name, void *fdt)
741 {
742 phys_addr_t phys = virt_to_phys(fdt);
743 void *root_fdt = kho_out.fdt;
744 int err = -ENOMEM;
745 int off, fdt_err;
746
747 guard(mutex)(&kho_out.lock);
748
749 fdt_err = fdt_open_into(root_fdt, root_fdt, PAGE_SIZE);
750 if (fdt_err < 0)
751 return err;
752
753 off = fdt_add_subnode(root_fdt, 0, name);
754 if (off < 0) {
755 if (off == -FDT_ERR_EXISTS)
756 err = -EEXIST;
757 goto out_pack;
758 }
759
760 err = fdt_setprop(root_fdt, off, KHO_FDT_SUB_TREE_PROP_NAME,
761 &phys, sizeof(phys));
762 if (err < 0)
763 goto out_pack;
764
765 WARN_ON_ONCE(kho_debugfs_fdt_add(&kho_out.dbg, name, fdt, false));
766
767 out_pack:
768 fdt_pack(root_fdt);
769
770 return err;
771 }
772 EXPORT_SYMBOL_GPL(kho_add_subtree);
773
kho_remove_subtree(void * fdt)774 void kho_remove_subtree(void *fdt)
775 {
776 phys_addr_t target_phys = virt_to_phys(fdt);
777 void *root_fdt = kho_out.fdt;
778 int off;
779 int err;
780
781 guard(mutex)(&kho_out.lock);
782
783 err = fdt_open_into(root_fdt, root_fdt, PAGE_SIZE);
784 if (err < 0)
785 return;
786
787 for (off = fdt_first_subnode(root_fdt, 0); off >= 0;
788 off = fdt_next_subnode(root_fdt, off)) {
789 const u64 *val;
790 int len;
791
792 val = fdt_getprop(root_fdt, off, KHO_FDT_SUB_TREE_PROP_NAME, &len);
793 if (!val || len != sizeof(phys_addr_t))
794 continue;
795
796 if ((phys_addr_t)*val == target_phys) {
797 fdt_del_node(root_fdt, off);
798 kho_debugfs_fdt_remove(&kho_out.dbg, fdt);
799 break;
800 }
801 }
802
803 fdt_pack(root_fdt);
804 }
805 EXPORT_SYMBOL_GPL(kho_remove_subtree);
806
807 /**
808 * kho_preserve_folio - preserve a folio across kexec.
809 * @folio: folio to preserve.
810 *
811 * Instructs KHO to preserve the whole folio across kexec. The order
812 * will be preserved as well.
813 *
814 * Return: 0 on success, error code on failure
815 */
kho_preserve_folio(struct folio * folio)816 int kho_preserve_folio(struct folio *folio)
817 {
818 const unsigned long pfn = folio_pfn(folio);
819 const unsigned int order = folio_order(folio);
820 struct kho_mem_track *track = &kho_out.track;
821
822 if (WARN_ON(kho_scratch_overlap(pfn << PAGE_SHIFT, PAGE_SIZE << order)))
823 return -EINVAL;
824
825 return __kho_preserve_order(track, pfn, order);
826 }
827 EXPORT_SYMBOL_GPL(kho_preserve_folio);
828
829 /**
830 * kho_unpreserve_folio - unpreserve a folio.
831 * @folio: folio to unpreserve.
832 *
833 * Instructs KHO to unpreserve a folio that was preserved by
834 * kho_preserve_folio() before. The provided @folio (pfn and order)
835 * must exactly match a previously preserved folio.
836 */
kho_unpreserve_folio(struct folio * folio)837 void kho_unpreserve_folio(struct folio *folio)
838 {
839 const unsigned long pfn = folio_pfn(folio);
840 const unsigned int order = folio_order(folio);
841 struct kho_mem_track *track = &kho_out.track;
842
843 __kho_unpreserve_order(track, pfn, order);
844 }
845 EXPORT_SYMBOL_GPL(kho_unpreserve_folio);
846
847 /**
848 * kho_preserve_pages - preserve contiguous pages across kexec
849 * @page: first page in the list.
850 * @nr_pages: number of pages.
851 *
852 * Preserve a contiguous list of order 0 pages. Must be restored using
853 * kho_restore_pages() to ensure the pages are restored properly as order 0.
