Revision tags: v6.6.25, v6.6.24, v6.6.23, v6.6.16, v6.6.15, v6.6.14, v6.6.13, v6.6.12, v6.6.11, v6.6.10, v6.6.9, v6.6.8, v6.6.7, v6.6.6, v6.6.5, v6.6.4, v6.6.3, v6.6.2, v6.5.11, v6.6.1, v6.5.10, v6.6, v6.5.9, v6.5.8, v6.5.7, v6.5.6, v6.5.5, v6.5.4, v6.5.3, v6.5.2, v6.1.51, v6.5.1, v6.1.50, v6.5, v6.1.49, v6.1.48, v6.1.46, v6.1.45, v6.1.44, v6.1.43, v6.1.42, v6.1.41, v6.1.40, v6.1.39, v6.1.38, v6.1.37, v6.1.36, v6.4, v6.1.35, v6.1.34, v6.1.33, v6.1.32, v6.1.31, v6.1.30, v6.1.29, v6.1.28, v6.1.27, v6.1.26, v6.3, v6.1.25, v6.1.24, v6.1.23, v6.1.22, v6.1.21, v6.1.20, v6.1.19, v6.1.18, v6.1.17, v6.1.16, v6.1.15, v6.1.14, v6.1.13, v6.2, v6.1.12, v6.1.11, v6.1.10, v6.1.9, v6.1.8, v6.1.7, v6.1.6, v6.1.5, v6.0.19, v6.0.18, v6.1.4, v6.1.3, v6.0.17, v6.1.2, v6.0.16, v6.1.1, v6.0.15, v6.0.14 |
|
#
e7ec1d2e |
| 17-Dec-2022 |
Alexander Gordeev <agordeev@linux.ibm.com> |
s390/mcck: cleanup user process termination path
If a machine check interrupt hits while user process is running __s390_handle_mcck() helper function is called directly from the interrupt handler an
s390/mcck: cleanup user process termination path
If a machine check interrupt hits while user process is running __s390_handle_mcck() helper function is called directly from the interrupt handler and terminates the current process by calling make_task_dead() routine.
The make_task_dead() is not allowed to be called from interrupt context which forces the machine check handler switch to the kernel stack and enable local interrupts first.
The __s390_handle_mcck() could also be called to service pending work, but this time from the external interrupts handler. It is the machine check handler that establishes the work and schedules the external interrupt, therefore the machine check interrupt itself should be disabled while reading out the corresponding variable:
local_mcck_disable(); mcck = *this_cpu_ptr(&cpu_mcck); memset(this_cpu_ptr(&cpu_mcck), 0, sizeof(mcck)); local_mcck_enable();
However, local_mcck_disable() does not have effect when __s390_handle_mcck() is called directly form the machine check handler, since the machine check interrupt is still disabled. Therefore, it is not the opening bracket to the following local_mcck_enable() function.
Simplify the user process termination flow by scheduling the external interrupt and killing the affected process from the interrupt context.
Assume a kernel-generated signal is always delivered and ignore a value returned by do_send_sig_info() funciton.
Reviewed-by: Heiko Carstens <hca@linux.ibm.com> Reviewed-by: Sven Schnelle <svens@linux.ibm.com> Signed-off-by: Alexander Gordeev <agordeev@linux.ibm.com> Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
show more ...
|
#
ae4b60f6 |
| 16-Feb-2023 |
Nico Boehr <nrb@linux.ibm.com> |
s390/nmi: fix virtual-physical address confusion
When a machine check is received while in SIE, it is reinjected into the guest in some cases. The respective code needs to access the sie_block, whic
s390/nmi: fix virtual-physical address confusion
When a machine check is received while in SIE, it is reinjected into the guest in some cases. The respective code needs to access the sie_block, which is taken from the backed up R14.
Since reinjection only occurs while we are in SIE (i.e. between the labels sie_entry and sie_leave in entry.S and thus if CIF_MCCK_GUEST is set), the backed up R14 will always contain a physical address in s390_backup_mcck_info.
This currently works, because virtual and physical addresses are the same.
Add phys_to_virt() to resolve the virtual-physical confusion.
Signed-off-by: Nico Boehr <nrb@linux.ibm.com> Reviewed-by: Claudio Imbrenda <imbrenda@linux.ibm.com> Reviewed-by: Alexander Gordeev <agordeev@linux.ibm.com> Link: https://lore.kernel.org/r/20230216121208.4390-2-nrb@linux.ibm.com Signed-off-by: Janosch Frank <frankja@linux.ibm.com> Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
show more ...
|
Revision tags: v6.0.13, v6.1, v6.0.12, v6.0.11 |
|
#
bb3860cc |
| 30-Nov-2022 |
Heiko Carstens <hca@linux.ibm.com> |
s390/nmi: get rid of private slab cache
Get rid of private "nmi_save_areas" slab cache. The only reason this was introduced years ago was that with some slab debugging options allocations would only
s390/nmi: get rid of private slab cache
Get rid of private "nmi_save_areas" slab cache. The only reason this was introduced years ago was that with some slab debugging options allocations would only guarantee a minimum alignment of ARCH_KMALLOC_MINALIGN, which was eight bytes back then. This is not sufficient for the extended machine check save area.
However since commit 59bb47985c1d ("mm, sl[aou]b: guarantee natural alignment for kmalloc(power-of-two)") kmalloc guarantees a power-of-two alignment even with debugging options enabled.
Therefore the private slab cache can be removed.
Reviewed-by: Alexander Gordeev <agordeev@linux.ibm.com> Signed-off-by: Heiko Carstens <hca@linux.ibm.com> Signed-off-by: Alexander Gordeev <agordeev@linux.ibm.com>
show more ...
|
#
742aed05 |
| 29-Nov-2022 |
Heiko Carstens <hca@linux.ibm.com> |
s390/nmi: move storage error checking back to C, enter with DAT on
Checking for storage errors in machine check entry code was done in order to handle also storage errors on kernel page tables. Howe
s390/nmi: move storage error checking back to C, enter with DAT on
Checking for storage errors in machine check entry code was done in order to handle also storage errors on kernel page tables. However this is extremely unlikely and some basic assumptions what works on machine check entry are necessary anyway. In order to simplify machine check handling delay checking for storage errors to C code. With this also change the machine check new PSW to have DAT on, which simplifies the entry code even further.
Reviewed-by: Alexander Gordeev <agordeev@linux.ibm.com> Signed-off-by: Heiko Carstens <hca@linux.ibm.com> Signed-off-by: Alexander Gordeev <agordeev@linux.ibm.com>
show more ...
|
#
506faa5b |
| 28-Nov-2022 |
Heiko Carstens <hca@linux.ibm.com> |
s390/nmi: print machine check interruption code before stopping system
In case a system will be stopped because of e.g. missing validity bits print the machine check interruption code before the sys
s390/nmi: print machine check interruption code before stopping system
In case a system will be stopped because of e.g. missing validity bits print the machine check interruption code before the system is stopped.
This is helpful, since up to now no message was printed in such a case. Only a disabled wait PSW was loaded, which doesn't give a hint of what went wrong. Improve this by printing a message with debug information.
Reviewed-by: Peter Oberparleiter <oberpar@linux.ibm.com> Reviewed-by: Alexander Gordeev <agordeev@linux.ibm.com> Signed-off-by: Heiko Carstens <hca@linux.ibm.com> Signed-off-by: Alexander Gordeev <agordeev@linux.ibm.com>
show more ...
|
#
f9e5938a |
| 27-Nov-2022 |
Heiko Carstens <hca@linux.ibm.com> |
s390/nmi: rework register validation handling
If a machine check happens in kernel mode, and the machine check interruption code indicates that e.g. vector register contents in the machine check are
s390/nmi: rework register validation handling
If a machine check happens in kernel mode, and the machine check interruption code indicates that e.g. vector register contents in the machine check area are not valid, the logic is to kill current.
The idea behind this was that if within kernel context vector registers are not used then it is sufficient to kill the current user space process to avoid that it continues with potentially corrupt register contents. This however does not necessarily work, since the current code does not take into account that a machine check can also happen when a kernel thread is running (= no user space context), and in addition there is no way to distinguish between the "previous" and "next" user process task, if the machine check happens when a task switch happens.
Given that machine checks with invalid saved register contents in the machine check save area are extremely rare, simplify the logic: if register contents are invalid and the previous context was kernel mode, stop the whole machine. If the previous context was user mode, kill the corresponding task.
Signed-off-by: Heiko Carstens <hca@linux.ibm.com> Signed-off-by: Alexander Gordeev <agordeev@linux.ibm.com>
show more ...
|
#
5720aab2 |
| 01-Dec-2022 |
Heiko Carstens <hca@linux.ibm.com> |
s390/nmi: use vector instruction macros instead of byte patterns
Use vector instruction macros instead of byte patterns to increase readability. The generated code is nearly identical:
- 1e8: e7 0
s390/nmi: use vector instruction macros instead of byte patterns
Use vector instruction macros instead of byte patterns to increase readability. The generated code is nearly identical:
- 1e8: e7 0f 10 00 00 36 vlm %v0,%v15,0(%r1) - 1ee: e7 0f 11 00 0c 36 vlm %v16,%v31,256(%r1) + 1e8: e7 0f 10 00 30 36 vlm %v0,%v15,0(%r1),3 + 1ee: e7 0f 11 00 3c 36 vlm %v16,%v31,256(%r1),3
By using the VLM macro the alignment hint is automatically specified too. Even though from a performance perspective it doesn't matter at all for the machine check code, this shows yet another benefit when using the macros.
Signed-off-by: Heiko Carstens <hca@linux.ibm.com> Signed-off-by: Alexander Gordeev <agordeev@linux.ibm.com>
show more ...
|
Revision tags: v6.0.10, v5.15.80, v6.0.9, v5.15.79, v6.0.8, v5.15.78, v6.0.7, v5.15.77, v5.15.76, v6.0.6, v6.0.5, v5.15.75, v6.0.4, v6.0.3, v6.0.2, v5.15.74, v5.15.73, v6.0.1, v5.15.72, v6.0, v5.15.71, v5.15.70, v5.15.69, v5.15.68, v5.15.67, v5.15.66, v5.15.65, v5.15.64, v5.15.63, v5.15.62, v5.15.61 |
|
#
12dd19c1 |
| 13-Aug-2022 |
Alexander Gordeev <agordeev@linux.ibm.com> |
s390/boot: fix absolute zero lowcore corruption on boot
Crash dump always starts on CPU0. In case CPU0 is offline the prefix page is not installed and the absolute zero lowcore is used. However, str
s390/boot: fix absolute zero lowcore corruption on boot
Crash dump always starts on CPU0. In case CPU0 is offline the prefix page is not installed and the absolute zero lowcore is used. However, struct lowcore::mcesad is never assigned and stays zero. That leads to __machine_kdump() -> save_vx_regs() call silently stores vector registers to the absolute lowcore at 0x11b0 offset.
Fixes: a62bc0739253 ("s390/kdump: add support for vector extension") Reviewed-by: Heiko Carstens <hca@linux.ibm.com> Signed-off-by: Alexander Gordeev <agordeev@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
show more ...
|
Revision tags: v5.15.60, v5.15.59, v5.19, v5.15.58 |
|
#
520763a3 |
| 26-Jul-2022 |
Sven Schnelle <svens@linux.ibm.com> |
s390/nmi: use irqentry_nmi_enter()/irqentry_nmi_exit()
With generic entry in place switch the nmi handler to use the generic entry helper functions.
Signed-off-by: Sven Schnelle <svens@linux.ibm.co
s390/nmi: use irqentry_nmi_enter()/irqentry_nmi_exit()
With generic entry in place switch the nmi handler to use the generic entry helper functions.
Signed-off-by: Sven Schnelle <svens@linux.ibm.com> Reviewed-by: Heiko Carstens <hca@linux.ibm.com> Signed-off-by: Alexander Gordeev <agordeev@linux.ibm.com>
show more ...
|
Revision tags: v5.15.57, v5.15.56, v5.15.55, v5.15.54, v5.15.53, v5.15.52, v5.15.51, v5.15.50, v5.15.49, v5.15.48, v5.15.47, v5.15.46, v5.15.45, v5.15.44, v5.15.43, v5.15.42, v5.18, v5.15.41, v5.15.40, v5.15.39, v5.15.38 |
|
#
39d62336 |
| 04-May-2022 |
Thomas Richter <tmricht@linux.ibm.com> |
s390/pai: add support for cryptography counters
PMU device driver perf_pai_crypto supports Processor Activity Instrumentation (PAI), available with IBM z16: - maps a full page to lowcore address 0x1
s390/pai: add support for cryptography counters
PMU device driver perf_pai_crypto supports Processor Activity Instrumentation (PAI), available with IBM z16: - maps a full page to lowcore address 0x1500. - uses CR0 bit 13 to turn PAI crypto counting on and off. - creates a sample with raw data on each context switch out when at context switch some mapped counters have a value of nonzero. This device driver only supports CPU wide context, no task context is allowed.
