xref: /titanic_50/usr/src/uts/i86pc/os/fastboot.c (revision ac83d6047a381a86653d795f3dea67ae64eb5549)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 
22 /*
23  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 /*
28  * This file contains the functions for performing Fast Reboot -- a
29  * reboot which bypasses the firmware and bootloader, considerably
30  * reducing downtime.
31  *
32  * fastboot_load_kernel(): This function is invoked by mdpreboot() in the
33  * reboot path.  It loads the new kernel and boot archive into memory, builds
34  * the data structure containing sufficient information about the new
35  * kernel and boot archive to be passed to the fast reboot switcher
36  * (see fb_swtch_src.s for details).  When invoked the switcher relocates
37  * the new kernel and boot archive to physically contiguous low memory,
38  * similar to where the boot loader would have loaded them, and jumps to
39  * the new kernel.
40  *
41  * If fastreboot_onpanic is enabled, fastboot_load_kernel() is called
42  * by fastreboot_post_startup() to load the back up kernel in case of
43  * panic.
44  *
45  * The physical addresses of the memory allocated for the new kernel, boot
46  * archive and their page tables must be above where the boot archive ends
47  * after it has been relocated by the switcher, otherwise the new files
48  * and their page tables could be overridden during relocation.
49  *
50  * fast_reboot(): This function is invoked by mdboot() once it's determined
51  * that the system is capable of fast reboot.  It jumps to the fast reboot
52  * switcher with the data structure built by fastboot_load_kernel() as the
53  * argument.
54  */
55 
56 #include <sys/types.h>
57 #include <sys/param.h>
58 #include <sys/segments.h>
59 #include <sys/sysmacros.h>
60 #include <sys/vm.h>
61 
62 #include <sys/proc.h>
63 #include <sys/buf.h>
64 #include <sys/kmem.h>
65 
66 #include <sys/reboot.h>
67 #include <sys/uadmin.h>
68 
69 #include <sys/cred.h>
70 #include <sys/vnode.h>
71 #include <sys/file.h>
72 
73 #include <sys/cmn_err.h>
74 #include <sys/dumphdr.h>
75 #include <sys/bootconf.h>
76 #include <sys/ddidmareq.h>
77 #include <sys/varargs.h>
78 #include <sys/promif.h>
79 #include <sys/modctl.h>
80 
81 #include <vm/hat.h>
82 #include <vm/as.h>
83 #include <vm/page.h>
84 #include <vm/seg.h>
85 #include <vm/hat_i86.h>
86 #include <sys/vm_machparam.h>
87 #include <sys/archsystm.h>
88 #include <sys/machsystm.h>
89 #include <sys/mman.h>
90 #include <sys/x86_archext.h>
91 #include <sys/smp_impldefs.h>
92 #include <sys/spl.h>
93 
94 #include <sys/fastboot.h>
95 #include <sys/machelf.h>
96 #include <sys/kobj.h>
97 #include <sys/multiboot.h>
98 #include <sys/kobj_lex.h>
99 
100 /*
101  * Macro to determine how many pages are needed for PTEs to map a particular
102  * file.  Allocate one extra page table entry for terminating the list.
103  */
104 #define	FASTBOOT_PTE_LIST_SIZE(fsize)	\
105 	P2ROUNDUP((((fsize) >> PAGESHIFT) + 1) * sizeof (x86pte_t), PAGESIZE)
106 
107 /*
108  * Data structure containing necessary information for the fast reboot
109  * switcher to jump to the new kernel.
110  */
111 fastboot_info_t newkernel = { 0 };
112 char		fastboot_args[OBP_MAXPATHLEN];
113 
114 static char fastboot_filename[2][OBP_MAXPATHLEN] = { { 0 }, { 0 }};
115 static x86pte_t ptp_bits = PT_VALID | PT_REF | PT_USER | PT_WRITABLE;
116 static x86pte_t pte_bits =
117     PT_VALID | PT_REF | PT_MOD | PT_NOCONSIST | PT_WRITABLE;
118 static uint_t fastboot_shift_amt_pae[] = {12, 21, 30, 39};
119 
120 int fastboot_debug = 0;
121 int fastboot_contig = 0;
122 
123 /*
124  * Fake starting va for new kernel and boot archive.
125  */
126 static uintptr_t fake_va = FASTBOOT_FAKE_VA;
127 
128 /*
129  * Reserve memory below PA 1G in preparation of fast reboot.
130  *
131  * This variable is only checked when fastreboot_capable is set, but
132  * fastreboot_onpanic is not set.  The amount of memory reserved
133  * is negligible, but just in case we are really short of low memory,
134  * this variable will give us a backdoor to not consume memory at all.
135  */
136 int reserve_mem_enabled = 1;
137 
138 /*
139  * Amount of memory below PA 1G to reserve for constructing the multiboot
140  * data structure and the page tables as we tend to run out of those
141  * when more drivers are loaded.
142  */
143 static size_t fastboot_mbi_size = 0x2000;	/* 8K */
144 static size_t fastboot_pagetable_size = 0x5000;	/* 20K */
145 
146 /*
147  * Use below 1G for page tables as
148  *	1. we are only doing 1:1 mapping of the bottom 1G of physical memory.
149  *	2. we are using 2G as the fake virtual address for the new kernel and
150  *	boot archive.
151  */
152 static ddi_dma_attr_t fastboot_below_1G_dma_attr = {
153 	DMA_ATTR_V0,
154 	0x0000000008000000ULL,	/* dma_attr_addr_lo: 128MB */
155 	0x000000003FFFFFFFULL,	/* dma_attr_addr_hi: 1G */
156 	0x00000000FFFFFFFFULL,	/* dma_attr_count_max */
157 	0x0000000000001000ULL,	/* dma_attr_align: 4KB */
158 	1,			/* dma_attr_burstsize */
159 	1,			/* dma_attr_minxfer */
160 	0x00000000FFFFFFFFULL,	/* dma_attr_maxxfer */
161 	0x00000000FFFFFFFFULL,	/* dma_attr_seg */
162 	1,			/* dma_attr_sgllen */
163 	0x1000ULL,		/* dma_attr_granular */
164 	0,			/* dma_attr_flags */
165 };
166 
167 static ddi_dma_attr_t fastboot_dma_attr = {
168 	DMA_ATTR_V0,
169 	0x0000000008000000ULL,	/* dma_attr_addr_lo: 128MB */
170 #ifdef	__amd64
171 	0xFFFFFFFFFFFFFFFFULL,	/* dma_attr_addr_hi: 2^64B */
172 #else
173 	0x0000000FFFFFFFFFULL,	/* dma_attr_addr_hi: 64GB */
174 #endif	/* __amd64 */
175 	0x00000000FFFFFFFFULL,	/* dma_attr_count_max */
176 	0x0000000000001000ULL,	/* dma_attr_align: 4KB */
177 	1,			/* dma_attr_burstsize */
178 	1,			/* dma_attr_minxfer */
179 	0x00000000FFFFFFFFULL,	/* dma_attr_maxxfer */
180 	0x00000000FFFFFFFFULL,	/* dma_attr_seg */
181 	1,			/* dma_attr_sgllen */
182 	0x1000ULL,		/* dma_attr_granular */
183 	0,			/* dma_attr_flags */
184 };
185 
186 /*
187  * Various information saved from the previous boot to reconstruct
188  * multiboot_info.
