Re: [PATCH v2 0/9] kexec_file_load implementation for PowerPC
Am Donnerstag, 16 Juni 2016, 15:48:30 schrieb Michael Ellerman: > On Tue, 2016-06-14 at 11:59 -0300, Thiago Jung Bauermann wrote: > > Hello, > > > > This patch series implements the kexec_file_load system call on PowerPC. > > Can you tell me what this syscall does and why I would want it? Sorry, should have provided the motivation when I posted the patches. This system call moves the reading of the kernel, initrd and the device tree from the userspace kexec tool to the kernel. This is needed if you want to do one or both of the following: 1. only allow loading of signed kernels. 2. "measure" (i.e., record the hashes of) the kernel, initrd, kernel command line and other boot inputs for the Integrity Measurement Architecture subsystem. The above are the functions kexec already has built into kexec_file_load. I will soon post a set of patches which will allow a third feature: 3. have IMA pass-on its event log (where integrity measurements are registered) accross kexec to the second kernel, so that the event history is preserved. Because OpenPower uses an intermediary Linux instance as a boot loader (skiroot), feature 1 is needed to implement secure boot for the platform, while features 2 and 3 are needed to implement trusted boot. There's an LWN article giving more context on the origins of the system call, if you are interested: https://lwn.net/Articles/603116/ -- []'s Thiago Jung Bauermann IBM Linux Technology Center
Re: [PATCH v2 0/9] kexec_file_load implementation for PowerPC
Am Donnerstag, 16 Juni 2016, 15:48:30 schrieb Michael Ellerman: > On Tue, 2016-06-14 at 11:59 -0300, Thiago Jung Bauermann wrote: > > Hello, > > > > This patch series implements the kexec_file_load system call on PowerPC. > > Can you tell me what this syscall does and why I would want it? Sorry, should have provided the motivation when I posted the patches. This system call moves the reading of the kernel, initrd and the device tree from the userspace kexec tool to the kernel. This is needed if you want to do one or both of the following: 1. only allow loading of signed kernels. 2. "measure" (i.e., record the hashes of) the kernel, initrd, kernel command line and other boot inputs for the Integrity Measurement Architecture subsystem. The above are the functions kexec already has built into kexec_file_load. I will soon post a set of patches which will allow a third feature: 3. have IMA pass-on its event log (where integrity measurements are registered) accross kexec to the second kernel, so that the event history is preserved. Because OpenPower uses an intermediary Linux instance as a boot loader (skiroot), feature 1 is needed to implement secure boot for the platform, while features 2 and 3 are needed to implement trusted boot. There's an LWN article giving more context on the origins of the system call, if you are interested: https://lwn.net/Articles/603116/ -- []'s Thiago Jung Bauermann IBM Linux Technology Center
Re: [PATCH v2 0/9] kexec_file_load implementation for PowerPC
On Tue, 2016-06-14 at 11:59 -0300, Thiago Jung Bauermann wrote: > Hello, > > This patch series implements the kexec_file_load system call on PowerPC. Can you tell me what this syscall does and why I would want it? cheers
Re: [PATCH v2 0/9] kexec_file_load implementation for PowerPC
On Tue, 2016-06-14 at 11:59 -0300, Thiago Jung Bauermann wrote: > Hello, > > This patch series implements the kexec_file_load system call on PowerPC. Can you tell me what this syscall does and why I would want it? cheers
[PATCH v2 0/9] kexec_file_load implementation for PowerPC
Hello, This patch series implements the kexec_file_load system call on PowerPC. It starts by removing an x86 assumption from kexec_file: kexec_add_buffer uses iomem to find reserved memory ranges, but PowerPC uses the memblock subsystem. A hook is added so that each arch can specify how memory ranges can be found. Also, the memory-walking logic in kexec_add_buffer is useful in this implementation to find a free area for the purgatory's stack, so the next patch moves that logic to kexec_locate_mem_hole. The kexec_file_load system call needs to apply relocations to the purgatory but adding code for that would duplicate functionality with the module loading mechanism, which also needs to apply relocations to the kernel modules. Therefore, this patch series factors out the module relocation code so that it can be shared. One thing that is still missing is crashkernel support, which I intend to submit shortly. For now, arch_kexec_kernel_image_probe rejects crash kernels. This code is based on kexec-tools, but with many modifications to adapt it to the kernel environment and facilities. Except the purgatory, which only has minimal changes. Changes for v2: - All patches: forgot to add Signed-off-by lines in v1, so added them now. - Patch "kexec_file: Generalize kexec_add_buffer.": broke in two, one adding arch_kexec_walk_mem and the other adding kexec_locate_mem_hole. - Patch "powerpc: Implement kexec_file_load.": - Moved relocation changes and the arch_kexec_walk_mem implementation to the next patch in the series. - Removed pr_fmt from machine_kexec_64.c, since the patch doesn't add any call to pr_debug in that file. - Changed arch_kexec_kernel_image_probe to reject crash kernels. Thiago Jung Bauermann (9): kexec_file: Remove unused members from struct kexec_buf. kexec_file: Generalize kexec_add_buffer. kexec_file: Factor out kexec_locate_mem_hole from kexec_add_buffer. powerpc: Factor out relocation code from module_64.c to elf_util_64.c. powerpc: Generalize elf64_apply_relocate_add. powerpc: Add functions to read ELF files of any endianness. powerpc: Implement kexec_file_load. powerpc: Add support for loading ELF kernels with kexec_file_load. powerpc: Add purgatory for kexec_file_load implementation. arch/powerpc/Kconfig | 13 + arch/powerpc/Makefile | 4 + arch/powerpc/include/asm/elf_util.h | 92 + arch/powerpc/include/asm/kexec_elf_64.h | 10 + arch/powerpc/include/asm/module.h | 14 +- arch/powerpc/include/asm/systbl.h | 1 + arch/powerpc/include/asm/unistd.h | 2 +- arch/powerpc/include/uapi/asm/unistd.h| 1 + arch/powerpc/kernel/Makefile | 7 + arch/powerpc/kernel/elf_util.c| 476 + arch/powerpc/kernel/elf_util_64.c | 372 arch/powerpc/kernel/kexec_elf_64.c| 564 ++ arch/powerpc/kernel/machine_kexec_64.c| 151 arch/powerpc/kernel/module_64.c | 328 +++-- arch/powerpc/purgatory/.gitignore | 2 + arch/powerpc/purgatory/Makefile | 36 ++ arch/powerpc/purgatory/console-ppc64.c| 43 +++ arch/powerpc/purgatory/crashdump-ppc64.h | 42 +++ arch/powerpc/purgatory/crashdump_backup.c | 40 +++ arch/powerpc/purgatory/crtsavres.S| 5 + arch/powerpc/purgatory/hvCall.S | 27 ++ arch/powerpc/purgatory/hvCall.h | 8 + arch/powerpc/purgatory/kexec-sha256.h | 11 + arch/powerpc/purgatory/ppc64_asm.h| 18 + arch/powerpc/purgatory/printf.c | 171 + arch/powerpc/purgatory/purgatory-ppc64.c | 46 +++ arch/powerpc/purgatory/purgatory-ppc64.h | 6 + arch/powerpc/purgatory/purgatory.c| 66 arch/powerpc/purgatory/purgatory.h| 11 + arch/powerpc/purgatory/sha256.c | 6 + arch/powerpc/purgatory/sha256.h | 1 + arch/powerpc/purgatory/string.S | 1 + arch/powerpc/purgatory/v2wrap.S | 139 include/linux/kexec.h | 7 + kernel/kexec_file.c | 116 -- kernel/kexec_internal.h | 2 - 36 files changed, 2523 insertions(+), 316 deletions(-) create mode 100644 arch/powerpc/include/asm/elf_util.h create mode 100644 arch/powerpc/include/asm/kexec_elf_64.h create mode 100644 arch/powerpc/kernel/elf_util.c create mode 100644 arch/powerpc/kernel/elf_util_64.c create mode 100644 arch/powerpc/kernel/kexec_elf_64.c create mode 100644 arch/powerpc/purgatory/.gitignore create mode 100644 arch/powerpc/purgatory/Makefile create mode 100644 arch/powerpc/purgatory/console-ppc64.c create mode 100644 arch/powerpc/purgatory/crashdump-ppc64.h create mode 100644 arch/powerpc/purgatory/crashdump_backup.c create mode 100644 arch/powerpc/purgatory/crtsavres.S create mode 100644 arch/powerpc/purgatory/hvCall.S create
[PATCH v2 0/9] kexec_file_load implementation for PowerPC
Hello, This patch series implements the kexec_file_load system call on PowerPC. It starts by removing an x86 assumption from kexec_file: kexec_add_buffer uses iomem to find reserved memory ranges, but PowerPC uses the memblock subsystem. A hook is added so that each arch can specify how memory ranges can be found. Also, the memory-walking logic in kexec_add_buffer is useful in this implementation to find a free area for the purgatory's stack, so the next patch moves that logic to kexec_locate_mem_hole. The kexec_file_load system call needs to apply relocations to the purgatory but adding code for that would duplicate functionality with the module loading mechanism, which also needs to apply relocations to the kernel modules. Therefore, this patch series factors out the module relocation code so that it can be shared. One thing that is still missing is crashkernel support, which I intend to submit shortly. For now, arch_kexec_kernel_image_probe rejects crash kernels. This code is based on kexec-tools, but with many modifications to adapt it to the kernel environment and facilities. Except the purgatory, which only has minimal changes. Changes for v2: - All patches: forgot to add Signed-off-by lines in v1, so added them now. - Patch "kexec_file: Generalize kexec_add_buffer.": broke in two, one adding arch_kexec_walk_mem and the other adding kexec_locate_mem_hole. - Patch "powerpc: Implement kexec_file_load.": - Moved relocation changes and the arch_kexec_walk_mem implementation to the next patch in the series. - Removed pr_fmt from machine_kexec_64.c, since the patch doesn't add any call to pr_debug in that file. - Changed arch_kexec_kernel_image_probe to reject crash kernels. Thiago Jung Bauermann (9): kexec_file: Remove unused members from struct kexec_buf. kexec_file: Generalize kexec_add_buffer. kexec_file: Factor out kexec_locate_mem_hole from kexec_add_buffer. powerpc: Factor out relocation code from module_64.c to elf_util_64.c. powerpc: Generalize elf64_apply_relocate_add. powerpc: Add functions to read ELF files of any endianness. powerpc: Implement kexec_file_load. powerpc: Add support for loading ELF kernels with kexec_file_load. powerpc: Add purgatory for kexec_file_load implementation. arch/powerpc/Kconfig | 13 + arch/powerpc/Makefile | 4 + arch/powerpc/include/asm/elf_util.h | 92 + arch/powerpc/include/asm/kexec_elf_64.h | 10 + arch/powerpc/include/asm/module.h | 14 +- arch/powerpc/include/asm/systbl.h | 1 + arch/powerpc/include/asm/unistd.h | 2 +- arch/powerpc/include/uapi/asm/unistd.h| 1 + arch/powerpc/kernel/Makefile | 7 + arch/powerpc/kernel/elf_util.c| 476 + arch/powerpc/kernel/elf_util_64.c | 372 arch/powerpc/kernel/kexec_elf_64.c| 564 ++ arch/powerpc/kernel/machine_kexec_64.c| 151 arch/powerpc/kernel/module_64.c | 328 +++-- arch/powerpc/purgatory/.gitignore | 2 + arch/powerpc/purgatory/Makefile | 36 ++ arch/powerpc/purgatory/console-ppc64.c| 43 +++ arch/powerpc/purgatory/crashdump-ppc64.h | 42 +++ arch/powerpc/purgatory/crashdump_backup.c | 40 +++ arch/powerpc/purgatory/crtsavres.S| 5 + arch/powerpc/purgatory/hvCall.S | 27 ++ arch/powerpc/purgatory/hvCall.h | 8 + arch/powerpc/purgatory/kexec-sha256.h | 11 + arch/powerpc/purgatory/ppc64_asm.h| 18 + arch/powerpc/purgatory/printf.c | 171 + arch/powerpc/purgatory/purgatory-ppc64.c | 46 +++ arch/powerpc/purgatory/purgatory-ppc64.h | 6 + arch/powerpc/purgatory/purgatory.c| 66 arch/powerpc/purgatory/purgatory.h| 11 + arch/powerpc/purgatory/sha256.c | 6 + arch/powerpc/purgatory/sha256.h | 1 + arch/powerpc/purgatory/string.S | 1 + arch/powerpc/purgatory/v2wrap.S | 139 include/linux/kexec.h | 7 + kernel/kexec_file.c | 116 -- kernel/kexec_internal.h | 2 - 36 files changed, 2523 insertions(+), 316 deletions(-) create mode 100644 arch/powerpc/include/asm/elf_util.h create mode 100644 arch/powerpc/include/asm/kexec_elf_64.h create mode 100644 arch/powerpc/kernel/elf_util.c create mode 100644 arch/powerpc/kernel/elf_util_64.c create mode 100644 arch/powerpc/kernel/kexec_elf_64.c create mode 100644 arch/powerpc/purgatory/.gitignore create mode 100644 arch/powerpc/purgatory/Makefile create mode 100644 arch/powerpc/purgatory/console-ppc64.c create mode 100644 arch/powerpc/purgatory/crashdump-ppc64.h create mode 100644 arch/powerpc/purgatory/crashdump_backup.c create mode 100644 arch/powerpc/purgatory/crtsavres.S create mode 100644 arch/powerpc/purgatory/hvCall.S create