xref: /openbmc/linux/arch/s390/purgatory/head.S (revision ae213c44) 
1/* SPDX-License-Identifier: GPL-2.0 */
2/*
3 * Purgatory setup code
4 *
5 * Copyright IBM Corp. 2018
6 *
7 * Author(s): Philipp Rudo <prudo@linux.vnet.ibm.com>
8 */
9
10#include <linux/linkage.h>
11#include <asm/asm-offsets.h>
12#include <asm/page.h>
13#include <asm/sigp.h>
14#include <asm/ptrace.h>
15
16/* The purgatory is the code running between two kernels. It's main purpose
17 * is to verify that the next kernel was not corrupted after load and to
18 * start it.
19 *
20 * If the next kernel is a crash kernel there are some peculiarities to
21 * consider:
22 *
23 * First the purgatory is called twice. Once only to verify the
24 * sha digest. So if the crash kernel got corrupted the old kernel can try
25 * to trigger a stand-alone dumper. And once to actually load the crash kernel.
26 *
27 * Second the purgatory also has to swap the crash memory region with its
28 * destination at address 0. As the purgatory is part of crash memory this
29 * requires some finesse. The tactic here is that the purgatory first copies
30 * itself to the end of the destination and then swaps the rest of the
31 * memory running from there.
32 */
33
34#define bufsz purgatory_end-stack
35
36.macro MEMCPY dst,src,len
37	lgr	%r0,\dst
38	lgr	%r1,\len
39	lgr	%r2,\src
40	lgr	%r3,\len
41
4220:	mvcle	%r0,%r2,0
43	jo	20b
44.endm
45
46.macro MEMSWAP dst,src,buf,len
4710:	cghi	\len,bufsz
48	jh	11f
49	lgr	%r4,\len
50	j	12f
5111:	lghi	%r4,bufsz
52
5312:	MEMCPY	\buf,\dst,%r4
54	MEMCPY	\dst,\src,%r4
55	MEMCPY	\src,\buf,%r4
56
57	agr	\dst,%r4
58	agr	\src,%r4
59	sgr	\len,%r4
60
61	cghi	\len,0
62	jh	10b
63.endm
64
65.macro START_NEXT_KERNEL base
66	lg	%r4,kernel_entry-\base(%r13)
67	lg	%r5,load_psw_mask-\base(%r13)
68	ogr	%r4,%r5
69	stg	%r4,0(%r0)
70
71	xgr	%r0,%r0
72	diag	%r0,%r0,0x308
73.endm
74
75.text
76.align PAGE_SIZE
77ENTRY(purgatory_start)
78	/* The purgatory might be called after a diag308 so better set
79	 * architecture and addressing mode.
80	 */
81	lhi	%r1,1
82	sigp	%r1,%r0,SIGP_SET_ARCHITECTURE
83	sam64
84
85	larl	%r5,gprregs
86	stmg	%r6,%r15,0(%r5)
87
88	basr	%r13,0
89.base_crash:
90
91	/* Setup stack */
92	larl	%r15,purgatory_end-STACK_FRAME_OVERHEAD
93
94	/* If the next kernel is KEXEC_TYPE_CRASH the purgatory is called
95	 * directly with a flag passed in %r2 whether the purgatory shall do
96	 * checksum verification only (%r2 = 0 -> verification only).
97	 *
98	 * Check now and preserve over C function call by storing in
99	 * %r10 whith
100	 *	1 -> checksum verification only
101	 *	0 -> load new kernel
102	 */
103	lghi	%r10,0
104	lg	%r11,kernel_type-.base_crash(%r13)
105	cghi	%r11,1		/* KEXEC_TYPE_CRASH */
106	jne	.do_checksum_verification
107	cghi	%r2,0		/* checksum verification only */
108	jne	.do_checksum_verification
109	lghi	%r10,1
110
111.do_checksum_verification:
112	brasl	%r14,verify_sha256_digest
113
114	cghi	%r10,1		/* checksum verification only */
115	je	.return_old_kernel
116	cghi	%r2,0		/* checksum match */
117	jne	.disabled_wait
118
119	/* If the next kernel is a crash kernel the purgatory has to swap
120	 * the mem regions first.
121	 */
122	cghi	%r11,1 /* KEXEC_TYPE_CRASH */
123	je	.start_crash_kernel
124
125	/* start normal kernel */
126	START_NEXT_KERNEL .base_crash
127
128.return_old_kernel:
129	lmg	%r6,%r15,gprregs-.base_crash(%r13)
130	br	%r14
131
132.disabled_wait:
133	lpswe	disabled_wait_psw-.base_crash(%r13)
134
135.start_crash_kernel:
136	/* Location of purgatory_start in crash memory */
137	lgr	%r8,%r13
138	aghi	%r8,-(.base_crash-purgatory_start)
139
140	/* Destination for this code i.e. end of memory to be swapped. */
141	lg	%r9,crash_size-.base_crash(%r13)
142	aghi	%r9,-(purgatory_end-purgatory_start)
143
144	/* Destination in crash memory, i.e. same as r9 but in crash memory. */
145	lg	%r10,crash_start-.base_crash(%r13)
146	agr	%r10,%r9
147
148	/* Buffer location (in crash memory) and size. As the purgatory is
149	 * behind the point of no return it can re-use the stack as buffer.