854 *
855 * Return: 0 on success, error code on failure
856 */
kho_preserve_pages(struct page * page,unsigned long nr_pages)857 int kho_preserve_pages(struct page *page, unsigned long nr_pages)
858 {
859 struct kho_mem_track *track = &kho_out.track;
860 const unsigned long start_pfn = page_to_pfn(page);
861 const unsigned long end_pfn = start_pfn + nr_pages;
862 unsigned long pfn = start_pfn;
863 unsigned long failed_pfn = 0;
864 int err = 0;
865
866 if (WARN_ON(kho_scratch_overlap(start_pfn << PAGE_SHIFT,
867 nr_pages << PAGE_SHIFT))) {
868 return -EINVAL;
869 }
870
871 while (pfn < end_pfn) {
872 const unsigned int order =
873 min(count_trailing_zeros(pfn), ilog2(end_pfn - pfn));
874
875 err = __kho_preserve_order(track, pfn, order);
876 if (err) {
877 failed_pfn = pfn;
878 break;
879 }
880
881 pfn += 1 << order;
882 }
883
884 if (err)
885 __kho_unpreserve(track, start_pfn, failed_pfn);
886
887 return err;
888 }
889 EXPORT_SYMBOL_GPL(kho_preserve_pages);
890
891 /**
892 * kho_unpreserve_pages - unpreserve contiguous pages.
893 * @page: first page in the list.
894 * @nr_pages: number of pages.
895 *
896 * Instructs KHO to unpreserve @nr_pages contiguous pages starting from @page.
897 * This must be called with the same @page and @nr_pages as the corresponding
898 * kho_preserve_pages() call. Unpreserving arbitrary sub-ranges of larger
899 * preserved blocks is not supported.
900 */
kho_unpreserve_pages(struct page * page,unsigned long nr_pages)901 void kho_unpreserve_pages(struct page *page, unsigned long nr_pages)
902 {
903 struct kho_mem_track *track = &kho_out.track;
904 const unsigned long start_pfn = page_to_pfn(page);
905 const unsigned long end_pfn = start_pfn + nr_pages;
906
907 __kho_unpreserve(track, start_pfn, end_pfn);
908 }
909 EXPORT_SYMBOL_GPL(kho_unpreserve_pages);
910
911 /* vmalloc flags KHO supports */
912 #define KHO_VMALLOC_SUPPORTED_FLAGS (VM_ALLOC | VM_ALLOW_HUGE_VMAP)
913
914 /* KHO internal flags for vmalloc preservations */
915 #define KHO_VMALLOC_ALLOC 0x0001
916 #define KHO_VMALLOC_HUGE_VMAP 0x0002
917
vmalloc_flags_to_kho(unsigned int vm_flags)918 static unsigned short vmalloc_flags_to_kho(unsigned int vm_flags)
919 {
920 unsigned short kho_flags = 0;
921
922 if (vm_flags & VM_ALLOC)
923 kho_flags |= KHO_VMALLOC_ALLOC;
924 if (vm_flags & VM_ALLOW_HUGE_VMAP)
925 kho_flags |= KHO_VMALLOC_HUGE_VMAP;
926
927 return kho_flags;
928 }
929
kho_flags_to_vmalloc(unsigned short kho_flags)930 static unsigned int kho_flags_to_vmalloc(unsigned short kho_flags)
931 {
932 unsigned int vm_flags = 0;
933
934 if (kho_flags & KHO_VMALLOC_ALLOC)
935 vm_flags |= VM_ALLOC;
936 if (kho_flags & KHO_VMALLOC_HUGE_VMAP)
937 vm_flags |= VM_ALLOW_HUGE_VMAP;
938
939 return vm_flags;
940 }
941
new_vmalloc_chunk(struct kho_vmalloc_chunk * cur)942 static struct kho_vmalloc_chunk *new_vmalloc_chunk(struct kho_vmalloc_chunk *cur)
943 {
944 struct kho_vmalloc_chunk *chunk;
945 int err;
946
947 chunk = (struct kho_vmalloc_chunk *)get_zeroed_page(GFP_KERNEL);
948 if (!chunk)
949 return NULL;
950
951 err = kho_preserve_pages(virt_to_page(chunk), 1);
