1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * S390 version 4 * Copyright IBM Corp. 1999, 2000 5 * Author(s): Martin Schwidefsky (schwidefsky@de.ibm.com), 6 * Denis Joseph Barrow (djbarrow@de.ibm.com,barrow_dj@yahoo.com), 7 * 8 * Derived from "arch/i386/kernel/traps.c" 9 * Copyright (C) 1991, 1992 Linus Torvalds 10 */ 11 12 #include <linux/cpufeature.h> 13 #include <linux/kprobes.h> 14 #include <linux/kdebug.h> 15 #include <linux/randomize_kstack.h> 16 #include <linux/extable.h> 17 #include <linux/ptrace.h> 18 #include <linux/sched.h> 19 #include <linux/sched/debug.h> 20 #include <linux/mm.h> 21 #include <linux/slab.h> 22 #include <linux/uaccess.h> 23 #include <linux/cpu.h> 24 #include <linux/entry-common.h> 25 #include <linux/kmsan.h> 26 #include <linux/bug.h> 27 #include <asm/entry-percpu.h> 28 #include <asm/asm-extable.h> 29 #include <asm/irqflags.h> 30 #include <asm/ptrace.h> 31 #include <asm/vtime.h> 32 #include <asm/fpu.h> 33 #include <asm/fault.h> 34 #include "entry.h" 35 36 static inline void __user *get_trap_ip(struct pt_regs *regs) 37 { 38 unsigned long address; 39 40 if (regs->int_code & 0x200) 41 address = current->thread.trap_tdb.data[3]; 42 else 43 address = regs->psw.addr; 44 return (void __user *)(address - (regs->int_code >> 16)); 45 } 46 47 #ifdef CONFIG_GENERIC_BUG 48 int is_valid_bugaddr(unsigned long addr) 49 { 50 return 1; 51 } 52 #endif 53 54 void do_report_trap(struct pt_regs *regs, int si_signo, int si_code, char *str) 55 { 56 if (user_mode(regs)) { 57 force_sig_fault(si_signo, si_code, get_trap_ip(regs)); 58 report_user_fault(regs, si_signo, 0); 59 } else { 60 if (!fixup_exception(regs)) 61 die(regs, str); 62 } 63 } 64 65 static void do_trap(struct pt_regs *regs, int si_signo, int si_code, char *str) 66 { 67 if (notify_die(DIE_TRAP, str, regs, 0, regs->int_code, si_signo) == NOTIFY_STOP) 68 return; 69 do_report_trap(regs, si_signo, si_code, str); 70 } 71 NOKPROBE_SYMBOL(do_trap); 72 73 void do_per_trap(struct pt_regs *regs) 74 { 75 if (notify_die(DIE_SSTEP, "sstep", regs, 0, 0, SIGTRAP) == NOTIFY_STOP) 76 return; 77 if (!current->ptrace) 78 return; 79 force_sig_fault(SIGTRAP, TRAP_HWBKPT, (void __force __user *)current->thread.per_event.address); 80 } 81 NOKPROBE_SYMBOL(do_per_trap); 82 83 static void default_trap_handler(struct pt_regs *regs) 84 { 85 if (user_mode(regs)) { 86 report_user_fault(regs, SIGSEGV, 0); 87 force_exit_sig(SIGSEGV); 88 } else 89 die(regs, "Unknown program exception"); 90 } 91 92 #define DO_ERROR_INFO(name, signr, sicode, str) \ 93 static void name(struct pt_regs *regs) \ 94 { \ 95 do_trap(regs, signr, sicode, str); \ 96 } 97 98 DO_ERROR_INFO(addressing_exception, SIGILL, ILL_ILLADR, "addressing exception") 99 DO_ERROR_INFO(divide_exception, SIGFPE, FPE_INTDIV, "fixpoint divide exception") 100 DO_ERROR_INFO(execute_exception, SIGILL, ILL_ILLOPN, "execute exception") 101 DO_ERROR_INFO(hfp_divide_exception, SIGFPE, FPE_FLTDIV, "HFP divide exception") 102 DO_ERROR_INFO(hfp_overflow_exception, SIGFPE, FPE_FLTOVF, "HFP overflow exception") 103 DO_ERROR_INFO(hfp_significance_exception, SIGFPE, FPE_FLTRES, "HFP significance exception") 104 DO_ERROR_INFO(hfp_sqrt_exception, SIGFPE, FPE_FLTINV, "HFP square root exception") 105 DO_ERROR_INFO(hfp_underflow_exception, SIGFPE, FPE_FLTUND, "HFP underflow exception") 106 DO_ERROR_INFO(operand_exception, SIGILL, ILL_ILLOPN, "operand exception") 107 DO_ERROR_INFO(overflow_exception, SIGFPE, FPE_INTOVF, "fixpoint overflow exception") 