tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux

Pull s390 fixes from Martin Schwidefsky:
"An update for the BFP jit to the latest and greatest, two patches to
get kdump working again, the random-abort ptrace extention for
transactional execution, the z90crypt module alias for ap and a tiny
cleanup"

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
s390/zcrypt: Alias for new zcrypt device driver base module
s390/kdump: Allow copy_oldmem_page() copy to virtual memory
s390/kdump: Disable mmap for s390
s390/bpf,jit: add pkt_type support
s390/bpf,jit: address randomize and write protect jit code
s390/bpf,jit: use generic jit dumper
s390/bpf,jit: call module_free() from any context
s390/qdio: remove unused variable
s390/ptrace: PTRACE_TE_ABORT_RAND

Linus Torvalds 89a8c594 b8a33fc7

+190 -46
+9 -1
arch/s390/include/asm/processor.h
··· 91 91 #endif 92 92 }; 93 93 94 - #define PER_FLAG_NO_TE 1UL /* Flag to disable transactions. */ 94 + /* Flag to disable transactions. */ 95 + #define PER_FLAG_NO_TE 1UL 96 + /* Flag to enable random transaction aborts. */ 97 + #define PER_FLAG_TE_ABORT_RAND 2UL 98 + /* Flag to specify random transaction abort mode: 99 + * - abort each transaction at a random instruction before TEND if set. 100 + * - abort random transactions at a random instruction if cleared. 101 + */ 102 + #define PER_FLAG_TE_ABORT_RAND_TEND 4UL 95 103 96 104 typedef struct thread_struct thread_struct; 97 105
+2 -2
arch/s390/include/asm/switch_to.h
··· 10 10 #include <linux/thread_info.h> 11 11 12 12 extern struct task_struct *__switch_to(void *, void *); 13 - extern void update_per_regs(struct task_struct *task); 13 + extern void update_cr_regs(struct task_struct *task); 14 14 15 15 static inline void save_fp_regs(s390_fp_regs *fpregs) 16 16 { ··· 86 86 restore_fp_regs(&next->thread.fp_regs); \ 87 87 restore_access_regs(&next->thread.acrs[0]); \ 88 88 restore_ri_cb(next->thread.ri_cb, prev->thread.ri_cb); \ 89 - update_per_regs(next); \ 89 + update_cr_regs(next); \ 90 90 } \ 91 91 prev = __switch_to(prev,next); \ 92 92 } while (0)
+1
arch/s390/include/uapi/asm/ptrace.h
··· 400 400 #define PTRACE_POKE_SYSTEM_CALL 0x5008 401 401 #define PTRACE_ENABLE_TE 0x5009 402 402 #define PTRACE_DISABLE_TE 0x5010 403 + #define PTRACE_TE_ABORT_RAND 0x5011 403 404 404 405 /* 405 406 * PT_PROT definition is loosely based on hppa bsd definition in
+47 -4
arch/s390/kernel/crash_dump.c
··· 21 21 #define PTR_SUB(x, y) (((char *) (x)) - ((unsigned long) (y))) 22 22 #define PTR_DIFF(x, y) ((unsigned long)(((char *) (x)) - ((unsigned long) (y)))) 23 23 24 + 25 + /* 26 + * Return physical address for virtual address 27 + */ 28 + static inline void *load_real_addr(void *addr) 29 + { 30 + unsigned long real_addr; 31 + 32 + asm volatile( 33 + " lra %0,0(%1)\n" 34 + " jz 0f\n" 35 + " la %0,0\n" 36 + "0:" 37 + : "=a" (real_addr) : "a" (addr) : "cc"); 38 + return (void *)real_addr; 39 + } 40 + 41 + /* 42 + * Copy up to one page to vmalloc or real memory 43 + */ 44 + static ssize_t copy_page_real(void *buf, void *src, size_t csize) 45 + { 46 + size_t size; 47 + 48 + if (is_vmalloc_addr(buf)) { 49 + BUG_ON(csize >= PAGE_SIZE); 50 + /* If buf is not page aligned, copy first part */ 51 + size = min(roundup(__pa(buf), PAGE_SIZE) - __pa(buf), csize); 