1 // SPDX-License-Identifier: GPL-2.0
4 * Copyright IBM Corp. 1999
5 * Author(s): Hartmut Penner (hp@de.ibm.com)
6 * Ulrich Weigand (uweigand@de.ibm.com)
8 * Derived from "arch/i386/mm/fault.c"
9 * Copyright (C) 1995 Linus Torvalds
12 #include <linux/kernel_stat.h>
13 #include <linux/perf_event.h>
14 #include <linux/signal.h>
15 #include <linux/sched.h>
16 #include <linux/sched/debug.h>
17 #include <linux/kernel.h>
18 #include <linux/errno.h>
19 #include <linux/string.h>
20 #include <linux/types.h>
21 #include <linux/ptrace.h>
22 #include <linux/mman.h>
24 #include <linux/compat.h>
25 #include <linux/smp.h>
26 #include <linux/kdebug.h>
27 #include <linux/init.h>
28 #include <linux/console.h>
29 #include <linux/extable.h>
30 #include <linux/hardirq.h>
31 #include <linux/kprobes.h>
32 #include <linux/uaccess.h>
33 #include <linux/hugetlb.h>
34 #include <linux/kfence.h>
35 #include <asm/asm-extable.h>
36 #include <asm/asm-offsets.h>
40 #include <asm/mmu_context.h>
41 #include <asm/facility.h>
43 #include "../kernel/entry.h"
45 #define __FAIL_ADDR_MASK -4096L
46 #define __SUBCODE_MASK 0x0600
47 #define __PF_RES_FIELD 0x8000000000000000ULL
49 #define VM_FAULT_BADCONTEXT ((__force vm_fault_t) 0x010000)
50 #define VM_FAULT_BADMAP ((__force vm_fault_t) 0x020000)
51 #define VM_FAULT_BADACCESS ((__force vm_fault_t) 0x040000)
52 #define VM_FAULT_SIGNAL ((__force vm_fault_t) 0x080000)
53 #define VM_FAULT_PFAULT ((__force vm_fault_t) 0x100000)
61 static unsigned long store_indication __read_mostly;
63 static int __init fault_init(void)
65 if (test_facility(75))
66 store_indication = 0xc00;
69 early_initcall(fault_init);
72 * Find out which address space caused the exception.
74 static enum fault_type get_fault_type(struct pt_regs *regs)
76 unsigned long trans_exc_code;
78 trans_exc_code = regs->int_parm_long & 3;
79 if (likely(trans_exc_code == 0)) {
80 /* primary space exception */
83 if (!IS_ENABLED(CONFIG_PGSTE))
85 if (test_pt_regs_flag(regs, PIF_GUEST_FAULT))
89 if (trans_exc_code == 2)
91 if (trans_exc_code == 1) {
92 /* access register mode, not used in the kernel */
95 /* home space exception -> access via kernel ASCE */
99 static unsigned long get_fault_address(struct pt_regs *regs)
101 unsigned long trans_exc_code = regs->int_parm_long;
103 return trans_exc_code & __FAIL_ADDR_MASK;
106 static bool fault_is_write(struct pt_regs *regs)
108 unsigned long trans_exc_code = regs->int_parm_long;
110 return (trans_exc_code & store_indication) == 0x400;
113 static int bad_address(void *p)
117 return get_kernel_nofault(dummy, (unsigned long *)p);
120 static void dump_pagetable(unsigned long asce, unsigned long address)
122 unsigned long *table = __va(asce & _ASCE_ORIGIN);
124 pr_alert("AS:%016lx ", asce);
125 switch (asce & _ASCE_TYPE_MASK) {
126 case _ASCE_TYPE_REGION1:
127 table += (address & _REGION1_INDEX) >> _REGION1_SHIFT;
128 if (bad_address(table))
130 pr_cont("R1:%016lx ", *table);
131 if (*table & _REGION_ENTRY_INVALID)
133 table = __va(*table & _REGION_ENTRY_ORIGIN);
135 case _ASCE_TYPE_REGION2:
136 table += (address & _REGION2_INDEX) >> _REGION2_SHIFT;
137 if (bad_address(table))
139 pr_cont("R2:%016lx ", *table);
140 if (*table & _REGION_ENTRY_INVALID)
142 table = __va(*table & _REGION_ENTRY_ORIGIN);
144 case _ASCE_TYPE_REGION3:
145 table += (address & _REGION3_INDEX) >> _REGION3_SHIFT;
146 if (bad_address(table))
148 pr_cont("R3:%016lx ", *table);
149 if (*table & (_REGION_ENTRY_INVALID | _REGION3_ENTRY_LARGE))
151 table = __va(*table & _REGION_ENTRY_ORIGIN);
