10 files changed, 269 insertions, 68 deletions

diff --git a/arch/powerpc/kernel/machine_kexec.c b/arch/powerpc/kernel/machine_kexec.c
index 29a0e039d436..aab76887a842 100644
--- a/arch/powerpc/kernel/machine_kexec.c
+++ b/arch/powerpc/kernel/machine_kexec.c
@@ -48,7 +48,7 @@ void machine_kexec_cleanup(struct kimage *image)
  * Do not allocate memory (or fail in any way) in machine_kexec().
  * We are past the point of no return, committed to rebooting now.
  */
-NORET_TYPE void machine_kexec(struct kimage *image)
+void machine_kexec(struct kimage *image)
 {
         if (ppc_md.machine_kexec)
                 ppc_md.machine_kexec(image);
diff --git a/arch/sh/kernel/machine_kexec.c b/arch/sh/kernel/machine_kexec.c
index 5c17de51987e..ec1eadce4aaa 100644
--- a/arch/sh/kernel/machine_kexec.c
+++ b/arch/sh/kernel/machine_kexec.c
@@ -70,7 +70,7 @@ static void kexec_info(struct kimage *image)
  * Do not allocate memory (or fail in any way) in machine_kexec().
  * We are past the point of no return, committed to rebooting now.
  */
-NORET_TYPE void machine_kexec(struct kimage *image)
+void machine_kexec(struct kimage *image)
 {
 
         unsigned long page_list;
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index e3cba0b45600..7ecb679f0130 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -1279,6 +1279,13 @@ config CRASH_DUMP
           (CONFIG_RELOCATABLE=y).
           For more details see Documentation/kdump/kdump.txt
 
+config KEXEC_JUMP
+        bool "kexec jump (EXPERIMENTAL)"
+        depends on EXPERIMENTAL
+        depends on KEXEC && PM_SLEEP && X86_32
+        help
+          Invoke code in physical address mode via KEXEC
+
 config PHYSICAL_START
         hex "Physical address where the kernel is loaded" if (EMBEDDED || CRASH_DUMP)
         default "0x1000000" if X86_NUMAQ
diff --git a/arch/x86/kernel/machine_kexec_32.c b/arch/x86/kernel/machine_kexec_32.c
index 8864230d55af..2b67609d0a1c 100644
--- a/arch/x86/kernel/machine_kexec_32.c
+++ b/arch/x86/kernel/machine_kexec_32.c
@@ -22,6 +22,7 @@
 #include <asm/cpufeature.h>
 #include <asm/desc.h>
 #include <asm/system.h>
+#include <asm/cacheflush.h>
 
 #define PAGE_ALIGNED __attribute__ ((__aligned__(PAGE_SIZE)))
 static u32 kexec_pgd[1024] PAGE_ALIGNED;
@@ -85,10 +86,12 @@ static void load_segments(void)
  * reboot code buffer to allow us to avoid allocations
  * later.
  *
- * Currently nothing.
+ * Make control page executable.
  */
 int machine_kexec_prepare(struct kimage *image)
 {
+        if (nx_enabled)
+                set_pages_x(image->control_code_page, 1);
         return 0;
 }
 
@@ -98,16 +101,24 @@ int machine_kexec_prepare(struct kimage *image)
  */
 void machine_kexec_cleanup(struct kimage *image)
 {
+        if (nx_enabled)
+                set_pages_nx(image->control_code_page, 1);
 }
 
 /*
  * Do not allocate memory (or fail in any way) in machine_kexec().
  * We are past the point of no return, committed to rebooting now.
  */
-NORET_TYPE void machine_kexec(struct kimage *image)
+void machine_kexec(struct kimage *image)
 {
         unsigned long page_list[PAGES_NR];
         void *control_page;
+        asmlinkage unsigned long
+                (*relocate_kernel_ptr)(unsigned long indirection_page,
+                                       unsigned long control_page,
+                                       unsigned long start_address,
+                                       unsigned int has_pae,
+                                       unsigned int preserve_context);
 
         tracer_disable();
 
