Merge branch 'x86-boot-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

Pull x86 boot updates from Ingo Molnar:
 "The main changes in this cycle were KASLR improvements for rare
  environments with special boot options, by Baoquan He. Also misc
  smaller changes/cleanups"

* 'x86-boot-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  x86/debug: Extend the lower bound of crash kernel low reservations
  x86/boot: Remove unused copy_*_gs() functions
  x86/KASLR: Use the right memcpy() implementation
  Documentation/kernel-parameters.txt: Update 'memmap=' boot option description
  x86/KASLR: Handle the memory limit specified by the 'memmap=' and 'mem=' boot options
  x86/KASLR: Parse all 'memmap=' boot option entries

6 files changed, 145 insertions, 87 deletions

diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index f59aad5c2270..9b0b3dea6326 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -2136,6 +2136,12 @@
         memmap=nn[KMG]@ss[KMG]
                         [KNL] Force usage of a specific region of memory.
                         Region of memory to be used is from ss to ss+nn.
+                        If @ss[KMG] is omitted, it is equivalent to mem=nn[KMG],
+                        which limits max address to nn[KMG].
+                        Multiple different regions can be specified,
+                        comma delimited.
+                        Example:
+                                memmap=100M@2G,100M#3G,1G!1024G
 
         memmap=nn[KMG]#ss[KMG]
                         [KNL,ACPI] Mark specific memory as ACPI data.
@@ -2148,6 +2154,9 @@
                                  memmap=64K$0x18690000
                                  or
                                  memmap=0x10000$0x18690000
+                        Some bootloaders may need an escape character before '$',
+                        like Grub2, otherwise '$' and the following number
+                        will be eaten.
 
         memmap=nn[KMG]!ss[KMG]
                         [KNL,X86] Mark specific memory as protected.
diff --git a/arch/x86/boot/compressed/cmdline.c b/arch/x86/boot/compressed/cmdline.c
index 73ccf63b0f48..9dc1ce6ba3c0 100644
--- a/arch/x86/boot/compressed/cmdline.c
+++ b/arch/x86/boot/compressed/cmdline.c
@@ -13,7 +13,7 @@ static inline char rdfs8(addr_t addr)
         return *((char *)(fs + addr));
 }
 #include "../cmdline.c"
-static unsigned long get_cmd_line_ptr(void)
+unsigned long get_cmd_line_ptr(void)
 {
         unsigned long cmd_line_ptr = boot_params->hdr.cmd_line_ptr;
 
diff --git a/arch/x86/boot/compressed/kaslr.c b/arch/x86/boot/compressed/kaslr.c
index 56a7e9201741..91f27ab970ef 100644
--- a/arch/x86/boot/compressed/kaslr.c
+++ b/arch/x86/boot/compressed/kaslr.c
@@ -9,16 +9,42 @@
  * contain the entire properly aligned running kernel image.
  *
  */
+
+/*
+ * isspace() in linux/ctype.h is expected by next_args() to filter
+ * out "space/lf/tab". While boot/ctype.h conflicts with linux/ctype.h,
+ * since isdigit() is implemented in both of them. Hence disable it
+ * here.
+ */
+#define BOOT_CTYPE_H
+
+/*
+ * _ctype[] in lib/ctype.c is needed by isspace() of linux/ctype.h.
+ * While both lib/ctype.c and lib/cmdline.c will bring EXPORT_SYMBOL
+ * which is meaningless and will cause compiling error in some cases.
+ * So do not include linux/export.h and define EXPORT_SYMBOL(sym)
+ * as empty.
+ */
+#define _LINUX_EXPORT_H
+#define EXPORT_SYMBOL(sym)
+
 #include "misc.h"
 #include "error.h"
-#include "../boot.h"
+#include "../string.h"
 
 #include <generated/compile.h>
 #include <linux/module.h>
 #include <linux/uts.h>
 #include <linux/utsname.h>
+#include <linux/ctype.h>
 #include <generated/utsrelease.h>
 
+/* Macros used by the included decompressor code below. */
+#define STATIC
+#include <linux/decompress/mm.h>
+
+extern unsigned long get_cmd_line_ptr(void);
+
 /* Simplified build-specific string for starting entropy. */
 static const char build_str[] = UTS_RELEASE " (" LINUX_COMPILE_BY "@"
                 LINUX_COMPILE_HOST ") (" LINUX_COMPILER ") " UTS_VERSION;
@@ -62,6 +88,11 @@ struct mem_vector {
 
 static bool memmap_too_large;
 
+
+/* Store memory limit specified by "mem=nn[KMG]" or "memmap=nn[KMG]" */
+unsigned long long mem_limit = ULLONG_MAX;
+
+
 enum mem_avoid_index {
         MEM_AVOID_ZO_RANGE = 0,
         MEM_AVOID_INITRD,
@@ -85,49 +116,14 @@ static bool mem_overlaps(struct mem_vector *one, struct mem_vector *two)
         return true;
 }
 