189  */
190 extern multiboot_info_t saved_mbi;
191 extern mb_memory_map_t saved_mmap[FASTBOOT_SAVED_MMAP_COUNT];
192 extern uint8_t saved_drives[FASTBOOT_SAVED_DRIVES_SIZE];
193 extern char saved_cmdline[FASTBOOT_SAVED_CMDLINE_LEN];
194 extern int saved_cmdline_len;
195 extern size_t saved_file_size[];
196 
197 extern void* contig_alloc(size_t size, ddi_dma_attr_t *attr,
198     uintptr_t align, int cansleep);
199 extern void contig_free(void *addr, size_t size);
200 
201 
202 /* PRINTLIKE */
203 extern void vprintf(const char *, va_list);
204 
205 
206 /*
207  * Need to be able to get boot_archives from other places
208  */
209 #define	BOOTARCHIVE64	"/platform/i86pc/amd64/boot_archive"
210 #define	BOOTARCHIVE32	"/platform/i86pc/boot_archive"
211 #define	BOOTARCHIVE32_FAILSAFE	"/boot/x86.miniroot-safe"
212 #define	BOOTARCHIVE64_FAILSAFE	"/boot/amd64/x86.miniroot-safe"
213 #define	FAILSAFE_BOOTFILE32	"/boot/platform/i86pc/kernel/unix"
214 #define	FAILSAFE_BOOTFILE64	"/boot/platform/i86pc/kernel/amd64/unix"
215 
216 static uint_t fastboot_vatoindex(fastboot_info_t *, uintptr_t, int);
217 static void fastboot_map_with_size(fastboot_info_t *, uintptr_t,
218     paddr_t, size_t, int);
219 static void fastboot_build_pagetables(fastboot_info_t *);
220 static int fastboot_build_mbi(char *, fastboot_info_t *);
221 static void fastboot_free_file(fastboot_file_t *);
222 
223 static const char fastboot_enomem_msg[] = "Fastboot: Couldn't allocate 0x%"
224 	PRIx64" bytes below %s to do fast reboot";
225 
226 static void
227 dprintf(char *fmt, ...)
228 {
229 	va_list adx;
230 
231 	if (!fastboot_debug)
232 		return;
233 
234 	va_start(adx, fmt);
235 	vprintf(fmt, adx);
236 	va_end(adx);
237 }
238 
239 
240 /*
241  * Return the index corresponding to a virt address at a given page table level.
242  */
243 static uint_t
244 fastboot_vatoindex(fastboot_info_t *nk, uintptr_t va, int level)
245 {
246 	return ((va >> nk->fi_shift_amt[level]) & (nk->fi_ptes_per_table - 1));
247 }
248 
249 
250 /*
251  * Add mapping from vstart to pstart for the specified size.
252  * vstart, pstart and size should all have been aligned at 2M boundaries.
253  */
254 static void
255 fastboot_map_with_size(fastboot_info_t *nk, uintptr_t vstart, paddr_t pstart,
256     size_t size, int level)
257 {
258 	x86pte_t	pteval, *table;
259 	uintptr_t	vaddr;
260 	paddr_t		paddr;
261 	int		index, l;
262 
263 	table = (x86pte_t *)(nk->fi_pagetable_va);
264 
265 	for (l = nk->fi_top_level; l >= level; l--) {
266 
267 		index = fastboot_vatoindex(nk, vstart, l);
268 
269 		if (l == level) {
270 			/*
271 			 * Last level.  Program the page table entries.
272 			 */
273 			for (vaddr = vstart, paddr = pstart;
274 			    vaddr < vstart + size;
275 			    vaddr += (1ULL << nk->fi_shift_amt[l]),
276 			    paddr += (1ULL << nk->fi_shift_amt[l])) {
277 
278 				uint_t index = fastboot_vatoindex(nk, vaddr, l);
279 
280 				if (l > 0)
281 					pteval = paddr | pte_bits | PT_PAGESIZE;
282 				else
283 					pteval = paddr | pte_bits;
284 
285 				table[index] = pteval;
286 			}
287 		} else if (table[index] & PT_VALID) {
288 
289 			table = (x86pte_t *)
290 			    ((uintptr_t)(((paddr_t)table[index] & MMU_PAGEMASK)
291 			    - nk->fi_pagetable_pa) + nk->fi_pagetable_va);
292 		} else {
293 			/*
294 			 * Intermediate levels.
295 			 * Program with either valid bit or PTP bits.
296 			 */
297 			if (l == nk->fi_top_level) {
298 #ifdef	__amd64
299 				ASSERT(nk->fi_top_level == 3);
300 				table[index] = nk->fi_next_table_pa | ptp_bits;
301 #else
302 				table[index] = nk->fi_next_table_pa | PT_VALID;
303 #endif	/* __amd64 */
304 			} else {
305 				table[index] = nk->fi_next_table_pa | ptp_bits;
306 			}
307 			table = (x86pte_t *)(nk->fi_next_table_va);
308 			nk->fi_next_table_va += MMU_PAGESIZE;
309 			nk->fi_next_table_pa += MMU_PAGESIZE;
310 		}
311 	}
312 }
313 
314 /*
315  * Build page tables for the lower 1G of physical memory using 2M
316  * pages, and prepare page tables for mapping new kernel and boot
317  * archive pages using 4K pages.
318  */
319 static void
320 fastboot_build_pagetables(fastboot_info_t *nk)
321 {
322 	/*
323 	 * Map lower 1G physical memory.  Use large pages.
324 	 */
325 	fastboot_map_with_size(nk, 0, 0, ONE_GIG, 1);
326 
327 	/*
328 	 * Map one 4K page to get the middle page tables set up.
329 	 */
330 	fake_va = P2ALIGN_TYPED(fake_va, nk->fi_lpagesize, uintptr_t);
331 	fastboot_map_with_size(nk, fake_va,
332 	    nk->fi_files[0].fb_pte_list_va[0] & MMU_PAGEMASK, PAGESIZE, 0);
333 }
334 
335 
336 /*
337  * Sanity check.  Look for dboot offset.
338  */
339 static int
340 fastboot_elf64_find_dboot_load_offset(void *img, off_t imgsz, uint32_t *offp)
341 {
342 	Elf64_Ehdr	*ehdr = (Elf64_Ehdr *)img;
343 	Elf64_Phdr	*phdr;
344 	uint8_t		*phdrbase;
345 	int		i;
346 
347 	if ((ehdr->e_phoff + ehdr->e_phnum * ehdr->e_phentsize) >= imgsz)
348 		return (-1);
349 
350 	phdrbase = (uint8_t *)img + ehdr->e_phoff;
351 
352 	for (i = 0; i < ehdr->e_phnum; i++) {
353 		phdr = (Elf64_Phdr *)(phdrbase + ehdr->e_phentsize * i);
354 
355 		if (phdr->p_type == PT_LOAD) {
356 			if (phdr->p_vaddr == phdr->p_paddr &&
357 			    phdr->p_vaddr == DBOOT_ENTRY_ADDRESS) {
358 				ASSERT(phdr->p_offset <= UINT32_MAX);
359 				*offp = (uint32_t)phdr->p_offset;
360 				return (0);
361 			}
362 		}
363 	}
364 
365 	return (-1);
366 }
367 
368 
369 /*
370  * Initialize text and data section information for 32-bit kernel.
371  * sectcntp - is both input/output parameter.
372  * On entry, *sectcntp contains maximum allowable number of sections;
373  * on return, it contains the actual number of sections filled.