@@ -115,10 +126,11 @@ NORET_TYPE void machine_kexec(struct kimage *image)
         local_irq_disable();
 
         control_page = page_address(image->control_code_page);
-        memcpy(control_page, relocate_kernel, PAGE_SIZE);
+        memcpy(control_page, relocate_kernel, PAGE_SIZE/2);
 
+        relocate_kernel_ptr = control_page;
         page_list[PA_CONTROL_PAGE] = __pa(control_page);
-        page_list[VA_CONTROL_PAGE] = (unsigned long)relocate_kernel;
+        page_list[VA_CONTROL_PAGE] = (unsigned long)control_page;
         page_list[PA_PGD] = __pa(kexec_pgd);
         page_list[VA_PGD] = (unsigned long)kexec_pgd;
 #ifdef CONFIG_X86_PAE
@@ -131,6 +143,7 @@ NORET_TYPE void machine_kexec(struct kimage *image)
         page_list[VA_PTE_0] = (unsigned long)kexec_pte0;
         page_list[PA_PTE_1] = __pa(kexec_pte1);
         page_list[VA_PTE_1] = (unsigned long)kexec_pte1;
+        page_list[PA_SWAP_PAGE] = (page_to_pfn(image->swap_page) << PAGE_SHIFT);
 
         /* The segment registers are funny things, they have both a
          * visible and an invisible part.  Whenever the visible part is
@@ -149,8 +162,10 @@ NORET_TYPE void machine_kexec(struct kimage *image)
         set_idt(phys_to_virt(0),0);
 
         /* now call it */
-        relocate_kernel((unsigned long)image->head, (unsigned long)page_list,
-                        image->start, cpu_has_pae);
+        image->start = relocate_kernel_ptr((unsigned long)image->head,
+                                           (unsigned long)page_list,
+                                           image->start, cpu_has_pae,
+                                           image->preserve_context);
 }
 
 void arch_crash_save_vmcoreinfo(void)
diff --git a/arch/x86/kernel/machine_kexec_64.c b/arch/x86/kernel/machine_kexec_64.c
index 9dd9262693a3..c43caa3a91f3 100644
--- a/arch/x86/kernel/machine_kexec_64.c
+++ b/arch/x86/kernel/machine_kexec_64.c
@@ -181,7 +181,7 @@ void machine_kexec_cleanup(struct kimage *image)
  * Do not allocate memory (or fail in any way) in machine_kexec().
  * We are past the point of no return, committed to rebooting now.
  */
-NORET_TYPE void machine_kexec(struct kimage *image)
+void machine_kexec(struct kimage *image)
 {
         unsigned long page_list[PAGES_NR];
         void *control_page;
diff --git a/arch/x86/kernel/relocate_kernel_32.S b/arch/x86/kernel/relocate_kernel_32.S
index c30fe25d470d..703310a99023 100644
--- a/arch/x86/kernel/relocate_kernel_32.S
+++ b/arch/x86/kernel/relocate_kernel_32.S
@@ -20,11 +20,44 @@
 #define PAGE_ATTR (_PAGE_PRESENT | _PAGE_RW | _PAGE_ACCESSED | _PAGE_DIRTY)
 #define PAE_PGD_ATTR (_PAGE_PRESENT)
 