952 if (err)
953 goto err_free;
954 if (cur)
955 KHOSER_STORE_PTR(cur->hdr.next, chunk);
956 return chunk;
957
958 err_free:
959 free_page((unsigned long)chunk);
960 return NULL;
961 }
962
kho_vmalloc_unpreserve_chunk(struct kho_vmalloc_chunk * chunk,unsigned short order)963 static void kho_vmalloc_unpreserve_chunk(struct kho_vmalloc_chunk *chunk,
964 unsigned short order)
965 {
966 struct kho_mem_track *track = &kho_out.track;
967 unsigned long pfn = PHYS_PFN(virt_to_phys(chunk));
968
969 __kho_unpreserve(track, pfn, pfn + 1);
970
971 for (int i = 0; i < ARRAY_SIZE(chunk->phys) && chunk->phys[i]; i++) {
972 pfn = PHYS_PFN(chunk->phys[i]);
973 __kho_unpreserve(track, pfn, pfn + (1 << order));
974 }
975 }
976
977 /**
978 * kho_preserve_vmalloc - preserve memory allocated with vmalloc() across kexec
979 * @ptr: pointer to the area in vmalloc address space
980 * @preservation: placeholder for preservation metadata
981 *
982 * Instructs KHO to preserve the area in vmalloc address space at @ptr. The
983 * physical pages mapped at @ptr will be preserved and on successful return
984 * @preservation will hold the physical address of a structure that describes
985 * the preservation.
986 *
987 * NOTE: The memory allocated with vmalloc_node() variants cannot be reliably
988 * restored on the same node
989 *
990 * Return: 0 on success, error code on failure
991 */
kho_preserve_vmalloc(void * ptr,struct kho_vmalloc * preservation)992 int kho_preserve_vmalloc(void *ptr, struct kho_vmalloc *preservation)
993 {
994 struct kho_vmalloc_chunk *chunk;
995 struct vm_struct *vm = find_vm_area(ptr);
996 unsigned int order, flags, nr_contig_pages;
997 unsigned int idx = 0;
998 int err;
999
1000 if (!vm)
1001 return -EINVAL;
1002
1003 if (vm->flags & ~KHO_VMALLOC_SUPPORTED_FLAGS)
1004 return -EOPNOTSUPP;
1005
1006 flags = vmalloc_flags_to_kho(vm->flags);
1007 order = get_vm_area_page_order(vm);
1008
1009 chunk = new_vmalloc_chunk(NULL);
1010 if (!chunk)
1011 return -ENOMEM;
1012 KHOSER_STORE_PTR(preservation->first, chunk);
1013
1014 nr_contig_pages = (1 << order);
1015 for (int i = 0; i < vm->nr_pages; i += nr_contig_pages) {
1016 phys_addr_t phys = page_to_phys(vm->pages[i]);
1017
1018 err = kho_preserve_pages(vm->pages[i], nr_contig_pages);
1019 if (err)
1020 goto err_free;
1021
1022 chunk->phys[idx++] = phys;
1023 if (idx == ARRAY_SIZE(chunk->phys)) {
1024 chunk = new_vmalloc_chunk(chunk);
1025 if (!chunk) {
1026 err = -ENOMEM;
1027 goto err_free;
1028 }
1029 idx = 0;
1030 }
1031 }
1032
1033 preservation->total_pages = vm->nr_pages;
1034 preservation->flags = flags;
1035 preservation->order = order;
1036
1037 return 0;
1038
1039 err_free:
1040 kho_unpreserve_vmalloc(preservation);
1041 return err;
1042 }
1043 EXPORT_SYMBOL_GPL(kho_preserve_vmalloc);
1044
1045 /**
1046 * kho_unpreserve_vmalloc - unpreserve memory allocated with vmalloc()
1047 * @preservation: preservation metadata returned by kho_preserve_vmalloc()
1048 *
1049 * Instructs KHO to unpreserve the area in vmalloc address space that was
1050 * previously preserved with kho_preserve_vmalloc().
