1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * S390 version 4 * Copyright IBM Corp. 1999, 2000 5 * Author(s): Martin Schwidefsky (schwidefsky@de.ibm.com), 6 * Denis Joseph Barrow (djbarrow@de.ibm.com,barrow_dj@yahoo.com), 7 * 8 * Derived from "arch/i386/kernel/traps.c" 9 * Copyright (C) 1991, 1992 Linus Torvalds 10 */ 11 12 #include <linux/cpufeature.h> 13 #include <linux/kprobes.h> 14 #include <linux/kdebug.h> 15 #include <linux/randomize_kstack.h> 16 #include <linux/extable.h> 17 #include <linux/ptrace.h> 18 #include <linux/sched.h> 19 #include <linux/sched/debug.h> 20 #include <linux/mm.h> 21 #include <linux/slab.h> 22 #include <linux/uaccess.h> 23 #include <linux/cpu.h> 24 #include <linux/entry-common.h> 25 #include <linux/kmsan.h> 26 #include <asm/asm-extable.h> 27 #include <asm/irqflags.h> 28 #include <asm/ptrace.h> 29 #include <asm/vtime.h> 30 #include <asm/fpu.h> 31 #include <asm/fault.h> 32 #include "entry.h" 33 34 static inline void __user *get_trap_ip(struct pt_regs *regs) 35 { 36 unsigned long address; 37 38 if (regs->int_code & 0x200) 39 address = current->thread.trap_tdb.data[3]; 40 else 41 address = regs->psw.addr; 42 return (void __user *)(address - (regs->int_code >> 16)); 43 } 44 45 #ifdef CONFIG_GENERIC_BUG 46 int is_valid_bugaddr(unsigned long addr) 47 { 48 return 1; 49 } 50 #endif 51 52 void do_report_trap(struct pt_regs *regs, int si_signo, int si_code, char *str) 53 { 54 if (user_mode(regs)) { 55 force_sig_fault(si_signo, si_code, get_trap_ip(regs)); 56 report_user_fault(regs, si_signo, 0); 57 } else { 58 if (!fixup_exception(regs)) 59 die(regs, str); 60 } 61 } 62 63 static void do_trap(struct pt_regs *regs, int si_signo, int si_code, char *str) 64 { 65 if (notify_die(DIE_TRAP, str, regs, 0, regs->int_code, si_signo) == NOTIFY_STOP) 66 return; 67 do_report_trap(regs, si_signo, si_code, str); 68 } 69 NOKPROBE_SYMBOL(do_trap); 70 71 void do_per_trap(struct pt_regs *regs) 72 { 73 if (notify_die(DIE_SSTEP, "sstep", regs, 0, 0, SIGTRAP) == NOTIFY_STOP) 74 return; 75 if (!current->ptrace) 76 return; 77 force_sig_fault(SIGTRAP, TRAP_HWBKPT, (void __force __user *)current->thread.per_event.address); 78 } 79 NOKPROBE_SYMBOL(do_per_trap); 80 81 static void default_trap_handler(struct pt_regs *regs) 82 { 83 if (user_mode(regs)) { 84 report_user_fault(regs, SIGSEGV, 0); 85 force_exit_sig(SIGSEGV); 86 } else 87 die(regs, "Unknown program exception"); 88 } 89 90 #define DO_ERROR_INFO(name, signr, sicode, str) \ 91 static void name(struct pt_regs *regs) \ 92 { \ 93 do_trap(regs, signr, sicode, str); \ 94 } 95 96 DO_ERROR_INFO(addressing_exception, SIGILL, ILL_ILLADR, "addressing exception") 97 DO_ERROR_INFO(divide_exception, SIGFPE, FPE_INTDIV, "fixpoint divide exception") 98 DO_ERROR_INFO(execute_exception, SIGILL, ILL_ILLOPN, "execute exception") 99 DO_ERROR_INFO(hfp_divide_exception, SIGFPE, FPE_FLTDIV, "HFP divide exception") 100 DO_ERROR_INFO(hfp_overflow_exception, SIGFPE, FPE_FLTOVF, "HFP overflow exception") 101 DO_ERROR_INFO(hfp_significance_exception, SIGFPE, FPE_FLTRES, "HFP significance exception") 102 