+/* control_page + PAGE_SIZE/2 ~ control_page + PAGE_SIZE * 3/4 are
+ * used to save some data for jumping back
+ */
+#define DATA(offset)            (PAGE_SIZE/2+(offset))
+
+/* Minimal CPU state */
+#define ESP                     DATA(0x0)
+#define CR0                     DATA(0x4)
+#define CR3                     DATA(0x8)
+#define CR4                     DATA(0xc)
+
+/* other data */
+#define CP_VA_CONTROL_PAGE      DATA(0x10)
+#define CP_PA_PGD               DATA(0x14)
+#define CP_PA_SWAP_PAGE         DATA(0x18)
+#define CP_PA_BACKUP_PAGES_MAP  DATA(0x1c)
+
         .text
         .align PAGE_SIZE
         .globl relocate_kernel
 relocate_kernel:
-        movl    8(%esp), %ebp /* list of pages */
+        /* Save the CPU context, used for jumping back */
+
+        pushl   %ebx
+        pushl   %esi
+        pushl   %edi
+        pushl   %ebp
+        pushf
+
+        movl    20+8(%esp), %ebp /* list of pages */
+        movl    PTR(VA_CONTROL_PAGE)(%ebp), %edi
+        movl    %esp, ESP(%edi)
+        movl    %cr0, %eax
+        movl    %eax, CR0(%edi)
+        movl    %cr3, %eax
+        movl    %eax, CR3(%edi)
+        movl    %cr4, %eax
+        movl    %eax, CR4(%edi)
 
 #ifdef CONFIG_X86_PAE
         /* map the control page at its virtual address */
@@ -138,15 +171,25 @@ relocate_kernel:
 
 relocate_new_kernel:
         /* read the arguments and say goodbye to the stack */
-        movl  4(%esp), %ebx /* page_list */
-        movl  8(%esp), %ebp /* list of pages */
-        movl  12(%esp), %edx /* start address */
-        movl  16(%esp), %ecx /* cpu_has_pae */
+        movl  20+4(%esp), %ebx /* page_list */
+        movl  20+8(%esp), %ebp /* list of pages */
+        movl  20+12(%esp), %edx /* start address */
+        movl  20+16(%esp), %ecx /* cpu_has_pae */
+        movl  20+20(%esp), %esi /* preserve_context */
 
         /* zero out flags, and disable interrupts */
         pushl $0
         popfl
 
+        /* save some information for jumping back */
+        movl    PTR(VA_CONTROL_PAGE)(%ebp), %edi
+        movl    %edi, CP_VA_CONTROL_PAGE(%edi)
+        movl    PTR(PA_PGD)(%ebp), %eax
+        movl    %eax, CP_PA_PGD(%edi)
+        movl    PTR(PA_SWAP_PAGE)(%ebp), %eax
+        movl    %eax, CP_PA_SWAP_PAGE(%edi)
+        movl    %ebx, CP_PA_BACKUP_PAGES_MAP(%edi)
+
         /* get physical address of control page now */
         /* this is impossible after page table switch */
         movl    PTR(PA_CONTROL_PAGE)(%ebp), %edi
@@ -197,8 +240,90 @@ identity_mapped:
         xorl    %eax, %eax
         movl    %eax, %cr3
 