1051 */
kho_unpreserve_vmalloc(struct kho_vmalloc * preservation)1052 void kho_unpreserve_vmalloc(struct kho_vmalloc *preservation)
1053 {
1054 struct kho_vmalloc_chunk *chunk = KHOSER_LOAD_PTR(preservation->first);
1055
1056 while (chunk) {
1057 struct kho_vmalloc_chunk *tmp = chunk;
1058
1059 kho_vmalloc_unpreserve_chunk(chunk, preservation->order);
1060
1061 chunk = KHOSER_LOAD_PTR(chunk->hdr.next);
1062 free_page((unsigned long)tmp);
1063 }
1064 }
1065 EXPORT_SYMBOL_GPL(kho_unpreserve_vmalloc);
1066
1067 /**
1068 * kho_restore_vmalloc - recreates and populates an area in vmalloc address
1069 * space from the preserved memory.
1070 * @preservation: preservation metadata.
1071 *
1072 * Recreates an area in vmalloc address space and populates it with memory that
1073 * was preserved using kho_preserve_vmalloc().
1074 *
1075 * Return: pointer to the area in the vmalloc address space, NULL on failure.
1076 */
kho_restore_vmalloc(const struct kho_vmalloc * preservation)1077 void *kho_restore_vmalloc(const struct kho_vmalloc *preservation)
1078 {
1079 struct kho_vmalloc_chunk *chunk = KHOSER_LOAD_PTR(preservation->first);
1080 unsigned int align, order, shift, vm_flags;
1081 unsigned long total_pages, contig_pages;
1082 unsigned long addr, size;
1083 struct vm_struct *area;
1084 struct page **pages;
1085 unsigned int idx = 0;
1086 int err;
1087
1088 vm_flags = kho_flags_to_vmalloc(preservation->flags);
1089 if (vm_flags & ~KHO_VMALLOC_SUPPORTED_FLAGS)
1090 return NULL;
1091
1092 total_pages = preservation->total_pages;
1093 pages = kvmalloc_objs(*pages, total_pages, GFP_KERNEL);
1094 if (!pages)
1095 return NULL;
1096 order = preservation->order;
1097 contig_pages = (1 << order);
1098 shift = PAGE_SHIFT + order;
1099 align = 1 << shift;
1100
1101 while (chunk) {
1102 struct page *page;
1103
1104 for (int i = 0; i < ARRAY_SIZE(chunk->phys) && chunk->phys[i]; i++) {
1105 phys_addr_t phys = chunk->phys[i];
1106
1107 if (idx + contig_pages > total_pages)
1108 goto err_free_pages_array;
1109
1110 page = kho_restore_pages(phys, contig_pages);
1111 if (!page)
1112 goto err_free_pages_array;
1113
1114 for (int j = 0; j < contig_pages; j++)
1115 pages[idx++] = page + j;
1116
1117 phys += contig_pages * PAGE_SIZE;
1118 }
1119
1120 page = kho_restore_pages(virt_to_phys(chunk), 1);
1121 if (!page)
1122 goto err_free_pages_array;
1123 chunk = KHOSER_LOAD_PTR(chunk->hdr.next);
1124 __free_page(page);
1125 }
1126
1127 if (idx != total_pages)
1128 goto err_free_pages_array;
1129
1130 area = __get_vm_area_node(total_pages * PAGE_SIZE, align, shift,
1131 vm_flags, VMALLOC_START, VMALLOC_END,
1132 NUMA_NO_NODE, GFP_KERNEL,
1133 __builtin_return_address(0));
1134 if (!area)
1135 goto err_free_pages_array;
1136
1137 addr = (unsigned long)area->addr;
1138 size = get_vm_area_size(area);
1139 err = vmap_pages_range(addr, addr + size, PAGE_KERNEL, pages, shift);
1140 if (err)
1141 goto err_free_vm_area;
1142
1143 area->nr_pages = total_pages;
1144 area->pages = pages;
1145
1146 return area->addr;
1147
1148 err_free_vm_area:
1149 free_vm_area(area);
1150 err_free_pages_array:
1151 kvfree(pages);
1152 return NULL;
1153 }
1154 EXPORT_SYMBOL_GPL(kho_restore_vmalloc);
1155
1156 /**
1157 * kho_alloc_preserve - Allocate, zero, and preserve memory.
1158 * @size: The number of bytes to allocate.
1159 *
1160 * Allocates a physically contiguous block of zeroed pages that is large
1161 * enough to hold @size bytes. The allocated memory is then registered with
1162 * KHO for preservation across a kexec.
