- 21 Apr, 2021 3 commits
-
-
Vasily Gorbik authored
Current ebpf disassembly buffer size of 64 is too small. E.g. this line takes 65 bytes: 01fffff8005822e: ec8100ed8065\tclgrj\t%r8,%r1,8,001fffff80058408\n\0 Double the buffer size like it is done for the kernel disassembly buffer. Fixes the following KASAN finding: UG: KASAN: stack-out-of-bounds in print_fn_code+0x34c/0x380 Write of size 1 at addr 001fff800ad5f970 by task test_progs/853 CPU: 53 PID: 853 Comm: test_progs Not tainted 5.12.0-rc7-23786-g23457d86b1f0-dirty #19 Hardware name: IBM 3906 M04 704 (LPAR) Call Trace: [<0000000cd8e0538a>] show_stack+0x17a/0x1668 [<0000000cd8e2a5d8>] dump_stack+0x140/0x1b8 [<0000000cd8e16e74>] print_address_description.constprop.0+0x54/0x260 [<0000000cd75a8698>] kasan_report+0xc8/0x130 [<0000000cd6e26da4>] print_fn_code+0x34c/0x380 [<0000000cd6ea0f4e>] bpf_int_jit_compile+0xe3e/0xe58 [<0000000cd72c4c88>] bpf_prog_select_runtime+0x5b8/0x9c0 [<0000000cd72d1bf8>] bpf_prog_load+0xa78/0x19c0 [<0000000cd72d7ad6>] __do_sys_bpf.part.0+0x18e/0x768 [<0000000cd6e0f392>] do_syscall+0x12a/0x220 [<0000000cd8e333f8>] __do_syscall+0x98/0xc8 [<0000000cd8e54834>] system_call+0x6c/0x94 1 lock held by test_progs/853: #0: 0000000cd9bf7460 (report_lock){....}-{2:2}, at: kasan_report+0x96/0x130 addr 001fff800ad5f970 is located in stack of task test_progs/853 at offset 96 in frame: print_fn_code+0x0/0x380 this frame has 1 object: [32, 96) 'buffer' Memory state around the buggy address: 001fff800ad5f800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 001fff800ad5f880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >001fff800ad5f900: 00 00 f1 f1 f1 f1 00 00 00 00 00 00 00 00 f3 f3 ^ 001fff800ad5f980: f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 001fff800ad5fa00: 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 00 00 Cc: <stable@vger.kernel.org> Reviewed-by:Heiko Carstens <hca@linux.ibm.com> Signed-off-by:
Vasily Gorbik <gor@linux.ibm.com> Signed-off-by:
-
Harald Freudenberger authored
A review of the code showed, that this function which is exposed within the whole kernel should do a parameter check for the amount of bytes requested. If this requested bytes is too high an unsigned int overflow could happen causing this function to try to memcpy a really big memory chunk. This is not a security issue as there are only two invocations of this function from arch/s390/include/asm/archrandom.h and both are not exposed to userland. Reported-by:
Sven Schnelle <svens@linux.ibm.com> Signed-off-by:
Harald Freudenberger <freude@linux.ibm.com> Signed-off-by:
-
Harald Freudenberger authored
Tests with kvm and a kmemdebug kernel showed, that on hot unplug the zcard and zqueue structs for the unplugged card or queue are not properly freed because of a mismatch with get/put for the embedded kref counter. This fix now adjusts the handling of the kref counters. With init the kref counter starts with 1. This initial value needs to drop to zero with the unregister of the card or queue to trigger the release and free the object. Fixes: 29c2680f ("s390/ap: fix ap devices reference counting") Reported-by:
Marc Hartmayer <mhartmay@linux.ibm.com> Signed-off-by:
Julian Wiedmann <jwi@linux.ibm.com> Signed-off-by:
-
- 20 Apr, 2021 1 commit
-
-
Niklas Schnelle authored
On s390 each PCI device has a user-defined ID (UID) exposed under /sys/bus/pci/devices/<dev>/uid. This ID was designed to serve as the PCI device's primary index and to match the device within Linux to the device configured in the hypervisor. To serve as a primary identifier the UID must be unique within the Linux instance, this is guaranteed by the platform if and only if the UID Uniqueness Checking flag is set within the CLP List PCI Functions response. In this sense the UID serves an analogous function as the SMBIOS instance number or ACPI index exposed as the "index" respectively "acpi_index" device attributes and used by e.g. systemd to set interface names. As s390 does not use and will likely never use ACPI nor SMBIOS there is no conflict and we can just expose the UID under the "index" attribute whenever UID Uniqueness Checking is active and get systemd's interface naming support for free. Link: https://lore.kernel.org/lkml/20210412135905.1434249-1-schnelle@linux.ibm.com/Acked-by:
Viktor Mihajlovski <mihajlov@linux.ibm.com> Acked-by:
Bjorn Helgaas <bhelgaas@google.com> Acked-by:
Narendra K <narendra_k@dell.com> Signed-off-by:
Niklas Schnelle <schnelle@linux.ibm.com> Signed-off-by:
-
- 18 Apr, 2021 3 commits
-
-
Heiko Carstens authored
Make sure to always inline __xchg() and __cmpxchg() otherwise the compiler might decide to generate out-of-line versions which will fail at link time: s390-linux-ld: lib/atomic64_test.o: in function `__xchg': >> atomic64_test.c:(.text.unlikely+0xa4): undefined reference to `__xchg_called_with_bad_pointer' Reported-by:
kernel test robot <lkp@intel.com> Link: https://lore.kernel.org/linux-mm/202104170449.SIIFKVjT-lkp@intel.com/ Fixes: d2b1f6d2 ("s390/cmpxchg: get rid of gcc atomic builtins") Signed-off-by:
-
Alexander Gordeev authored
Funciton do_restart() is a callback invoked from the restart CPU routine and passed a single parameter. Signed-off-by:
Alexander Gordeev <agordeev@linux.ibm.com> Signed-off-by:
-
Marc Zyngier authored
perf_pmu_name() and perf_num_counters() are unused. Drop them. Signed-off-by:
Marc Zyngier <maz@kernel.org> Link: https://lore.kernel.org/r/20210414134409.1266357-4-maz@kernel.orgSigned-off-by:
-
- 15 Apr, 2021 3 commits
-
-
Heiko Carstens authored
Old gcc versions may fail with an internal compiler error if only the T or S constraint is specified for an operand, and no displacement is needed at all. To fix this use RT and QS as constraints, which reflects the union of both. Later gcc versions do the right thing and always accept single T and S constraints. See gcc commit 3e4be43f69da ("S/390: Memory constraint cleanup"). Fixes: ca897bb1 ("s390/atomic: use proper constraints") Fixes: b23eb636 ("s390/atomic: get rid of gcc atomic builtins") Fixes: d2b1f6d2 ("s390/cmpxchg: get rid of gcc atomic builtins") Signed-off-by: -
Vasily Gorbik authored
Add couple of additional info lines to make it easier to match test suite output and results. Signed-off-by:
-
Heiko Carstens authored
gcc and clang warn about incompatible pointer types due to the recent cmpxchg changes: drivers/gpu/drm/drm_lock.c:75:10: error: passing 'typeof (lock)' (aka 'volatile unsigned int *') to parameter of type 'void *' discards qualifiers [-Werror,-Wincompatible-pointer-types-discards-qualifiers] prev = cmpxchg(lock, old, new); ^~~~~~~~~~~~~~~~~~~~~~~ include/asm-generic/atomic-instrumented.h:1685:2: note: expanded from macro 'cmpxchg' arch_cmpxchg(__ai_ptr, __VA_ARGS__); \ ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ To avoid this simply cast pointers to unsigned long and use them instead of void pointers. This allows to stay with functions, instead of using complex defines and having to deal with all their potential side effects. Reported-by:
-
- 12 Apr, 2021 23 commits
-
-
Vasily Gorbik authored
Trigger a warning if any of unwinder tests fail. This should help to prevent quiet ignoring of test results when panic_on_warn is enabled. Signed-off-by:
-
Vasily Gorbik authored
Handle the case of "unwind state reliable but addr is 0" like other error cases in this function and trigger output of failing stacktrace to aid debugging. Signed-off-by:
-
Heiko Carstens authored
Set CONFIG_FRAME_WARN to 2048, which is the default for 64 bit architectures. Signed-off-by: -
Heiko Carstens authored
Allow the compiler to generate slightly better code by using the R constraint. Signed-off-by: -
Heiko Carstens authored
Add arch_ prefix to all atomic operations, and define ARCH_ATOMIC. This enables KASAN instrumentation for all atomic operations on s390. This is the s390 variant of commit 8bf705d1 ("locking/atomic/x86: Switch atomic.h to use atomic-instrumented.h"). Signed-off-by:
-
Heiko Carstens authored
s390 is the only architecture in the kernel which makes use of gcc's atomic builtin functions. Even though I don't see any technical problem with that right now, remove this code and open-code compare-and-swap loops again, like every other architecture is doing it also. We can switch to a generic implementation when other architectures are doing that also. See also https://lwn.net/Articles/586838/ for forther details. This basically reverts commit f318a122 ("s390/cmpxchg: use compiler builtins"). Signed-off-by:
-
Heiko Carstens authored