+        movl    CP_PA_SWAP_PAGE(%edi), %eax
+        pushl   %eax
+        pushl   %ebx
+        call    swap_pages
+        addl    $8, %esp
+
+        /* To be certain of avoiding problems with self-modifying code
+         * I need to execute a serializing instruction here.
+         * So I flush the TLB, it's handy, and not processor dependent.
+         */
+        xorl    %eax, %eax
+        movl    %eax, %cr3
+
+        /* set all of the registers to known values */
+        /* leave %esp alone */
+
+        testl   %esi, %esi
+        jnz 1f
+        xorl    %edi, %edi
+        xorl    %eax, %eax
+        xorl    %ebx, %ebx
+        xorl    %ecx, %ecx
+        xorl    %edx, %edx
+        xorl    %esi, %esi
+        xorl    %ebp, %ebp
+        ret
+1:
+        popl    %edx
+        movl    CP_PA_SWAP_PAGE(%edi), %esp
+        addl    $PAGE_SIZE, %esp
+2:
+        call    *%edx
+
+        /* get the re-entry point of the peer system */
+        movl    0(%esp), %ebp
+        call    1f
+1:
+        popl    %ebx
+        subl    $(1b - relocate_kernel), %ebx
+        movl    CP_VA_CONTROL_PAGE(%ebx), %edi
+        lea     PAGE_SIZE(%ebx), %esp
+        movl    CP_PA_SWAP_PAGE(%ebx), %eax
+        movl    CP_PA_BACKUP_PAGES_MAP(%ebx), %edx
+        pushl   %eax
+        pushl   %edx
+        call    swap_pages
+        addl    $8, %esp
+        movl    CP_PA_PGD(%ebx), %eax
+        movl    %eax, %cr3
+        movl    %cr0, %eax
+        orl     $(1<<31), %eax
+        movl    %eax, %cr0
+        lea     PAGE_SIZE(%edi), %esp
+        movl    %edi, %eax
+        addl    $(virtual_mapped - relocate_kernel), %eax
+        pushl   %eax
+        ret
+
+virtual_mapped:
+        movl    CR4(%edi), %eax
+        movl    %eax, %cr4
+        movl    CR3(%edi), %eax
+        movl    %eax, %cr3
+        movl    CR0(%edi), %eax
+        movl    %eax, %cr0
+        movl    ESP(%edi), %esp
+        movl    %ebp, %eax
+
+        popf
+        popl    %ebp
+        popl    %edi
+        popl    %esi
+        popl    %ebx
+        ret
+
         /* Do the copies */
-        movl    %ebx, %ecx
+swap_pages:
+        movl    8(%esp), %edx
+        movl    4(%esp), %ecx
+        pushl   %ebp
+        pushl   %ebx
+        pushl   %edi
+        pushl   %esi
+        movl    %ecx, %ebx
         jmp     1f
 
 0:      /* top, read another word from the indirection page */
@@ -226,27 +351,28 @@ identity_mapped:
         movl    %ecx,   %esi /* For every source page do a copy */
         andl    $0xfffff000, %esi
 
+        movl    %edi, %eax
+        movl    %esi, %ebp
+
+        movl    %edx, %edi
         movl    $1024, %ecx
         rep ; movsl
-        jmp     0b
 
-3:
-
-        /* To be certain of avoiding problems with self-modifying code
-         * I need to execute a serializing instruction here.
-         * So I flush the TLB, it's handy, and not processor dependent.
-         */
-        xorl    %eax, %eax
-        movl    %eax, %cr3
+        movl    %ebp, %edi
+        movl    %eax, %esi
+        movl    $1024, %ecx
+        rep ; movsl
 
-        /* set all of the registers to known values */
-        /* leave %esp alone */
+        movl    %eax, %edi
+        movl    %edx, %esi
+        movl    $1024, %ecx
+        rep ; movsl
 
-        xorl    %eax, %eax
-        xorl    %ebx, %ebx
-        xorl    %ecx, %ecx
-        xorl    %edx, %edx
-        xorl    %esi, %esi
-        xorl    %edi, %edi
-        xorl    %ebp, %ebp
+        lea     PAGE_SIZE(%ebp), %esi
+        jmp     0b
+3:
+        popl    %esi
+        popl    %edi
+        popl    %ebx
+        popl    %ebp
         ret
diff --git a/include/asm-x86/kexec.h b/include/asm-x86/kexec.h
index 8f855a15f64d..c0e52a14fd4d 100644
--- a/include/asm-x86/kexec.h
+++ b/include/asm-x86/kexec.h
@@ -10,14 +10,15 @@
 # define VA_PTE_0               5
 # define PA_PTE_1               6
 # define VA_PTE_1               7
+# define PA_SWAP_PAGE           8
 # ifdef CONFIG_X86_PAE
-#  define PA_PMD_0              8
-#  define VA_PMD_0              9
-#  define PA_PMD_1              10
-#  define VA_PMD_1              11
-#  define PAGES_NR              12
+#  define PA_PMD_0              9
+#  define VA_PMD_0              10
+#  define PA_PMD_1              11
+#  define VA_PMD_1              12
+#  define PAGES_NR              13
 # else
-#  define PAGES_NR              8
+#  define PAGES_NR              9
 # endif
 #else
 # define PA_CONTROL_PAGE        0
@@ -152,11 +153,12 @@ static inline void crash_setup_regs(struct pt_regs *newregs,
 }
 
