xref: /linux/kernel/kexec_file.c (revision 0883c2c06fb5bcf5b9e008270827e63c09a88c1e)
1 /*
2  * kexec: kexec_file_load system call
3  *
4  * Copyright (C) 2014 Red Hat Inc.
5  * Authors:
6  *      Vivek Goyal <vgoyal@redhat.com>
7  *
8  * This source code is licensed under the GNU General Public License,
9  * Version 2.  See the file COPYING for more details.
10  */
11 
12 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
13 
14 #include <linux/capability.h>
15 #include <linux/mm.h>
16 #include <linux/file.h>
17 #include <linux/slab.h>
18 #include <linux/kexec.h>
19 #include <linux/mutex.h>
20 #include <linux/list.h>
21 #include <linux/fs.h>
22 #include <crypto/hash.h>
23 #include <crypto/sha.h>
24 #include <linux/syscalls.h>
25 #include <linux/vmalloc.h>
26 #include "kexec_internal.h"
27 
28 /*
29  * Declare these symbols weak so that if architecture provides a purgatory,
30  * these will be overridden.
31  */
32 char __weak kexec_purgatory[0];
33 size_t __weak kexec_purgatory_size = 0;
34 
35 static int kexec_calculate_store_digests(struct kimage *image);
36 
37 /* Architectures can provide this probe function */
38 int __weak arch_kexec_kernel_image_probe(struct kimage *image, void *buf,
39 					 unsigned long buf_len)
40 {
41 	return -ENOEXEC;
42 }
43 
44 void * __weak arch_kexec_kernel_image_load(struct kimage *image)
45 {
46 	return ERR_PTR(-ENOEXEC);
47 }
48 
49 int __weak arch_kimage_file_post_load_cleanup(struct kimage *image)
50 {
51 	return -EINVAL;
52 }
53 
54 #ifdef CONFIG_KEXEC_VERIFY_SIG
55 int __weak arch_kexec_kernel_verify_sig(struct kimage *image, void *buf,
56 					unsigned long buf_len)
57 {
58 	return -EKEYREJECTED;
59 }
60 #endif
61 
62 /* Apply relocations of type RELA */
63 int __weak
64 arch_kexec_apply_relocations_add(const Elf_Ehdr *ehdr, Elf_Shdr *sechdrs,
65 				 unsigned int relsec)
66 {
67 	pr_err("RELA relocation unsupported.\n");
68 	return -ENOEXEC;
69 }
70 
71 /* Apply relocations of type REL */
72 int __weak
73 arch_kexec_apply_relocations(const Elf_Ehdr *ehdr, Elf_Shdr *sechdrs,
74 			     unsigned int relsec)
75 {
76 	pr_err("REL relocation unsupported.\n");
77 	return -ENOEXEC;
78 }
79 
80 /*
81  * Free up memory used by kernel, initrd, and command line. This is temporary
82  * memory allocation which is not needed any more after these buffers have
83  * been loaded into separate segments and have been copied elsewhere.
84  */
85 void kimage_file_post_load_cleanup(struct kimage *image)
86 {
87 	struct purgatory_info *pi = &image->purgatory_info;
88 
89 	vfree(image->kernel_buf);
90 	image->kernel_buf = NULL;
91 
92 	vfree(image->initrd_buf);
93 	image->initrd_buf = NULL;
94 
95 	kfree(image->cmdline_buf);
96 	image->cmdline_buf = NULL;
97 
98 	vfree(pi->purgatory_buf);
99 	pi->purgatory_buf = NULL;
100 
101 	vfree(pi->sechdrs);
102 	pi->sechdrs = NULL;
103 
104 	/* See if architecture has anything to cleanup post load */
105 	arch_kimage_file_post_load_cleanup(image);
106 
107 	/*
108 	 * Above call should have called into bootloader to free up
109 	 * any data stored in kimage->image_loader_data. It should
110 	 * be ok now to free it up.