150	 */
151	lghi	%r11,bufsz
152	larl	%r12,stack
153
154	MEMCPY	%r12,%r9,%r11	/* dst	-> (crash) buf */
155	MEMCPY	%r9,%r8,%r11	/* self -> dst */
156
157	/* Jump to new location. */
158	lgr	%r7,%r9
159	aghi	%r7,.jump_to_dst-purgatory_start
160	br	%r7
161
162.jump_to_dst:
163	basr	%r13,0
164.base_dst:
165
166	/* clear buffer */
167	MEMCPY	%r12,%r10,%r11	/* (crash) buf -> (crash) dst */
168
169	/* Load new buffer location after jump */
170	larl	%r7,stack
171	aghi	%r10,stack-purgatory_start
172	MEMCPY	%r10,%r7,%r11	/* (new) buf -> (crash) buf */
173
174	/* Now the code is set up to run from its designated location. Start
175	 * swapping the rest of crash memory now.
176	 *
177	 * The registers will be used as follow:
178	 *
179	 *	%r0-%r4	reserved for macros defined above
180	 *	%r5-%r6 tmp registers
181	 *	%r7	pointer to current struct sha region
182	 *	%r8	index to iterate over all sha regions
183	 *	%r9	pointer in crash memory
184	 *	%r10	pointer in old kernel
185	 *	%r11	total size (still) to be moved
186	 *	%r12	pointer to buffer
187	 */
188	lgr	%r12,%r7
189	lgr	%r11,%r9
190	lghi	%r10,0
191	lg	%r9,crash_start-.base_dst(%r13)
192	lghi	%r8,16	/* KEXEC_SEGMENTS_MAX */
193	larl	%r7,purgatory_sha_regions
194
195	j .loop_first
196
197	/* Loop over all purgatory_sha_regions. */
198.loop_next:
199	aghi	%r8,-1
200	cghi	%r8,0
201	je	.loop_out
202
203	aghi	%r7,__KEXEC_SHA_REGION_SIZE
204
205.loop_first:
206	lg	%r5,__KEXEC_SHA_REGION_START(%r7)
207	cghi	%r5,0
208	je	.loop_next
209
210	/* Copy [end last sha region, start current sha region) */
211	/* Note: kexec_sha_region->start points in crash memory */
212	sgr	%r5,%r9
213	MEMCPY	%r9,%r10,%r5
214
215	agr	%r9,%r5
216	agr	%r10,%r5
217	sgr	%r11,%r5
218
219	/* Swap sha region */
220	lg	%r6,__KEXEC_SHA_REGION_LEN(%r7)
221	MEMSWAP	%r9,%r10,%r12,%r6
222	sg	%r11,__KEXEC_SHA_REGION_LEN(%r7)
223	j	.loop_next
224
225.loop_out:
226	/* Copy rest of crash memory */
227	MEMCPY	%r9,%r10,%r11
228
229	/* start crash kernel */
230	START_NEXT_KERNEL .base_dst
231
232
233load_psw_mask:
234	.long	0x00080000,0x80000000
235
236	.align	8
237disabled_wait_psw:
238	.quad	0x0002000180000000
239	.quad	0x0000000000000000 + .do_checksum_verification
240
241gprregs:
242	.rept	10
243	.quad	0
244	.endr
245
246/* Macro to define a global variable with name and size (in bytes) to be
247 * shared with C code.
248 *
249 * Add the .size and .type attribute to satisfy checks on the Elf_Sym during
250 * purgatory load.
251 */
252.macro GLOBAL_VARIABLE name,size
253\name:
254	.global \name
255	.size	\name,\size
256	.type	\name,object
257	.skip	\size,0
258.endm
259
260GLOBAL_VARIABLE purgatory_sha256_digest,32
261GLOBAL_VARIABLE purgatory_sha_regions,16*__KEXEC_SHA_REGION_SIZE
262GLOBAL_VARIABLE kernel_entry,8
263GLOBAL_VARIABLE kernel_type,8
264GLOBAL_VARIABLE crash_start,8
265GLOBAL_VARIABLE crash_size,8
266
267	.align	PAGE_SIZE
268stack:
269	/* The buffer to move this code must be as big as the code. */
270	.skip	stack-purgatory_start
271	.align	PAGE_SIZE
272purgatory_end:
273