- 29 Apr, 2019 30 commits
-
-
Gerald Schaefer authored
With a relocatable kernel that could reside at any place in memory, the current logic for allocating a kprobes insn_page does not work. The GFP_DMA allocated buffer might be more than 2 GB away from the kernel. Use a static buffer for the insn_page instead. Signed-off-by:
Gerald Schaefer <gerald.schaefer@de.ibm.com> Reviewed-by:
Philipp Rudo <prudo@linux.ibm.com> Signed-off-by:
Martin Schwidefsky <schwidefsky@de.ibm.com>
-
Gerald Schaefer authored
With a relocatable kernel that could reside at any place in memory, the storage size for the SYSCALL and PGM_CHECK handlers needs to be increased from .long to .quad. Signed-off-by:
-
Gerald Schaefer authored
This patch adds support for building a relocatable kernel with -fPIE. The kernel will be relocated to 0 early in the boot process. Signed-off-by:
-
Sebastian Ott authored
Allow for userspace to use PCI MIO instructions. Signed-off-by:
Sebastian Ott <sebott@linux.ibm.com> Signed-off-by:
-
Sebastian Ott authored
Allow users to disable usage of MIO instructions by specifying pci=nomio at the kernel command line. Signed-off-by:
-
Sebastian Ott authored
Provide support for PCI I/O instructions that work on mapped IO addresses. Signed-off-by:
-
Sebastian Ott authored
ISM devices are special in how they access PCI memory space. Provide wrappers for handling commands to the device. No functional change. Signed-off-by:
-
Sebastian Ott authored
This is a preparation patch for usage of new pci instructions. No functional change. Signed-off-by:
-
Sebastian Ott authored
Provide a kernel parameter to force the usage of floating interrupts. Signed-off-by:
-
Sebastian Ott authored
Gather statistics to distinguish floating and directed interrupts. Signed-off-by:
-
Sebastian Ott authored
Improve /proc/interrupts on s390 to show statistics for individual MSI interrupts. Signed-off-by:
Sebastian Ott <sebott@linux.vnet.ibm.com> Acked-by:
Heiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by:
-
Sebastian Ott authored
Up until now all interrupts on s390 have been floating. For MSI interrupts we've used a global summary bit vector (with a bit for each function) and a per-function interrupt bit vector (with a bit per MSI). This patch introduces a new IRQ delivery mode: CPU directed interrupts. In this new mode a per-CPU interrupt bit vector is used (with a bit per MSI per function). Further it is now possible to direct an IRQ to a specific CPU so we can finally support IRQ affinity. If an interrupt can't be delivered because the appointed CPU is occupied by a hypervisor the interrupt is delivered floating. For this a global summary bit vector is used (with a bit per CPU). Signed-off-by:
-
Sebastian Ott authored
Provide the ability to create cachesize aligned interrupt vectors. These will be used for per-CPU interrupt vectors. Signed-off-by:
-
Sebastian Ott authored
Rename and clarify the usage of the interrupt bit vectors. Also change the array of the per-function bit vectors to be dynamically allocated. Signed-off-by:
-
Sebastian Ott authored
Add an extra parameter for airq handlers to recognize floating vs. directed interrupts. Signed-off-by:
-
Sebastian Ott authored
Detect the adapter CPU directed interruption facility. Signed-off-by:
-
Sebastian Ott authored
Move everything interrupt related from pci.c to pci_irq.c. No functional change. Signed-off-by:
-
Sebastian Ott authored
No users of pr_debug in that file. Signed-off-by:
-
Sebastian Ott authored
No point to keep that around. Signed-off-by:
-
Philipp Rudo authored
Provide an interface for userspace so it can find out if a machine is capeable of doing secure boot. The interface is, for example, needed for zipl so it can find out which file format it can/should write to disk. Signed-off-by:
-
Philipp Rudo authored
A kernel loaded via kexec_load cannot be verified. Thus disable kexec_load systemcall in kernels which where IPLed securely. Use the IMA mechanism to do so. Signed-off-by:
-
Philipp Rudo authored
Signed-off-by:
-
Philipp Rudo authored
Add kernel signature verification to kexec_file. The verification is based on module signature verification and works with kernel images signed via scripts/sign-file. Signed-off-by:
-
Philipp Rudo authored
The leading 64 kB of a kernel image doesn't contain any data needed to boot the new kernel when it was loaded via kexec_file. Thus kexec_file currently strips them off before loading the image. Keep the leading 64 kB in order to be able to pass a ipl_report to the next kernel. Signed-off-by:
-
Philipp Rudo authored
s390_image_load and s390_elf_load have the same code to load the different components. Combine this functionality in one shared function. While at it move kexec_file_update_kernel into the new function as well. Signed-off-by:
-
Philipp Rudo authored
Access the parmarea in head.S via a struct instead of individual offsets. While at it make the fields in the parmarea .quads. Signed-off-by:
-
Philipp Rudo authored
Omit use of script/bin2c hack. Directly include into assembler file instead. Signed-off-by:
-
Philipp Rudo authored
The purgatory is compiled into the vmlinux and keept in memory all the time during runtime. Thus any section not needed to load the purgatory unnecessarily bloats up its foot print in file- and memorysize. Reduce the purgatory size by stripping the unneeded sections from the purgatory. This reduces the purgatories size by ~33%. Signed-off-by:
-
Philipp Rudo authored
To register data for the next kernel (command line, oldmem_base, etc.) the current kernel needs to find the ELF segment that contains head.S. This is currently done by checking ifor 'phdr->p_paddr == 0'. This works fine for the current kernel build but in theory the first few pages could be skipped. Make the detection more robust by checking if the entry point lies within the segment. Signed-off-by:
-
Philipp Rudo authored
When loading an ELF image via kexec_file the segment alignment is ignored in the calculation for the load address of the next segment. When there are multiple segments this can lead to segment overlap and thus load failure. Signed-off-by:
-
- 26 Apr, 2019 7 commits
-
-
Philipp Rudo authored
With git commit 1e941d39 "s390: move ipl block to .boot.preserved.data section" the earl_ipl_block got renamed to ipl_block and became publicly available via boot_data.h. This might cause problems with zcore, which has it's own ipl_block variable. Thus rename the ipl_block in zcore to prevent name collision and highlight that it's only used locally. Signed-off-by:
-
Martin Schwidefsky authored
In order to be able to sign the bzImage independent of the block size of the IPL device, align the bzImage to 4096 bytes. Signed-off-by: -
Martin Schwidefsky authored
PR: Adjusted to the use in kexec_file later. Signed-off-by:
-
Martin Schwidefsky authored
Read the IPL Report block provided by secure-boot, add the entries of the certificate list to the system key ring and print the list of components. PR: Adjust to Vasilys bootdata_preserved patch set. Preserve ipl_cert_list for later use in kexec_file. Signed-off-by:
-
Martin Schwidefsky authored
To transport the information required for secure boot a new IPL report will be created at boot time. It will be written to memory right after the IPL parameter block. To work with the IPL report a couple of additional structure definitions are added the the uapi/ipl.h header. Signed-off-by: -
Martin Schwidefsky authored
The IPL parameter block is used as an interface between Linux and the machine to query and change the boot device and boot options. To be able to create IPL parameter block in user space and pass it as segment to kexec provide an uapi header with proper structure definitions for the block. Signed-off-by: -
Martin Schwidefsky authored
The ipl_info union in struct ipl_parameter_block has the same name as the struct ipl_info. This does not help while reading the code and the union in struct ipl_parameter_block does not need to be named. Drop the name from the union. Reviewed-by:
Hendrik Brueckner <brueckner@linux.ibm.com> Signed-off-by:
-
- 25 Apr, 2019 3 commits
-
-
Martin Schwidefsky authored
Add hardware capability bits and features tags to /proc/cpuinfo for 4 new CPU features: "Vector-Enhancements Facility 2" (tag "vxe2", hwcap 2^15) "Vector-Packed-Decimal-Enhancement Facility" (tag "vxp", hwcap 2^16) "Enhanced-Sort Facility" (tag "sort", hwcap 2^17) "Deflate-Conversion Facility" (tag "dflt", hwcap 2^18) Reviewed-by:
-
Harald Freudenberger authored
With the z14 machine there came also a CPACF hardware extension which provides a True Random Number Generator. This TRNG can be accessed with a new subfunction code within the CPACF prno instruction and provides random data with very high entropy. So if there is a TRNG available, let's use it for initial seeding and reseeding instead of the current implementation which tries to generate entropy based on stckf (store clock fast) jitters. For details about the amount of data needed and pulled for seeding and reseeding there can be explaining comments in the code found. Signed-off-by:
Harald Freudenberger <freude@linux.ibm.com> Signed-off-by:
-
Harald Freudenberger authored
Here is a rework of the generate_entropy function of the pseudo random device driver exploiting the prno CPACF instruction. George Spelvin pointed out some issues with the existing implementation. One point was, that the buffer used to store the stckf values is 2 pages which are initially filled with get_random_bytes() for each 64 byte junk produced by the function. Another point was that the stckf values only carry entropy in the LSB and thus a buffer of 2 pages is not really needed. Then there was a comment about the use of the kimd cpacf function without proper initialization. The rework addresses these points and now one page is used and only one half of this is filled with get_random_bytes() on each chunk of 64 bytes requested data. The other half of the page is filled with stckf values exored into with an overlap of 4 bytes. This can be done due to the fact that only the lower 4 bytes carry entropy we need. For more details about the algorithm used, see the header of the function. The generate_entropy() function now uses the cpacf function klmd with proper initialization of the parameter block to perform the sha512 hash. George also pointed out some issues with the internal buffers used for seeding and reads. These buffers are now zeroed with memzero_implicit after use. Signed-off-by:
George Spelvin <lkml@sdf.org> Suggested-by:
Patrick Steuer <steuer@linux.ibm.com> Signed-off-by:
-