111 	 */
112 	kfree(image->image_loader_data);
113 	image->image_loader_data = NULL;
114 }
115 
116 /*
117  * In file mode list of segments is prepared by kernel. Copy relevant
118  * data from user space, do error checking, prepare segment list
119  */
120 static int
121 kimage_file_prepare_segments(struct kimage *image, int kernel_fd, int initrd_fd,
122 			     const char __user *cmdline_ptr,
123 			     unsigned long cmdline_len, unsigned flags)
124 {
125 	int ret = 0;
126 	void *ldata;
127 	loff_t size;
128 
129 	ret = kernel_read_file_from_fd(kernel_fd, &image->kernel_buf,
130 				       &size, INT_MAX, READING_KEXEC_IMAGE);
131 	if (ret)
132 		return ret;
133 	image->kernel_buf_len = size;
134 
135 	/* Call arch image probe handlers */
136 	ret = arch_kexec_kernel_image_probe(image, image->kernel_buf,
137 					    image->kernel_buf_len);
138 	if (ret)
139 		goto out;
140 
141 #ifdef CONFIG_KEXEC_VERIFY_SIG
142 	ret = arch_kexec_kernel_verify_sig(image, image->kernel_buf,
143 					   image->kernel_buf_len);
144 	if (ret) {
145 		pr_debug("kernel signature verification failed.\n");
146 		goto out;
147 	}
148 	pr_debug("kernel signature verification successful.\n");
149 #endif
150 	/* It is possible that there no initramfs is being loaded */
151 	if (!(flags & KEXEC_FILE_NO_INITRAMFS)) {
152 		ret = kernel_read_file_from_fd(initrd_fd, &image->initrd_buf,
153 					       &size, INT_MAX,
154 					       READING_KEXEC_INITRAMFS);
155 		if (ret)
156 			goto out;
157 		image->initrd_buf_len = size;
158 	}
159 
160 	if (cmdline_len) {
161 		image->cmdline_buf = kzalloc(cmdline_len, GFP_KERNEL);
162 		if (!image->cmdline_buf) {
163 			ret = -ENOMEM;
164 			goto out;
165 		}
166 
167 		ret = copy_from_user(image->cmdline_buf, cmdline_ptr,
168 				     cmdline_len);
169 		if (ret) {
170 			ret = -EFAULT;
171 			goto out;
172 		}
173 
174 		image->cmdline_buf_len = cmdline_len;
175 
176 		/* command line should be a string with last byte null */
177 		if (image->cmdline_buf[cmdline_len - 1] != '\0') {
178 			ret = -EINVAL;
179 			goto out;
180 		}
181 	}
182 
183 	/* Call arch image load handlers */
184 	ldata = arch_kexec_kernel_image_load(image);
185 
186 	if (IS_ERR(ldata)) {
187 		ret = PTR_ERR(ldata);
188 		goto out;
189 	}
190 
191 	image->image_loader_data = ldata;
192 out:
193 	/* In case of error, free up all allocated memory in this function */
194 	if (ret)
195 		kimage_file_post_load_cleanup(image);
196 	return ret;
197 }
198 
199 static int
200 kimage_file_alloc_init(struct kimage **rimage, int kernel_fd,
201 		       int initrd_fd, const char __user *cmdline_ptr,
202 		       unsigned long cmdline_len, unsigned long flags)
203 {
204 	int ret;
205 	struct kimage *image;
206 	bool kexec_on_panic = flags & KEXEC_FILE_ON_CRASH;
207 
208 	image = do_kimage_alloc_init();
209 	if (!image)
210 		return -ENOMEM;
211 
212 	image->file_mode = 1;
213 
214 	if (kexec_on_panic) {
215 		/* Enable special crash kernel control page alloc policy. */
216 		image->control_page = crashk_res.start;
217 		image->type = KEXEC_TYPE_CRASH;
218 	}
219 
220 	ret = kimage_file_prepare_segments(image, kernel_fd, initrd_fd,
221 					   cmdline_ptr, cmdline_len, flags);
222 	if (ret)
223 		goto out_free_image;
224 
225 	ret = sanity_check_segment_list(image);
226 	if (ret)
227 		goto out_free_post_load_bufs;
228 
229 	ret = -ENOMEM;
230 	image->control_code_page = kimage_alloc_control_pages(image,
231 					   get_order(KEXEC_CONTROL_PAGE_SIZE));
232 	if (!image->control_code_page) {
233 		pr_err("Could not allocate control_code_buffer\n");
234 		goto out_free_post_load_bufs;
235 	}
236 
237 	if (!kexec_on_panic) {
238 		image->swap_page = kimage_alloc_control_pages(image, 0);
239 		if (!image->swap_page) {
240 			pr_err("Could not allocate swap buffer\n");
241 			goto out_free_control_pages;
242 		}
243 	}
244 
245 	*rimage = image;
246 	return 0;
247 out_free_control_pages:
248 	kimage_free_page_list(&image->control_pages);
249 out_free_post_load_bufs:
250 	kimage_file_post_load_cleanup(image);
251 out_free_image:
252 	kfree(image);
253 	return ret;
254 }
255 
256 SYSCALL_DEFINE5(kexec_file_load, int, kernel_fd, int, initrd_fd,
257 		unsigned long, cmdline_len, const char __user *, cmdline_ptr,
258 		unsigned long, flags)
259 {
260 	int ret = 0, i;
261 	struct kimage **dest_image, *image;
262 
263 	/* We only trust the superuser with rebooting the system. */
264 	if (!capable(CAP_SYS_BOOT) || kexec_load_disabled)
265 		return -EPERM;
266 
267 	/* Make sure we have a legal set of flags */
268 	if (flags != (flags & KEXEC_FILE_FLAGS))
269 		return -EINVAL;
270 
271 	image = NULL;
272 
273 	if (!mutex_trylock(&kexec_mutex))
274 		return -EBUSY;
275 
276 	dest_image = &kexec_image;
277 	if (flags & KEXEC_FILE_ON_CRASH) {
278 		dest_image = &kexec_crash_image;
279 		if (kexec_crash_image)
280 			arch_kexec_unprotect_crashkres();
281 	}
282 
283 	if (flags & KEXEC_FILE_UNLOAD)
284 		goto exchange;
285 
286 	/*
287 	 * In case of crash, new kernel gets loaded in reserved region. It is
288 	 * same memory where old crash kernel might be loaded. Free any
289 	 * current crash dump kernel before we corrupt it.
290 	 */
291 	if (flags & KEXEC_FILE_ON_CRASH)
292 		kimage_free(xchg(&kexec_crash_image, NULL));
293 
294 	ret = kimage_file_alloc_init(&image, kernel_fd, initrd_fd, cmdline_ptr,
295 				     cmdline_len, flags);
296 	if (ret)
297 		goto out;
298 
299 	ret = machine_kexec_prepare(image);
300 	if (ret)
301 		goto out;
302 
303 	ret = kexec_calculate_store_digests(image);
304 	if (ret)
305 		goto out;
306 
307 	for (i = 0; i < image->nr_segments; i++) {
308 		struct kexec_segment *ksegment;
309 
310 		ksegment = &image->segment[i];
311 		pr_debug("Loading segment %d: buf=0x%p bufsz=0x%zx mem=0x%lx memsz=0x%zx\n",
312 			 i, ksegment->buf, ksegment->bufsz, ksegment->mem,
313 			 ksegment->memsz);
314 
315 		ret = kimage_load_segment(image, &image->segment[i]);
316 		if (ret)
317 			goto out;
318 	}
319 
320 	kimage_terminate(image);
321 
322 	/*
323 	 * Free up any temporary buffers allocated which are not needed
324 	 * after image has been loaded
325 	 */
326 	kimage_file_post_load_cleanup(image);
327 exchange:
328 	image = xchg(dest_image, image);
329 out:
330 	if ((flags & KEXEC_FILE_ON_CRASH) && kexec_crash_image)
331 		arch_kexec_protect_crashkres();
332 
333 	mutex_unlock(&kexec_mutex);
334 	kimage_free(image);
335 	return ret;
336 }
337 
338 static int locate_mem_hole_top_down(unsigned long start, unsigned long end,
339 				    struct kexec_buf *kbuf)
340 {
341 	struct kimage *image = kbuf->image;
342 	unsigned long temp_start, temp_end;
343 
344 	temp_end = min(end, kbuf->buf_max);
345 	temp_start = temp_end - kbuf->memsz;
346 
347 	do {
348 		/* align down start */
349 		temp_start = temp_start & (~(kbuf->buf_align - 1));
350 
351 		if (temp_start < start || temp_start < kbuf->buf_min)
352 			return 0;
353 
354 		temp_end = temp_start + kbuf->memsz - 1;
355 
356 		/*
357 		 * Make sure this does not conflict with any of existing
358 		 * segments
359 		 */
360 		if (kimage_is_destination_range(image, temp_start, temp_end)) {
361 			temp_start = temp_start - PAGE_SIZE;
362 			continue;
363 		}
364 
365 		/* We found a suitable memory range */
366 		break;
367 	} while (1);
368 
369 	/* If we are here, we found a suitable memory range */
370 	kbuf->mem = temp_start;
371 
372 	/* Success, stop navigating through remaining System RAM ranges */
373 	return 1;
374 }
375 
376 static int locate_mem_hole_bottom_up(unsigned long start, unsigned long end,
377 				     struct kexec_buf *kbuf)
378 {
379 	struct kimage *image = kbuf->image;
380 	unsigned long temp_start, temp_end;
381 
382 	temp_start = max(start, kbuf->buf_min);
383 
384 	do {
385 		temp_start = ALIGN(temp_start, kbuf->buf_align);
386 		temp_end = temp_start + kbuf->memsz - 1;
387 
388 		if (temp_end > end || temp_end > kbuf->buf_max)
389 			return 0;
390 		/*
391 		 * Make sure this does not conflict with any of existing
392 		 * segments
393 		 */
394 		if (kimage_is_destination_range(image, temp_start, temp_end)) {
395 			temp_start = temp_start + PAGE_SIZE;
396 			continue;
397 		}
398 
399 		/* We found a suitable memory range */
400 		break;
401 	} while (1);
402 
403 	/* If we are here, we found a suitable memory range */
404 	kbuf->mem = temp_start;
405 
406 	/* Success, stop navigating through remaining System RAM ranges */
407 	return 1;
408 }
409 
410 static int locate_mem_hole_callback(u64 start, u64 end, void *arg)
411 {
412 	struct kexec_buf *kbuf = (struct kexec_buf *)arg;
413 	unsigned long sz = end - start + 1;
414 
415 	/* Returning 0 will take to next memory range */
416 	if (sz < kbuf->memsz)
417 		return 0;
418 
419 	if (end < kbuf->buf_min || start > kbuf->buf_max)
420 		return 0;
421 
422 	/*
423 	 * Allocate memory top down with-in ram range. Otherwise bottom up
424 	 * allocation.
425 	 */
426 	if (kbuf->top_down)
427 		return locate_mem_hole_top_down(start, end, kbuf);
428 	return locate_mem_hole_bottom_up(start, end, kbuf);
429 }
430 
431 /*
432  * Helper function for placing a buffer in a kexec segment. This assumes
433  * that kexec_mutex is held.
434  */
435 int kexec_add_buffer(struct kimage *image, char *buffer, unsigned long bufsz,
436 		     unsigned long memsz, unsigned long buf_align,
437 		     unsigned long buf_min, unsigned long buf_max,
438 		     bool top_down, unsigned long *load_addr)
439 {
440 
441 	struct kexec_segment *ksegment;
442 	struct kexec_buf buf, *kbuf;
443 	int ret;
444 
445 	/* Currently adding segment this way is allowed only in file mode */
446 	if (!image->file_mode)
447 		return -EINVAL;
448 
449 	if (image->nr_segments >= KEXEC_SEGMENT_MAX)
450 		return -EINVAL;
451 
452 	/*
453 	 * Make sure we are not trying to add buffer after allocating
454 	 * control pages. All segments need to be placed first before
455 	 * any control pages are allocated. As control page allocation
456 	 * logic goes through list of segments to make sure there are
457 	 * no destination overlaps.
458 	 */
459 	if (!list_empty(&image->control_pages)) {
460 		WARN_ON(1);
461 		return -EINVAL;
462 	}
463 
464 	memset(&buf, 0, sizeof(struct kexec_buf));
465 	kbuf = &buf;
466 	kbuf->image = image;
467 	kbuf->buffer = buffer;
468 	kbuf->bufsz = bufsz;
469 
470 	kbuf->memsz = ALIGN(memsz, PAGE_SIZE);
471 	kbuf->buf_align = max(buf_align, PAGE_SIZE);
472 	kbuf->buf_min = buf_min;
473 	kbuf->buf_max = buf_max;
474 	kbuf->top_down = top_down;
475 
476 	/* Walk the RAM ranges and allocate a suitable range for the buffer */
477 	if (image->type == KEXEC_TYPE_CRASH)
478 		ret = walk_iomem_res_desc(crashk_res.desc,
479 				IORESOURCE_SYSTEM_RAM | IORESOURCE_BUSY,
480 				crashk_res.start, crashk_res.end, kbuf,
481 				locate_mem_hole_callback);
482 	else
483 		ret = walk_system_ram_res(0, -1, kbuf,
484 					  locate_mem_hole_callback);
485 	if (ret != 1) {
486 		/* A suitable memory range could not be found for buffer */
487 		return -EADDRNOTAVAIL;
488 	}
489 
490 	/* Found a suitable memory range */
491 	ksegment = &image->segment[image->nr_segments];
492 	ksegment->kbuf = kbuf->buffer;
493 	ksegment->bufsz = kbuf->bufsz;
494 	ksegment->mem = kbuf->mem;
495 	ksegment->memsz = kbuf->memsz;
496 	image->nr_segments++;
497 	*load_addr = ksegment->mem;
498 	return 0;
499 }
500 
501 /* Calculate and store the digest of segments */
502 static int kexec_calculate_store_digests(struct kimage *image)
503 {
504 	struct crypto_shash *tfm;
505 	struct shash_desc *desc;
506 	int ret = 0, i, j, zero_buf_sz, sha_region_sz;
507 	size_t desc_size, nullsz;
508 	char *digest;
509 	void *zero_buf;
510 	struct kexec_sha_region *sha_regions;
511 	struct purgatory_info *pi = &image->purgatory_info;
512 
513 	zero_buf = __va(page_to_pfn(ZERO_PAGE(0)) << PAGE_SHIFT);
514 	zero_buf_sz = PAGE_SIZE;
515 
516 	tfm = crypto_alloc_shash("sha256", 0, 0);
517 	if (IS_ERR(tfm)) {
518 		ret = PTR_ERR(tfm);
519 		goto out;
520 	}
521 
522 	desc_size = crypto_shash_descsize(tfm) + sizeof(*desc);
523 	desc = kzalloc(desc_size, GFP_KERNEL);
524 	if (!desc) {
525 		ret = -ENOMEM;
526 		goto out_free_tfm;
527 	}
528 
529 	sha_region_sz = KEXEC_SEGMENT_MAX * sizeof(struct kexec_sha_region);
530 	sha_regions = vzalloc(sha_region_sz);
531 	if (!sha_regions)
532 		goto out_free_desc;
533 
534 	desc->tfm   = tfm;
535 	desc->flags = 0;
536 
537 	ret = crypto_shash_init(desc);
538 	if (ret < 0)
539 		goto out_free_sha_regions;
540 
541 	digest = kzalloc(SHA256_DIGEST_SIZE, GFP_KERNEL);
542 	if (!digest) {
543 		ret = -ENOMEM;
544 		goto out_free_sha_regions;
545 	}
546 
547 	for (j = i = 0; i < image->nr_segments; i++) {
548 		struct kexec_segment *ksegment;
549 
550 		ksegment = &image->segment[i];
551 		/*
552 		 * Skip purgatory as it will be modified once we put digest
553 		 * info in purgatory.
554 		 */
555 		if (ksegment->kbuf == pi->purgatory_buf)
556 			continue;
557 
558 		ret = crypto_shash_update(desc, ksegment->kbuf,
559 					  ksegment->bufsz);
560 		if (ret)
561 			break;
562 
563 		/*
564 		 * Assume rest of the buffer is filled with zero and
565 		 * update digest accordingly.
566 		 */
567 		nullsz = ksegment->memsz - ksegment->bufsz;
568 		while (nullsz) {
569 			unsigned long bytes = nullsz;
570 
571 			if (bytes > zero_buf_sz)
572 				bytes = zero_buf_sz;
573 			ret = crypto_shash_update(desc, zero_buf, bytes);
574 			if (ret)
575 				break;
576 			nullsz -= bytes;
577 		}
578 
579 		if (ret)
580 			break;
581 
582 		sha_regions[j].start = ksegment->mem;
583 		sha_regions[j].len = ksegment->memsz;
584 		j++;
585 	}
586 
587 	if (!ret) {
588 		ret = crypto_shash_final(desc, digest);
589 		if (ret)
590 			goto out_free_digest;
591 		ret = kexec_purgatory_get_set_symbol(image, "sha_regions",
592 						sha_regions, sha_region_sz, 0);
593 		if (ret)
594 			goto out_free_digest;
595 
596 		ret = kexec_purgatory_get_set_symbol(image, "sha256_digest",
597 						digest, SHA256_DIGEST_SIZE, 0);
598 		if (ret)
599 			goto out_free_digest;
600 	}
601 
602 out_free_digest:
603 	kfree(digest);
604 out_free_sha_regions:
605 	vfree(sha_regions);
606 out_free_desc:
607 	kfree(desc);
608 out_free_tfm:
609 	kfree(tfm);
610 out:
611 	return ret;
612 }
613 
614 /* Actually load purgatory. Lot of code taken from kexec-tools */
615 static int __kexec_load_purgatory(struct kimage *image, unsigned long min,
616 				  unsigned long max, int top_down)
617 {
618 	struct purgatory_info *pi = &image->purgatory_info;
619 	unsigned long align, buf_align, bss_align, buf_sz, bss_sz, bss_pad;
620 	unsigned long memsz, entry, load_addr, curr_load_addr, bss_addr, offset;
621 	unsigned char *buf_addr, *src;
622 	int i, ret = 0, entry_sidx = -1;
623 	const Elf_Shdr *sechdrs_c;
624 	Elf_Shdr *sechdrs = NULL;
625 	void *purgatory_buf = NULL;
626 
627 	/*
628 	 * sechdrs_c points to section headers in purgatory and are read
629 	 * only. No modifications allowed.
630 	 */
631 	sechdrs_c = (void *)pi->ehdr + pi->ehdr->e_shoff;
632 
633 	/*
634 	 * We can not modify sechdrs_c[] and its fields. It is read only.
635 	 * Copy it over to a local copy where one can store some temporary
636 	 * data and free it at the end. We need to modify ->sh_addr and
637 	 * ->sh_offset fields to keep track of permanent and temporary
638 	 * locations of sections.
639 	 */
640 	sechdrs = vzalloc(pi->ehdr->e_shnum * sizeof(Elf_Shdr));
641 	if (!sechdrs)
642 		return -ENOMEM;
643 
644 	memcpy(sechdrs, sechdrs_c, pi->ehdr->e_shnum * sizeof(Elf_Shdr));
645 
646 	/*
647 	 * We seem to have multiple copies of sections. First copy is which
648 	 * is embedded in kernel in read only section. Some of these sections
649 	 * will be copied to a temporary buffer and relocated. And these
650 	 * sections will finally be copied to their final destination at
651 	 * segment load time.
652 	 *
653 	 * Use ->sh_offset to reflect section address in memory. It will
654 	 * point to original read only copy if section is not allocatable.
655 	 * Otherwise it will point to temporary copy which will be relocated.
656 	 *
657 	 * Use ->sh_addr to contain final address of the section where it
658 	 * will go during execution time.
659 	 */
660 	for (i = 0; i < pi->ehdr->e_shnum; i++) {
661 		if (sechdrs[i].sh_type == SHT_NOBITS)
662 			continue;
663 
664 		sechdrs[i].sh_offset = (unsigned long)pi->ehdr +
665 						sechdrs[i].sh_offset;
666 	}
667 
668 	/*
669 	 * Identify entry point section and make entry relative to section
670 	 * start.
671 	 */
672 	entry = pi->ehdr->e_entry;
673 	for (i = 0; i < pi->ehdr->e_shnum; i++) {
674 		if (!(sechdrs[i].sh_flags & SHF_ALLOC))
675 			continue;
676 
677 		if (!(sechdrs[i].sh_flags & SHF_EXECINSTR))
678 			continue;
679 
680 		/* Make entry section relative */
681 		if (sechdrs[i].sh_addr <= pi->ehdr->e_entry &&
682 		    ((sechdrs[i].sh_addr + sechdrs[i].sh_size) >
683 		     pi->ehdr->e_entry)) {
684 			entry_sidx = i;
685 			entry -= sechdrs[i].sh_addr;
686 			break;
687 		}
688 	}
689 
690 	/* Determine how much memory is needed to load relocatable object. */
691 	buf_align = 1;
692 	bss_align = 1;
693 	buf_sz = 0;
694 	bss_sz = 0;
695 
696 	for (i = 0; i < pi->ehdr->e_shnum; i++) {
697 		if (!(sechdrs[i].sh_flags & SHF_ALLOC))
698 			continue;
699 
700 		align = sechdrs[i].sh_addralign;
701 		if (sechdrs[i].sh_type != SHT_NOBITS) {
702 			if (buf_align < align)
703 				buf_align = align;
704 			buf_sz = ALIGN(buf_sz, align);
705 			buf_sz += sechdrs[i].sh_size;
706 		} else {
707 			/* bss section */
708 			if (bss_align < align)
709 				bss_align = align;
710 			bss_sz = ALIGN(bss_sz, align);
711 			bss_sz += sechdrs[i].sh_size;
712 		}
713 	}
714 
715 	/* Determine the bss padding required to align bss properly */
716 	bss_pad = 0;
717 	if (buf_sz & (bss_align - 1))
718 		bss_pad = bss_align - (buf_sz & (bss_align - 1));
719 
720 	memsz = buf_sz + bss_pad + bss_sz;
721 
722 	/* Allocate buffer for purgatory */
723 	purgatory_buf = vzalloc(buf_sz);
724 	if (!purgatory_buf) {
725 		ret = -ENOMEM;
726 		goto out;
727 	}
728 
729 	if (buf_align < bss_align)
730 		buf_align = bss_align;
731 
732 	/* Add buffer to segment list */
733 	ret = kexec_add_buffer(image, purgatory_buf, buf_sz, memsz,
734 				buf_align, min, max, top_down,
735 				&pi->purgatory_load_addr);
736 	if (ret)
737 		goto out;
738 
739 	/* Load SHF_ALLOC sections */
740 	buf_addr = purgatory_buf;
741 	load_addr = curr_load_addr = pi->purgatory_load_addr;
742 	bss_addr = load_addr + buf_sz + bss_pad;
743 
744 	for (i = 0; i < pi->ehdr->e_shnum; i++) {
745 		if (!(sechdrs[i].sh_flags & SHF_ALLOC))
746 			continue;
747 
748 		align = sechdrs[i].sh_addralign;
749 		if (sechdrs[i].sh_type != SHT_NOBITS) {
750 			curr_load_addr = ALIGN(curr_load_addr, align);
751 			offset = curr_load_addr - load_addr;
752 			/* We already modifed ->sh_offset to keep src addr */
753 			src = (char *) sechdrs[i].sh_offset;
754 			memcpy(buf_addr + offset, src, sechdrs[i].sh_size);
755 
756 			/* Store load address and source address of section */
757 			sechdrs[i].sh_addr = curr_load_addr;
758 
759 			/*
760 			 * This section got copied to temporary buffer. Update
761 			 * ->sh_offset accordingly.
762 			 */
763 			sechdrs[i].sh_offset = (unsigned long)(buf_addr + offset);
764 
765 			/* Advance to the next address */
766 			curr_load_addr += sechdrs[i].sh_size;
767 		} else {
768 			bss_addr = ALIGN(bss_addr, align);
769 			sechdrs[i].sh_addr = bss_addr;
770 			bss_addr += sechdrs[i].sh_size;
771 		}
772 	}
773 
774 	/* Update entry point based on load address of text section */
775 	if (entry_sidx >= 0)
776 		entry += sechdrs[entry_sidx].sh_addr;
777 
778 	/* Make kernel jump to purgatory after shutdown */
779 	image->start = entry;
780 
781 	/* Used later to get/set symbol values */
782 	pi->sechdrs = sechdrs;
783 
784 	/*
785 	 * Used later to identify which section is purgatory and skip it
786 	 * from checksumming.
787 	 */
788 	pi->purgatory_buf = purgatory_buf;
789 	return ret;
790 out:
791 	vfree(sechdrs);
792 	vfree(purgatory_buf);
793 	return ret;
794 }
795 
796 static int kexec_apply_relocations(struct kimage *image)
797 {
798 	int i, ret;
799 	struct purgatory_info *pi = &image->purgatory_info;
800 	Elf_Shdr *sechdrs = pi->sechdrs;
801 
802 	/* Apply relocations */
803 	for (i = 0; i < pi->ehdr->e_shnum; i++) {
804 		Elf_Shdr *section, *symtab;
805 
806 		if (sechdrs[i].sh_type != SHT_RELA &&
807 		    sechdrs[i].sh_type != SHT_REL)
808 			continue;
809 
810 		/*
811 		 * For section of type SHT_RELA/SHT_REL,
812 		 * ->sh_link contains section header index of associated
813 		 * symbol table. And ->sh_info contains section header
814 		 * index of section to which relocations apply.
815 		 */
816 		if (sechdrs[i].sh_info >= pi->ehdr->e_shnum ||
817 		    sechdrs[i].sh_link >= pi->ehdr->e_shnum)
818 			return -ENOEXEC;
819 
820 		section = &sechdrs[sechdrs[i].sh_info];
821 		symtab = &sechdrs[sechdrs[i].sh_link];
822 
823 		if (!(section->sh_flags & SHF_ALLOC))
824 			continue;
825 
826 		/*
827 		 * symtab->sh_link contain section header index of associated
828 		 * string table.
829 		 */
830 		if (symtab->sh_link >= pi->ehdr->e_shnum)
831 			/* Invalid section number? */
832 			continue;
833 
834 		/*
835 		 * Respective architecture needs to provide support for applying
836 		 * relocations of type SHT_RELA/SHT_REL.
837 		 */
838 		if (sechdrs[i].sh_type == SHT_RELA)
839 			ret = arch_kexec_apply_relocations_add(pi->ehdr,
840 							       sechdrs, i);
841 		else if (sechdrs[i].sh_type == SHT_REL)
842 			ret = arch_kexec_apply_relocations(pi->ehdr,
843 							   sechdrs, i);
844 		if (ret)
845 			return ret;
846 	}
847 
848 	return 0;
849 }
850 
851 /* Load relocatable purgatory object and relocate it appropriately */
852 int kexec_load_purgatory(struct kimage *image, unsigned long min,
853 			 unsigned long max, int top_down,
854 			 unsigned long *load_addr)
855 {
856 	struct purgatory_info *pi = &image->purgatory_info;
857 	int ret;
858 
859 	if (kexec_purgatory_size <= 0)
860 		return -EINVAL;
861 
862 	if (kexec_purgatory_size < sizeof(Elf_Ehdr))
863 		return -ENOEXEC;
864 
865 	pi->ehdr = (Elf_Ehdr *)kexec_purgatory;
866 
867 	if (memcmp(pi->ehdr->e_ident, ELFMAG, SELFMAG) != 0
868 	    || pi->ehdr->e_type != ET_REL
869 	    || !elf_check_arch(pi->ehdr)
870 	    || pi->ehdr->e_shentsize != sizeof(Elf_Shdr))
871 		return -ENOEXEC;
872 
873 	if (pi->ehdr->e_shoff >= kexec_purgatory_size
874 	    || (pi->ehdr->e_shnum * sizeof(Elf_Shdr) >
875 	    kexec_purgatory_size - pi->ehdr->e_shoff))
876 		return -ENOEXEC;
877 
878 	ret = __kexec_load_purgatory(image, min, max, top_down);
879 	if (ret)
880 		return ret;
881 
882 	ret = kexec_apply_relocations(image);
883 	if (ret)
884 		goto out;
885 
886 	*load_addr = pi->purgatory_load_addr;
887 	return 0;
888 out:
889 	vfree(pi->sechdrs);
890 	vfree(pi->purgatory_buf);
891 	return ret;
892 }
893 
894 static Elf_Sym *kexec_purgatory_find_symbol(struct purgatory_info *pi,
895 					    const char *name)
896 {
897 	Elf_Sym *syms;
898 	Elf_Shdr *sechdrs;
899 	Elf_Ehdr *ehdr;
900 	int i, k;
901 	const char *strtab;
902 
903 	if (!pi->sechdrs || !pi->ehdr)
904 		return NULL;
905 
906 	sechdrs = pi->sechdrs;
907 	ehdr = pi->ehdr;
908 
909 	for (i = 0; i < ehdr->e_shnum; i++) {
910 		if (sechdrs[i].sh_type != SHT_SYMTAB)
911 			continue;
912 
913 		if (sechdrs[i].sh_link >= ehdr->e_shnum)
914 			/* Invalid strtab section number */
915 			continue;
916 		strtab = (char *)sechdrs[sechdrs[i].sh_link].sh_offset;
917 		syms = (Elf_Sym *)sechdrs[i].sh_offset;
918 
919 		/* Go through symbols for a match */
920 		for (k = 0; k < sechdrs[i].sh_size/sizeof(Elf_Sym); k++) {
921 			if (ELF_ST_BIND(syms[k].st_info) != STB_GLOBAL)
922 				continue;
923 
924 			if (strcmp(strtab + syms[k].st_name, name) != 0)
925 				continue;
926 
927 			if (syms[k].st_shndx == SHN_UNDEF ||
928 			    syms[k].st_shndx >= ehdr->e_shnum) {
929 				pr_debug("Symbol: %s has bad section index %d.\n",
930 						name, syms[k].st_shndx);
931 				return NULL;
932 			}
933 
934 			/* Found the symbol we are looking for */
935 			return &syms[k];
936 		}
937 	}
938 
939 	return NULL;
940 }
941 
942 void *kexec_purgatory_get_symbol_addr(struct kimage *image, const char *name)
943 {
944 	struct purgatory_info *pi = &image->purgatory_info;
945 	Elf_Sym *sym;
946 	Elf_Shdr *sechdr;
947 
948 	sym = kexec_purgatory_find_symbol(pi, name);
949 	if (!sym)
950 		return ERR_PTR(-EINVAL);
951 
952 	sechdr = &pi->sechdrs[sym->st_shndx];
953 
954 	/*
955 	 * Returns the address where symbol will finally be loaded after
956 	 * kexec_load_segment()
957 	 */
958 	return (void *)(sechdr->sh_addr + sym->st_value);
959 }
960 
961 /*
962  * Get or set value of a symbol. If "get_value" is true, symbol value is
963  * returned in buf otherwise symbol value is set based on value in buf.
964  */
965 int kexec_purgatory_get_set_symbol(struct kimage *image, const char *name,
966 				   void *buf, unsigned int size, bool get_value)
967 {
968 	Elf_Sym *sym;
969 	Elf_Shdr *sechdrs;
970 	struct purgatory_info *pi = &image->purgatory_info;
971 	char *sym_buf;
972 
973 	sym = kexec_purgatory_find_symbol(pi, name);
974 	if (!sym)
975 		return -EINVAL;
976 
977 	if (sym->st_size != size) {
978 		pr_err("symbol %s size mismatch: expected %lu actual %u\n",
979 		       name, (unsigned long)sym->st_size, size);
980 		return -EINVAL;
981 	}
982 
983 	sechdrs = pi->sechdrs;
984 
985 	if (sechdrs[sym->st_shndx].sh_type == SHT_NOBITS) {
986 		pr_err("symbol %s is in a bss section. Cannot %s\n", name,
987 		       get_value ? "get" : "set");
988 		return -EINVAL;
989 	}
990 
991 	sym_buf = (unsigned char *)sechdrs[sym->st_shndx].sh_offset +
992 					sym->st_value;
993 
994 	if (get_value)
995 		memcpy((void *)buf, sym_buf, size);
996 	else
997 		memcpy((void *)sym_buf, buf, size);
998 
999 	return 0;
1000 }
1001