374  */
375 static int
376 fastboot_elf32_find_loadables(void *img, off_t imgsz, fastboot_section_t *sectp,
377     int *sectcntp, uint32_t *offp)
378 {
379 	Elf32_Ehdr	*ehdr = (Elf32_Ehdr *)img;
380 	Elf32_Phdr	*phdr;
381 	uint8_t		*phdrbase;
382 	int		i;
383 	int		used_sections = 0;
384 	const int	max_sectcnt = *sectcntp;
385 
386 	if ((ehdr->e_phoff + ehdr->e_phnum * ehdr->e_phentsize) >= imgsz)
387 		return (-1);
388 
389 	phdrbase = (uint8_t *)img + ehdr->e_phoff;
390 
391 	for (i = 0; i < ehdr->e_phnum; i++) {
392 		phdr = (Elf32_Phdr *)(phdrbase + ehdr->e_phentsize * i);
393 
394 		if (phdr->p_type == PT_INTERP)
395 			return (-1);
396 
397 		if (phdr->p_type != PT_LOAD)
398 			continue;
399 
400 		if (phdr->p_vaddr == phdr->p_paddr &&
401 		    phdr->p_paddr == DBOOT_ENTRY_ADDRESS) {
402 			*offp = (uint32_t)phdr->p_offset;
403 		} else {
404 			if (max_sectcnt <= used_sections)
405 				return (-1);
406 
407 			sectp[used_sections].fb_sec_offset = phdr->p_offset;
408 			sectp[used_sections].fb_sec_paddr = phdr->p_paddr;
409 			sectp[used_sections].fb_sec_size = phdr->p_filesz;
410 			sectp[used_sections].fb_sec_bss_size =
411 			    (phdr->p_filesz < phdr->p_memsz) ?
412 			    (phdr->p_memsz - phdr->p_filesz) : 0;
413 
414 			/* Extra sanity check for the input object file */
415 			if (sectp[used_sections].fb_sec_paddr +
416 			    sectp[used_sections].fb_sec_size +
417 			    sectp[used_sections].fb_sec_bss_size >=
418 			    DBOOT_ENTRY_ADDRESS)
419 				return (-1);
420 
421 			used_sections++;
422 		}
423 	}
424 
425 	*sectcntp = used_sections;
426 	return (0);
427 }
428 
429 /*
430  * Create multiboot info structure (mbi) base on the saved mbi.
431  * Recalculate values of the pointer type fields in the data
432  * structure based on the new starting physical address of the
433  * data structure.
434  */
435 static int
436 fastboot_build_mbi(char *mdep, fastboot_info_t *nk)
437 {
438 	mb_module_t	*mbp;
439 	multiboot_info_t	*mbi;	/* pointer to multiboot structure */
440 	uintptr_t	start_addr_va;	/* starting VA of mbi */
441 	uintptr_t	start_addr_pa;	/* starting PA of mbi */
442 	size_t		offs = 0;	/* offset from the starting address */
443 	size_t		arglen;		/* length of the command line arg */
444 	size_t		size;	/* size of the memory reserved for mbi */
445 	size_t		mdnsz;	/* length of the boot archive name */
446 
447 	/*
448 	 * If mdep is not NULL or empty, use the length of mdep + 1
449 	 * (for NULL terminating) as the length of the new command
450 	 * line; else use the saved command line length as the
451 	 * length for the new command line.
452 	 */
453 	if (mdep != NULL && strlen(mdep) != 0) {
454 		arglen = strlen(mdep) + 1;
455 	} else {
456 		arglen = saved_cmdline_len;
457 	}
458 
459 	/*
460 	 * Allocate memory for the new multiboot info structure (mbi).
461 	 * If we have reserved memory for mbi but it's not enough,
462 	 * free it and reallocate.
463 	 */
464 	size = PAGESIZE + P2ROUNDUP(arglen, PAGESIZE);
465 	if (nk->fi_mbi_size && nk->fi_mbi_size < size) {
466 		contig_free((void *)nk->fi_new_mbi_va, nk->fi_mbi_size);
467 		nk->fi_mbi_size = 0;
468 	}
469 
470 	if (nk->fi_mbi_size == 0) {
471 		if ((nk->fi_new_mbi_va =
472 		    (uintptr_t)contig_alloc(size, &fastboot_below_1G_dma_attr,
473 		    PAGESIZE, 0)) == NULL) {
474 			cmn_err(CE_WARN, fastboot_enomem_msg,
475 			    (uint64_t)size, "1G");
476 			return (-1);
477 		}
478 		/*
479 		 * fi_mbi_size must be set after the allocation succeeds
480 		 * as it's used to determine how much memory to free.
481 		 */
482 		nk->fi_mbi_size = size;
483 	}
484 
485 	/*
486 	 * Initalize memory
487 	 */
488 	bzero((void *)nk->fi_new_mbi_va, nk->fi_mbi_size);
489 
490 	/*
491 	 * Get PA for the new mbi
492 	 */
493 	start_addr_va = nk->fi_new_mbi_va;
494 	start_addr_pa = mmu_ptob((uint64_t)hat_getpfnum(kas.a_hat,
495 	    (caddr_t)start_addr_va));
496 	nk->fi_new_mbi_pa = (paddr_t)start_addr_pa;
497 
498 	/*
499 	 * Populate the rest of the fields in the data structure
500 	 */
501 
502 	/*
503 	 * Copy from the saved mbi to preserve all non-pointer type fields.
504 	 */
505 	mbi = (multiboot_info_t *)start_addr_va;
506 	bcopy(&saved_mbi, mbi, sizeof (*mbi));
507 
508 	/*
509 	 * Recalculate mods_addr.  Set mod_start and mod_end based on
510 	 * the physical address of the new boot archive.  Set mod_name
511 	 * to the name of the new boto archive.
512 	 */
513 	offs += sizeof (multiboot_info_t);
514 	mbi->mods_addr = start_addr_pa + offs;
515 	mbp = (mb_module_t *)(start_addr_va + offs);
516 	mbp->mod_start = nk->fi_files[FASTBOOT_BOOTARCHIVE].fb_dest_pa;
517 	mbp->mod_end = nk->fi_files[FASTBOOT_BOOTARCHIVE].fb_next_pa;
518 
519 	offs += sizeof (mb_module_t);
520 	mdnsz = strlen(fastboot_filename[FASTBOOT_NAME_BOOTARCHIVE]) + 1;
521 	bcopy(fastboot_filename[FASTBOOT_NAME_BOOTARCHIVE],
522 	    (void *)(start_addr_va + offs), mdnsz);
523 	mbp->mod_name = start_addr_pa + offs;
524 	mbp->reserved = 0;
525 
526 	/*
527 	 * Make sure the offset is 16-byte aligned to avoid unaligned access.
528 	 */
529 	offs += mdnsz;
530 	offs = P2ROUNDUP_TYPED(offs, 16, size_t);
531 
532 	/*
533 	 * Recalculate mmap_addr
534 	 */
535 	mbi->mmap_addr = start_addr_pa + offs;
536 	bcopy((void *)(uintptr_t)saved_mmap, (void *)(start_addr_va + offs),
537 	    saved_mbi.mmap_length);
538 	offs += saved_mbi.mmap_length;
539 
540 	/*
541 	 * Recalculate drives_addr
542 	 */
543 	mbi->drives_addr = start_addr_pa + offs;
544 	bcopy((void *)(uintptr_t)saved_drives, (void *)(start_addr_va + offs),
545 	    saved_mbi.drives_length);
546 	offs += saved_mbi.drives_length;
547 
548 	/*
549 	 * Recalculate the address of cmdline.  Set cmdline to contain the
550 	 * new boot argument.