1163 *
1164 * Note: The actual allocated size will be rounded up to the nearest
1165 * power-of-two page boundary.
1166 *
1167 * @return A virtual pointer to the allocated and preserved memory on success,
1168 * or an ERR_PTR() encoded error on failure.
1169 */
kho_alloc_preserve(size_t size)1170 void *kho_alloc_preserve(size_t size)
1171 {
1172 struct folio *folio;
1173 int order, ret;
1174
1175 if (!size)
1176 return ERR_PTR(-EINVAL);
1177
1178 order = get_order(size);
1179 if (order > MAX_PAGE_ORDER)
1180 return ERR_PTR(-E2BIG);
1181
1182 folio = folio_alloc(GFP_KERNEL | __GFP_ZERO, order);
1183 if (!folio)
1184 return ERR_PTR(-ENOMEM);
1185
1186 ret = kho_preserve_folio(folio);
1187 if (ret) {
1188 folio_put(folio);
1189 return ERR_PTR(ret);
1190 }
1191
1192 return folio_address(folio);
1193 }
1194 EXPORT_SYMBOL_GPL(kho_alloc_preserve);
1195
1196 /**
1197 * kho_unpreserve_free - Unpreserve and free memory.
1198 * @mem: Pointer to the memory allocated by kho_alloc_preserve().
1199 *
1200 * Unregisters the memory from KHO preservation and frees the underlying
1201 * pages back to the system. This function should be called to clean up
1202 * memory allocated with kho_alloc_preserve().
1203 */
kho_unpreserve_free(void * mem)1204 void kho_unpreserve_free(void *mem)
1205 {
1206 struct folio *folio;
1207
1208 if (!mem)
1209 return;
1210
1211 folio = virt_to_folio(mem);
1212 kho_unpreserve_folio(folio);
1213 folio_put(folio);
1214 }
1215 EXPORT_SYMBOL_GPL(kho_unpreserve_free);
1216
1217 /**
1218 * kho_restore_free - Restore and free memory after kexec.
1219 * @mem: Pointer to the memory (in the new kernel's address space)
1220 * that was allocated by the old kernel.
1221 *
1222 * This function is intended to be called in the new kernel (post-kexec)
1223 * to take ownership of and free a memory region that was preserved by the
1224 * old kernel using kho_alloc_preserve().
1225 *
1226 * It first restores the pages from KHO (using their physical address)
1227 * and then frees the pages back to the new kernel's page allocator.
1228 */
kho_restore_free(void * mem)1229 void kho_restore_free(void *mem)
1230 {
1231 struct folio *folio;
1232
1233 if (!mem)
1234 return;
1235
1236 folio = kho_restore_folio(__pa(mem));
1237 if (!WARN_ON(!folio))
1238 folio_put(folio);
1239 }
1240 EXPORT_SYMBOL_GPL(kho_restore_free);
1241
kho_finalize(void)1242 int kho_finalize(void)
1243 {
1244 int ret;
1245
1246 if (!kho_enable)
1247 return -EOPNOTSUPP;
1248
1249 guard(mutex)(&kho_out.lock);
1250 ret = kho_mem_serialize(&kho_out);
1251 if (ret)
1252 return ret;
1253
1254 kho_out.finalized = true;
1255
1256 return 0;
1257 }
1258
kho_finalized(void)1259 bool kho_finalized(void)
1260 {
1261 guard(mutex)(&kho_out.lock);
1262 return kho_out.finalized;
1263 }
1264
1265 struct kho_in {
1266 phys_addr_t fdt_phys;
1267 phys_addr_t scratch_phys;
1268 phys_addr_t mem_map_phys;
1269 struct kho_debugfs dbg;
1270 };
1271
1272 static struct kho_in kho_in = {
1273 };
1274
kho_get_fdt(void)1275 static const void *kho_get_fdt(void)
1276 {
1277 return kho_in.fdt_phys ? phys_to_virt(kho_in.fdt_phys) : NULL;
1278 }
1279
1280 /**
1281 * is_kho_boot - check if current kernel was booted via KHO-enabled
1282 * kexec
1283 *
1284 * This function checks if the current kernel was loaded through a kexec
1285 * operation with KHO enabled, by verifying that a valid KHO FDT
1286 * was passed.