 #ifdef CONFIG_X86_32
-asmlinkage NORET_TYPE void
+asmlinkage unsigned long
 relocate_kernel(unsigned long indirection_page,
                 unsigned long control_page,
                 unsigned long start_address,
-                unsigned int has_pae) ATTRIB_NORET;
+                unsigned int has_pae,
+                unsigned int preserve_context);
 #else
 NORET_TYPE void
 relocate_kernel(unsigned long indirection_page,
diff --git a/include/linux/kexec.h b/include/linux/kexec.h
index 3265968cd2cd..82f88a8a827b 100644
--- a/include/linux/kexec.h
+++ b/include/linux/kexec.h
@@ -83,6 +83,7 @@ struct kimage {
 
         unsigned long start;
         struct page *control_code_page;
+        struct page *swap_page;
 
         unsigned long nr_segments;
         struct kexec_segment segment[KEXEC_SEGMENT_MAX];
@@ -98,18 +99,20 @@ struct kimage {
         unsigned int type : 1;
 #define KEXEC_TYPE_DEFAULT 0
 #define KEXEC_TYPE_CRASH   1
+        unsigned int preserve_context : 1;
 };
 
 
 
 /* kexec interface functions */
-extern NORET_TYPE void machine_kexec(struct kimage *image) ATTRIB_NORET;
+extern void machine_kexec(struct kimage *image);
 extern int machine_kexec_prepare(struct kimage *image);
 extern void machine_kexec_cleanup(struct kimage *image);
 extern asmlinkage long sys_kexec_load(unsigned long entry,
                                         unsigned long nr_segments,
                                         struct kexec_segment __user *segments,
                                         unsigned long flags);
+extern int kernel_kexec(void);
 #ifdef CONFIG_COMPAT
 extern asmlinkage long compat_sys_kexec_load(unsigned long entry,
                                 unsigned long nr_segments,
@@ -156,8 +159,9 @@ extern struct kimage *kexec_crash_image;
 #define kexec_flush_icache_page(page)
 #endif
 
-#define KEXEC_ON_CRASH  0x00000001
-#define KEXEC_ARCH_MASK 0xffff0000
+#define KEXEC_ON_CRASH          0x00000001
+#define KEXEC_PRESERVE_CONTEXT  0x00000002
+#define KEXEC_ARCH_MASK         0xffff0000
 
 /* These values match the ELF architecture values.
  * Unless there is a good reason that should continue to be the case.
@@ -174,7 +178,12 @@ extern struct kimage *kexec_crash_image;
 #define KEXEC_ARCH_MIPS_LE (10 << 16)
 #define KEXEC_ARCH_MIPS    ( 8 << 16)
 
-#define KEXEC_FLAGS    (KEXEC_ON_CRASH)  /* List of defined/legal kexec flags */
+/* List of defined/legal kexec flags */
+#ifndef CONFIG_KEXEC_JUMP
+#define KEXEC_FLAGS    KEXEC_ON_CRASH
+#else
+#define KEXEC_FLAGS    (KEXEC_ON_CRASH | KEXEC_PRESERVE_CONTEXT)
+#endif
 
 #define VMCOREINFO_BYTES           (4096)
 #define VMCOREINFO_NOTE_NAME       "VMCOREINFO"
diff --git a/kernel/kexec.c b/kernel/kexec.c
index 6db42ff8d520..a0d920915b38 100644
--- a/kernel/kexec.c
+++ b/kernel/kexec.c
@@ -24,6 +24,8 @@
 #include <linux/utsrelease.h>
 #include <linux/utsname.h>
 #include <linux/numa.h>
+#include <linux/suspend.h>
+#include <linux/device.h>
 