551 	 */
552 	mbi->cmdline = start_addr_pa + offs;
553 
554 	if (mdep != NULL && strlen(mdep) != 0) {
555 		bcopy(mdep, (void *)(start_addr_va + offs), arglen);
556 	} else {
557 		bcopy((void *)saved_cmdline, (void *)(start_addr_va + offs),
558 		    arglen);
559 	}
560 
561 	/* clear fields and flags that are not copied */
562 	bzero(&mbi->config_table,
563 	    sizeof (*mbi) - offsetof(multiboot_info_t, config_table));
564 	mbi->flags &= ~(MB_INFO_CONFIG_TABLE | MB_INFO_BOOT_LOADER_NAME |
565 	    MB_INFO_APM_TABLE | MB_INFO_VIDEO_INFO);
566 
567 	return (0);
568 }
569 
570 /*
571  * Initialize HAT related fields
572  */
573 static void
574 fastboot_init_fields(fastboot_info_t *nk)
575 {
576 	if (x86_feature & X86_PAE) {
577 		nk->fi_has_pae = 1;
578 		nk->fi_shift_amt = fastboot_shift_amt_pae;
579 		nk->fi_ptes_per_table = 512;
580 		nk->fi_lpagesize = (2 << 20);	/* 2M */
581 #ifdef	__amd64
582 		nk->fi_top_level = 3;
583 #else
584 		nk->fi_top_level = 2;
585 #endif	/* __amd64 */
586 	}
587 }
588 
589 /*
590  * Process boot argument
591  */
592 static void
593 fastboot_parse_mdep(char *mdep, char *kern_bootpath, int *bootpath_len,
594     char *bootargs)
595 {
596 	int	i;
597 
598 	/*
599 	 * If mdep is not NULL, it comes in the format of
600 	 *	mountpoint unix args
601 	 */
602 	if (mdep != NULL && strlen(mdep) != 0) {
603 		if (mdep[0] != '-') {
604 			/* First get the root argument */
605 			i = 0;
606 			while (mdep[i] != '\0' && mdep[i] != ' ') {
607 				i++;
608 			}
609 
610 			if (i < 4 || strncmp(&mdep[i-4], "unix", 4) != 0) {
611 				/* mount point */
612 				bcopy(mdep, kern_bootpath, i);
613 				kern_bootpath[i] = '\0';
614 				*bootpath_len = i;
615 
616 				/*
617 				 * Get the next argument. It should be unix as
618 				 * we have validated in in halt.c.
619 				 */
620 				if (strlen(mdep) > i) {
621 					mdep += (i + 1);
622 					i = 0;
623 					while (mdep[i] != '\0' &&
624 					    mdep[i] != ' ') {
625 						i++;
626 					}
627 				}
628 
629 			}
630 			bcopy(mdep, kern_bootfile, i);
631 			kern_bootfile[i] = '\0';
632 			bcopy(mdep, bootargs, strlen(mdep));
633 		} else {
634 			int off = strlen(kern_bootfile);
635 			bcopy(kern_bootfile, bootargs, off);
636 			bcopy(" ", &bootargs[off++], 1);
637 			bcopy(mdep, &bootargs[off], strlen(mdep));
638 			off += strlen(mdep);
639 			bootargs[off] = '\0';
640 		}
641 	}
642 }
643 
644 /*
645  * Reserve memory under PA 1G for mapping the new kernel and boot archive.
646  * This function is only called if fastreboot_onpanic is *not* set.
647  */
648 static void
649 fastboot_reserve_mem(fastboot_info_t *nk)
650 {
651 	int i;
652 
653 	/*
654 	 * A valid kernel is in place.  No need to reserve any memory.
655 	 */
656 	if (nk->fi_valid)
657 		return;
658 
659 	/*
660 	 * Reserve memory under PA 1G for PTE lists.
661 	 */
662 	for (i = 0; i < FASTBOOT_MAX_FILES_MAP; i++) {
663 		fastboot_file_t *fb = &nk->fi_files[i];
664 		size_t fsize_roundup, size;
665 
666 		fsize_roundup = P2ROUNDUP_TYPED(saved_file_size[i],
667 		    PAGESIZE, size_t);
668 		size = FASTBOOT_PTE_LIST_SIZE(fsize_roundup);
669 		if ((fb->fb_pte_list_va = contig_alloc(size,
670 		    &fastboot_below_1G_dma_attr, PAGESIZE, 0)) == NULL) {
671 			return;
672 		}
673 		fb->fb_pte_list_size = size;
674 	}
675 
676 	/*
677 	 * Reserve memory under PA 1G for page tables.
678 	 */
679 	if ((nk->fi_pagetable_va =
680 	    (uintptr_t)contig_alloc(fastboot_pagetable_size,
681 	    &fastboot_below_1G_dma_attr, PAGESIZE, 0)) == NULL) {
682 		return;
683 	}
684 	nk->fi_pagetable_size = fastboot_pagetable_size;
685 
686 	/*
687 	 * Reserve memory under PA 1G for multiboot structure.
688 	 */
689 	if ((nk->fi_new_mbi_va = (uintptr_t)contig_alloc(fastboot_mbi_size,
690 	    &fastboot_below_1G_dma_attr, PAGESIZE, 0)) == NULL) {
691 		return;
692 	}
693 	nk->fi_mbi_size = fastboot_mbi_size;
694 }
695 
696 /*
697  * Calculate MD5 digest for the given fastboot_file.
698  * Assumes that the file is allready loaded properly.
699  */
700 static void
701 fastboot_cksum_file(fastboot_file_t *fb, uchar_t *md5_hash)
702 {
703 	MD5_CTX md5_ctx;
704 
705 	MD5Init(&md5_ctx);
706 	MD5Update(&md5_ctx, (void *)fb->fb_va, fb->fb_size);
707 	MD5Final(md5_hash, &md5_ctx);
708 }
709 
710 /*
711  * Free up the memory we have allocated for a file
712  */
713 static void
714 fastboot_free_file(fastboot_file_t *fb)
715 {
716 	size_t	fsize_roundup;
717 
718 	fsize_roundup = P2ROUNDUP_TYPED(fb->fb_size, PAGESIZE, size_t);
719 	if (fsize_roundup) {
720 		contig_free((void *)fb->fb_va, fsize_roundup);
721 		fb->fb_va = NULL;
722 		fb->fb_size = 0;
723 	}
724 }
725 
726 /*
727  * Free up memory used by the PTEs for a file.
728  */
729 static void
730 fastboot_free_file_pte(fastboot_file_t *fb, uint64_t endaddr)
731 {
732 	if (fb->fb_pte_list_size && fb->fb_pte_list_pa < endaddr) {
733 		contig_free((void *)fb->fb_pte_list_va, fb->fb_pte_list_size);
734 		fb->fb_pte_list_va = 0;
735 		fb->fb_pte_list_pa = 0;
736 		fb->fb_pte_list_size = 0;
737 	}
738 }
739 
740 /*
741  * Free up all the memory used for representing a kernel with
742  * fastboot_info_t.