108 DO_ERROR_INFO(privileged_op, SIGILL, ILL_PRVOPC, "privileged operation") 109 DO_ERROR_INFO(special_op_exception, SIGILL, ILL_ILLOPN, "special operation exception") 110 DO_ERROR_INFO(specification_exception, SIGILL, ILL_ILLOPN, "specification exception"); 111 DO_ERROR_INFO(transaction_exception, SIGILL, ILL_ILLOPN, "transaction constraint exception") 112 113 static inline void do_fp_trap(struct pt_regs *regs, __u32 fpc) 114 { 115 int si_code = 0; 116 117 /* FPC[2] is Data Exception Code */ 118 if ((fpc & 0x00000300) == 0) { 119 /* bits 6 and 7 of DXC are 0 iff IEEE exception */ 120 if (fpc & 0x8000) /* invalid fp operation */ 121 si_code = FPE_FLTINV; 122 else if (fpc & 0x4000) /* div by 0 */ 123 si_code = FPE_FLTDIV; 124 else if (fpc & 0x2000) /* overflow */ 125 si_code = FPE_FLTOVF; 126 else if (fpc & 0x1000) /* underflow */ 127 si_code = FPE_FLTUND; 128 else if (fpc & 0x0800) /* inexact */ 129 si_code = FPE_FLTRES; 130 } 131 do_trap(regs, SIGFPE, si_code, "floating point exception"); 132 } 133 134 static void translation_specification_exception(struct pt_regs *regs) 135 { 136 /* May never happen. */ 137 panic("Translation-Specification Exception"); 138 } 139 140 static void illegal_op(struct pt_regs *regs) 141 { 142 int is_uprobe_insn = 0; 143 u16 __user *location; 144 int signal = 0; 145 u16 opcode; 146 147 location = get_trap_ip(regs); 148 if (user_mode(regs)) { 149 if (get_user(opcode, location)) 150 return; 151 if (opcode == S390_BREAKPOINT_U16) { 152 if (current->ptrace) 153 force_sig_fault(SIGTRAP, TRAP_BRKPT, location); 154 else 155 signal = SIGILL; 156 #ifdef CONFIG_UPROBES 157 } else if (opcode == UPROBE_SWBP_INSN) { 158 is_uprobe_insn = 1; 159 #endif 160 } else { 161 signal = SIGILL; 162 } 163 } 164 /* 165 * This is either an illegal op in kernel mode, or user space trapped 166 * on a uprobes illegal instruction. See if kprobes or uprobes picks 167 * it up. If not, SIGILL. 168 */ 169 if (is_uprobe_insn || !user_mode(regs)) { 170 if (notify_die(DIE_BPT, "bpt", regs, 0, 3, SIGTRAP) != NOTIFY_STOP) 171 signal = SIGILL; 172 } 173 if (signal) 174 do_trap(regs, signal, ILL_ILLOPC, "illegal operation"); 175 } 176 NOKPROBE_SYMBOL(illegal_op); 177 178 static void vector_exception(struct pt_regs *regs) 179 { 180 int si_code, vic; 181 182 /* get vector interrupt code from fpc */ 183 save_user_fpu_regs(); 184 vic = (current->thread.ufpu.fpc & 0xf00) >> 8; 185 switch (vic) { 186 case 1: /* invalid vector operation */ 187 si_code = FPE_FLTINV; 188 break; 189 case 2: /* division by zero */ 190 si_code = FPE_FLTDIV; 191 break; 192 case 3: /* overflow */ 193 si_code = FPE_FLTOVF; 194 break; 195 case 4: /* underflow */ 196 si_code = FPE_FLTUND; 197 break; 198 case 5: /* inexact */ 199 si_code = FPE_FLTRES; 200 break; 201 default: /* unknown cause */ 202 si_code = 0; 203 } 204 do_trap(regs, SIGFPE, si_code, "vector exception"); 205 } 206 207 static void data_exception(struct pt_regs *regs) 208 { 209 save_user_fpu_regs(); 210 if (current->thread.ufpu.fpc & FPC_DXC_MASK) 211 do_fp_trap(regs, current->thread.ufpu.fpc); 212 else 213 do_trap(regs, SIGILL, ILL_ILLOPN, "data exception"); 214 } 215 216 static void space_switch_exception(struct pt_regs *regs) 217 { 218 /* Set user psw back to home space mode. */ 219 if (user_mode(regs)) 220 regs->psw.mask |= PSW_ASC_HOME; 221 /* Send SIGILL. */ 222 do_trap(regs, SIGILL, ILL_PRVOPC, "space switch event"); 223 } 224 225 #if defined(CONFIG_BUG) && defined(CONFIG_CC_HAS_ASM_IMMEDIATE_STRINGS) 226 227 void *__warn_args(struct arch_va_list *args, struct pt_regs *regs) 228 { 229 struct stack_frame *stack_frame; 230 231 /* 232 * Generate va_list from pt_regs. See ELF Application Binary Interface 233 * s390x Supplement documentation for details. 