s390 is the only architecture in the kernel which makes use of gcc's atomic builtin functions. Even though I don't see any technical problem with that right now, remove this code and open-code compare-and-swap loops again, like every other architecture is doing it also. We can switch to a generic implementation when other architectures are doing that also. See also https://lwn.net/Articles/586838/ for forther details. Signed-off-by:
-
Heiko Carstens authored
Use the R,T, and S constraints instead of the Q constraint in atomic inline assemblies wherever possible. This allows the compiler to generate better code. (~ -2kb code size). Signed-off-by: -
Heiko Carstens authored
Move all remaining inline assemblies from atomic.h to atomic_ops.h. That way all atomic inline assemblies are contained within only a single header file. Signed-off-by: -
Heiko Carstens authored
The bitops code was optimized to generate test under mask instructions with the __bitops_byte() helper. However that was many years ago and in the meantime a lot of new instructions were introduced. Changing the code so that it always operates on longs nowadays even generates shorter code (~ -20kb, defconfig, gcc 10, march=zE12). Signed-off-by: -
Heiko Carstens authored
Add conditional trap handlers similar to conditional system calls (COND_SYSCALL), to reduce the number of ifdefs. Trap handlers which may or may not exist depending on config options are supposed to have a COND_TRAP entry, which redirects to default_trap_handler() for non-existent trap handlers during link time. This allows to get rid of the secure execution trap handlers for the !PGSTE case. Reviewed-by:
-
Niklas Schnelle authored
Currently zpci_configure_device() can be called on a zPCI function in two completely different states. Either the underlying zPCI function has already been configured by the platform and we are only doing the scanning to get it usable by Linux drivers. Or the underlying function is in Standby and we first do an SCLP to get it configured. This makes zpci_configure_device() harder to reason about. Since calling zpci_configure_device() on a function in Standby only happens in enable_slot() simply pull out the SCLP call and setting of zdev->state and thus call zpci_configure_device() under the same circumstances as in the event handling code. Reviewed-by:
Matthew Rosato <mjrosato@linux.ibm.com> Reviewed-by:
Pierre Morel <pmorel@linux.ibm.com> Signed-off-by:
-
Niklas Schnelle authored
Now that the zbus can be created without being scanned we can go one step further and make registering a device to a zbus independent from scanning it. This way the zbus handling becomes much more natural in that functions can be registered on the zbus to be scanned later more closely resembling the handling of both real PCI hardware and other virtual PCI busses like Hyper-V's virtual PCI bus (see for example drivers/pci/controller/pci-hyperv.c:create_root_hv_pci_bus()). Having zbus registration separate from scanning allows us to return fully initialized but still disabled zdevs from zpci_create_device() which can then be configured just as we would configure a zdev from standby (minus the SCLP Configure already done by the platform). There is still the exception that a PCI function with non-zero devfn can be plugged before its PCI bus, which depends on the function with zero devfn, is created. In this case the zdev returend from zpci_create_device() is still missing its bus, hotplug slot, and resources which need to be created later but at least it doesn't wait in the enabled state and can otherwise be treated as initialized. With this we also separate the initial PCI scan using CLP List PCI Functions into two phases. In the CLP loop's callback we only register each function with a virtual zbus creating the latter as needed. Then, after we have built this virtual PCI topology based on our list of zbusses, we can make use of the common code functionality to scan each complete zbus as a separate child bus. Reviewed-by:
-
Niklas Schnelle authored
In a later change we will first collect all PCI functions from the CLP List PCI functions call, then register them to/creating the relevant zbus. Then only after we've created our virtual bus structure will we scan all zbusses iterating over the zbus list. Since scanning is relatively slow a spinlock is a bad fit for protecting the loop over the devices on the zbus. Furthermore doing the probing on the bus we need to use pci_lock_rescan_remove() as devices are added to the PCI subsystem and that is a mutex which can't be locked nested inside a spinlock section. Note that the contention of this lock should be very low either way as zbusses are only added/removed concurrently on hotplug events. Reviewed-by:
-
Niklas Schnelle authored
In the existing code the creation of the PCI bus and the scanning of function zero all happens in zpci_scan_bus(). This in turn requires functions to be enabled and their resources to be available before the PCI bus is even created. This not only means that functions are enabled long before they are actually made available to the common PCI subsystem. In case of functions with non-zero devfn which appeared before the function with devfn zero they can wait arbitrarily long in this enabled but not scanned state. Fix this by separating the creation of the PCI bus from scanning it and only prepare, that is enable and setup MMIO bus resources, functions just before they are scanned. As they may be scanned multiple times track if we already created resources in the zdev. Reviewed-by:
-
Niklas Schnelle authored
Pull setting the maximum bus speed and multifunction attribute into zpci_bus_scan() in preparation for handling bus creation separately from scanning the bus. Reviewed-by:
-
Niklas Schnelle authored
To match zpci_bus_scan_device() and the PCI common code terminology and to remove some code duplication, we pull the multiple uses of pci_scan_single_device() into a function. For now this has the side effect of adding each device to the PCI bus separately and locking and unlocking the rescan/remove lock for each instead of just once per bus. This is clearly less efficient but provides a correct intermediate behavior until a follow on change does both the adding and scanning only once per bus. Reviewed-by:
-
Heiko Carstens authored
Convert the program check table to C. Which allows to get rid of yet another assembler file, and also enables proper type checking for the table. Reviewed-by:
-
Vineeth Vijayan authored
Use DECLARE_WAIT_QUEUE_HEAD to declare and statically initialize the work_queue_head_t. Signed-off-by:
Vineeth Vijayan <vneethv@linux.ibm.com> Reviewed-by:
Peter Oberparleiter <oberpar@linux.ibm.com> Signed-off-by:
-
zhongbaisong authored
Fix to return a negative error code from the error handling case instead of 0, as done elsewhere in this function. Reported-by:
Hulk Robot <hulkci@huawei.com> Signed-off-by:
Baisong Zhong <zhongbaisong@huawei.com> Fixes: 37564ed8 ("s390/uv: add prot virt guest/host indication files") Link: https://lore.kernel.org/r/2f7d62a4-3e75-b2b4-951b-75ef8ef59d16@huawei.comSigned-off-by:
-
Heiko Carstens authored
* fixes: s390/entry: save the caller of psw_idle s390/entry: avoid setting up backchain in ext|io handlers s390/setup: use memblock_free_late() to free old stack s390/irq: fix reading of ext_params2 field from lowcore s390/unwind: add machine check handler stack s390/cpcmd: fix inline assembly register clobbering MAINTAINERS: add backups for s390 vfio drivers s390/vdso: fix initializing and updating of vdso_data s390/vdso: fix tod_steering_delta type s390/vdso: copy tod_steering_delta value to vdso_data page Signed-off-by: -
Vasily Gorbik authored
Currently psw_idle does not allocate a stack frame and does not save its r14 and r15 into the save area. Even though this is valid from call ABI point of view, because psw_idle does not make any calls explicitly, in reality psw_idle is an entry point for controlled transition into serving interrupts. So, in practice, psw_idle stack frame is analyzed during stack unwinding. Depending on build options that r14 slot in the save area of psw_idle might either contain a value saved by previous sibling call or complete garbage. [task 0000038000003c28] do_ext_irq+0xd6/0x160 [task 0000038000003c78] ext_int_handler+0xba/0xe8 [task *0000038000003dd8] psw_idle_exit+0x0/0x8 <-- pt_regs ([task 0000038000003dd8] 0x0) [task 0000038000003e10] default_idle_call+0x42/0x148 [task 0000038000003e30] do_idle+0xce/0x160 [task 0000038000003e70] cpu_startup_entry+0x36/0x40 [task 0000038000003ea0] arch_call_rest_init+0x76/0x80 So, to make a stacktrace nicer and actually point for the real caller of psw_idle in this frequently occurring case, make psw_idle save its r14. [task 0000038000003c28] do_ext_irq+0xd6/0x160 [task 0000038000003c78] ext_int_handler+0xba/0xe8 [task *0000038000003dd8] psw_idle_exit+0x0/0x6 <-- pt_regs ([task 0000038000003dd8] arch_cpu_idle+0x3c/0xd0) [task 0000038000003e10] default_idle_call+0x42/0x148 [task 0000038000003e30] do_idle+0xce/0x160 [task 0000038000003e70] cpu_startup_entry+0x36/0x40 [task 0000038000003ea0] arch_call_rest_init+0x76/0x80 Reviewed-by:
-
Vasily Gorbik authored
Currently when interrupt arrives to cpu while in kernel context INT_HANDLER macro (used for ext_int_handler and io_int_handler) allocates new stack frame and pt_regs on the kernel stack and sets up the backchain to jump over the pt_regs to the frame which has been interrupted. This is not ideal to two reasons: 1. This hides the fact that kernel stack contains interrupt frame in it and hence breaks arch_stack_walk_reliable(), which needs to know that to guarantee "reliability" and checks that there are no pt_regs on the way. 2. It breaks the backchain unwinder logic, which assumes that the next stack frame after an interrupt frame is reliable, while it is not. In some cases (when r14 contains garbage) this leads to early unwinding termination with an error, instead of marking frame as unreliable and continuing. To address that, only set backchain to 0. Fixes: 56e62a73 ("s390: convert to generic entry") Reviewed-by:
-
- 07 Apr, 2021 3 commits
-
-
Vineeth Vijayan authored
For static initialization of list_head variable, use LIST_HEAD instead of INIT_LIST_HEAD function. Suggested-by:
-
Vineeth Vijayan authored
For static initialization of spinlock_t variable, use DEFINE_SPINLOCK instead of explicitly calling spin_lock_init(). Signed-off-by:
-
Heiko Carstens authored
Use memblock_free_late() to free the old machine check stack to the buddy allocator instead of leaking it. Fixes: b61b1595 ("s390: add stack for machine check handler") Cc: Vasily Gorbik <gor@linux.ibm.com> Acked-by:
-
- 05 Apr, 2021 4 commits
-
-
Alexander Gordeev authored
Due to historical reasons mark_kernel_pXd() functions misuse the notion of physical vs virtual addresses difference. Signed-off-by:
-
Tony Krowiak authored
This patch fixes a lockdep splat introduced by commit f21916ec ("s390/vfio-ap: clean up vfio_ap resources when KVM pointer invalidated"). The lockdep splat only occurs when starting a Secure Execution guest. Crypto virtualization (vfio_ap) is not yet supported for SE guests; however, in order to avoid this problem when support becomes available, this fix is being provided. The circular locking dependency was introduced when the setting of the masks in the guest's APCB was executed while holding the matrix_dev->lock. While the lock is definitely needed to protect the setting/unsetting of the matrix_mdev->kvm pointer, it is not necessarily critical for setting the masks; so, the matrix_dev->lock will be released while the masks are being set or cleared. Keep in mind, however, that another process that takes the matrix_dev->lock can get control while the masks in the guest's APCB are being set or cleared as a result of the driver being notified that the KVM pointer has been set or unset. This could result in invalid access to the matrix_mdev->kvm pointer by the intervening process. To avoid this scenario, two new fields are being added to the ap_matrix_mdev struct: struct ap_matrix_mdev { ... bool kvm_busy; wait_queue_head_t wait_for_kvm; ... }; The functions that handle notification that the KVM pointer value has been set or cleared will set the kvm_busy flag to true until they are done processing at which time they will set it to false and wake up the tasks on the matrix_mdev->wait_for_kvm wait queue. Functions that require access to matrix_mdev->kvm will sleep on the wait queue until they are awakened at which time they can safely access the matrix_mdev->kvm field. Fixes: f21916ec ("s390/vfio-ap: clean up vfio_ap resources when KVM pointer invalidated") Cc: stable@vger.kernel.org Signed-off-by:
Tony Krowiak <akrowiak@linux.ibm.com> Signed-off-by:
-
Wan Jiabing authored
struct ccw1 is declared twice. One has been declared at 21st line. Remove the duplicate. Signed-off-by:
Wan Jiabing <wanjiabing@vivo.com> Acked-by:
-
Shixin Liu authored
wait_queue_head_t can be initialized automatically with DECLARE_WAIT_QUEUE_HEAD() rather than explicitly calling init_waitqueue_head(). Signed-off-by:
Shixin Liu <liushixin2@huawei.com> Acked-by:
-