DO_ERROR_INFO(hfp_sqrt_exception, SIGFPE, FPE_FLTINV, "HFP square root exception") 103 DO_ERROR_INFO(hfp_underflow_exception, SIGFPE, FPE_FLTUND, "HFP underflow exception") 104 DO_ERROR_INFO(operand_exception, SIGILL, ILL_ILLOPN, "operand exception") 105 DO_ERROR_INFO(overflow_exception, SIGFPE, FPE_INTOVF, "fixpoint overflow exception") 106 DO_ERROR_INFO(privileged_op, SIGILL, ILL_PRVOPC, "privileged operation") 107 DO_ERROR_INFO(special_op_exception, SIGILL, ILL_ILLOPN, "special operation exception") 108 DO_ERROR_INFO(specification_exception, SIGILL, ILL_ILLOPN, "specification exception"); 109 DO_ERROR_INFO(transaction_exception, SIGILL, ILL_ILLOPN, "transaction constraint exception") 110 111 static inline void do_fp_trap(struct pt_regs *regs, __u32 fpc) 112 { 113 int si_code = 0; 114 115 /* FPC[2] is Data Exception Code */ 116 if ((fpc & 0x00000300) == 0) { 117 /* bits 6 and 7 of DXC are 0 iff IEEE exception */ 118 if (fpc & 0x8000) /* invalid fp operation */ 119 si_code = FPE_FLTINV; 120 else if (fpc & 0x4000) /* div by 0 */ 121 si_code = FPE_FLTDIV; 122 else if (fpc & 0x2000) /* overflow */ 123 si_code = FPE_FLTOVF; 124 else if (fpc & 0x1000) /* underflow */ 125 si_code = FPE_FLTUND; 126 else if (fpc & 0x0800) /* inexact */ 127 si_code = FPE_FLTRES; 128 } 129 do_trap(regs, SIGFPE, si_code, "floating point exception"); 130 } 131 132 static void translation_specification_exception(struct pt_regs *regs) 133 { 134 /* May never happen. */ 135 panic("Translation-Specification Exception"); 136 } 137 138 static void illegal_op(struct pt_regs *regs) 139 { 140 int is_uprobe_insn = 0; 141 u16 __user *location; 142 int signal = 0; 143 u16 opcode; 144 145 location = get_trap_ip(regs); 146 if (user_mode(regs)) { 147 if (get_user(opcode, location)) 148 return; 149 if (opcode == S390_BREAKPOINT_U16) { 150 if (current->ptrace) 151 force_sig_fault(SIGTRAP, TRAP_BRKPT, location); 152 else 153 signal = SIGILL; 154 #ifdef CONFIG_UPROBES 155 } else if (opcode == UPROBE_SWBP_INSN) { 156 is_uprobe_insn = 1; 157 #endif 158 } else { 159 signal = SIGILL; 160 } 161 } 162 /* 163 * This is either an illegal op in kernel mode, or user space trapped 164 * on a uprobes illegal instruction. See if kprobes or uprobes picks 165 * it up. If not, SIGILL. 166 */ 167 if (is_uprobe_insn || !user_mode(regs)) { 168 if (notify_die(DIE_BPT, "bpt", regs, 0, 3, SIGTRAP) != NOTIFY_STOP) 169 signal = SIGILL; 170 } 171 if (signal) 172 do_trap(regs, signal, ILL_ILLOPC, "illegal operation"); 173 } 174 NOKPROBE_SYMBOL(illegal_op); 175 176 static void vector_exception(struct pt_regs *regs) 177 { 178 int si_code, vic; 179 180 /* get vector interrupt code from fpc */ 181 save_user_fpu_regs(); 182 vic = (current->thread.ufpu.fpc & 0xf00) >> 8; 183 switch (vic) { 184 case 1: /* invalid vector operation */ 185 si_code = FPE_FLTINV; 186 break; 187 case 2: /* division by zero */ 188 si_code = FPE_FLTDIV; 189 break; 190 case 3: /* overflow */ 191 si_code = FPE_FLTOVF; 192 break; 193 case 4: /* underflow */ 194 si_code = FPE_FLTUND; 195 break; 196 case 5: /* inexact */ 197 si_code = FPE_FLTRES; 198 break; 199 default: /* unknown cause */ 200 si_code = 0; 201 } 202 do_trap(regs, SIGFPE, si_code, "vector exception"); 203 } 204 205 static void data_exception(struct pt_regs *regs) 206 { 207 save_user_fpu_regs(); 208 if (current->thread.ufpu.fpc & FPC_DXC_MASK) 209 do_fp_trap(regs, current->thread.ufpu.fpc); 210 else 211 do_trap(regs, SIGILL, ILL_ILLOPN, "data exception"); 212 } 213 214 static void space_switch_exception(struct pt_regs *regs) 215 { 216 /* Set user psw back to home space mode. */ 217 if (user_mode(regs)) 218 regs->psw.mask |= PSW_ASC_HOME; 219 /* Send SIGILL. */ 220 do_trap(regs, SIGILL, ILL_PRVOPC, "space switch event"); 221 } 222 223 static void monitor_event_exception(struct pt_regs *regs) 224 { 225 if (user_mode(regs)) 226 return; 227 switch (report_bug(regs->psw.addr - (regs->int_code >> 16), regs)) { 228 case BUG_TRAP_TYPE_NONE: 229 fixup_exception(regs); 230 break; 231 case BUG_TRAP_TYPE_WARN: 232 break; 233 case BUG_TRAP_TYPE_BUG: 234 die(regs, "monitor event"); 235 break; 236 } 237 } 238 239 void kernel_stack_invalid(struct pt_regs *regs) 240 { 241 /* 242 * Normally regs are unpoisoned by the generic entry code, but 243 * kernel_stack_overflow() is a rare case that is called bypassing it. 244 */ 245 kmsan_unpoison_entry_regs(regs); 246 bust_spinlocks(1); 247 pr_emerg("Kernel stack pointer invalid\n"); 248 show_regs(regs); 249 bust_spinlocks(0); 250 panic("Invalid kernel stack pointer, cannot continue"); 251 } 252 NOKPROBE_SYMBOL(kernel_stack_invalid); 253 254 static void __init test_monitor_call(void) 255 { 256 int val = 1; 257 258 if (!IS_ENABLED(CONFIG_BUG)) 259 return; 260 asm_inline volatile( 261 " mc 0,0\n" 262 "0: lhi %[val],0\n" 263 "1:\n" 264 EX_TABLE(0b, 1b) 265 : [val] "+d" (val)); 266 if (!val) 267 panic("Monitor call doesn't work!\n"); 268 } 269 270 void __init trap_init(void) 271 { 272 struct lowcore *lc = get_lowcore(); 273 unsigned long flags; 274 struct ctlreg cr0; 275 276 local_irq_save(flags); 277 cr0 = local_ctl_clear_bit(0, CR0_LOW_ADDRESS_PROTECTION_BIT); 278 psw_bits(lc->external_new_psw).mcheck = 1; 279 psw_bits(lc->program_new_psw).mcheck = 1; 280 psw_bits(lc->svc_new_psw).mcheck = 1; 281 psw_bits(lc->io_new_psw).mcheck = 1; 282 local_ctl_load(0, &cr0); 283 local_irq_restore(flags); 284 local_mcck_enable(); 285 test_monitor_call(); 286 } 287 288 static void (*pgm_check_table[128])(struct pt_regs *regs); 289 290 void noinstr __do_pgm_check(struct pt_regs *regs) 291 { 292 struct lowcore *lc = get_lowcore(); 293 irqentry_state_t state; 294 unsigned int trapnr; 295 union teid teid; 296 297 teid.val = lc->trans_exc_code; 298 regs->int_code = lc->pgm_int_code; 299 regs->int_parm_long = teid.val; 300 /* 301 * In case of a guest fault, short-circuit the fault handler and return. 302 * This way the sie64a() function will return 0; fault address and 303 * other relevant bits are saved in current->thread.gmap_teid, and 304 * the fault number in current->thread.gmap_int_code. KVM will be 305 * able to use this information to handle the fault. 