234 * 235 * - __overflow_arg_area needs to point to the parameter area, which 236 * is right above the standard stack frame (160 bytes) 237 * 238 * - __reg_save_area needs to point to a register save area where 239 * general registers (%r2 - %r6) can be found at offset 16. Which 240 * means that the gprs save area of pt_regs can be used 241 * 242 * - __gpr must be set to one, since the first parameter has been 243 * processed (pointer to bug_entry) 244 */ 245 stack_frame = (struct stack_frame *)regs->gprs[15]; 246 args->__overflow_arg_area = stack_frame + 1; 247 args->__reg_save_area = regs->gprs; 248 args->__gpr = 1; 249 return args; 250 } 251 252 #endif /* CONFIG_BUG && CONFIG_CC_HAS_ASM_IMMEDIATE_STRINGS */ 253 254 static void monitor_event_exception(struct pt_regs *regs) 255 { 256 enum bug_trap_type btt; 257 258 if (user_mode(regs)) 259 return; 260 if (regs->monitor_code == MONCODE_BUG_ARG) { 261 regs->psw.addr = regs->gprs[14]; 262 btt = report_bug_entry((struct bug_entry *)regs->gprs[2], regs); 263 } else { 264 btt = report_bug(regs->psw.addr - (regs->int_code >> 16), regs); 265 } 266 switch (btt) { 267 case BUG_TRAP_TYPE_NONE: 268 fixup_exception(regs); 269 break; 270 case BUG_TRAP_TYPE_WARN: 271 break; 272 case BUG_TRAP_TYPE_BUG: 273 die(regs, "monitor event"); 274 break; 275 } 276 } 277 278 void kernel_stack_invalid(struct pt_regs *regs) 279 { 280 /* 281 * Normally regs are unpoisoned by the generic entry code, but 282 * kernel_stack_overflow() is a rare case that is called bypassing it. 283 */ 284 kmsan_unpoison_entry_regs(regs); 285 bust_spinlocks(1); 286 pr_emerg("Kernel stack pointer invalid\n"); 287 show_regs(regs); 288 bust_spinlocks(0); 289 panic("Invalid kernel stack pointer, cannot continue"); 290 } 291 NOKPROBE_SYMBOL(kernel_stack_invalid); 292 293 static void __init test_monitor_call(void) 294 { 295 int val = 1; 296 297 if (!IS_ENABLED(CONFIG_BUG)) 298 return; 299 asm_inline volatile( 300 " mc %[monc](%%r0),0\n" 301 "0: lhi %[val],0\n" 302 "1:\n" 303 EX_TABLE(0b, 1b) 304 : [val] "+d" (val) 305 : [monc] "i" (MONCODE_BUG)); 306 if (!val) 307 panic("Monitor call doesn't work!\n"); 308 } 309 310 void __init trap_init(void) 311 { 312 struct lowcore *lc = get_lowcore(); 313 unsigned long flags; 314 struct ctlreg cr0; 315 316 local_irq_save(flags); 317 cr0 = local_ctl_clear_bit(0, CR0_LOW_ADDRESS_PROTECTION_BIT); 318 psw_bits(lc->external_new_psw).mcheck = 1; 319 psw_bits(lc->program_new_psw).mcheck = 1; 320 psw_bits(lc->svc_new_psw).mcheck = 1; 321 psw_bits(lc->io_new_psw).mcheck = 1; 322 local_ctl_load(0, &cr0); 323 local_irq_restore(flags); 324 local_mcck_enable(); 325 test_monitor_call(); 326 } 327 328 static void (*pgm_check_table[128])(struct pt_regs *regs); 329 330 void noinstr __do_pgm_check(struct pt_regs *regs) 331 { 332 struct lowcore *lc = get_lowcore(); 333 bool percpu_needs_fixup; 334 irqentry_state_t state; 335 unsigned int trapnr; 336 union teid teid; 337 338 teid.val = lc->trans_exc_code; 339 regs->int_code = lc->pgm_int_code; 340 regs->int_parm_long = teid.val; 341 regs->monitor_code = lc->monitor_code; 342 /* 343 * In case of a guest fault, short-circuit the fault handler and return. 