]> git.proxmox.com Git - mirror_ubuntu-kernels.git/blob - arch/s390/mm/fault.c
projects / mirror_ubuntu-kernels.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
mm: always expand the stack with the mmap write lock held
[mirror_ubuntu-kernels.git] / arch / s390 / mm / fault.c
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * S390 version
4 * Copyright IBM Corp. 1999
5 * Author(s): Hartmut Penner (hp@de.ibm.com)
6 * Ulrich Weigand (uweigand@de.ibm.com)
7 *
8 * Derived from "arch/i386/mm/fault.c"
9 * Copyright (C) 1995 Linus Torvalds
10 */
11
12 #include <linux/kernel_stat.h>
13 #include <linux/perf_event.h>
14 #include <linux/signal.h>
15 #include <linux/sched.h>
16 #include <linux/sched/debug.h>
17 #include <linux/kernel.h>
18 #include <linux/errno.h>
19 #include <linux/string.h>
20 #include <linux/types.h>
21 #include <linux/ptrace.h>
22 #include <linux/mman.h>
23 #include <linux/mm.h>
24 #include <linux/compat.h>
25 #include <linux/smp.h>
26 #include <linux/kdebug.h>
27 #include <linux/init.h>
28 #include <linux/console.h>
29 #include <linux/extable.h>
30 #include <linux/hardirq.h>
31 #include <linux/kprobes.h>
32 #include <linux/uaccess.h>
33 #include <linux/hugetlb.h>
34 #include <linux/kfence.h>
35 #include <asm/asm-extable.h>
36 #include <asm/asm-offsets.h>
37 #include <asm/diag.h>
38 #include <asm/gmap.h>
39 #include <asm/irq.h>
40 #include <asm/mmu_context.h>
41 #include <asm/facility.h>
42 #include <asm/uv.h>
43 #include "../kernel/entry.h"
44
45 #define __FAIL_ADDR_MASK -4096L
46 #define __SUBCODE_MASK 0x0600
47 #define __PF_RES_FIELD 0x8000000000000000ULL
48
49 #define VM_FAULT_BADCONTEXT ((__force vm_fault_t) 0x010000)
50 #define VM_FAULT_BADMAP ((__force vm_fault_t) 0x020000)
51 #define VM_FAULT_BADACCESS ((__force vm_fault_t) 0x040000)
52 #define VM_FAULT_SIGNAL ((__force vm_fault_t) 0x080000)
53 #define VM_FAULT_PFAULT ((__force vm_fault_t) 0x100000)
54
55 enum fault_type {
56 KERNEL_FAULT,
57 USER_FAULT,
58 GMAP_FAULT,
59 };
60
61 static unsigned long store_indication __read_mostly;
62
63 static int __init fault_init(void)
64 {
65 if (test_facility(75))
66 store_indication = 0xc00;
67 return 0;
68 }
69 early_initcall(fault_init);
70
71 /*
72 * Find out which address space caused the exception.
73 */
74 static enum fault_type get_fault_type(struct pt_regs *regs)
75 {
76 unsigned long trans_exc_code;
77
78 trans_exc_code = regs->int_parm_long & 3;
79 if (likely(trans_exc_code == 0)) {
80 /* primary space exception */
81 if (user_mode(regs))
82 return USER_FAULT;
83 if (!IS_ENABLED(CONFIG_PGSTE))
84 return KERNEL_FAULT;
85 if (test_pt_regs_flag(regs, PIF_GUEST_FAULT))
86 return GMAP_FAULT;
87 return KERNEL_FAULT;
88 }
89 if (trans_exc_code == 2)
90 return USER_FAULT;
91 if (trans_exc_code == 1) {
92 /* access register mode, not used in the kernel */
93 return USER_FAULT;
94 }
95 /* home space exception -> access via kernel ASCE */
96 return KERNEL_FAULT;
97 }
98
99 static unsigned long get_fault_address(struct pt_regs *regs)
100 {
101 unsigned long trans_exc_code = regs->int_parm_long;
102
103 return trans_exc_code & __FAIL_ADDR_MASK;
104 }
105
106 static bool fault_is_write(struct pt_regs *regs)
107 {
108 unsigned long trans_exc_code = regs->int_parm_long;
109
110 return (trans_exc_code & store_indication) == 0x400;
111 }
112
113 static int bad_address(void *p)
114 {
115 unsigned long dummy;
116
117 return get_kernel_nofault(dummy, (unsigned long *)p);
118 }
119
120 static void dump_pagetable(unsigned long asce, unsigned long address)
121 {
122 unsigned long *table = __va(asce & _ASCE_ORIGIN);
123
124 pr_alert("AS:%016lx ", asce);
125 switch (asce & _ASCE_TYPE_MASK) {
126 case _ASCE_TYPE_REGION1:
127 table += (address & _REGION1_INDEX) >> _REGION1_SHIFT;
128 if (bad_address(table))
129 goto bad;
130 pr_cont("R1:%016lx ", *table);
131 if (*table & _REGION_ENTRY_INVALID)
132 goto out;
133 table = __va(*table & _REGION_ENTRY_ORIGIN);
134 fallthrough;
135 case _ASCE_TYPE_REGION2:
136 table += (address & _REGION2_INDEX) >> _REGION2_SHIFT;
137 if (bad_address(table))
138 goto bad;
139 pr_cont("R2:%016lx ", *table);
140 if (*table & _REGION_ENTRY_INVALID)
141 goto out;
142 table = __va(*table & _REGION_ENTRY_ORIGIN);
143 fallthrough;
144 case _ASCE_TYPE_REGION3:
145 table += (address & _REGION3_INDEX) >> _REGION3_SHIFT;
146 if (bad_address(table))
147 goto bad;
148 pr_cont("R3:%016lx ", *table);
149 if (*table & (_REGION_ENTRY_INVALID | _REGION3_ENTRY_LARGE))
150 goto out;
151 table = __va(*table & _REGION_ENTRY_ORIGIN);
152 fallthrough;
153 case _ASCE_TYPE_SEGMENT:
154 table += (address & _SEGMENT_INDEX) >> _SEGMENT_SHIFT;
155 if (bad_address(table))
156 goto bad;
157 pr_cont("S:%016lx ", *table);
158 if (*table & (_SEGMENT_ENTRY_INVALID | _SEGMENT_ENTRY_LARGE))
159 goto out;
160 table = __va(*table & _SEGMENT_ENTRY_ORIGIN);
161 }
162 table += (address & _PAGE_INDEX) >> _PAGE_SHIFT;
163 if (bad_address(table))
164 goto bad;
165 pr_cont("P:%016lx ", *table);
166 out:
167 pr_cont("\n");
168 return;
169 bad:
170 pr_cont("BAD\n");
171 }
172
173 static void dump_fault_info(struct pt_regs *regs)
174 {
175 unsigned long asce;
176
177 pr_alert("Failing address: %016lx TEID: %016lx\n",
178 regs->int_parm_long & __FAIL_ADDR_MASK, regs->int_parm_long);
179 pr_alert("Fault in ");
180 switch (regs->int_parm_long & 3) {
181 case 3:
182 pr_cont("home space ");
183 break;
184 case 2:
185 pr_cont("secondary space ");
186 break;
187 case 1:
188 pr_cont("access register ");
189 break;
190 case 0:
191 pr_cont("primary space ");
192 break;
193 }
194 pr_cont("mode while using ");
195 switch (get_fault_type(regs)) {
196 case USER_FAULT:
197 asce = S390_lowcore.user_asce;
198 pr_cont("user ");
199 break;
200 case GMAP_FAULT:
201 asce = ((struct gmap *) S390_lowcore.gmap)->asce;
202 pr_cont("gmap ");
203 break;
204 case KERNEL_FAULT:
205 asce = S390_lowcore.kernel_asce;
206 pr_cont("kernel ");
207 break;
208 default:
209 unreachable();
210 }
211 pr_cont("ASCE.\n");
212 dump_pagetable(asce, regs->int_parm_long & __FAIL_ADDR_MASK);
213 }
214
215 int show_unhandled_signals = 1;
216
217 void report_user_fault(struct pt_regs *regs, long signr, int is_mm_fault)
218 {
219 if ((task_pid_nr(current) > 1) && !show_unhandled_signals)
220 return;
221 if (!unhandled_signal(current, signr))
222 return;
223 if (!printk_ratelimit())
224 return;
225 printk(KERN_ALERT "User process fault: interruption code %04x ilc:%d ",
226 regs->int_code & 0xffff, regs->int_code >> 17);
227 print_vma_addr(KERN_CONT "in ", regs->psw.addr);
228 printk(KERN_CONT "\n");
229 if (is_mm_fault)
230 dump_fault_info(regs);
231 show_regs(regs);
232 }
233
234 /*
235 * Send SIGSEGV to task. This is an external routine
236 * to keep the stack usage of do_page_fault small.
237 */
238 static noinline void do_sigsegv(struct pt_regs *regs, int si_code)
239 {
240 report_user_fault(regs, SIGSEGV, 1);
241 force_sig_fault(SIGSEGV, si_code,
242 (void __user *)(regs->int_parm_long & __FAIL_ADDR_MASK));
243 }
244
245 static noinline void do_no_context(struct pt_regs *regs, vm_fault_t fault)
246 {
247 enum fault_type fault_type;
248 unsigned long address;
249 bool is_write;
250
251 if (fixup_exception(regs))
252 return;
253 fault_type = get_fault_type(regs);
254 if ((fault_type == KERNEL_FAULT) && (fault == VM_FAULT_BADCONTEXT)) {
255 address = get_fault_address(regs);
256 is_write = fault_is_write(regs);
257 if (kfence_handle_page_fault(address, is_write, regs))
258 return;
259 }
260 /*
261 * Oops. The kernel tried to access some bad page. We'll have to
262 * terminate things with extreme prejudice.
263 */
264 if (fault_type == KERNEL_FAULT)
265 printk(KERN_ALERT "Unable to handle kernel pointer dereference"
266 " in virtual kernel address space\n");
267 else
268 printk(KERN_ALERT "Unable to handle kernel paging request"
269 " in virtual user address space\n");
270 dump_fault_info(regs);
271 die(regs, "Oops");
272 }
273
274 static noinline void do_low_address(struct pt_regs *regs)
275 {
276 /* Low-address protection hit in kernel mode means
277 NULL pointer write access in kernel mode. */
278 if (regs->psw.mask & PSW_MASK_PSTATE) {
279 /* Low-address protection hit in user mode 'cannot happen'. */
280 die (regs, "Low-address protection");
281 }
282
283 do_no_context(regs, VM_FAULT_BADACCESS);
284 }
285
286 static noinline void do_sigbus(struct pt_regs *regs)
287 {
288 /*
289 * Send a sigbus, regardless of whether we were in kernel
290 * or user mode.
291 */
292 force_sig_fault(SIGBUS, BUS_ADRERR,
293 (void __user *)(regs->int_parm_long & __FAIL_ADDR_MASK));
294 }
295
296 static noinline void do_fault_error(struct pt_regs *regs, vm_fault_t fault)
297 {
298 int si_code;
299
300 switch (fault) {
301 case VM_FAULT_BADACCESS:
302 case VM_FAULT_BADMAP:
303 /* Bad memory access. Check if it is kernel or user space. */
304 if (user_mode(regs)) {
305 /* User mode accesses just cause a SIGSEGV */
306 si_code = (fault == VM_FAULT_BADMAP) ?
307 SEGV_MAPERR : SEGV_ACCERR;
308 do_sigsegv(regs, si_code);
309 break;
310 }
311 fallthrough;
312 case VM_FAULT_BADCONTEXT:
313 case VM_FAULT_PFAULT:
314 do_no_context(regs, fault);
315 break;
316 case VM_FAULT_SIGNAL:
317 if (!user_mode(regs))
318 do_no_context(regs, fault);
319 break;
320 default: /* fault & VM_FAULT_ERROR */
321 if (fault & VM_FAULT_OOM) {
322 if (!user_mode(regs))
323 do_no_context(regs, fault);
324 else
325 pagefault_out_of_memory();
326 } else if (fault & VM_FAULT_SIGSEGV) {
327 /* Kernel mode? Handle exceptions or die */
328 if (!user_mode(regs))
329 do_no_context(regs, fault);
330 else
331 do_sigsegv(regs, SEGV_MAPERR);
332 } else if (fault & VM_FAULT_SIGBUS) {
333 /* Kernel mode? Handle exceptions or die */
334 if (!user_mode(regs))
335 do_no_context(regs, fault);
336 else
337 do_sigbus(regs);
338 } else
339 BUG();
340 break;
341 }
342 }
343
344 /*
345 * This routine handles page faults. It determines the address,
346 * and the problem, and then passes it off to one of the appropriate
347 * routines.
348 *
349 * interruption code (int_code):
350 * 04 Protection -> Write-Protection (suppression)
351 * 10 Segment translation -> Not present (nullification)
352 * 11 Page translation -> Not present (nullification)
353 * 3b Region third trans. -> Not present (nullification)
354 */
355 static inline vm_fault_t do_exception(struct pt_regs *regs, int access)
356 {
357 struct gmap *gmap;
358 struct task_struct *tsk;
359 struct mm_struct *mm;
360 struct vm_area_struct *vma;
361 enum fault_type type;
362 unsigned long address;
363 unsigned int flags;
364 vm_fault_t fault;
365 bool is_write;
366
367 tsk = current;
368 /*
369 * The instruction that caused the program check has
370 * been nullified. Don't signal single step via SIGTRAP.
371 */
372 clear_thread_flag(TIF_PER_TRAP);
373
374 if (kprobe_page_fault(regs, 14))
375 return 0;
376
377 mm = tsk->mm;
378 address = get_fault_address(regs);
379 is_write = fault_is_write(regs);
380
381 /*
382 * Verify that the fault happened in user space, that
383 * we are not in an interrupt and that there is a
384 * user context.
385 */
386 fault = VM_FAULT_BADCONTEXT;
387 type = get_fault_type(regs);
388 switch (type) {
389 case KERNEL_FAULT:
390 goto out;
391 case USER_FAULT:
392 case GMAP_FAULT:
393 if (faulthandler_disabled() || !mm)
394 goto out;
395 break;
396 }
397
398 perf_sw_event(PERF_COUNT_SW_PAGE_FAULTS, 1, regs, address);
399 flags = FAULT_FLAG_DEFAULT;
400 if (user_mode(regs))
401 flags |= FAULT_FLAG_USER;
402 if (is_write)
403 access = VM_WRITE;
404 if (access == VM_WRITE)
405 flags |= FAULT_FLAG_WRITE;
406 mmap_read_lock(mm);
407
408 gmap = NULL;
409 if (IS_ENABLED(CONFIG_PGSTE) && type == GMAP_FAULT) {
410 gmap = (struct gmap *) S390_lowcore.gmap;
411 current->thread.gmap_addr = address;
412 current->thread.gmap_write_flag = !!(flags & FAULT_FLAG_WRITE);
413 current->thread.gmap_int_code = regs->int_code & 0xffff;
414 address = __gmap_translate(gmap, address);
415 if (address == -EFAULT) {
416 fault = VM_FAULT_BADMAP;
417 goto out_up;
418 }
419 if (gmap->pfault_enabled)
420 flags |= FAULT_FLAG_RETRY_NOWAIT;
421 }
422
423 retry:
424 fault = VM_FAULT_BADMAP;
425 vma = find_vma(mm, address);
426 if (!vma)
427 goto out_up;
428
429 if (unlikely(vma->vm_start > address)) {
430 if (!(vma->vm_flags & VM_GROWSDOWN))
431 goto out_up;
432 vma = expand_stack(mm, address);
433 if (!vma)
434 goto out;
435 }
436
437 /*
438 * Ok, we have a good vm_area for this memory access, so
439 * we can handle it..
440 */
441 fault = VM_FAULT_BADACCESS;
442 if (unlikely(!(vma->vm_flags & access)))
443 goto out_up;
444
445 /*
446 * If for any reason at all we couldn't handle the fault,
447 * make sure we exit gracefully rather than endlessly redo
448 * the fault.
449 */
450 fault = handle_mm_fault(vma, address, flags, regs);
451 if (fault_signal_pending(fault, regs)) {
452 fault = VM_FAULT_SIGNAL;
453 if (flags & FAULT_FLAG_RETRY_NOWAIT)
454 goto out_up;
455 goto out;
456 }
457
458 /* The fault is fully completed (including releasing mmap lock) */
459 if (fault & VM_FAULT_COMPLETED) {
460 if (gmap) {
461 mmap_read_lock(mm);
462 goto out_gmap;
463 }
464 fault = 0;
465 goto out;
466 }
467
468 if (unlikely(fault & VM_FAULT_ERROR))
469 goto out_up;
470
471 if (fault & VM_FAULT_RETRY) {
472 if (IS_ENABLED(CONFIG_PGSTE) && gmap &&
473 (flags & FAULT_FLAG_RETRY_NOWAIT)) {
474 /*
475 * FAULT_FLAG_RETRY_NOWAIT has been set, mmap_lock has
476 * not been released
477 */
478 current->thread.gmap_pfault = 1;
479 fault = VM_FAULT_PFAULT;
480 goto out_up;
481 }
482 flags &= ~FAULT_FLAG_RETRY_NOWAIT;
483 flags |= FAULT_FLAG_TRIED;
484 mmap_read_lock(mm);
485 goto retry;
486 }
487 out_gmap:
488 if (IS_ENABLED(CONFIG_PGSTE) && gmap) {
489 address = __gmap_link(gmap, current->thread.gmap_addr,
490 address);
491 if (address == -EFAULT) {
492 fault = VM_FAULT_BADMAP;
493 goto out_up;
494 }
495 if (address == -ENOMEM) {
496 fault = VM_FAULT_OOM;
497 goto out_up;
498 }
499 }
500 fault = 0;
501 out_up:
502 mmap_read_unlock(mm);
503 out:
504 return fault;
505 }
506
507 void do_protection_exception(struct pt_regs *regs)
508 {
509 unsigned long trans_exc_code;
510 int access;
511 vm_fault_t fault;
512
513 trans_exc_code = regs->int_parm_long;
514 /*
515 * Protection exceptions are suppressing, decrement psw address.
516 * The exception to this rule are aborted transactions, for these
517 * the PSW already points to the correct location.
518 */
519 if (!(regs->int_code & 0x200))
520 regs->psw.addr = __rewind_psw(regs->psw, regs->int_code >> 16);
521 /*
522 * Check for low-address protection. This needs to be treated
523 * as a special case because the translation exception code
524 * field is not guaranteed to contain valid data in this case.
525 */
526 if (unlikely(!(trans_exc_code & 4))) {
527 do_low_address(regs);
528 return;
529 }
530 if (unlikely(MACHINE_HAS_NX && (trans_exc_code & 0x80))) {
531 regs->int_parm_long = (trans_exc_code & ~PAGE_MASK) |
532 (regs->psw.addr & PAGE_MASK);
533 access = VM_EXEC;
534 fault = VM_FAULT_BADACCESS;
535 } else {
536 access = VM_WRITE;
537 fault = do_exception(regs, access);
538 }
539 if (unlikely(fault))
540 do_fault_error(regs, fault);
541 }
542 NOKPROBE_SYMBOL(do_protection_exception);
543
544 void do_dat_exception(struct pt_regs *regs)
545 {
546 int access;
547 vm_fault_t fault;
548
549 access = VM_ACCESS_FLAGS;
550 fault = do_exception(regs, access);
551 if (unlikely(fault))
552 do_fault_error(regs, fault);
553 }
554 NOKPROBE_SYMBOL(do_dat_exception);
555
556 #ifdef CONFIG_PFAULT
557 /*
558 * 'pfault' pseudo page faults routines.
559 */
560 static int pfault_disable;
561
562 static int __init nopfault(char *str)
563 {
564 pfault_disable = 1;
565 return 1;
566 }
567
568 __setup("nopfault", nopfault);
569
570 struct pfault_refbk {
571 u16 refdiagc;
572 u16 reffcode;
573 u16 refdwlen;
574 u16 refversn;
575 u64 refgaddr;
576 u64 refselmk;
577 u64 refcmpmk;
578 u64 reserved;
579 } __attribute__ ((packed, aligned(8)));
580
581 static struct pfault_refbk pfault_init_refbk = {
582 .refdiagc = 0x258,
583 .reffcode = 0,
584 .refdwlen = 5,
585 .refversn = 2,
586 .refgaddr = __LC_LPP,
587 .refselmk = 1ULL << 48,
588 .refcmpmk = 1ULL << 48,
589 .reserved = __PF_RES_FIELD
590 };
591
592 int pfault_init(void)
593 {
594 int rc;
595
596 if (pfault_disable)
597 return -1;
598 diag_stat_inc(DIAG_STAT_X258);
599 asm volatile(
600 " diag %1,%0,0x258\n"
601 "0: j 2f\n"
602 "1: la %0,8\n"
603 "2:\n"
604 EX_TABLE(0b,1b)
605 : "=d" (rc)
606 : "a" (&pfault_init_refbk), "m" (pfault_init_refbk) : "cc");
607 return rc;
608 }
609
610 static struct pfault_refbk pfault_fini_refbk = {
611 .refdiagc = 0x258,
612 .reffcode = 1,
613 .refdwlen = 5,
614 .refversn = 2,
615 };
616
617 void pfault_fini(void)
618 {
619
620 if (pfault_disable)
621 return;
622 diag_stat_inc(DIAG_STAT_X258);
623 asm volatile(
624 " diag %0,0,0x258\n"
625 "0: nopr %%r7\n"
626 EX_TABLE(0b,0b)
627 : : "a" (&pfault_fini_refbk), "m" (pfault_fini_refbk) : "cc");
628 }
629
630 static DEFINE_SPINLOCK(pfault_lock);
631 static LIST_HEAD(pfault_list);
632
633 #define PF_COMPLETE 0x0080
634
635 /*
636 * The mechanism of our pfault code: if Linux is running as guest, runs a user
637 * space process and the user space process accesses a page that the host has
638 * paged out we get a pfault interrupt.
639 *
640 * This allows us, within the guest, to schedule a different process. Without
641 * this mechanism the host would have to suspend the whole virtual cpu until
642 * the page has been paged in.
643 *
644 * So when we get such an interrupt then we set the state of the current task
645 * to uninterruptible and also set the need_resched flag. Both happens within
646 * interrupt context(!). If we later on want to return to user space we
647 * recognize the need_resched flag and then call schedule(). It's not very
648 * obvious how this works...
649 *
650 * Of course we have a lot of additional fun with the completion interrupt (->
651 * host signals that a page of a process has been paged in and the process can
652 * continue to run). This interrupt can arrive on any cpu and, since we have
653 * virtual cpus, actually appear before the interrupt that signals that a page
654 * is missing.
655 */
656 static void pfault_interrupt(struct ext_code ext_code,
657 unsigned int param32, unsigned long param64)
658 {
659 struct task_struct *tsk;
660 __u16 subcode;
661 pid_t pid;
662
663 /*
664 * Get the external interruption subcode & pfault initial/completion
665 * signal bit. VM stores this in the 'cpu address' field associated
666 * with the external interrupt.
667 */
668 subcode = ext_code.subcode;
669 if ((subcode & 0xff00) != __SUBCODE_MASK)
670 return;
671 inc_irq_stat(IRQEXT_PFL);
672 /* Get the token (= pid of the affected task). */
673 pid = param64 & LPP_PID_MASK;
674 rcu_read_lock();
675 tsk = find_task_by_pid_ns(pid, &init_pid_ns);
676 if (tsk)
677 get_task_struct(tsk);
678 rcu_read_unlock();
679 if (!tsk)
680 return;
681 spin_lock(&pfault_lock);
682 if (subcode & PF_COMPLETE) {
683 /* signal bit is set -> a page has been swapped in by VM */
684 if (tsk->thread.pfault_wait == 1) {
685 /* Initial interrupt was faster than the completion
686 * interrupt. pfault_wait is valid. Set pfault_wait
687 * back to zero and wake up the process. This can
688 * safely be done because the task is still sleeping
689 * and can't produce new pfaults. */
690 tsk->thread.pfault_wait = 0;
691 list_del(&tsk->thread.list);
692 wake_up_process(tsk);
693 put_task_struct(tsk);
694 } else {
695 /* Completion interrupt was faster than initial
696 * interrupt. Set pfault_wait to -1 so the initial
697 * interrupt doesn't put the task to sleep.
698 * If the task is not running, ignore the completion
699 * interrupt since it must be a leftover of a PFAULT
700 * CANCEL operation which didn't remove all pending
701 * completion interrupts. */
702 if (task_is_running(tsk))
703 tsk->thread.pfault_wait = -1;
704 }
705 } else {
706 /* signal bit not set -> a real page is missing. */
707 if (WARN_ON_ONCE(tsk != current))
708 goto out;
709 if (tsk->thread.pfault_wait == 1) {
710 /* Already on the list with a reference: put to sleep */
711 goto block;
712 } else if (tsk->thread.pfault_wait == -1) {
713 /* Completion interrupt was faster than the initial
714 * interrupt (pfault_wait == -1). Set pfault_wait
715 * back to zero and exit. */
716 tsk->thread.pfault_wait = 0;
717 } else {
718 /* Initial interrupt arrived before completion
719 * interrupt. Let the task sleep.
720 * An extra task reference is needed since a different
721 * cpu may set the task state to TASK_RUNNING again
722 * before the scheduler is reached. */
723 get_task_struct(tsk);
724 tsk->thread.pfault_wait = 1;
725 list_add(&tsk->thread.list, &pfault_list);
726 block:
727 /* Since this must be a userspace fault, there
728 * is no kernel task state to trample. Rely on the
729 * return to userspace schedule() to block. */
730 __set_current_state(TASK_UNINTERRUPTIBLE);
731 set_tsk_need_resched(tsk);
732 set_preempt_need_resched();
733 }
734 }
735 out:
736 spin_unlock(&pfault_lock);
737 put_task_struct(tsk);
738 }
739
740 static int pfault_cpu_dead(unsigned int cpu)
741 {
742 struct thread_struct *thread, *next;
743 struct task_struct *tsk;
744
745 spin_lock_irq(&pfault_lock);
746 list_for_each_entry_safe(thread, next, &pfault_list, list) {
747 thread->pfault_wait = 0;
748 list_del(&thread->list);
749 tsk = container_of(thread, struct task_struct, thread);
750 wake_up_process(tsk);
751 put_task_struct(tsk);
752 }
753 spin_unlock_irq(&pfault_lock);
754 return 0;
755 }
756
757 static int __init pfault_irq_init(void)
758 {
759 int rc;
760
761 rc = register_external_irq(EXT_IRQ_CP_SERVICE, pfault_interrupt);
762 if (rc)
763 goto out_extint;
764 rc = pfault_init() == 0 ? 0 : -EOPNOTSUPP;
765 if (rc)
766 goto out_pfault;
767 irq_subclass_register(IRQ_SUBCLASS_SERVICE_SIGNAL);
768 cpuhp_setup_state_nocalls(CPUHP_S390_PFAULT_DEAD, "s390/pfault:dead",
769 NULL, pfault_cpu_dead);
770 return 0;
771
772 out_pfault:
773 unregister_external_irq(EXT_IRQ_CP_SERVICE, pfault_interrupt);
774 out_extint:
775 pfault_disable = 1;
776 return rc;
777 }
778 early_initcall(pfault_irq_init);
779
780 #endif /* CONFIG_PFAULT */
781
782 #if IS_ENABLED(CONFIG_PGSTE)
783
784 void do_secure_storage_access(struct pt_regs *regs)
785 {
786 unsigned long addr = regs->int_parm_long & __FAIL_ADDR_MASK;
787 struct vm_area_struct *vma;
788 struct mm_struct *mm;
789 struct page *page;
790 struct gmap *gmap;
791 int rc;
792
793 /*
794 * bit 61 tells us if the address is valid, if it's not we
795 * have a major problem and should stop the kernel or send a
796 * SIGSEGV to the process. Unfortunately bit 61 is not
797 * reliable without the misc UV feature so we need to check
798 * for that as well.