-/**
- *      _memparse - Parse a string with mem suffixes into a number
- *      @ptr: Where parse begins
- *      @retptr: (output) Optional pointer to next char after parse completes
- *
- *      Parses a string into a number.  The number stored at @ptr is
- *      potentially suffixed with K, M, G, T, P, E.
- */
-static unsigned long long _memparse(const char *ptr, char **retptr)
+char *skip_spaces(const char *str)
 {
-        char *endptr;   /* Local pointer to end of parsed string */
-
-        unsigned long long ret = simple_strtoull(ptr, &endptr, 0);
-
-        switch (*endptr) {
-        case 'E':
-        case 'e':
-                ret <<= 10;
-        case 'P':
-        case 'p':
-                ret <<= 10;
-        case 'T':
-        case 't':
-                ret <<= 10;
-        case 'G':
-        case 'g':
-                ret <<= 10;
-        case 'M':
-        case 'm':
-                ret <<= 10;
-        case 'K':
-        case 'k':
-                ret <<= 10;
-                endptr++;
-        default:
-                break;
-        }
-
-        if (retptr)
-                *retptr = endptr;
-
-        return ret;
+        while (isspace(*str))
+                ++str;
+        return (char *)str;
 }
+#include "../../../../lib/ctype.c"
+#include "../../../../lib/cmdline.c"
 
 static int
 parse_memmap(char *p, unsigned long long *start, unsigned long long *size)
@@ -142,40 +138,41 @@ parse_memmap(char *p, unsigned long long *start, unsigned long long *size)
                 return -EINVAL;
 
         oldp = p;
-        *size = _memparse(p, &p);
+        *size = memparse(p, &p);
         if (p == oldp)
                 return -EINVAL;
 
         switch (*p) {
-        case '@':
-                /* Skip this region, usable */
-                *start = 0;
-                *size = 0;
-                return 0;
         case '#':
         case '$':
         case '!':
-                *start = _memparse(p + 1, &p);
+                *start = memparse(p + 1, &p);
+                return 0;
+        case '@':
+                /* memmap=nn@ss specifies usable region, should be skipped */
+                *size = 0;
+                /* Fall through */
+        default:
+                /*
+                 * If w/o offset, only size specified, memmap=nn[KMG] has the
+                 * same behaviour as mem=nn[KMG]. It limits the max address
+                 * system can use. Region above the limit should be avoided.
+                 */
+                *start = 0;
                 return 0;
         }
 
         return -EINVAL;
 }
 
-static void mem_avoid_memmap(void)
+static void mem_avoid_memmap(char *str)
 {
-        char arg[128];
+        static int i;
         int rc;
-        int i;
-        char *str;
 
-        /* See if we have any memmap areas */
-        rc = cmdline_find_option("memmap", arg, sizeof(arg));
-        if (rc <= 0)
+        if (i >= MAX_MEMMAP_REGIONS)
                 return;
 
-        i = 0;
-        str = arg;
         while (str && (i < MAX_MEMMAP_REGIONS)) {
                 int rc;
                 unsigned long long start, size;
@@ -188,9 +185,14 @@ static void mem_avoid_memmap(void)
                 if (rc < 0)
                         break;
                 str = k;
-                /* A usable region that should not be skipped */
-                if (size == 0)
+
+                if (start == 0) {
+                        /* Store the specified memory limit if size > 0 */
+                        if (size > 0)
+                                mem_limit = size;
+
                         continue;
+                }
 
                 mem_avoid[MEM_AVOID_MEMMAP_BEGIN + i].start = start;
                 mem_avoid[MEM_AVOID_MEMMAP_BEGIN + i].size = size;
@@ -202,6 +204,57 @@ static void mem_avoid_memmap(void)
                 memmap_too_large = true;
 }
 
+static int handle_mem_memmap(void)
+{
+        char *args = (char *)get_cmd_line_ptr();
+        size_t len = strlen((char *)args);
+        char *tmp_cmdline;
+        char *param, *val;
+        u64 mem_size;
+
+        if (!strstr(args, "memmap=") && !strstr(args, "mem="))
+                return 0;
+
+        tmp_cmdline = malloc(len + 1);
+        if (!tmp_cmdline )
+                error("Failed to allocate space for tmp_cmdline");
+
+        memcpy(tmp_cmdline, args, len);
+        tmp_cmdline[len] = 0;
+        args = tmp_cmdline;
+
+        /* Chew leading spaces */
+        args = skip_spaces(args);
+
+        while (*args) {
+                args = next_arg(args, &param, &val);
+                /* Stop at -- */
+                if (!val && strcmp(param, "--") == 0) {
+                        warn("Only '--' specified in cmdline");
+                        free(tmp_cmdline);
+                        return -1;
+                }
+
+                if (!strcmp(param, "memmap")) {
+                        mem_avoid_memmap(val);
+                } else if (!strcmp(param, "mem")) {
+                        char *p = val;
+
+                        if (!strcmp(p, "nopentium"))
+                                continue;
+                        mem_size = memparse(p, &p);
+                        if (mem_size == 0) {
+                                free(tmp_cmdline);
+                                return -EINVAL;
+                        }
+                        mem_limit = mem_size;
+                }
+        }
+
+        free(tmp_cmdline);
+        return 0;
+}
+
 /*
  * In theory, KASLR can put the kernel anywhere in the range of [16M, 64T).
  * The mem_avoid array is used to store the ranges that need to be avoided
@@ -323,7 +376,7 @@ static void mem_avoid_init(unsigned long input, unsigned long input_size,
         /* We don't need to set a mapping for setup_data. */
 