 #include <asm/page.h>
 #include <asm/uaccess.h>
@@ -242,6 +244,12 @@ static int kimage_normal_alloc(struct kimage **rimage, unsigned long entry,
                 goto out;
         }
 
+        image->swap_page = kimage_alloc_control_pages(image, 0);
+        if (!image->swap_page) {
+                printk(KERN_ERR "Could not allocate swap buffer\n");
+                goto out;
+        }
+
         result = 0;
  out:
         if (result == 0)
@@ -986,6 +994,8 @@ asmlinkage long sys_kexec_load(unsigned long entry, unsigned long nr_segments,
                 if (result)
                         goto out;
 
+                if (flags & KEXEC_PRESERVE_CONTEXT)
+                        image->preserve_context = 1;
                 result = machine_kexec_prepare(image);
                 if (result)
                         goto out;
@@ -1411,3 +1421,50 @@ static int __init crash_save_vmcoreinfo_init(void)
 }
 
 module_init(crash_save_vmcoreinfo_init)
+
+/**
+ *      kernel_kexec - reboot the system
+ *
+ *      Move into place and start executing a preloaded standalone
+ *      executable.  If nothing was preloaded return an error.
+ */
+int kernel_kexec(void)
+{
+        int error = 0;
+
+        if (xchg(&kexec_lock, 1))
+                return -EBUSY;
+        if (!kexec_image) {
+                error = -EINVAL;
+                goto Unlock;
+        }
+
+        if (kexec_image->preserve_context) {
+#ifdef CONFIG_KEXEC_JUMP
+                local_irq_disable();
+                save_processor_state();
+#endif
+        } else {
+                blocking_notifier_call_chain(&reboot_notifier_list,
+                                             SYS_RESTART, NULL);
+                system_state = SYSTEM_RESTART;
+                device_shutdown();
+                sysdev_shutdown();
+                printk(KERN_EMERG "Starting new kernel\n");
+                machine_shutdown();
+        }
+
+        machine_kexec(kexec_image);
+
+        if (kexec_image->preserve_context) {
+#ifdef CONFIG_KEXEC_JUMP
+                restore_processor_state();
+                local_irq_enable();
+#endif
+        }
+
+ Unlock:
+        xchg(&kexec_lock, 0);
+
+        return error;
+}
diff --git a/kernel/sys.c b/kernel/sys.c
index 0c9d3fa1f5ff..c01858090a98 100644
--- a/kernel/sys.c
+++ b/kernel/sys.c
@@ -301,26 +301,6 @@ void kernel_restart(char *cmd)
 }
 EXPORT_SYMBOL_GPL(kernel_restart);
 
-/**
- *      kernel_kexec - reboot the system
- *
- *      Move into place and start executing a preloaded standalone
- *      executable.  If nothing was preloaded return an error.
- */
-static void kernel_kexec(void)
-{
-#ifdef CONFIG_KEXEC
-        struct kimage *image;
-        image = xchg(&kexec_image, NULL);
-        if (!image)
-                return;
-        kernel_restart_prepare(NULL);
-        printk(KERN_EMERG "Starting new kernel\n");
-        machine_shutdown();
-        machine_kexec(image);
-#endif
-}
-
 static void kernel_shutdown_prepare(enum system_states state)
 {
         blocking_notifier_call_chain(&reboot_notifier_list,
@@ -425,10 +405,15 @@ asmlinkage long sys_reboot(int magic1, int magic2, unsigned int cmd, void __user
                 kernel_restart(buffer);
                 break;
 
+#ifdef CONFIG_KEXEC
         case LINUX_REBOOT_CMD_KEXEC:
-                kernel_kexec();
-                unlock_kernel();
-                return -EINVAL;
+                {
+                        int ret;
+                        ret = kernel_kexec();
+                        unlock_kernel();
+                        return ret;
+                }
+#endif
 
 #ifdef CONFIG_HIBERNATION
         case LINUX_REBOOT_CMD_SW_SUSPEND: