- 10 Nov, 2017 5 commits
-
-
Cornelia Huck authored
The file arch/s390/include/uapi/asm/virtio-ccw.h belongs to the s390 virtio drivers as well. Signed-off-by:
Cornelia Huck <cohuck@redhat.com> Signed-off-by:
Heiko Carstens <heiko.carstens@de.ibm.com>
-
Heiko Carstens authored
Rebooting into a new kernel with kexec fails (system dies) if tried on a machine that has no-execute support. Reason for this is that the so called datamover code gets executed with DAT on (MMU is active) and the page that contains the datamover is marked as non-executable. Therefore when branching into the datamover an unexpected program check happens and afterwards the machine is dead. This can be simply avoided by disabling DAT, which also disables any no-execute checks, just before the datamover gets executed. In fact the first thing done by the datamover is to disable DAT. The code in the datamover that disables DAT can be removed as well. Thanks to Michael Holzheu and Gerald Schaefer for tracking this down. Reviewed-by:
Michael Holzheu <holzheu@linux.vnet.ibm.com> Reviewed-by:
Philipp Rudo <prudo@linux.vnet.ibm.com> Cc: Gerald Schaefer <gerald.schaefer@de.ibm.com> Cc: Martin Schwidefsky <schwidefsky@de.ibm.com> Fixes: 57d7f939 ("s390: add no-execute support") Cc: <stable@vger.kernel.org> # v4.11+ Signed-off-by:
-
Heiko Carstens authored
Dan Horák reported the following crash related to transactional execution: User process fault: interruption code 0013 ilc:3 in libpthread-2.26.so[3ff93c00000+1b000] CPU: 2 PID: 1 Comm: /init Not tainted 4.13.4-300.fc27.s390x #1 Hardware name: IBM 2827 H43 400 (z/VM 6.4.0) task: 00000000fafc8000 task.stack: 00000000fafc4000 User PSW : 0705200180000000 000003ff93c14e70 R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:1 AS:0 CC:2 PM:0 RI:0 EA:3 User GPRS: 0000000000000077 000003ff00000000 000003ff93144d48 000003ff93144d5e 0000000000000000 0000000000000002 0000000000000000 000003ff00000000 0000000000000000 0000000000000418 0000000000000000 000003ffcc9fe770 000003ff93d28f50 000003ff9310acf0 000003ff92b0319a 000003ffcc9fe6d0 User Code: 000003ff93c14e62: 60e0b030 std %f14,48(%r11) 000003ff93c14e66: 60f0b038 std %f15,56(%r11) #000003ff93c14e6a: e5600000ff0e tbegin 0,65294 >000003ff93c14e70: a7740006 brc 7,3ff93c14e7c 000003ff93c14e74: a7080000 lhi %r0,0 000003ff93c14e78: a7f40023 brc 15,3ff93c14ebe 000003ff93c14e7c: b2220000 ipm %r0 000003ff93c14e80: 8800001c srl %r0,28 There are several bugs with control register handling with respect to transactional execution: - on task switch update_per_regs() is only called if the next task has an mm (is not a kernel thread). This however is incorrect. This breaks e.g. for user mode helper handling, where the kernel creates a kernel thread and then execve's a user space program. Control register contents related to transactional execution won't be updated on execve. If the previous task ran with transactional execution disabled then the new task will also run with transactional execution disabled, which is incorrect. Therefore call update_per_regs() unconditionally within switch_to(). - on startup the transactional execution facility is not enabled for the idle thread. This is not really a bug, but an inconsistency to other facilities. Therefore enable the facility if it is available. - on fork the new thread's per_flags field is not cleared. This means that a child process inherits the PER_FLAG_NO_TE flag. This flag can be set with a ptrace request to disable transactional execution for the current process. It should not be inherited by new child processes in order to be consistent with the handling of all other PER related debugging options. Therefore clear the per_flags field in copy_thread_tls(). Reported-and-tested-by:Dan Horák <dan@danny.cz> Fixes: d35339a4 ("s390: add support for transactional memory") Cc: <stable@vger.kernel.org> # v3.7+ Cc: Martin Schwidefsky <schwidefsky@de.ibm.com> Reviewed-by:
Christian Borntraeger <borntraeger@de.ibm.com> Reviewed-by:
Hendrik Brueckner <brueckner@linux.vnet.ibm.com> Signed-off-by:
-
Michael Holzheu authored
Make use of the "stack_depth" tracking feature introduced with commit 8726679a ("bpf: teach verifier to track stack depth") for the s390 JIT, so that stack usage can be reduced. Signed-off-by:
-
Heiko Carstens authored
Merge tag 'vfio-ccw-20171109' of git://git.kernel.org/pub/scm/linux/kernel/git/kvms390/vfio-ccw into features Pull vfio-ccw update from Cornelia Huck: "A vfio-ccw bugfix: avoid freeing that which should not be freed."
-
- 09 Nov, 2017 3 commits
-
-
Heiko Carstens authored
Just use MACHINE_HAS_TE to decide if HWCAP_S390_TE needs to be added to elf_hwcap. Suggested-by:
-
Harald Freudenberger authored
The ap_qact_ap_info struct can get more easy handled when the fields in there can be accessed by their names but also the struct as a whole with just an unsigned long value. This patch reworks this struct to be a union and adapt the using code accordingly. Signed-off-by:
Harald Freudenberger <freude@linux.vnet.ibm.com> Signed-off-by:
-
Christian Borntraeger authored
With commit 7fb2b2d5 ("s390/virtio: remove the old KVM virtio transport") the pre-ccw virtio transport for s390 was removed. To complete the removal the uapi header file that contains the related data structures must also be removed. Signed-off-by:
-
- 08 Nov, 2017 8 commits
-
-
Heiko Carstens authored
At a couple of places smatch emits warnings like this: arch/s390/mm/vmem.c:409 vmem_map_init() warn: right shifting more than type allows In fact shifting a signed type right is undefined. Avoid this and add an unsigned long cast. The shifted values are always positive. Signed-off-by: -
Heiko Carstens authored
The current way of adding new instructions to the opcode tables is painful and error prone. Therefore add, similar to binutils, a text file which contains all opcodes and the corresponding mnemonics and instruction formats. A small gen_opcode_table tool then generates a header file with the required enums and opcode table initializers at the prepare step of the kernel build. This way only a simple text file has to be maintained, which can be rather easily extended. Unlike before where there were plenty of opcode tables and a large switch statement to find the correct opcode table, there is now only one opcode table left which contains all instructions. A second opcode offset table now contains offsets within the opcode table to find instructions which have the same opcode prefix. In order to save space all 1-byte opcode instructions are grouped together at the end of the opcode table. This is also quite similar to like it was before. In addition also move and change code and definitions within the disassembler. As a side effect this reduces the size required for the code and opcode tables by ~1.5k. Signed-off-by: -
Heiko Carstens authored
insn_to_mnemonic() was introduced ages ago for KVM debugging, but is unused in the meantime. Therefore remove it. Acked-by:
-
Arnd Bergmann authored
do_gettimeofday() is deprecated because it's not y2038-safe on 32-bit architectures. Since it is basically a wrapper around ktime_get_real_ts64(), we can just call that function directly instead. Signed-off-by:
Arnd Bergmann <arnd@arndb.de> [sth@linux.vnet.ibm.com: fix build] Signed-off-by:
Stefan Haberland <sth@linux.vnet.ibm.com> Signed-off-by:
-
Jason J. Herne authored
Because we do not make use of the cda (channel data address) for test, no-op ccws no address translation takes place. This means cda could contain a guest address which we do not want to attempt to free. Let's check the command type and skip cda free when it is not needed. For a TIC ccw, ccw->cda points to either a ccw in an existing chain or it points to a whole new allocated chain. In either case the data will be freed when the owning chain is freed. Signed-off-by:
Jason J. Herne <jjherne@linux.vnet.ibm.com> Reviewed-by:
Dong Jia Shi <bjsdjshi@linux.vnet.ibm.com> Reviewed-by:
Pierre Morel <pmorel@linux.vnet.ibm.com> Message-Id: <1510068152-21988-1-git-send-email-jjherne@linux.vnet.ibm.com> Reviewed-by:
Halil Pasic <pasic@linux.vnet.ibm.com> Acked-by:
-
Heiko Carstens authored
Remove the support to create a z/VM named saved segment (NSS). This feature is not supported since quite a while in favour of jump labels, function tracing and (now) CPU alternatives. All of these features require to write to the kernel text section which is not possible if the kernel is contained within an NSS. Given that memory savings are minimal if kernel images are shared and in addition updates of shared images are painful, the NSS feature can be removed. Reviewed-by:
-
Harald Freudenberger authored
The reworked version of the random device driver now calls the arch_get_random_* functions on a very high frequency. It does about 100.000 calls to arch_get_random_long for providing 10 MB via /dev/urandom. Each invocation was fetching entropy from the hardware random generator which has a rate limit of about 4 MB/s. As the trng invocation waits until enough entropy is gathered, the random device driver is slowed down dramatically. The s390 true random generator is not designed for such a high rate. The TRNG is more designed to be used together with the arch_get_random_seed_* functions. This is similar to the way how powerpc has implemented their arch random functionality. This patch removes the invocations of the s390 TRNG for arch_get_random_long() and arch_get_random_int() but leaving the invocations for arch_get_random_seed_long() and arch_get_random_seed_int(). So the s390 arch random implementation now contributes high quality entropy to the kernel random device for reseeding. Signed-off-by:
-
Christian Borntraeger authored
As of today QEMU does not provide the AIS facility to its guest. This prevents Linux guests from using PCI devices as the ais facility is checked during init. As this is just a performance optimization, we can move the ais check into the code where we need it (calling the SIC instruction). This is used at initialization and on interrupt. Both places do not require any serialization, so we can simply skip the instruction. Since we will now get all interrupts, we can also avoid the 2nd scan. As we can have multiple interrupts in parallel we might trigger spurious irqs more often for the non-AIS case but the core code can handle that. Signed-off-by:
Sebastian Ott <sebott@linux.vnet.ibm.com> Signed-off-by:
-
- 03 Nov, 2017 2 commits
-
-
Sebastian Ott authored
qdio maintains an array of struct indicator_t. put_indicator takes a pointer to a member of a struct indicator_t within that array, calculates the index, and uses the array and the index to get the struct indicator_t. Simply use the pointer directly. Although the pointer happens to point to the first member of that struct use the container_of macro. Signed-off-by:
Ursula Braun <ubraun@linux.vnet.ibm.com> Signed-off-by:
Martin Schwidefsky <schwidefsky@de.ibm.com>
-
Sebastian Ott authored
qdio uses atomic_read to find an unused indicator and atomic_set to flag it as used. This could lead to multiple users getting the same indicator. Use atomic_cmpxchg instead. Signed-off-by:
-
- 02 Nov, 2017 2 commits
-
-
Vasily Gorbik authored
__LC_MCESAD is currently 4528 /* offsetof(struct lowcore, mcesad) */ that would require long-displacement facility for lg, which we don't have on z900. Fixes: 3037a52f ("s390/nmi: do register validation as early as possible") Signed-off-by:
Vasily Gorbik <gor@linux.vnet.ibm.com> Signed-off-by:
-
Luc Van Oostenryck authored
s390 is big-endian only but sparse assumes the same endianness as the building machine. This is problematic for code which expect __BYTE_ORDER__ being correctly predefined by the compiler which sparse can then pre-process differently from what gcc would, depending on the building machine endianness. Fix this by letting sparse know about the architecture endianness. Signed-off-by:
Luc Van Oostenryck <luc.vanoostenryck@gmail.com> Signed-off-by:
-
- 26 Oct, 2017 3 commits
-
-
Martin Schwidefsky authored
The decompressor for bzImage prints two informational messages which are not really helpful. The decompression step is fast and if something bad happens an error message will be printed. Remove the noise. Signed-off-by: -
Elena Reshetova authored
atomic_t variables are currently used to implement reference counters with the following properties: - counter is initialized to 1 using atomic_set() - a resource is freed upon counter reaching zero - once counter reaches zero, its further increments aren't allowed - counter schema uses basic atomic operations (set, inc, inc_not_zero, dec_and_test, etc.) Such atomic variables should be converted to a newly provided refcount_t type and API that prevents accidental counter overflows and underflows. This is important since overflows and underflows can lead to use-after-free situation and be exploitable. The variable urdev.ref_count is used as pure reference counter. Convert it to refcount_t and fix up the operations. Suggested-by:
Kees Cook <keescook@chromium.org> Reviewed-by:
David Windsor <dwindsor@gmail.com> Reviewed-by:
Hans Liljestrand <ishkamiel@gmail.com> Signed-off-by:
Elena Reshetova <elena.reshetova@intel.com> Signed-off-by:
-
Hendrik Brueckner authored
Add the hardware counters that are available with z14. With z14, the number of problem-state counters is reduced. The initialization is updated respectively. Signed-off-by:
-
- 23 Oct, 2017 3 commits
-
-
Harald Freudenberger authored
This patch introduces a new ap_qact() function which exploits the PQAP(QACT) subfunction. QACT is a new interface to Query the Ap Compatilibity Type based on a given AP qid, type, mode and version. Based on this new function the AP bus scan code is slightly reworked to use this new interface for querying the compatible type for each new AP queue device detected. So new and unknown devices can get automatically mapped to a compatible type and handled without the need for toleration patches for every new hardware. The currently highest known hardware is CEX6S. With this patch a possible successor can get queried for a combatible type known by the device driver without the need for an toleration patch. Signed-off-by:
-
Harald Freudenberger authored
With the CEX6 there is a new CPRB (subfunction AU) used to generate protected keys from secure keys. This new CPRB needs to have the special flag set in the queue message header struct which is introduced with this fix. Signed-off-by:
-
Harald Freudenberger authored
This patch adds the full CEX6S card support to the zcrypt device driver. A CEX6A/C/P is detected and displayed as such, the card and queue device driver code is updated to recognize it and the relative weight values for CEX4, CEX5 and CEX6 have been updated. Signed-off-by:
-
- 19 Oct, 2017 5 commits
-
-
Martin Schwidefsky authored
The validation of the CPU registers in the machine check handler is currently split into two parts. The first part is done at the start of the low level mcck_int_handler function, this includes the CPU timer register and the general purpose registers. The second part is done a bit later in s390_do_machine_check for all the other registers, including the control registers, floating pointer control, vector or floating pointer registers, the access registers, the guarded storage registers, the TOD programmable registers and the clock comparator. This is working fine to far but in theory a future extensions could cause the C code to use registers that are not validated yet. A better approach is to validate all CPU registers in "safe" assembler code before any C function is called. Reviewed-by:
-
Martin Schwidefsky authored
The machine check extended save area is needed to store the vector registers and the guarded storage control block when a CPU is interrupted by a machine check. Move the slab cache allocation of the full save area to nmi.c, for early boot use a static __initdata block. Reviewed-by:
-
Martin Schwidefsky authored
The nmi.h header has some constant defines for control register bits. These definitions should really be located in ctl_reg.h. Move and rename the defines. Reviewed-by:
-
Martin Schwidefsky authored
Add a decoding union for the bits in control registers 2 and use 'union ctlreg0' and 'union ctlreg2' in update_cr_regs to improve readability. Reviewed-by:
-
Martin Schwidefsky authored
The smp_send_stop() function can be called from s390_handle_damage while DAT is off. This happens if a machine check indicates that kernel gprs or control registers can not be restored. The function smp_send_stop reenables DAT via __load_psw_mask. That should work for the case of lost kernel gprs and the system will do the expected stop of all CPUs. But if control registers are lost, in particular CR13 with the home space ASCE, interesting secondary crashes may occur. Make smp_emergency_stop callable from nmi.c and remove the cpumask argument. Replace the smp_send_stop call with smp_emergency_stop in the s390_handle_damage function. In addition add notrace and NOKPROBE_SYMBOL annotations for all functions required for the emergency shutdown. Reviewed-by:
-
- 18 Oct, 2017 7 commits
-
-
Martin Schwidefsky authored
The boot_vdso_data variable is related to the vdso code, the magic of the initial vdso area for the early boot and the replacement of it in vdso_init should all be put into vdso.c. Signed-off-by: -
Vasily Gorbik authored
Enable niai instruction in the spinlock code at run-time for machines on which facility 49 is available (zEC12 and newer). Signed-off-by:
-
Vasily Gorbik authored
Implement CPU alternatives, which allows to optionally patch newer instructions at runtime, based on CPU facilities availability. A new kernel boot parameter "noaltinstr" disables patching. Current implementation is derived from x86 alternatives. Although ideal instructions padding (when altinstr is longer then oldinstr) is added at compile time, and no oldinstr nops optimization has to be done at runtime. Also couple of compile time sanity checks are done: 1. oldinstr and altinstr must be <= 254 bytes long, 2. oldinstr and altinstr must not have an odd length. alternative(oldinstr, altinstr, facility); alternative_2(oldinstr, altinstr1, facility1, altinstr2, facility2); Both compile time and runtime padding consists of either 6/4/2 bytes nop or a jump (brcl) + 2 bytes nop filler if padding is longer then 6 bytes. .altinstructions and .altinstr_replacement sections are part of __init_begin : __init_end region and are freed after initialization. Signed-off-by:
-
Sebastian Ott authored
Get rid of unused wrapper macros around debug_sprintf_exception. Signed-off-by:
-
Sebastian Ott authored
debug_event_common memsets the active debug entry with zeros to prevent stale data leakage. This is overwritten with the actual debug data in the next step. Only write zeros to that part of the debug entry that's not used by new debug data. Micro benchmarks show a 2-10% reduction of cpu cycles with this approach. Signed-off-by:
-
Sebastian Ott authored
debug_event currently truncates the data if used with a size larger than the buf_size of the debug feature. For lots of callers of this function, wrappers have been implemented that loop until all data is handled. Move that functionality into debug_event_common and get rid of the wrappers. Signed-off-by:
-
Philipp Rudo authored
Before kexec boots to a crash kernel it checks whether the image in memory changed after load. This is done by the function kdump_csum_valid, which returns true, i.e. an int != 0, on success and 0 otherwise. In other words when kdump_csum_valid returns an error code it means that the validation succeeded. This is not only counterintuitive but also produces the wrong result if the kernel was build without CONFIG_CRASH_DUMP. Fix this by making kdump_csum_valid return a bool. Signed-off-by:
-
- 16 Oct, 2017 2 commits
-
-
Martin Schwidefsky authored
Merge tag 'vfio-ccw-20171016' of git://git.kernel.org/pub/scm/linux/kernel/git/kvms390/vfio-ccw into features Pull vfio-ccw update from Cornelia Huck: "Some improvements in data handling for vfio-ccw."
-
Dong Jia Shi authored
If the count field of a ccw is zero, there is no need to try to pin page(s) for it. Let's check the count value before starting pinning operations. Reviewed-by:
-