153 case _ASCE_TYPE_SEGMENT:
154 table += (address & _SEGMENT_INDEX) >> _SEGMENT_SHIFT;
155 if (bad_address(table))
157 pr_cont("S:%016lx ", *table);
158 if (*table & (_SEGMENT_ENTRY_INVALID | _SEGMENT_ENTRY_LARGE))
160 table = __va(*table & _SEGMENT_ENTRY_ORIGIN);
162 table += (address & _PAGE_INDEX) >> _PAGE_SHIFT;
163 if (bad_address(table))
165 pr_cont("P:%016lx ", *table);
173 static void dump_fault_info(struct pt_regs *regs)
177 pr_alert("Failing address: %016lx TEID: %016lx\n",
178 regs->int_parm_long & __FAIL_ADDR_MASK, regs->int_parm_long);
179 pr_alert("Fault in ");
180 switch (regs->int_parm_long & 3) {
182 pr_cont("home space ");
185 pr_cont("secondary space ");
188 pr_cont("access register ");
191 pr_cont("primary space ");
194 pr_cont("mode while using ");
195 switch (get_fault_type(regs)) {
197 asce = S390_lowcore.user_asce;
201 asce = ((struct gmap *) S390_lowcore.gmap)->asce;
205 asce = S390_lowcore.kernel_asce;
212 dump_pagetable(asce, regs->int_parm_long & __FAIL_ADDR_MASK);
215 int show_unhandled_signals = 1;
217 void report_user_fault(struct pt_regs *regs, long signr, int is_mm_fault)
219 if ((task_pid_nr(current) > 1) && !show_unhandled_signals)
221 if (!unhandled_signal(current, signr))
223 if (!printk_ratelimit())
225 printk(KERN_ALERT "User process fault: interruption code %04x ilc:%d ",
226 regs->int_code & 0xffff, regs->int_code >> 17);
227 print_vma_addr(KERN_CONT "in ", regs->psw.addr);
228 printk(KERN_CONT "\n");
230 dump_fault_info(regs);
235 * Send SIGSEGV to task. This is an external routine
236 * to keep the stack usage of do_page_fault small.
238 static noinline void do_sigsegv(struct pt_regs *regs, int si_code)
240 report_user_fault(regs, SIGSEGV, 1);
241 force_sig_fault(SIGSEGV, si_code,
242 (void __user *)(regs->int_parm_long & __FAIL_ADDR_MASK));
245 static noinline void do_no_context(struct pt_regs *regs, vm_fault_t fault)
247 enum fault_type fault_type;
248 unsigned long address;
251 if (fixup_exception(regs))
253 fault_type = get_fault_type(regs);
254 if ((fault_type == KERNEL_FAULT) && (fault == VM_FAULT_BADCONTEXT)) {
255 address = get_fault_address(regs);
256 is_write = fault_is_write(regs);
257 if (kfence_handle_page_fault(address, is_write, regs))
261 * Oops. The kernel tried to access some bad page. We'll have to
262 * terminate things with extreme prejudice.
264 if (fault_type == KERNEL_FAULT)
265 printk(KERN_ALERT "Unable to handle kernel pointer dereference"
266 " in virtual kernel address space\n");
268 printk(KERN_ALERT "Unable to handle kernel paging request"
269 " in virtual user address space\n");
270 dump_fault_info(regs);
274 static noinline void do_low_address(struct pt_regs *regs)
276 /* Low-address protection hit in kernel mode means
277 NULL pointer write access in kernel mode. */
278 if (regs->psw.mask & PSW_MASK_PSTATE) {
279 /* Low-address protection hit in user mode 'cannot happen'. */
280 die (regs, "Low-address protection");
283 do_no_context(regs, VM_FAULT_BADACCESS);
286 static noinline void do_sigbus(struct pt_regs *regs)
289 * Send a sigbus, regardless of whether we were in kernel
292 force_sig_fault(SIGBUS, BUS_ADRERR,
293 (void __user *)(regs->int_parm_long & __FAIL_ADDR_MASK));
296 static noinline void do_fault_error(struct pt_regs *regs, vm_fault_t fault)
301 case VM_FAULT_BADACCESS:
302 case VM_FAULT_BADMAP:
303 /* Bad memory access. Check if it is kernel or user space. */
304 if (user_mode(regs)) {
305 /* User mode accesses just cause a SIGSEGV */
306 si_code = (fault == VM_FAULT_BADMAP) ?
307 SEGV_MAPERR : SEGV_ACCERR;
308 do_sigsegv(regs, si_code);
312 case VM_FAULT_BADCONTEXT:
313 case VM_FAULT_PFAULT:
314 do_no_context(regs, fault);
316 case VM_FAULT_SIGNAL:
317 if (!user_mode(regs))
318 do_no_context(regs, fault);
320 default: /* fault & VM_FAULT_ERROR */
321 if (fault & VM_FAULT_OOM) {
322 if (!user_mode(regs))
323 do_no_context(regs, fault);
325 pagefault_out_of_memory();
326 } else if (fault & VM_FAULT_SIGSEGV) {
327 /* Kernel mode? Handle exceptions or die */
328 if (!user_mode(regs))
329 do_no_context(regs, fault);
331 do_sigsegv(regs, SEGV_MAPERR);
332 } else if (fault & VM_FAULT_SIGBUS) {
333 /* Kernel mode? Handle exceptions or die */
334 if (!user_mode(regs))
335 do_no_context(regs, fault);
345 * This routine handles page faults. It determines the address,
346 * and the problem, and then passes it off to one of the appropriate
349 * interruption code (int_code):
350 * 04 Protection -> Write-Protection (suppression)
351 * 10 Segment translation -> Not present (nullification)
352 * 11 Page translation -> Not present (nullification)
353 * 3b Region third trans. -> Not present (nullification)
355 static inline vm_fault_t do_exception(struct pt_regs *regs, int access)
358 struct task_struct *tsk;
359 struct mm_struct *mm;
360 struct vm_area_struct *vma;
361 enum fault_type type;
362 unsigned long address;
369 * The instruction that caused the program check has
370 * been nullified. Don't signal single step via SIGTRAP.
372 clear_thread_flag(TIF_PER_TRAP);
374 if (kprobe_page_fault(regs, 14))
378 address = get_fault_address(regs);
379 is_write = fault_is_write(regs);
382 * Verify that the fault happened in user space, that
383 * we are not in an interrupt and that there is a
386 fault = VM_FAULT_BADCONTEXT;
387 type = get_fault_type(regs);
393 if (faulthandler_disabled() || !mm)
398 perf_sw_event(PERF_COUNT_SW_PAGE_FAULTS, 1, regs, address);
399 flags = FAULT_FLAG_DEFAULT;
401 flags |= FAULT_FLAG_USER;
404 if (access == VM_WRITE)
405 flags |= FAULT_FLAG_WRITE;
409 if (IS_ENABLED(CONFIG_PGSTE) && type == GMAP_FAULT) {
410 gmap = (struct gmap *) S390_lowcore.gmap;
411 current->thread.gmap_addr = address;
412 current->thread.gmap_write_flag = !!(flags & FAULT_FLAG_WRITE);
413 current->thread.gmap_int_code = regs->int_code & 0xffff;
414 address = __gmap_translate(gmap, address);
415 if (address == -EFAULT) {
416 fault = VM_FAULT_BADMAP;
419 if (gmap->pfault_enabled)
420 flags |= FAULT_FLAG_RETRY_NOWAIT;
424 fault = VM_FAULT_BADMAP;
425 vma = find_vma(mm, address);
429 if (unlikely(vma->vm_start > address)) {
430 if (!(vma->vm_flags & VM_GROWSDOWN))
432 vma = expand_stack(mm, address);
438 * Ok, we have a good vm_area for this memory access, so
441 fault = VM_FAULT_BADACCESS;
442 if (unlikely(!(vma->vm_flags & access)))
446 * If for any reason at all we couldn't handle the fault,
447 * make sure we exit gracefully rather than endlessly redo
450 fault = handle_mm_fault(vma, address, flags, regs);
451 if (fault_signal_pending(fault, regs)) {
452 fault = VM_FAULT_SIGNAL;
453 if (flags & FAULT_FLAG_RETRY_NOWAIT)
458 /* The fault is fully completed (including releasing mmap lock) */
459 if (fault & VM_FAULT_COMPLETED) {
468 if (unlikely(fault & VM_FAULT_ERROR))
471 if (fault & VM_FAULT_RETRY) {
472 if (IS_ENABLED(CONFIG_PGSTE) && gmap &&
473 (flags & FAULT_FLAG_RETRY_NOWAIT)) {
475 * FAULT_FLAG_RETRY_NOWAIT has been set, mmap_lock has
478 current->thread.gmap_pfault = 1;
479 fault = VM_FAULT_PFAULT;
482 flags &= ~FAULT_FLAG_RETRY_NOWAIT;
483 flags |= FAULT_FLAG_TRIED;
488 if (IS_ENABLED(CONFIG_PGSTE) && gmap) {
489 address = __gmap_link(gmap, current->thread.gmap_addr,
491 if (address == -EFAULT) {
492 fault = VM_FAULT_BADMAP;
495 if (address == -ENOMEM) {
496 fault = VM_FAULT_OOM;
502 mmap_read_unlock(mm);
507 void do_protection_exception(struct pt_regs *regs)
509 unsigned long trans_exc_code;
513 trans_exc_code = regs->int_parm_long;
515 * Protection exceptions are suppressing, decrement psw address.
516 * The exception to this rule are aborted transactions, for these
517 * the PSW already points to the correct location.
519 if (!(regs->int_code & 0x200))
520 regs->psw.addr = __rewind_psw(regs->psw, regs->int_code >> 16);
522 * Check for low-address protection. This needs to be treated
523 * as a special case because the translation exception code
524 * field is not guaranteed to contain valid data in this case.
526 if (unlikely(!(trans_exc_code & 4))) {
527 do_low_address(regs);
530 if (unlikely(MACHINE_HAS_NX && (trans_exc_code & 0x80))) {
531 regs->int_parm_long = (trans_exc_code & ~PAGE_MASK) |
532 (regs->psw.addr & PAGE_MASK);
534 fault = VM_FAULT_BADACCESS;
537 fault = do_exception(regs, access);
540 do_fault_error(regs, fault);
542 NOKPROBE_SYMBOL(do_protection_exception);
544 void do_dat_exception(struct pt_regs *regs)
549 access = VM_ACCESS_FLAGS;
550 fault = do_exception(regs, access);
552 do_fault_error(regs, fault);
554 NOKPROBE_SYMBOL(do_dat_exception);
558 * 'pfault' pseudo page faults routines.
560 static int pfault_disable;
562 static int __init nopfault(char *str)
568 __setup("nopfault", nopfault);
570 struct pfault_refbk {
579 } __attribute__ ((packed, aligned(8)));
581 static struct pfault_refbk pfault_init_refbk = {
586 .refgaddr = __LC_LPP,
587 .refselmk = 1ULL << 48,
588 .refcmpmk = 1ULL << 48,
589 .reserved = __PF_RES_FIELD
592 int pfault_init(void)
598 diag_stat_inc(DIAG_STAT_X258);
600 " diag %1,%0,0x258\n"
606 : "a" (&pfault_init_refbk), "m" (pfault_init_refbk) : "cc");
610 static struct pfault_refbk pfault_fini_refbk = {
617 void pfault_fini(void)
622 diag_stat_inc(DIAG_STAT_X258);
627 : : "a" (&pfault_fini_refbk), "m" (pfault_fini_refbk) : "cc");
630 static DEFINE_SPINLOCK(pfault_lock);
631 static LIST_HEAD(pfault_list);
633 #define PF_COMPLETE 0x0080
636 * The mechanism of our pfault code: if Linux is running as guest, runs a user
637 * space process and the user space process accesses a page that the host has
638 * paged out we get a pfault interrupt.
640 * This allows us, within the guest, to schedule a different process. Without
641 * this mechanism the host would have to suspend the whole virtual cpu until
642 * the page has been paged in.
644 * So when we get such an interrupt then we set the state of the current task
645 * to uninterruptible and also set the need_resched flag. Both happens within
646 * interrupt context(!). If we later on want to return to user space we
647 * recognize the need_resched flag and then call schedule(). It's not very
648 * obvious how this works...
650 * Of course we have a lot of additional fun with the completion interrupt (->
651 * host signals that a page of a process has been paged in and the process can
652 * continue to run). This interrupt can arrive on any cpu and, since we have
653 * virtual cpus, actually appear before the interrupt that signals that a page
656 static void pfault_interrupt(struct ext_code ext_code,
657 unsigned int param32, unsigned long param64)
659 struct task_struct *tsk;
664 * Get the external interruption subcode & pfault initial/completion
665 * signal bit. VM stores this in the 'cpu address' field associated
666 * with the external interrupt.
668 subcode = ext_code.subcode;
669 if ((subcode & 0xff00) != __SUBCODE_MASK)
671 inc_irq_stat(IRQEXT_PFL);
672 /* Get the token (= pid of the affected task). */
673 pid = param64 & LPP_PID_MASK;
675 tsk = find_task_by_pid_ns(pid, &init_pid_ns);
677 get_task_struct(tsk);
681 spin_lock(&pfault_lock);
682 if (subcode & PF_COMPLETE) {
683 /* signal bit is set -> a page has been swapped in by VM */
684 if (tsk->thread.pfault_wait == 1) {
685 /* Initial interrupt was faster than the completion
686 * interrupt. pfault_wait is valid. Set pfault_wait
687 * back to zero and wake up the process. This can
688 * safely be done because the task is still sleeping
689 * and can't produce new pfaults. */
690 tsk->thread.pfault_wait = 0;
691 list_del(&tsk->thread.list);
692 wake_up_process(tsk);
693 put_task_struct(tsk);
695 /* Completion interrupt was faster than initial
696 * interrupt. Set pfault_wait to -1 so the initial
697 * interrupt doesn't put the task to sleep.
698 * If the task is not running, ignore the completion
699 * interrupt since it must be a leftover of a PFAULT
700 * CANCEL operation which didn't remove all pending
701 * completion interrupts. */
702 if (task_is_running(tsk))
703 tsk->thread.pfault_wait = -1;
706 /* signal bit not set -> a real page is missing. */
707 if (WARN_ON_ONCE(tsk != current))
709 if (tsk->thread.pfault_wait == 1) {
710 /* Already on the list with a reference: put to sleep */
712 } else if (tsk->thread.pfault_wait == -1) {
713 /* Completion interrupt was faster than the initial
714 * interrupt (pfault_wait == -1). Set pfault_wait
715 * back to zero and exit. */
716 tsk->thread.pfault_wait = 0;
718 /* Initial interrupt arrived before completion
719 * interrupt. Let the task sleep.
720 * An extra task reference is needed since a different
721 * cpu may set the task state to TASK_RUNNING again
722 * before the scheduler is reached. */
723 get_task_struct(tsk);
724 tsk->thread.pfault_wait = 1;
725 list_add(&tsk->thread.list, &pfault_list);
727 /* Since this must be a userspace fault, there
728 * is no kernel task state to trample. Rely on the
729 * return to userspace schedule() to block. */
730 __set_current_state(TASK_UNINTERRUPTIBLE);
731 set_tsk_need_resched(tsk);
732 set_preempt_need_resched();
736 spin_unlock(&pfault_lock);
737 put_task_struct(tsk);
740 static int pfault_cpu_dead(unsigned int cpu)
742 struct thread_struct *thread, *next;
743 struct task_struct *tsk;
745 spin_lock_irq(&pfault_lock);
746 list_for_each_entry_safe(thread, next, &pfault_list, list) {
747 thread->pfault_wait = 0;
748 list_del(&thread->list);
749 tsk = container_of(thread, struct task_struct, thread);
750 wake_up_process(tsk);
751 put_task_struct(tsk);
753 spin_unlock_irq(&pfault_lock);
757 static int __init pfault_irq_init(void)
761 rc = register_external_irq(EXT_IRQ_CP_SERVICE, pfault_interrupt);
764 rc = pfault_init() == 0 ? 0 : -EOPNOTSUPP;
767 irq_subclass_register(IRQ_SUBCLASS_SERVICE_SIGNAL);
768 cpuhp_setup_state_nocalls(CPUHP_S390_PFAULT_DEAD, "s390/pfault:dead",
769 NULL, pfault_cpu_dead);
773 unregister_external_irq(EXT_IRQ_CP_SERVICE, pfault_interrupt);
778 early_initcall(pfault_irq_init);
780 #endif /* CONFIG_PFAULT */
782 #if IS_ENABLED(CONFIG_PGSTE)
784 void do_secure_storage_access(struct pt_regs *regs)
786 unsigned long addr = regs->int_parm_long & __FAIL_ADDR_MASK;
787 struct vm_area_struct *vma;
788 struct mm_struct *mm;
794 * bit 61 tells us if the address is valid, if it's not we
795 * have a major problem and should stop the kernel or send a
796 * SIGSEGV to the process. Unfortunately bit 61 is not
797 * reliable without the misc UV feature so we need to check
800 if (test_bit_inv(BIT_UV_FEAT_MISC, &uv_info.uv_feature_indications) &&
801 !test_bit_inv(61, ®s->int_parm_long)) {
803 * When this happens, userspace did something that it
804 * was not supposed to do, e.g. branching into secure
805 * memory. Trigger a segmentation fault.
807 if (user_mode(regs)) {
808 send_sig(SIGSEGV, current, 0);
813 * The kernel should never run into this case and we
814 * have no way out of this situation.
816 panic("Unexpected PGM 0x3d with TEID bit 61=0");
819 switch (get_fault_type(regs)) {
822 gmap = (struct gmap *)S390_lowcore.gmap;
824 addr = __gmap_translate(gmap, addr);
825 mmap_read_unlock(mm);
826 if (IS_ERR_VALUE(addr)) {
827 do_fault_error(regs, VM_FAULT_BADMAP);
834 vma = find_vma(mm, addr);
836 mmap_read_unlock(mm);
837 do_fault_error(regs, VM_FAULT_BADMAP);
840 page = follow_page(vma, addr, FOLL_WRITE | FOLL_GET);
841 if (IS_ERR_OR_NULL(page)) {
842 mmap_read_unlock(mm);
845 if (arch_make_page_accessible(page))
846 send_sig(SIGSEGV, current, 0);
848 mmap_read_unlock(mm);
851 page = phys_to_page(addr);
852 if (unlikely(!try_get_page(page)))
854 rc = arch_make_page_accessible(page);
860 do_fault_error(regs, VM_FAULT_BADMAP);
864 NOKPROBE_SYMBOL(do_secure_storage_access);
866 void do_non_secure_storage_access(struct pt_regs *regs)
868 unsigned long gaddr = regs->int_parm_long & __FAIL_ADDR_MASK;
869 struct gmap *gmap = (struct gmap *)S390_lowcore.gmap;
871 if (get_fault_type(regs) != GMAP_FAULT) {
872 do_fault_error(regs, VM_FAULT_BADMAP);
877 if (gmap_convert_to_secure(gmap, gaddr) == -EINVAL)
878 send_sig(SIGSEGV, current, 0);
880 NOKPROBE_SYMBOL(do_non_secure_storage_access);
882 void do_secure_storage_violation(struct pt_regs *regs)
884 unsigned long gaddr = regs->int_parm_long & __FAIL_ADDR_MASK;
885 struct gmap *gmap = (struct gmap *)S390_lowcore.gmap;
888 * If the VM has been rebooted, its address space might still contain
889 * secure pages from the previous boot.
890 * Clear the page so it can be reused.
892 if (!gmap_destroy_page(gmap, gaddr))
895 * Either KVM messed up the secure guest mapping or the same
896 * page is mapped into multiple secure guests.
898 * This exception is only triggered when a guest 2 is running
899 * and can therefore never occur in kernel context.
901 printk_ratelimited(KERN_WARNING
902 "Secure storage violation in task: %s, pid %d\n",
903 current->comm, current->pid);
904 send_sig(SIGSEGV, current, 0);
907 #endif /* CONFIG_PGSTE */
projects / releases.git / blob