306 */ 307 if (test_pt_regs_flag(regs, PIF_GUEST_FAULT)) { 308 current->thread.gmap_teid.val = regs->int_parm_long; 309 current->thread.gmap_int_code = regs->int_code & 0xffff; 310 return; 311 } 312 state = irqentry_enter(regs); 313 if (user_mode(regs)) { 314 update_timer_sys(); 315 if (!cpu_has_bear()) { 316 if (regs->last_break < 4096) 317 regs->last_break = 1; 318 } 319 current->thread.last_break = regs->last_break; 320 } 321 if (lc->pgm_code & 0x0200) { 322 /* transaction abort */ 323 current->thread.trap_tdb = lc->pgm_tdb; 324 } 325 if (lc->pgm_code & PGM_INT_CODE_PER) { 326 if (user_mode(regs)) { 327 struct per_event *ev = ¤t->thread.per_event; 328 329 set_thread_flag(TIF_PER_TRAP); 330 ev->address = lc->per_address; 331 ev->cause = lc->per_code_combined; 332 ev->paid = lc->per_access_id; 333 } else { 334 /* PER event in kernel is kprobes */ 335 __arch_local_irq_ssm(regs->psw.mask & ~PSW_MASK_PER); 336 do_per_trap(regs); 337 goto out; 338 } 339 } 340 if (!irqs_disabled_flags(regs->psw.mask)) 341 trace_hardirqs_on(); 342 __arch_local_irq_ssm(regs->psw.mask & ~PSW_MASK_PER); 343 trapnr = regs->int_code & PGM_INT_CODE_MASK; 344 if (trapnr) 345 pgm_check_table[trapnr](regs); 346 out: 347 local_irq_disable(); 348 irqentry_exit(regs, state); 349 } 350 351 /* 352 * The program check table contains exactly 128 (0x00-0x7f) entries. Each 353 * line defines the function to be called corresponding to the program check 354 * interruption code. 355 */ 356 static void (*pgm_check_table[128])(struct pt_regs *regs) = { 357 [0x00] = default_trap_handler, 358 [0x01] = illegal_op, 359 [0x02] = privileged_op, 360 [0x03] = execute_exception, 361 [0x04] = do_protection_exception, 362 [0x05] = addressing_exception, 363 [0x06] = specification_exception, 364 [0x07] = data_exception, 365 [0x08] = overflow_exception, 366 [0x09] = divide_exception, 367 [0x0a] = overflow_exception, 368 [0x0b] = divide_exception, 369 [0x0c] = hfp_overflow_exception, 370 [0x0d] = hfp_underflow_exception, 371 [0x0e] = hfp_significance_exception, 372 [0x0f] = hfp_divide_exception, 373 [0x10] = do_dat_exception, 374 [0x11] = do_dat_exception, 375 [0x12] = translation_specification_exception, 376 [0x13] = special_op_exception, 377 [0x14] = default_trap_handler, 378 [0x15] = operand_exception, 379 [0x16] = default_trap_handler, 380 [0x17] = default_trap_handler, 381 [0x18] = transaction_exception, 382 [0x19] = default_trap_handler, 383 [0x1a] = default_trap_handler, 384 [0x1b] = vector_exception, 385 [0x1c] = space_switch_exception, 386 [0x1d] = hfp_sqrt_exception, 387 [0x1e ... 0x37] = default_trap_handler, 388 [0x38] = do_dat_exception, 389 [0x39] = do_dat_exception, 390 [0x3a] = do_dat_exception, 391 [0x3b] = do_dat_exception, 392 [0x3c] = default_trap_handler, 393 [0x3d] = do_secure_storage_access, 394 [0x3e] = default_trap_handler, 395 [0x3f] = default_trap_handler, 396 [0x40] = monitor_event_exception, 397 [0x41 ... 0x7f] = default_trap_handler, 398 }; 399 400 #define COND_TRAP(x) asm( \ 401 ".weak " __stringify(x) "\n\t" \ 402 ".set " __stringify(x) "," \ 403 __stringify(default_trap_handler)) 404 405 COND_TRAP(do_secure_storage_access); 406