743  */
744 static void
745 fastboot_free_mem(fastboot_info_t *nk, uint64_t endaddr)
746 {
747 	int i;
748 
749 	for (i = 0; i < FASTBOOT_MAX_FILES_MAP; i++) {
750 		fastboot_free_file(nk->fi_files + i);
751 		fastboot_free_file_pte(nk->fi_files + i, endaddr);
752 	}
753 
754 	if (nk->fi_pagetable_size && nk->fi_pagetable_pa < endaddr) {
755 		contig_free((void *)nk->fi_pagetable_va, nk->fi_pagetable_size);
756 		nk->fi_pagetable_va = 0;
757 		nk->fi_pagetable_pa = 0;
758 		nk->fi_pagetable_size = 0;
759 	}
760 
761 	if (nk->fi_mbi_size && nk->fi_new_mbi_pa < endaddr) {
762 		contig_free((void *)nk->fi_new_mbi_va, nk->fi_mbi_size);
763 		nk->fi_new_mbi_va = 0;
764 		nk->fi_new_mbi_pa = 0;
765 		nk->fi_mbi_size = 0;
766 	}
767 }
768 
769 /*
770  * Only free up the memory allocated for the kernel and boot archive,
771  * but not for the page tables.
772  */
773 void
774 fastboot_free_newkernel(fastboot_info_t *nk)
775 {
776 	int i;
777 
778 	nk->fi_valid = 0;
779 	/*
780 	 * Free the memory we have allocated
781 	 */
782 	for (i = 0; i < FASTBOOT_MAX_FILES_MAP; i++) {
783 		fastboot_free_file(&(nk->fi_files[i]));
784 	}
785 }
786 
787 static void
788 fastboot_cksum_cdata(fastboot_info_t *nk, uchar_t *md5_hash)
789 {
790 	int i;
791 	MD5_CTX md5_ctx;
792 
793 	MD5Init(&md5_ctx);
794 	for (i = 0; i < FASTBOOT_MAX_FILES_MAP; i++) {
795 		MD5Update(&md5_ctx, nk->fi_files[i].fb_pte_list_va,
796 		    nk->fi_files[i].fb_pte_list_size);
797 	}
798 	MD5Update(&md5_ctx, (void *)nk->fi_pagetable_va, nk->fi_pagetable_size);
799 	MD5Update(&md5_ctx, (void *)nk->fi_new_mbi_va, nk->fi_mbi_size);
800 
801 	MD5Final(md5_hash, &md5_ctx);
802 }
803 
804 /*
805  * Generate MD5 checksum of the given kernel.
806  */
807 static void
808 fastboot_cksum_generate(fastboot_info_t *nk)
809 {
810 	int i;
811 
812 	for (i = 0; i < FASTBOOT_MAX_FILES_MAP; i++) {
813 		fastboot_cksum_file(nk->fi_files + i, nk->fi_md5_hash[i]);
814 	}
815 	fastboot_cksum_cdata(nk, nk->fi_md5_hash[i]);
816 }
817 
818 /*
819  * Calculate MD5 checksum of the given kernel and verify that
820  * it matches with what was calculated before.
821  */
822 int
823 fastboot_cksum_verify(fastboot_info_t *nk)
824 {
825 	int i;
826 	uchar_t md5_hash[MD5_DIGEST_LENGTH];
827 
828 	for (i = 0; i < FASTBOOT_MAX_FILES_MAP; i++) {
829 		fastboot_cksum_file(nk->fi_files + i, md5_hash);
830 		if (bcmp(nk->fi_md5_hash[i], md5_hash,
831 		    sizeof (nk->fi_md5_hash[i])) != 0)
832 			return (i + 1);
833 	}
834 
835 	fastboot_cksum_cdata(nk, md5_hash);
836 	if (bcmp(nk->fi_md5_hash[i], md5_hash,
837 	    sizeof (nk->fi_md5_hash[i])) != 0)
838 		return (i + 1);
839 
840 	return (0);
841 }
842 
843 /*
844  * This function performs the following tasks:
845  * - Read the sizes of the new kernel and boot archive.
846  * - Allocate memory for the new kernel and boot archive.
847  * - Allocate memory for page tables necessary for mapping the memory
848  *   allocated for the files.
849  * - Read the new kernel and boot archive into memory.
850  * - Map in the fast reboot switcher.
851  * - Load the fast reboot switcher to FASTBOOT_SWTCH_PA.
852  * - Build the new multiboot_info structure
853  * - Build page tables for the low 1G of physical memory.
854  * - Mark the data structure as valid if all steps have succeeded.
855  */
856 void
857 fastboot_load_kernel(char *mdep)
858 {
859 	void		*buf = NULL;
860 	int		i;
861 	fastboot_file_t	*fb;
862 	uint32_t	dboot_start_offset;
863 	char		kern_bootpath[OBP_MAXPATHLEN];
864 	extern uintptr_t postbootkernelbase;
865 	uintptr_t	saved_kernelbase;
866 	int		bootpath_len = 0;
867 	int		is_failsafe = 0;
868 	int		is_retry = 0;
869 	uint64_t	end_addr;
870 
871 	ASSERT(fastreboot_capable);
872 
873 	if (newkernel.fi_valid)
874 		fastboot_free_newkernel(&newkernel);
875 
876 	saved_kernelbase = postbootkernelbase;
877 
878 	postbootkernelbase = 0;
879 
880 	/*
881 	 * Initialize various HAT related fields in the data structure
882 	 */
883 	fastboot_init_fields(&newkernel);
884 
885 	bzero(kern_bootpath, OBP_MAXPATHLEN);
886 
887 	/*
888 	 * Process the boot argument
889 	 */
890 	bzero(fastboot_args, OBP_MAXPATHLEN);
891 	fastboot_parse_mdep(mdep, kern_bootpath, &bootpath_len, fastboot_args);
892 
893 	/*
894 	 * Make sure we get the null character
895 	 */
896 	bcopy(kern_bootpath, fastboot_filename[FASTBOOT_NAME_UNIX],
897 	    bootpath_len);
898 	bcopy(kern_bootfile,
899 	    &fastboot_filename[FASTBOOT_NAME_UNIX][bootpath_len],
900 	    strlen(kern_bootfile) + 1);
901 
902 	bcopy(kern_bootpath, fastboot_filename[FASTBOOT_NAME_BOOTARCHIVE],
903 	    bootpath_len);
904 
905 	if (bcmp(kern_bootfile, FAILSAFE_BOOTFILE32,
906 	    (sizeof (FAILSAFE_BOOTFILE32) - 1)) == 0 ||
907 	    bcmp(kern_bootfile, FAILSAFE_BOOTFILE64,
908 	    (sizeof (FAILSAFE_BOOTFILE64) - 1)) == 0) {
909 		is_failsafe = 1;
910 	}
911 
912 load_kernel_retry:
913 	/*
914 	 * Read in unix and boot_archive
915 	 */
916 	end_addr = DBOOT_ENTRY_ADDRESS;
917 	for (i = 0; i < FASTBOOT_MAX_FILES_MAP; i++) {
918 		struct _buf	*file;
919 		uintptr_t	va;
920 		uint64_t	fsize;
921 		size_t		fsize_roundup, pt_size;
922 		int		page_index;
923 		uintptr_t	offset;
924 		ddi_dma_attr_t dma_attr = fastboot_dma_attr;
925 
926 
927 		dprintf("fastboot_filename[%d] = %s\n",
928 		    i, fastboot_filename[i]);
929 
930 		if ((file = kobj_open_file(fastboot_filename[i])) ==
931 		    (struct _buf *)-1) {
932 			cmn_err(CE_WARN, "Fastboot: Couldn't open %s",
933 			    fastboot_filename[i]);
934 			goto err_out;
935 		}
936 
937 		if (kobj_get_filesize(file, &fsize) != 0) {
938 			cmn_err(CE_WARN,
939 			    "Fastboot: Couldn't get filesize for %s",
940 			    fastboot_filename[i]);
941 			goto err_out;
942 		}
943 
944 		fsize_roundup = P2ROUNDUP_TYPED(fsize, PAGESIZE, size_t);
945 
946 		/*
947 		 * Where the files end in physical memory after being
948 		 * relocated by the fast boot switcher.