1287 *
1288 * Note: This function returns reliable results only after
1289 * kho_populate() has been called during early boot. Before that,
1290 * it may return false even if KHO data is present.
1291 *
1292 * Return: true if booted via KHO-enabled kexec, false otherwise
1293 */
is_kho_boot(void)1294 bool is_kho_boot(void)
1295 {
1296 return !!kho_get_fdt();
1297 }
1298 EXPORT_SYMBOL_GPL(is_kho_boot);
1299
1300 /**
1301 * kho_retrieve_subtree - retrieve a preserved sub FDT by its name.
1302 * @name: the name of the sub FDT passed to kho_add_subtree().
1303 * @phys: if found, the physical address of the sub FDT is stored in @phys.
1304 *
1305 * Retrieve a preserved sub FDT named @name and store its physical
1306 * address in @phys.
1307 *
1308 * Return: 0 on success, error code on failure
1309 */
kho_retrieve_subtree(const char * name,phys_addr_t * phys)1310 int kho_retrieve_subtree(const char *name, phys_addr_t *phys)
1311 {
1312 const void *fdt = kho_get_fdt();
1313 const u64 *val;
1314 int offset, len;
1315
1316 if (!fdt)
1317 return -ENOENT;
1318
1319 if (!phys)
1320 return -EINVAL;
1321
1322 offset = fdt_subnode_offset(fdt, 0, name);
1323 if (offset < 0)
1324 return -ENOENT;
1325
1326 val = fdt_getprop(fdt, offset, KHO_FDT_SUB_TREE_PROP_NAME, &len);
1327 if (!val || len != sizeof(*val))
1328 return -EINVAL;
1329
1330 *phys = (phys_addr_t)*val;
1331
1332 return 0;
1333 }
1334 EXPORT_SYMBOL_GPL(kho_retrieve_subtree);
1335
kho_out_fdt_setup(void)1336 static __init int kho_out_fdt_setup(void)
1337 {
1338 void *root = kho_out.fdt;
1339 u64 empty_mem_map = 0;
1340 int err;
1341
1342 err = fdt_create(root, PAGE_SIZE);
1343 err |= fdt_finish_reservemap(root);
1344 err |= fdt_begin_node(root, "");
1345 err |= fdt_property_string(root, "compatible", KHO_FDT_COMPATIBLE);
1346 err |= fdt_property(root, KHO_FDT_MEMORY_MAP_PROP_NAME, &empty_mem_map,
1347 sizeof(empty_mem_map));
1348 err |= fdt_end_node(root);
1349 err |= fdt_finish(root);
1350
1351 return err;
1352 }
1353
kho_init(void)1354 static __init int kho_init(void)
1355 {
1356 const void *fdt = kho_get_fdt();
1357 int err = 0;
1358
1359 if (!kho_enable)
1360 return 0;
1361
1362 kho_out.fdt = kho_alloc_preserve(PAGE_SIZE);
1363 if (IS_ERR(kho_out.fdt)) {
1364 err = PTR_ERR(kho_out.fdt);
1365 goto err_free_scratch;
1366 }
1367
1368 err = kho_debugfs_init();
1369 if (err)
1370 goto err_free_fdt;
1371
1372 err = kho_out_debugfs_init(&kho_out.dbg);
1373 if (err)
1374 goto err_free_fdt;
1375
1376 err = kho_out_fdt_setup();
1377 if (err)
1378 goto err_free_fdt;
1379
1380 if (fdt) {
1381 kho_in_debugfs_init(&kho_in.dbg, fdt);
1382 return 0;
1383 }
1384
1385 for (int i = 0; i < kho_scratch_cnt; i++) {
1386 unsigned long base_pfn = PHYS_PFN(kho_scratch[i].addr);
1387 unsigned long count = kho_scratch[i].size >> PAGE_SHIFT;
1388 unsigned long pfn;
1389
1390 /*
1391 * When debug_pagealloc is enabled, __free_pages() clears the
1392 * corresponding PRESENT bit in the kernel page table.
1393 * Subsequent kmemleak scans of these pages cause the
1394 * non-PRESENT page faults.
1395 * Mark scratch areas with kmemleak_ignore_phys() to exclude
1396 * them from kmemleak scanning.
1397 */
1398 kmemleak_ignore_phys(kho_scratch[i].addr);
1399 for (pfn = base_pfn; pfn < base_pfn + count;
1400 pfn += pageblock_nr_pages)
1401 init_cma_reserved_pageblock(pfn_to_page(pfn));
1402 }
1403
1404 WARN_ON_ONCE(kho_debugfs_fdt_add(&kho_out.dbg, "fdt",
1405 kho_out.fdt, true));
1406
1407 return 0;
1408
1409 err_free_fdt:
1410 kho_unpreserve_free(kho_out.fdt);
1411 err_free_scratch:
1412 kho_out.fdt = NULL;
1413 for (int i = 0; i < kho_scratch_cnt; i++) {
1414 void *start = __va(kho_scratch[i].addr);
1415 void *end = start + kho_scratch[i].size;
1416
1417 free_reserved_area(start, end, -1, "");
1418 }
1419 kho_enable = false;
1420 return err;
1421 }
1422 fs_initcall(kho_init);
1423
kho_release_scratch(void)1424 static void __init kho_release_scratch(void)
1425 {
1426 phys_addr_t start, end;
1427 u64 i;
1428
1429 memmap_init_kho_scratch_pages();
1430
1431 /*
1432 * Mark scratch mem as CMA before we return it. That way we
1433 * ensure that no kernel allocations happen on it. That means
1434 * we can reuse it as scratch memory again later.
1435 */
1436 __for_each_mem_range(i, &memblock.memory, NULL, NUMA_NO_NODE,
1437 MEMBLOCK_KHO_SCRATCH, &start, &end, NULL) {
1438 ulong start_pfn = pageblock_start_pfn(PFN_DOWN(start));
1439 ulong end_pfn = pageblock_align(PFN_UP(end));
1440 ulong pfn;
1441
1442 for (pfn = start_pfn; pfn < end_pfn; pfn += pageblock_nr_pages)
1443 init_pageblock_migratetype(pfn_to_page(pfn),
1444 MIGRATE_CMA, false);
1445 }
1446 }
1447
kho_memory_init(void)1448 void __init kho_memory_init(void)
1449 {
1450 if (kho_in.mem_map_phys) {
1451 kho_scratch = phys_to_virt(kho_in.scratch_phys);
1452 kho_release_scratch();
1453 kho_mem_deserialize(phys_to_virt(kho_in.mem_map_phys));
1454 } else {
1455 kho_reserve_scratch();
1456 }
1457 }
1458
kho_populate(phys_addr_t fdt_phys,u64 fdt_len,phys_addr_t scratch_phys,u64 scratch_len)1459 void __init kho_populate(phys_addr_t fdt_phys, u64 fdt_len,
1460 phys_addr_t scratch_phys, u64 scratch_len)
1461 {
1462 unsigned int scratch_cnt = scratch_len / sizeof(*kho_scratch);
1463 struct kho_scratch *scratch = NULL;
1464 phys_addr_t mem_map_phys;
1465 void *fdt = NULL;
1466 bool populated = false;
1467 int err;
1468
1469 /* Validate the input FDT */
1470 fdt = early_memremap(fdt_phys, fdt_len);
1471 if (!fdt) {
1472 pr_warn("setup: failed to memremap FDT (0x%llx)\n", fdt_phys);
1473 goto report;
1474 }
1475 err = fdt_check_header(fdt);
1476 if (err) {
1477 pr_warn("setup: handover FDT (0x%llx) is invalid: %d\n",
1478 fdt_phys, err);
1479 goto unmap_fdt;
1480 }
1481 err = fdt_node_check_compatible(fdt, 0, KHO_FDT_COMPATIBLE);
1482 if (err) {
1483 pr_warn("setup: handover FDT (0x%llx) is incompatible with '%s': %d\n",
1484 fdt_phys, KHO_FDT_COMPATIBLE, err);
1485 goto unmap_fdt;
1486 }
1487
1488 mem_map_phys = kho_get_mem_map_phys(fdt);
1489 if (!mem_map_phys)
1490 goto unmap_fdt;
1491
1492 scratch = early_memremap(scratch_phys, scratch_len);
1493 if (!scratch) {
1494 pr_warn("setup: failed to memremap scratch (phys=0x%llx, len=%lld)\n",
1495 scratch_phys, scratch_len);
1496 goto unmap_fdt;
1497 }
1498
1499 /*
1500 * We pass a safe contiguous blocks of memory to use for early boot
1501 * purporses from the previous kernel so that we can resize the
1502 * memblock array as needed.