Support for counting: - one or more counters can be specified using perf stat -e pai_crypto/xxx/ where xxx stands for the counter event name. Multiple invocation of this command is possible. The counter names are listed in /sys/devices/pai_crypto/events directory. - one special counters can be specified using perf stat -e pai_crypto/CRYPTO_ALL/ which returns the sum of all incremented crypto counters. - one event pai_crypto/CRYPTO_ALL/ is reserved for sampling. No multiple invocations are possible. The event collects data at context switch out and saves them in the ring buffer.
Add qpaci assembly instruction to query supported memory mapped crypto counters. It returns the number of counters (no holes allowed in that range).
The PAI crypto counter events are system wide and can not be executed in parallel. Therefore some restrictions documented in function paicrypt_busy apply. In particular event CRYPTO_ALL for sampling must run exclusive. Only counting events can run in parallel.
PAI crypto counter events can not be created when a CPU hot plug add is processed. This means a CPU hot plug add does not get the necessary PAI event to record PAI cryptography counter increments on the newly added CPU. CPU hot plug remove removes the event and terminates the counting of PAI counters immediately.
Co-developed-by: Sven Schnelle <svens@linux.ibm.com> Signed-off-by: Sven Schnelle <svens@linux.ibm.com> Reviewed-by: Juergen Christ <jchrist@linux.ibm.com> Signed-off-by: Thomas Richter <tmricht@linux.ibm.com> Link: https://lore.kernel.org/r/20220504062351.2954280-3-tmricht@linux.ibm.com Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
show more ...
|
Revision tags: v5.15.37, v5.15.36, v5.15.35, v5.15.34, v5.15.33, v5.15.32, v5.15.31, v5.17, v5.15.30, v5.15.29, v5.15.28, v5.15.27, v5.15.26, v5.15.25, v5.15.24, v5.15.23, v5.15.22, v5.15.21, v5.15.20, v5.15.19, v5.15.18 |
|
#
f36e7c98 |
| 28-Jan-2022 |
Heiko Carstens <hca@linux.ibm.com> |
s390: remove invalid email address of Heiko Carstens
Remove my old invalid email address which can be found in a couple of files. Instead of updating it, just remove my contact data completely from
s390: remove invalid email address of Heiko Carstens
Remove my old invalid email address which can be found in a couple of files. Instead of updating it, just remove my contact data completely from source files. We have git and other tools which allow to figure out who is responsible for what with recent contact data.
Signed-off-by: Heiko Carstens <hca@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
show more ...
|
Revision tags: v5.15.17, v5.4.173, v5.15.16 |
|
#
f094a39c |
| 17-Jan-2022 |
Christian Borntraeger <borntraeger@linux.ibm.com> |
s390/nmi: handle vector validity failures for KVM guests
The machine check validity bit tells about the context. If a KVM guest was running the bit tells about the guest validity and the host state
s390/nmi: handle vector validity failures for KVM guests
The machine check validity bit tells about the context. If a KVM guest was running the bit tells about the guest validity and the host state is not affected. As a guest can disable the guest validity this might result in unwanted host errors on machine checks.
Cc: stable@vger.kernel.org Fixes: c929500d7a5a ("s390/nmi: s390: New low level handling for machine check happening in guest") Signed-off-by: Christian Borntraeger <borntraeger@linux.ibm.com> Reviewed-by: Heiko Carstens <hca@linux.ibm.com> Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
show more ...
|
Revision tags: v5.15.15 |
|
#
1ea1d6a8 |
| 13-Jan-2022 |
Christian Borntraeger <borntraeger@linux.ibm.com> |
s390/nmi: handle guarded storage validity failures for KVM guests
machine check validity bits reflect the state of the machine check. If a guest does not make use of guarded storage, the validity bi
s390/nmi: handle guarded storage validity failures for KVM guests
machine check validity bits reflect the state of the machine check. If a guest does not make use of guarded storage, the validity bit might be off. We can not use the host CR bit to decide if the validity bit must be on. So ignore "invalid" guarded storage controls for KVM guests in the host and rely on the machine check being forwarded to the guest. If no other errors happen from a host perspective everything is fine and no process must be killed and the host can continue to run.
Cc: stable@vger.kernel.org Fixes: c929500d7a5a ("s390/nmi: s390: New low level handling for machine check happening in guest") Reported-by: Carsten Otte <cotte@de.ibm.com> Signed-off-by: Christian Borntraeger <borntraeger@linux.ibm.com> Tested-by: Carsten Otte <cotte@de.ibm.com> Reviewed-by: Heiko Carstens <hca@linux.ibm.com> Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
show more ...
|
Revision tags: v5.16, v5.15.10, v5.15.9, v5.15.8 |
|
#
c7ed509b |
| 10-Dec-2021 |
Alexander Gordeev <agordeev@linux.ibm.com> |
s390/nmi: disable interrupts on extended save area update
Updating of the pointer to machine check extended save area on the IPL CPU needs the lowcore protection to be disabled. Disable interrupts w
s390/nmi: disable interrupts on extended save area update
Updating of the pointer to machine check extended save area on the IPL CPU needs the lowcore protection to be disabled. Disable interrupts while the protection is off to avoid unnoticed writes to the lowcore.
Suggested-by: Heiko Carstens <hca@linux.ibm.com> Signed-off-by: Alexander Gordeev <agordeev@linux.ibm.com> Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
show more ...
|
Revision tags: v5.15.7, v5.15.6, v5.15.5, v5.15.4, v5.15.3, v5.15.2, v5.15.1, v5.15, v5.14.14, v5.14.13, v5.14.12, v5.14.11, v5.14.10, v5.14.9, v5.14.8, v5.14.7, v5.14.6, v5.10.67, v5.10.66, v5.14.5, v5.14.4, v5.10.65, v5.14.3, v5.10.64, v5.14.2, v5.10.63, v5.14.1, v5.10.62, v5.14, v5.10.61, v5.10.60, v5.10.53, v5.10.52, v5.10.51, v5.10.50, v5.10.49 |
|
#
0e25498f |
| 28-Jun-2021 |
Eric W. Biederman <ebiederm@xmission.com> |
exit: Add and use make_task_dead.
There are two big uses of do_exit. The first is it's design use to be the guts of the exit(2) system call. The second use is to terminate a task after something c
exit: Add and use make_task_dead.
There are two big uses of do_exit. The first is it's design use to be the guts of the exit(2) system call. The second use is to terminate a task after something catastrophic has happened like a NULL pointer in kernel code.
Add a function make_task_dead that is initialy exactly the same as do_exit to cover the cases where do_exit is called to handle catastrophic failure. In time this can probably be reduced to just a light wrapper around do_task_dead. For now keep it exactly the same so that there will be no behavioral differences introducing this new concept.
Replace all of the uses of do_exit that use it for catastraphic task cleanup with make_task_dead to make it clear what the code is doing.
As part of this rename rewind_stack_do_exit rewind_stack_and_make_dead.
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
show more ...
|
#
402ff5a3 |
| 25-Nov-2021 |
Heiko Carstens <hca@linux.ibm.com> |
s390/nmi: add missing __pa/__va address conversion of extended save area
Add missing __pa/__va address conversion of machine check extended save area designation, which is an absolute address.
Note
s390/nmi: add missing __pa/__va address conversion of extended save area
Add missing __pa/__va address conversion of machine check extended save area designation, which is an absolute address.
Note: this currently doesn't fix a real bug, since virtual addresses are indentical to physical ones.
Reported-by: Vineeth Vijayan <vneethv@linux.ibm.com> Tested-by: Vineeth Vijayan <vneethv@linux.ibm.com> Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
show more ...
|
#
4b198c41 |
| 13-Aug-2022 |
Alexander Gordeev <agordeev@linux.ibm.com> |
s390/boot: fix absolute zero lowcore corruption on boot
[ Upstream commit 12dd19c159659ec9050f45dc8a2ff3c3917f4be3 ]
Crash dump always starts on CPU0. In case CPU0 is offline the prefix page is not
s390/boot: fix absolute zero lowcore corruption on boot
[ Upstream commit 12dd19c159659ec9050f45dc8a2ff3c3917f4be3 ]
Crash dump always starts on CPU0. In case CPU0 is offline the prefix page is not installed and the absolute zero lowcore is used. However, struct lowcore::mcesad is never assigned and stays zero. That leads to __machine_kdump() -> save_vx_regs() call silently stores vector registers to the absolute lowcore at 0x11b0 offset.
Fixes: a62bc0739253 ("s390/kdump: add support for vector extension") Reviewed-by: Heiko Carstens <hca@linux.ibm.com> Signed-off-by: Alexander Gordeev <agordeev@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com> Signed-off-by: Sasha Levin <sashal@kernel.org>
show more ...
|
#
cfd2a7f8 |
| 17-Jan-2022 |
Christian Borntraeger <borntraeger@linux.ibm.com> |
s390/nmi: handle vector validity failures for KVM guests
commit f094a39c6ba168f2df1edfd1731cca377af5f442 upstream.
The machine check validity bit tells about the context. If a KVM guest was running
s390/nmi: handle vector validity failures for KVM guests
commit f094a39c6ba168f2df1edfd1731cca377af5f442 upstream.
The machine check validity bit tells about the context. If a KVM guest was running the bit tells about the guest validity and the host state is not affected. As a guest can disable the guest validity this might result in unwanted host errors on machine checks.
Cc: stable@vger.kernel.org Fixes: c929500d7a5a ("s390/nmi: s390: New low level handling for machine check happening in guest") Signed-off-by: Christian Borntraeger <borntraeger@linux.ibm.com> Reviewed-by: Heiko Carstens <hca@linux.ibm.com> Signed-off-by: Heiko Carstens <hca@linux.ibm.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
show more ...
|
#
c058e1ae |
| 13-Jan-2022 |
Christian Borntraeger <borntraeger@linux.ibm.com> |
s390/nmi: handle guarded storage validity failures for KVM guests
commit 1ea1d6a847d2b1d17fefd9196664b95f052a0775 upstream.
machine check validity bits reflect the state of the machine check. If a
s390/nmi: handle guarded storage validity failures for KVM guests
commit 1ea1d6a847d2b1d17fefd9196664b95f052a0775 upstream.
machine check validity bits reflect the state of the machine check. If a guest does not make use of guarded storage, the validity bit might be off. We can not use the host CR bit to decide if the validity bit must be on. So ignore "invalid" guarded storage controls for KVM guests in the host and rely on the machine check being forwarded to the guest. If no other errors happen from a host perspective everything is fine and no process must be killed and the host can continue to run.
Cc: stable@vger.kernel.org Fixes: c929500d7a5a ("s390/nmi: s390: New low level handling for machine check happening in guest") Reported-by: Carsten Otte <cotte@de.ibm.com> Signed-off-by: Christian Borntraeger <borntraeger@linux.ibm.com> Tested-by: Carsten Otte <cotte@de.ibm.com> Reviewed-by: Heiko Carstens <hca@linux.ibm.com> Signed-off-by: Heiko Carstens <hca@linux.ibm.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
show more ...
|
Revision tags: v5.13, v5.10.46 |
|
#
5fa2ea07 |
| 18-Jun-2021 |
Alexander Gordeev <agordeev@linux.ibm.com> |
s390/mcck: move register validation to C code
This update partially reverts commit 3037a52f9846 ("s390/nmi: do register validation as early as possible").
Storage error checks and control registers
s390/mcck: move register validation to C code
This update partially reverts commit 3037a52f9846 ("s390/nmi: do register validation as early as possible").
Storage error checks and control registers validation are left in the assembler code, since correct ASCEs and page tables are required to enable DAT - which is done before the C handler is entered.
System damage, kernel instruction address and PSW MWP checks are left in the assembler code as well, since there is no way to proceed if one of these checks is failed.
The getcpu vdso syscall reads CPU number from the programmable field of the TOD clock. Disregard the TOD programmable register validity bit and load the CPU number into the TOD programmable field unconditionally.
Signed-off-by: Alexander Gordeev <agordeev@linux.ibm.com> Reviewed-by: Heiko Carstens <hca@linux.ibm.com> Signed-off-by: Heiko Carstens <hca@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
show more ...
|
#
d35925b3 |
| 18-Jun-2021 |
Alexander Gordeev <agordeev@linux.ibm.com> |
s390/mcck: move storage error checks to assembler
The current storage errors tackling is wrong - the DAT is enabled in assembler code before the actual storage checks in C half are executed. In case
s390/mcck: move storage error checks to assembler
The current storage errors tackling is wrong - the DAT is enabled in assembler code before the actual storage checks in C half are executed. In case the page tables themselves are damaged such approach is not going to work.
With this update unrecoverable storage errors are not passed to C code for handling, but rather the machine is stopped right away. The only exception to this flow is when a machine check occurred in KVM guest - in this case the errors are reinjected by the handler.
Signed-off-by: Alexander Gordeev <agordeev@linux.ibm.com> Reviewed-by: Heiko Carstens <hca@linux.ibm.com> Signed-off-by: Heiko Carstens <hca@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
show more ...
|
#
7f6dc8d4 |
| 18-Jun-2021 |
Alexander Gordeev <agordeev@linux.ibm.com> |
s390/mcck: always enter C handler with DAT enabled
The machine check handler must be entered with DAT disabled in case control registers are corrupted or a storage error happened and we can not tell
s390/mcck: always enter C handler with DAT enabled
The machine check handler must be entered with DAT disabled in case control registers are corrupted or a storage error happened and we can not tell if such error corresponds to a page table.
Both of described conditions end up in stopping all CPUs and entering the disabled wait in C half of the handler. However, the storage errors are still checked after the DAT is enabled and C code is entered. In case a page table is damaged such flow is not expected to work.
This update paves the way for moving the storage error checks from C to assembler half. All fatal errors that can only be handled with DAT disabled are handled in assembler half also. As result, the C half is only entered if the DAT is secured.
Signed-off-by: Alexander Gordeev <agordeev@linux.ibm.com> Reviewed-by: Heiko Carstens <hca@linux.ibm.com> Signed-off-by: Heiko Carstens <hca@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
show more ...
|
Revision tags: v5.10.43, v5.10.42, v5.10.41, v5.10.40, v5.10.39, v5.4.119, v5.10.36, v5.10.35, v5.10.34, v5.4.116, v5.10.33, v5.12, v5.10.32, v5.10.31, v5.10.30, v5.10.27, v5.10.26, v5.10.25, v5.10.24, v5.10.23, v5.10.22, v5.10.21, v5.10.20, v5.10.19, v5.4.101, v5.10.18, v5.10.17, v5.11, v5.10.16, v5.10.15, v5.10.14, v5.10 |
|
#
56e62a73 |
| 21-Nov-2020 |
Sven Schnelle <svens@linux.ibm.com> |
s390: convert to generic entry
This patch converts s390 to use the generic entry infrastructure from kernel/entry/*.
There are a few special things on s390:
- PIF_PER_TRAP is moved to TIF_PER_TRAP
s390: convert to generic entry
This patch converts s390 to use the generic entry infrastructure from kernel/entry/*.
There are a few special things on s390:
- PIF_PER_TRAP is moved to TIF_PER_TRAP as the generic code doesn't know about our PIF flags in exit_to_user_mode_loop().
- The old code had several ways to restart syscalls:
a) PIF_SYSCALL_RESTART, which was only set during execve to force a restart after upgrading a process (usually qemu-kvm) to pgste page table extensions.
b) PIF_SYSCALL, which is set by do_signal() to indicate that the current syscall should be restarted. This is changed so that do_signal() now also uses PIF_SYSCALL_RESTART. Continuing to use PIF_SYSCALL doesn't work with the generic code, and changing it to PIF_SYSCALL_RESTART makes PIF_SYSCALL and PIF_SYSCALL_RESTART more unique.
- On s390 calling sys_sigreturn or sys_rt_sigreturn is implemented by executing a svc instruction on the process stack which causes a fault. While handling that fault the fault code sets PIF_SYSCALL to hand over processing to the syscall code on exit to usermode.
The patch introduces PIF_SYSCALL_RET_SET, which is set if ptrace sets a return value for a syscall. The s390x ptrace ABI uses r2 both for the syscall number and return value, so ptrace cannot set the syscall number + return value at the same time. The flag makes handling that a bit easier. do_syscall() will just skip executing the syscall if PIF_SYSCALL_RET_SET is set.
CONFIG_DEBUG_ASCE was removd in favour of the generic CONFIG_DEBUG_ENTRY. CR1/7/13 will be checked both on kernel entry and exit to contain the correct asces.
Signed-off-by: Sven Schnelle <svens@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
show more ...
|
Revision tags: v5.8.17, v5.8.16, v5.8.15, v5.9, v5.8.14, v5.8.13, v5.8.12, v5.8.11, v5.8.10, v5.8.9, v5.8.8, v5.8.7, v5.8.6, v5.4.62, v5.8.5, v5.8.4, v5.4.61, v5.8.3, v5.4.60, v5.8.2, v5.4.59, v5.8.1, v5.4.58, v5.4.57, v5.4.56, v5.8, v5.7.12, v5.4.55, v5.7.11, v5.4.54, v5.7.10, v5.4.53, v5.4.52, v5.7.9, v5.7.8, v5.4.51, v5.4.50, v5.7.7, v5.4.49, v5.7.6, v5.7.5, v5.4.48, v5.7.4, v5.7.3, v5.4.47, v5.4.46, v5.7.2, v5.4.45, v5.7.1, v5.4.44, v5.7, v5.4.43, v5.4.42, v5.4.41, v5.4.40, v5.4.39, v5.4.38, v5.4.37, v5.4.36, v5.4.35, v5.4.34, v5.4.33, v5.4.32, v5.4.31, v5.4.30, v5.4.29, v5.6, v5.4.28, v5.4.27, v5.4.26, v5.4.25, v5.4.24, v5.4.23, v5.4.22 |
|
#
0b0ed657 |
| 20-Feb-2020 |
Sven Schnelle <svens@linux.ibm.com> |
s390: remove critical section cleanup from entry.S
The current code is rather complex and caused a lot of subtle and hard to debug bugs in the past. Simplify the code by calling the system_call hand
s390: remove critical section cleanup from entry.S
The current code is rather complex and caused a lot of subtle and hard to debug bugs in the past. Simplify the code by calling the system_call handler with interrupts disabled, save machine state, and re-enable them later.
This requires significant changes to the machine check handling code as well. When the machine check interrupt arrived while being in kernel mode the new code will signal pending machine checks with a SIGP external call. When userspace was interrupted, the handler will switch to the kernel stack and directly execute s390_handle_mcck().
Signed-off-by: Sven Schnelle <svens@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
show more ...
|
Revision tags: v5.4.21, v5.4.20, v5.4.19, v5.4.18, v5.4.17, v5.4.16, v5.5, v5.4.15, v5.4.14, v5.4.13, v5.4.12, v5.4.11, v5.4.10, v5.4.9, v5.4.8, v5.4.7, v5.4.6, v5.4.5, v5.4.4, v5.4.3, v5.3.15, v5.4.2, v5.4.1, v5.3.14, v5.4, v5.3.13, v5.3.12, v5.3.11, v5.3.10, v5.3.9, v5.3.8, v5.3.7, v5.3.6, v5.3.5, v5.3.4, v5.3.3, v5.3.2, v5.3.1, v5.3, v5.2.14, v5.3-rc8, v5.2.13, v5.2.12, v5.2.11, v5.2.10, v5.2.9, v5.2.8, v5.2.7, v5.2.6, v5.2.5, v5.2.4, v5.2.3, v5.2.2, v5.2.1, v5.2, v5.1.16, v5.1.15, v5.1.14, v5.1.13, v5.1.12, v5.1.11, v5.1.10, v5.1.9, v5.1.8, v5.1.7, v5.1.6, v5.1.5, v5.1.4, v5.1.3, v5.1.2, v5.1.1, v5.0.14, v5.1, v5.0.13, v5.0.12, v5.0.11 |
|
#
98587c2d |
| 30-Apr-2019 |
Martin Schwidefsky <schwidefsky@de.ibm.com> |
s390: simplify disabled_wait
The disabled_wait() function uses its argument as the PSW address when it stops the CPU with a wait PSW that is disabled for interrupts. The different callers sometimes
s390: simplify disabled_wait
The disabled_wait() function uses its argument as the PSW address when it stops the CPU with a wait PSW that is disabled for interrupts. The different callers sometimes use a specific number like 0xdeadbeef to indicate a specific failure, the early boot code uses 0 and some other calls sites use __builtin_return_address(0).
At the time a dump is created the current PSW and the registers of a CPU are written to lowcore to make them avaiable to the dump analysis tool. For a CPU stopped with disabled_wait the PSW and the registers do not really make sense together, the PSW address does not point to the function the registers belong to.
Simplify disabled_wait() by using _THIS_IP_ for the PSW address and drop the argument to the function.
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
show more ...
|