949 		 */
950 		end_addr += fsize_roundup;
951 		if (end_addr > fastboot_below_1G_dma_attr.dma_attr_addr_hi) {
952 			cmn_err(CE_WARN, "Fastboot: boot archive is too big");
953 			goto err_out;
954 		}
955 
956 		/*
957 		 * Adjust dma_attr_addr_lo so that the new kernel and boot
958 		 * archive will not be overridden during relocation.
959 		 */
960 		if (end_addr > fastboot_dma_attr.dma_attr_addr_lo ||
961 		    end_addr > fastboot_below_1G_dma_attr.dma_attr_addr_lo) {
962 
963 			if (is_retry) {
964 				/*
965 				 * If we have already tried and didn't succeed,
966 				 * just give up.
967 				 */
968 				cmn_err(CE_WARN,
969 				    "Fastboot: boot archive is too big");
970 				goto err_out;
971 			} else {
972 				/* Set the flag so we don't keep retrying */
973 				is_retry++;
974 
975 				/* Adjust dma_attr_addr_lo */
976 				fastboot_dma_attr.dma_attr_addr_lo = end_addr;
977 				fastboot_below_1G_dma_attr.dma_attr_addr_lo =
978 				    end_addr;
979 
980 				/*
981 				 * Free the memory we have already allocated
982 				 * whose physical addresses might not fit
983 				 * the new lo and hi constraints.
984 				 */
985 				fastboot_free_mem(&newkernel, end_addr);
986 				goto load_kernel_retry;
987 			}
988 		}
989 
990 
991 		if (!fastboot_contig)
992 			dma_attr.dma_attr_sgllen = (fsize / PAGESIZE) +
993 			    (((fsize % PAGESIZE) == 0) ? 0 : 1);
994 
995 		if ((buf = contig_alloc(fsize, &dma_attr, PAGESIZE, 0))
996 		    == NULL) {
997 			cmn_err(CE_WARN, fastboot_enomem_msg, fsize, "64G");
998 			goto err_out;
999 		}
1000 
1001 		va = P2ROUNDUP_TYPED((uintptr_t)buf, PAGESIZE, uintptr_t);
1002 
1003 		if (kobj_read_file(file, (char *)va, fsize, 0) < 0) {
1004 			cmn_err(CE_WARN, "Fastboot: Couldn't read %s",
1005 			    fastboot_filename[i]);
1006 			goto err_out;
1007 		}
1008 
1009 		fb = &newkernel.fi_files[i];
1010 		fb->fb_va = va;
1011 		fb->fb_size = fsize;
1012 		fb->fb_sectcnt = 0;
1013 
1014 		pt_size = FASTBOOT_PTE_LIST_SIZE(fsize_roundup);
1015 
1016 		/*
1017 		 * If we have reserved memory but it not enough, free it.
1018 		 */
1019 		if (fb->fb_pte_list_size && fb->fb_pte_list_size < pt_size) {
1020 			contig_free((void *)fb->fb_pte_list_va,
1021 			    fb->fb_pte_list_size);
1022 			fb->fb_pte_list_size = 0;
1023 		}
1024 
1025 		if (fb->fb_pte_list_size == 0) {
1026 			if ((fb->fb_pte_list_va =
1027 			    (x86pte_t *)contig_alloc(pt_size,
1028 			    &fastboot_below_1G_dma_attr, PAGESIZE, 0))
1029 			    == NULL) {
1030 				cmn_err(CE_WARN, fastboot_enomem_msg,
1031 				    (uint64_t)pt_size, "1G");
1032 				goto err_out;
1033 			}
1034 			/*
1035 			 * fb_pte_list_size must be set after the allocation
1036 			 * succeeds as it's used to determine how much memory to
1037 			 * free.
1038 			 */
1039 			fb->fb_pte_list_size = pt_size;
1040 		}
1041 
1042 		bzero((void *)(fb->fb_pte_list_va), fb->fb_pte_list_size);
1043 
1044 		fb->fb_pte_list_pa = mmu_ptob((uint64_t)hat_getpfnum(kas.a_hat,
1045 		    (caddr_t)fb->fb_pte_list_va));
1046 
1047 		for (page_index = 0, offset = 0; offset < fb->fb_size;
1048 		    offset += PAGESIZE) {
1049 			uint64_t paddr;
1050 
1051 			paddr = mmu_ptob((uint64_t)hat_getpfnum(kas.a_hat,
1052 			    (caddr_t)fb->fb_va + offset));
1053 
1054 			ASSERT(paddr >= fastboot_dma_attr.dma_attr_addr_lo);
1055 
1056 			/*
1057 			 * Include the pte_bits so we don't have to make
1058 			 * it in assembly.
1059 			 */
1060 			fb->fb_pte_list_va[page_index++] = (x86pte_t)
1061 			    (paddr | pte_bits);
1062 		}
1063 
1064 		fb->fb_pte_list_va[page_index] = FASTBOOT_TERMINATE;
1065 
1066 		if (i == FASTBOOT_UNIX) {
1067 			Ehdr	*ehdr = (Ehdr *)va;
1068 			int	j;
1069 
1070 			/*
1071 			 * Sanity checks:
1072 			 */
1073 			for (j = 0; j < SELFMAG; j++) {
1074 				if (ehdr->e_ident[j] != ELFMAG[j]) {
1075 					cmn_err(CE_WARN, "Fastboot: Bad ELF "
1076 					    "signature");
1077 					goto err_out;
1078 				}
1079 			}
1080 
1081 			if (ehdr->e_ident[EI_CLASS] == ELFCLASS32 &&
1082 			    ehdr->e_ident[EI_DATA] == ELFDATA2LSB &&
1083 			    ehdr->e_machine == EM_386) {
1084 
1085 				fb->fb_sectcnt = sizeof (fb->fb_sections) /
1086 				    sizeof (fb->fb_sections[0]);
1087 
1088 				if (fastboot_elf32_find_loadables((void *)va,
1089 				    fsize, &fb->fb_sections[0],
1090 				    &fb->fb_sectcnt, &dboot_start_offset) < 0) {
1091 					cmn_err(CE_WARN, "Fastboot: ELF32 "
1092 					    "program section failure");
1093 					goto err_out;
1094 				}
1095 
1096 				if (fb->fb_sectcnt == 0) {
1097 					cmn_err(CE_WARN, "Fastboot: No ELF32 "
1098 					    "program sections found");
1099 					goto err_out;
1100 				}
1101 
1102 				if (is_failsafe) {
1103 					/* Failsafe boot_archive */
1104 					bcopy(BOOTARCHIVE32_FAILSAFE,
1105 					    &fastboot_filename
1106 					    [FASTBOOT_NAME_BOOTARCHIVE]
1107 					    [bootpath_len],
1108 					    sizeof (BOOTARCHIVE32_FAILSAFE));
1109 				} else {
1110 					bcopy(BOOTARCHIVE32,
1111 					    &fastboot_filename
1112 					    [FASTBOOT_NAME_BOOTARCHIVE]
1113 					    [bootpath_len],
1114 					    sizeof (BOOTARCHIVE32));
1115 				}
1116 
1117 			} else if (ehdr->e_ident[EI_CLASS] == ELFCLASS64 &&
1118 			    ehdr->e_ident[EI_DATA] == ELFDATA2LSB &&
1119 			    ehdr->e_machine == EM_AMD64) {
1120 
1121 				if (fastboot_elf64_find_dboot_load_offset(
1122 				    (void *)va, fsize, &dboot_start_offset)
1123 				    != 0) {
1124 					cmn_err(CE_WARN, "Fastboot: Couldn't "
1125 					    "find ELF64 dboot entry offset");
1126 					goto err_out;
1127 				}
1128 
1129 				if ((x86_feature & X86_64) == 0 ||
1130 				    (x86_feature & X86_PAE) == 0) {
1131 					cmn_err(CE_WARN, "Fastboot: Cannot "
1132 					    "reboot to %s: "
1133 					    "not a 64-bit capable system",
1134 					    kern_bootfile);
1135 					goto err_out;
1136 				}
1137 
1138 				if (is_failsafe) {
1139 					/* Failsafe boot_archive */
1140 					bcopy(BOOTARCHIVE64_FAILSAFE,
1141 					    &fastboot_filename
1142 					    [FASTBOOT_NAME_BOOTARCHIVE]
1143 					    [bootpath_len],
1144 					    sizeof (BOOTARCHIVE64_FAILSAFE));
1145 				} else {
1146 					bcopy(BOOTARCHIVE64,
1147 					    &fastboot_filename
1148 					    [FASTBOOT_NAME_BOOTARCHIVE]
1149 					    [bootpath_len],
1150 					    sizeof (BOOTARCHIVE64));
1151 				}
1152 			} else {
1153 				cmn_err(CE_WARN, "Fastboot: Unknown ELF type");
1154 				goto err_out;
1155 			}
1156 
1157 			fb->fb_dest_pa = DBOOT_ENTRY_ADDRESS -
1158 			    dboot_start_offset;
1159 
1160 			fb->fb_next_pa = DBOOT_ENTRY_ADDRESS + fsize_roundup;
1161 		} else {
1162 			fb->fb_dest_pa = newkernel.fi_files[i - 1].fb_next_pa;
1163 			fb->fb_next_pa = fb->fb_dest_pa + fsize_roundup;
1164 		}
1165 
1166 		kobj_close_file(file);
1167 
1168 	}
1169 
1170 	/*
1171 	 * Add the function that will switch us to 32-bit protected mode
1172 	 */
1173 	fb = &newkernel.fi_files[FASTBOOT_SWTCH];
1174 	fb->fb_va = fb->fb_dest_pa = FASTBOOT_SWTCH_PA;
1175 	fb->fb_size = MMU_PAGESIZE;
1176 
1177 	hat_devload(kas.a_hat, (caddr_t)fb->fb_va,
1178 	    MMU_PAGESIZE, mmu_btop(fb->fb_dest_pa),
1179 	    PROT_READ | PROT_WRITE | PROT_EXEC,
1180 	    HAT_LOAD_NOCONSIST | HAT_LOAD_LOCK);
1181 
1182 	/*
1183 	 * Build the new multiboot_info structure
1184 	 */
1185 	if (fastboot_build_mbi(fastboot_args, &newkernel) != 0) {
1186 		goto err_out;
1187 	}
1188 
1189 	/*
1190 	 * Build page table for low 1G physical memory. Use big pages.
1191 	 * Allocate 4 (5 for amd64) pages for the page tables.
1192 	 *    1 page for PML4 (amd64)
1193 	 *    1 page for Page-Directory-Pointer Table
1194 	 *    2 pages for Page Directory
1195 	 *    1 page for Page Table.
1196 	 * The page table entry will be rewritten to map the physical
1197 	 * address as we do the copying.
1198 	 */
1199 	if (newkernel.fi_has_pae) {
1200 #ifdef	__amd64
1201 		size_t size = MMU_PAGESIZE * 5;
1202 #else
1203 		size_t size = MMU_PAGESIZE * 4;
1204 #endif	/* __amd64 */
1205 
1206 		if (newkernel.fi_pagetable_size && newkernel.fi_pagetable_size
1207 		    < size) {
1208 			contig_free((void *)newkernel.fi_pagetable_va,
1209 			    newkernel.fi_pagetable_size);
1210 			newkernel.fi_pagetable_size = 0;
1211 		}
1212 
1213 		if (newkernel.fi_pagetable_size == 0) {
1214 			if ((newkernel.fi_pagetable_va = (uintptr_t)
1215 			    contig_alloc(size, &fastboot_below_1G_dma_attr,
1216 			    MMU_PAGESIZE, 0)) == NULL) {
1217 				cmn_err(CE_WARN, fastboot_enomem_msg,
1218 				    (uint64_t)size, "1G");
1219 				goto err_out;
1220 			}
1221 			/*
1222 			 * fi_pagetable_size must be set after the allocation
1223 			 * succeeds as it's used to determine how much memory to
1224 			 * free.
1225 			 */
1226 			newkernel.fi_pagetable_size = size;
1227 		}
1228 
1229 		bzero((void *)(newkernel.fi_pagetable_va), size);
1230 
1231 		newkernel.fi_pagetable_pa =
1232 		    mmu_ptob((uint64_t)hat_getpfnum(kas.a_hat,
1233 		    (caddr_t)newkernel.fi_pagetable_va));
1234 
1235 		newkernel.fi_last_table_pa = newkernel.fi_pagetable_pa +
1236 		    size - MMU_PAGESIZE;
1237 
1238 		newkernel.fi_next_table_va = newkernel.fi_pagetable_va +
1239 		    MMU_PAGESIZE;
1240 		newkernel.fi_next_table_pa = newkernel.fi_pagetable_pa +
1241 		    MMU_PAGESIZE;
1242 
1243 		fastboot_build_pagetables(&newkernel);
1244 	}
1245 
1246 
1247 	/* Generate MD5 checksums */
1248 	fastboot_cksum_generate(&newkernel);
1249 
1250 	/* Mark it as valid */
1251 	newkernel.fi_valid = 1;
1252 	newkernel.fi_magic = FASTBOOT_MAGIC;
1253 
1254 	postbootkernelbase = saved_kernelbase;
1255 	return;
1256 
1257 err_out:
1258 	postbootkernelbase = saved_kernelbase;
1259 	newkernel.fi_valid = 0;
1260 	fastboot_free_newkernel(&newkernel);
1261 }
1262 
1263 
1264 /* ARGSUSED */
1265 static int
1266 fastboot_xc_func(fastboot_info_t *nk, xc_arg_t unused2, xc_arg_t unused3)
1267 {
1268 	void (*fastboot_func)(fastboot_info_t *);
1269 	fastboot_file_t	*fb = &nk->fi_files[FASTBOOT_SWTCH];
1270 	fastboot_func = (void (*)())(fb->fb_va);
1271 	kthread_t *t_intr = curthread->t_intr;
1272 
1273 	if (&kas != curproc->p_as) {
1274 		hat_devload(curproc->p_as->a_hat, (caddr_t)fb->fb_va,
1275 		    MMU_PAGESIZE, mmu_btop(fb->fb_dest_pa),
1276 		    PROT_READ | PROT_WRITE | PROT_EXEC,
1277 		    HAT_LOAD_NOCONSIST | HAT_LOAD_LOCK);
1278 	}
1279 
1280 	/*
1281 	 * If we have pinned a thread, make sure the address is mapped
1282 	 * in the address space of the pinned thread.