1503 */
1504 for (int i = 0; i < scratch_cnt; i++) {
1505 struct kho_scratch *area = &scratch[i];
1506 u64 size = area->size;
1507
1508 memblock_add(area->addr, size);
1509 err = memblock_mark_kho_scratch(area->addr, size);
1510 if (err) {
1511 pr_warn("failed to mark the scratch region 0x%pa+0x%pa: %pe",
1512 &area->addr, &size, ERR_PTR(err));
1513 goto unmap_scratch;
1514 }
1515 pr_debug("Marked 0x%pa+0x%pa as scratch", &area->addr, &size);
1516 }
1517
1518 memblock_reserve(scratch_phys, scratch_len);
1519
1520 /*
1521 * Now that we have a viable region of scratch memory, let's tell
1522 * the memblocks allocator to only use that for any allocations.
1523 * That way we ensure that nothing scribbles over in use data while
1524 * we initialize the page tables which we will need to ingest all
1525 * memory reservations from the previous kernel.
1526 */
1527 memblock_set_kho_scratch_only();
1528
1529 kho_in.fdt_phys = fdt_phys;
1530 kho_in.scratch_phys = scratch_phys;
1531 kho_in.mem_map_phys = mem_map_phys;
1532 kho_scratch_cnt = scratch_cnt;
1533
1534 populated = true;
1535 pr_info("found kexec handover data.\n");
1536
1537 unmap_scratch:
1538 early_memunmap(scratch, scratch_len);
1539 unmap_fdt:
1540 early_memunmap(fdt, fdt_len);
1541 report:
1542 if (!populated)
1543 pr_warn("disabling KHO revival\n");
1544 }
1545
1546 /* Helper functions for kexec_file_load */
1547
kho_fill_kimage(struct kimage * image)1548 int kho_fill_kimage(struct kimage *image)
1549 {
1550 ssize_t scratch_size;
1551 int err = 0;
1552 struct kexec_buf scratch;
1553
1554 if (!kho_enable)
1555 return 0;
1556
1557 image->kho.fdt = virt_to_phys(kho_out.fdt);
1558
1559 scratch_size = sizeof(*kho_scratch) * kho_scratch_cnt;
1560 scratch = (struct kexec_buf){
1561 .image = image,
1562 .buffer = kho_scratch,
1563 .bufsz = scratch_size,
1564 .mem = KEXEC_BUF_MEM_UNKNOWN,
1565 .memsz = scratch_size,
1566 .buf_align = SZ_64K, /* Makes it easier to map */
1567 .buf_max = ULONG_MAX,
1568 .top_down = true,
1569 };
1570 err = kexec_add_buffer(&scratch);
1571 if (err)
1572 return err;
1573 image->kho.scratch = &image->segment[image->nr_segments - 1];
1574
1575 return 0;
1576 }
1577
kho_walk_scratch(struct kexec_buf * kbuf,int (* func)(struct resource *,void *))1578 static int kho_walk_scratch(struct kexec_buf *kbuf,
1579 int (*func)(struct resource *, void *))
1580 {
1581 int ret = 0;
1582 int i;
1583
1584 for (i = 0; i < kho_scratch_cnt; i++) {
1585 struct resource res = {
1586 .start = kho_scratch[i].addr,
1587 .end = kho_scratch[i].addr + kho_scratch[i].size - 1,
1588 };
1589
1590 /* Try to fit the kimage into our KHO scratch region */
1591 ret = func(&res, kbuf);
1592 if (ret)
1593 break;
1594 }
1595
1596 return ret;
1597 }
1598
kho_locate_mem_hole(struct kexec_buf * kbuf,int (* func)(struct resource *,void *))1599 int kho_locate_mem_hole(struct kexec_buf *kbuf,
1600 int (*func)(struct resource *, void *))
1601 {
1602 int ret;
1603
1604 if (!kho_enable || kbuf->image->type == KEXEC_TYPE_CRASH)
1605 return 1;
1606
1607 ret = kho_walk_scratch(kbuf, func);
1608
1609 return ret == 1 ? 0 : -EADDRNOTAVAIL;
1610 }
1611