799 */
800 if (test_bit_inv(BIT_UV_FEAT_MISC, &uv_info.uv_feature_indications) &&
801 !test_bit_inv(61, &regs->int_parm_long)) {
802 /*
803 * When this happens, userspace did something that it
804 * was not supposed to do, e.g. branching into secure
805 * memory. Trigger a segmentation fault.
806 */
807 if (user_mode(regs)) {
808 send_sig(SIGSEGV, current, 0);
809 return;
810 }
811
812 /*
813 * The kernel should never run into this case and we
814 * have no way out of this situation.
815 */
816 panic("Unexpected PGM 0x3d with TEID bit 61=0");
817 }
818
819 switch (get_fault_type(regs)) {
820 case GMAP_FAULT:
821 mm = current->mm;
822 gmap = (struct gmap *)S390_lowcore.gmap;
823 mmap_read_lock(mm);
824 addr = __gmap_translate(gmap, addr);
825 mmap_read_unlock(mm);
826 if (IS_ERR_VALUE(addr)) {
827 do_fault_error(regs, VM_FAULT_BADMAP);
828 break;
829 }
830 fallthrough;
831 case USER_FAULT:
832 mm = current->mm;
833 mmap_read_lock(mm);
834 vma = find_vma(mm, addr);
835 if (!vma) {
836 mmap_read_unlock(mm);
837 do_fault_error(regs, VM_FAULT_BADMAP);
838 break;
839 }
840 page = follow_page(vma, addr, FOLL_WRITE | FOLL_GET);
841 if (IS_ERR_OR_NULL(page)) {
842 mmap_read_unlock(mm);
843 break;
844 }
845 if (arch_make_page_accessible(page))
846 send_sig(SIGSEGV, current, 0);
847 put_page(page);
848 mmap_read_unlock(mm);
849 break;
850 case KERNEL_FAULT:
851 page = phys_to_page(addr);
852 if (unlikely(!try_get_page(page)))
853 break;
854 rc = arch_make_page_accessible(page);
855 put_page(page);
856 if (rc)
857 BUG();
858 break;
859 default:
860 do_fault_error(regs, VM_FAULT_BADMAP);
861 WARN_ON_ONCE(1);
862 }
863 }
864 NOKPROBE_SYMBOL(do_secure_storage_access);
865
866 void do_non_secure_storage_access(struct pt_regs *regs)
867 {
868 unsigned long gaddr = regs->int_parm_long & __FAIL_ADDR_MASK;
869 struct gmap *gmap = (struct gmap *)S390_lowcore.gmap;
870
871 if (get_fault_type(regs) != GMAP_FAULT) {
872 do_fault_error(regs, VM_FAULT_BADMAP);
873 WARN_ON_ONCE(1);
874 return;
875 }
876
877 if (gmap_convert_to_secure(gmap, gaddr) == -EINVAL)
878 send_sig(SIGSEGV, current, 0);
879 }
880 NOKPROBE_SYMBOL(do_non_secure_storage_access);
881
882 void do_secure_storage_violation(struct pt_regs *regs)
883 {
884 unsigned long gaddr = regs->int_parm_long & __FAIL_ADDR_MASK;
885 struct gmap *gmap = (struct gmap *)S390_lowcore.gmap;
886
887 /*
888 * If the VM has been rebooted, its address space might still contain
889 * secure pages from the previous boot.
890 * Clear the page so it can be reused.
891 */
892 if (!gmap_destroy_page(gmap, gaddr))
893 return;
894 /*
895 * Either KVM messed up the secure guest mapping or the same
896 * page is mapped into multiple secure guests.
897 *
898 * This exception is only triggered when a guest 2 is running
899 * and can therefore never occur in kernel context.
900 */
901 printk_ratelimited(KERN_WARNING
902 "Secure storage violation in task: %s, pid %d\n",
903 current->comm, current->pid);
904 send_sig(SIGSEGV, current, 0);
905 }
906
907 #endif /* CONFIG_PGSTE */
Ubuntu combined Linux kernel mirror