344 * This way the sie64a() function will return 0; fault address and 345 * other relevant bits are saved in current->thread.gmap_teid, and 346 * the fault number in current->thread.gmap_int_code. KVM will be 347 * able to use this information to handle the fault. 348 */ 349 if (test_pt_regs_flag(regs, PIF_GUEST_FAULT)) { 350 current->thread.gmap_teid.val = regs->int_parm_long; 351 current->thread.gmap_int_code = regs->int_code & 0xffff; 352 return; 353 } 354 percpu_entry(regs); 355 state = irqentry_enter(regs); 356 if (user_mode(regs)) { 357 update_timer_sys(); 358 if (!cpu_has_bear()) { 359 if (regs->last_break < 4096) 360 regs->last_break = 1; 361 } 362 current->thread.last_break = regs->last_break; 363 } 364 if (lc->pgm_code & 0x0200) { 365 /* transaction abort */ 366 current->thread.trap_tdb = lc->pgm_tdb; 367 } 368 if (lc->pgm_code & PGM_INT_CODE_PER) { 369 if (user_mode(regs)) { 370 struct per_event *ev = ¤t->thread.per_event; 371 372 set_thread_flag(TIF_PER_TRAP); 373 ev->address = lc->per_address; 374 ev->cause = lc->per_code_combined; 375 ev->paid = lc->per_access_id; 376 } else { 377 /* PER event in kernel is kprobes */ 378 __arch_local_irq_ssm(regs->psw.mask & ~PSW_MASK_PER); 379 do_per_trap(regs); 380 goto out; 381 } 382 } 383 if (!irqs_disabled_flags(regs->psw.mask)) 384 trace_hardirqs_on(); 385 __arch_local_irq_ssm(regs->psw.mask & ~PSW_MASK_PER); 386 trapnr = regs->int_code & PGM_INT_CODE_MASK; 387 if (trapnr) 388 pgm_check_table[trapnr](regs); 389 out: 390 local_irq_disable(); 391 percpu_needs_fixup = percpu_code_check(regs); 392 irqentry_exit(regs, state); 393 percpu_exit(regs, percpu_needs_fixup); 394 } 395 396 /* 397 * The program check table contains exactly 128 (0x00-0x7f) entries. Each 398 * line defines the function to be called corresponding to the program check 399 * interruption code. 400 */ 401 static void (*pgm_check_table[128])(struct pt_regs *regs) = { 402 [0x00] = default_trap_handler, 403 [0x01] = illegal_op, 404 [0x02] = privileged_op, 405 [0x03] = execute_exception, 406 [0x04] = do_protection_exception, 407 [0x05] = addressing_exception, 408 [0x06] = specification_exception, 409 [0x07] = data_exception, 410 [0x08] = overflow_exception, 411 [0x09] = divide_exception, 412 [0x0a] = overflow_exception, 413 [0x0b] = divide_exception, 414 [0x0c] = hfp_overflow_exception, 415 [0x0d] = hfp_underflow_exception, 416 [0x0e] = hfp_significance_exception, 417 [0x0f] = hfp_divide_exception, 418 [0x10] = do_dat_exception, 419 [0x11] = do_dat_exception, 420 [0x12] = translation_specification_exception, 421 [0x13] = special_op_exception, 422 [0x14] = default_trap_handler, 423 [0x15] = operand_exception, 424 [0x16] = default_trap_handler, 425 [0x17] = default_trap_handler, 426 [0x18] = transaction_exception, 427 [0x19] = default_trap_handler, 428 [0x1a] = default_trap_handler, 429 [0x1b] = vector_exception, 430 [0x1c] = space_switch_exception, 431 [0x1d] = hfp_sqrt_exception, 432 [0x1e ... 0x37] = default_trap_handler, 433 [0x38] = do_dat_exception, 434 [0x39] = do_dat_exception, 435 [0x3a] = do_dat_exception, 436 [0x3b] = do_dat_exception, 437 [0x3c] = default_trap_handler, 438 [0x3d] = do_secure_storage_access, 439 [0x3e] = default_trap_handler, 440 [0x3f] = default_trap_handler, 441 [0x40] = monitor_event_exception, 442 [0x41 ... 0x7f] = default_trap_handler, 443 }; 444 445 #define COND_TRAP(x) asm( \ 446 ".weak " __stringify(x) "\n\t" \ 447 ".set " __stringify(x) "," \ 448 __stringify(default_trap_handler)) 449 450 COND_TRAP(do_secure_storage_access); 451