1283 	 */
1284 	if (t_intr && t_intr->t_procp->p_as->a_hat != curproc->p_as->a_hat &&
1285 	    t_intr->t_procp->p_as != &kas)
1286 		hat_devload(t_intr->t_procp->p_as->a_hat, (caddr_t)fb->fb_va,
1287 		    MMU_PAGESIZE, mmu_btop(fb->fb_dest_pa),
1288 		    PROT_READ | PROT_WRITE | PROT_EXEC,
1289 		    HAT_LOAD_NOCONSIST | HAT_LOAD_LOCK);
1290 
1291 	(*psm_shutdownf)(A_SHUTDOWN, AD_FASTREBOOT);
1292 	(*fastboot_func)(nk);
1293 
1294 	/*NOTREACHED*/
1295 	return (0);
1296 }
1297 
1298 /*
1299  * Jump to the fast reboot switcher.  This function never returns.
1300  */
1301 void
1302 fast_reboot()
1303 {
1304 	processorid_t bootcpuid = 0;
1305 	extern uintptr_t postbootkernelbase;
1306 	extern char	fb_swtch_image[];
1307 	fastboot_file_t	*fb;
1308 	int i;
1309 
1310 	postbootkernelbase = 0;
1311 
1312 	fb = &newkernel.fi_files[FASTBOOT_SWTCH];
1313 
1314 	/*
1315 	 * Map the address into both the current proc's address
1316 	 * space and the kernel's address space in case the panic
1317 	 * is forced by kmdb.
1318 	 */
1319 	if (&kas != curproc->p_as) {
1320 		hat_devload(curproc->p_as->a_hat, (caddr_t)fb->fb_va,
1321 		    MMU_PAGESIZE, mmu_btop(fb->fb_dest_pa),
1322 		    PROT_READ | PROT_WRITE | PROT_EXEC,
1323 		    HAT_LOAD_NOCONSIST | HAT_LOAD_LOCK);
1324 	}
1325 
1326 	bcopy((void *)fb_swtch_image, (void *)fb->fb_va, fb->fb_size);
1327 
1328 
1329 	/*
1330 	 * Set fb_va to fake_va
1331 	 */
1332 	for (i = 0; i < FASTBOOT_MAX_FILES_MAP; i++) {
1333 		newkernel.fi_files[i].fb_va = fake_va;
1334 
1335 	}
1336 
1337 	if (panicstr && CPU->cpu_id != bootcpuid &&
1338 	    CPU_ACTIVE(cpu_get(bootcpuid))) {
1339 		extern void panic_idle(void);
1340 		cpuset_t cpuset;
1341 
1342 		CPUSET_ZERO(cpuset);
1343 		CPUSET_ADD(cpuset, bootcpuid);
1344 		xc_priority((xc_arg_t)&newkernel, 0, 0, CPUSET2BV(cpuset),
1345 		    (xc_func_t)fastboot_xc_func);
1346 
1347 		panic_idle();
1348 	} else
1349 		(void) fastboot_xc_func(&newkernel, 0, 0);
1350 }
1351 
1352 
1353 /*
1354  * Get boot property value for fastreboot_onpanic.
1355  *
1356  * NOTE: If fastreboot_onpanic is set to non-zero in /etc/system,
1357  * new setting passed in via "-B fastreboot_onpanic" is ignored.
1358  * This order of precedence is to enable developers debugging panics
1359  * that occur early in boot to utilize Fast Reboot on panic.
1360  */
1361 static void
1362 fastboot_get_bootprop(void)
1363 {
1364 	int		val = 0xaa, len, ret;
1365 	dev_info_t	*devi;
1366 	char		*propstr = NULL;
1367 
1368 	devi = ddi_root_node();
1369 
1370 	ret = ddi_prop_lookup_string(DDI_DEV_T_ANY, devi, DDI_PROP_DONTPASS,
1371 	    FASTREBOOT_ONPANIC, &propstr);
1372 
1373 	if (ret == DDI_PROP_SUCCESS) {
1374 		if (FASTREBOOT_ONPANIC_NOTSET(propstr))
1375 			val = 0;
1376 		else if (FASTREBOOT_ONPANIC_ISSET(propstr))
1377 			val = UA_FASTREBOOT_ONPANIC;
1378 
1379 		/*
1380 		 * Only set fastreboot_onpanic to the value passed in
1381 		 * if it's not already set to non-zero, and the value
1382 		 * has indeed been passed in via command line.
1383 		 */
1384 		if (!fastreboot_onpanic && val != 0xaa)
1385 			fastreboot_onpanic = val;
1386 		ddi_prop_free(propstr);
1387 	} else if (ret != DDI_PROP_NOT_FOUND && ret != DDI_PROP_UNDEFINED) {
1388 		cmn_err(CE_WARN, "%s value is invalid, will be ignored",
1389 		    FASTREBOOT_ONPANIC);
1390 	}
1391 
1392 	len = sizeof (fastreboot_onpanic_cmdline);
1393 	ret = ddi_getlongprop_buf(DDI_DEV_T_ANY, devi, DDI_PROP_DONTPASS,
1394 	    FASTREBOOT_ONPANIC_CMDLINE, fastreboot_onpanic_cmdline, &len);
1395 
1396 	if (ret == DDI_PROP_BUF_TOO_SMALL)
1397 		cmn_err(CE_WARN, "%s value is too long, will be ignored",
1398 		    FASTREBOOT_ONPANIC_CMDLINE);
1399 }
1400 
1401 /*
1402  * This function is called by main() to either load the backup kernel for panic
1403  * fast reboot, or to reserve low physical memory for fast reboot.
1404  */
1405 void
1406 fastboot_post_startup()
1407 {
1408 	if (!fastreboot_capable)
1409 		return;
1410 
1411 	fastboot_get_bootprop();
1412 
1413 	if (fastreboot_onpanic)
1414 		fastboot_load_kernel(fastreboot_onpanic_cmdline);
1415 	else if (reserve_mem_enabled)
1416 		fastboot_reserve_mem(&newkernel);
1417 }
1418 
1419 /*
1420  * Update boot configuration settings.
1421  * If the new fastreboot_onpanic setting is false, and a kernel has
1422  * been preloaded, free the memory;
1423  * if the new fastreboot_onpanic setting is true and newkernel is
1424  * not valid, load the new kernel.
1425  */
1426 void
1427 fastboot_update_config(const char *mdep)
1428 {
1429 	uint8_t boot_config = (uint8_t)*mdep;
1430 	int cur_fastreboot_onpanic = fastreboot_onpanic;
1431 
1432 	if (!fastreboot_capable)
1433 		return;
1434 
1435 	fastreboot_onpanic = boot_config & UA_FASTREBOOT_ONPANIC;
1436 	if (fastreboot_onpanic && (!cur_fastreboot_onpanic ||
1437 	    !newkernel.fi_valid))
1438 		fastboot_load_kernel(fastreboot_onpanic_cmdline);
1439 	if (cur_fastreboot_onpanic && !fastreboot_onpanic)
1440 		fastboot_free_newkernel(&newkernel);
1441 }
1442