         /* Mark the memmap regions we need to avoid */
-        mem_avoid_memmap();
+        handle_mem_memmap();
 
 #ifdef CONFIG_X86_VERBOSE_BOOTUP
         /* Make sure video RAM can be used. */
@@ -432,7 +485,8 @@ static void process_e820_entry(struct boot_e820_entry *entry,
 {
         struct mem_vector region, overlap;
         struct slot_area slot_area;
-        unsigned long start_orig;
+        unsigned long start_orig, end;
+        struct boot_e820_entry cur_entry;
 
         /* Skip non-RAM entries. */
         if (entry->type != E820_TYPE_RAM)
@@ -446,8 +500,15 @@ static void process_e820_entry(struct boot_e820_entry *entry,
         if (entry->addr + entry->size < minimum)
                 return;
 
-        region.start = entry->addr;
-        region.size = entry->size;
+        /* Ignore entries above memory limit */
+        end = min(entry->size + entry->addr, mem_limit);
+        if (entry->addr >= end)
+                return;
+        cur_entry.addr = entry->addr;
+        cur_entry.size = end - entry->addr;
+
+        region.start = cur_entry.addr;
+        region.size = cur_entry.size;
 
         /* Give up if slot area array is full. */
         while (slot_area_index < MAX_SLOT_AREA) {
@@ -461,7 +522,7 @@ static void process_e820_entry(struct boot_e820_entry *entry,
                 region.start = ALIGN(region.start, CONFIG_PHYSICAL_ALIGN);
 
                 /* Did we raise the address above this e820 region? */
-                if (region.start > entry->addr + entry->size)
+                if (region.start > cur_entry.addr + cur_entry.size)
                         return;
 
                 /* Reduce size by any delta from the original address. */
diff --git a/arch/x86/boot/copy.S b/arch/x86/boot/copy.S
index 1eb7d298b47d..15d9f74b0008 100644
--- a/arch/x86/boot/copy.S
+++ b/arch/x86/boot/copy.S
@@ -65,23 +65,3 @@ GLOBAL(copy_to_fs)
         popw    %es
         retl
 ENDPROC(copy_to_fs)
-
-#if 0 /* Not currently used, but can be enabled as needed */
-GLOBAL(copy_from_gs)
-        pushw   %ds
-        pushw   %gs
-        popw    %ds
-        calll   memcpy
-        popw    %ds
-        retl
-ENDPROC(copy_from_gs)
-
-GLOBAL(copy_to_gs)
-        pushw   %es
-        pushw   %gs
-        popw    %es
-        calll   memcpy
-        popw    %es
-        retl
-ENDPROC(copy_to_gs)
-#endif
diff --git a/arch/x86/boot/string.c b/arch/x86/boot/string.c
index 5457b02fc050..630e3664906b 100644
--- a/arch/x86/boot/string.c
+++ b/arch/x86/boot/string.c
@@ -122,6 +122,14 @@ unsigned long long simple_strtoull(const char *cp, char **endp, unsigned int bas
         return result;
 }
 
+long simple_strtol(const char *cp, char **endp, unsigned int base)
+{
+        if (*cp == '-')
+                return -simple_strtoull(cp + 1, endp, base);
+
+        return simple_strtoull(cp, endp, base);
+}
+
 /**
  * strlen - Find the length of a string
  * @s: The string to be sized
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
index f81823695014..65622f07e633 100644
--- a/arch/x86/kernel/setup.c
+++ b/arch/x86/kernel/setup.c
@@ -503,7 +503,7 @@ static int __init reserve_crashkernel_low(void)
                         return 0;
         }
 
-        low_base = memblock_find_in_range(low_size, 1ULL << 32, low_size, CRASH_ALIGN);
+        low_base = memblock_find_in_range(0, 1ULL << 32, low_size, CRASH_ALIGN);
         if (!low_base) {
                 pr_err("Cannot reserve %ldMB crashkernel low memory, please try smaller size.\n",
                        (unsigned long)(low_size >> 20));