52 + if (size) { 53 + if (memcpy_real(load_real_addr(buf), src, size)) 54 + return -EFAULT; 55 + buf += size; 56 + src += size; 57 + } 58 + /* Copy second part */ 59 + size = csize - size; 60 + return (size) ? memcpy_real(load_real_addr(buf), src, size) : 0; 61 + } else { 62 + return memcpy_real(buf, src, csize); 63 + } 64 + } 65 + 24 66 /* 25 67 * Copy one page from "oldmem" 26 68 * ··· 74 32 size_t csize, unsigned long offset, int userbuf) 75 33 { 76 34 unsigned long src; 35 + int rc; 77 36 78 37 if (!csize) 79 38 return 0; ··· 86 43 src < OLDMEM_BASE + OLDMEM_SIZE) 87 44 src -= OLDMEM_BASE; 88 45 if (userbuf) 89 - copy_to_user_real((void __force __user *) buf, (void *) src, 90 - csize); 46 + rc = copy_to_user_real((void __force __user *) buf, 47 + (void *) src, csize); 91 48 else 92 - memcpy_real(buf, (void *) src, csize); 93 - return csize; 49 + rc = copy_page_real(buf, (void *) src, csize); 50 + return (rc == 0) ? csize : rc; 94 51 } 95 52 96 53 /*
+39 -11
arch/s390/kernel/ptrace.c
··· 47 47 REGSET_GENERAL_EXTENDED, 48 48 }; 49 49 50 - void update_per_regs(struct task_struct *task) 50 + void update_cr_regs(struct task_struct *task) 51 51 { 52 52 struct pt_regs *regs = task_pt_regs(task); 53 53 struct thread_struct *thread = &task->thread; ··· 56 56 #ifdef CONFIG_64BIT 57 57 /* Take care of the enable/disable of transactional execution. */ 58 58 if (MACHINE_HAS_TE) { 59 - unsigned long cr0, cr0_new; 59 + unsigned long cr[3], cr_new[3]; 60 60 61 - __ctl_store(cr0, 0, 0); 62 - /* set or clear transaction execution bits 8 and 9. */ 61 + __ctl_store(cr, 0, 2); 62 + cr_new[1] = cr[1]; 63 + /* Set or clear transaction execution TXC/PIFO bits 8 and 9. */ 63 64 if (task->thread.per_flags & PER_FLAG_NO_TE) 64 - cr0_new = cr0 & ~(3UL << 54); 65 + cr_new[0] = cr[0] & ~(3UL << 54); 65 66 else 66 - cr0_new = cr0 | (3UL << 54); 67 - /* Only load control register 0 if necessary. */ 68 - if (cr0 != cr0_new) 69 - __ctl_load(cr0_new, 0, 0); 67 + cr_new[0] = cr[0] | (3UL << 54); 68 + /* Set or clear transaction execution TDC bits 62 and 63. */ 69 + cr_new[2] = cr[2] & ~3UL; 70 + if (task->thread.per_flags & PER_FLAG_TE_ABORT_RAND) { 71 + if (task->thread.per_flags & PER_FLAG_TE_ABORT_RAND_TEND) 72 + cr_new[2] |= 1UL; 73 + else 74 + cr_new[2] |= 2UL; 75 + } 76 + if (memcmp(&cr_new, &cr, sizeof(cr))) 77 + __ctl_load(cr_new, 0, 2); 70 78 } 71 79 #endif 72 80 /* Copy user specified PER registers */ ··· 108 100 { 109 101 set_tsk_thread_flag(task, TIF_SINGLE_STEP); 110 102 if (task == current) 111 - update_per_regs(task); 103 + update_cr_regs(task); 112 104 } 113 105 114 106 void user_disable_single_step(struct task_struct *task) 115 107 { 116 108 clear_tsk_thread_flag(task, TIF_SINGLE_STEP); 117 109 if (task == current) 118 - update_per_regs(task); 110 + update_cr_regs(task); 119 111 } 120 112 121 113 /* ··· 455 447 if (!MACHINE_HAS_TE) 456 448 return -EIO; 457 449 child->thread.per_flags |= PER_FLAG_NO_TE; 450 + child->thread.per_flags &= ~PER_FLAG_TE_ABORT_RAND; 451 + return 0; 452 + case PTRACE_TE_ABORT_RAND: 453 + if (!MACHINE_HAS_TE || (child->thread.per_flags & PER_FLAG_NO_TE)) 454 + return -EIO; 455 + switch (data) { 456 + case 0UL: 457 + child->thread.per_flags &= ~PER_FLAG_TE_ABORT_RAND; 458 + break; 459 + case 1UL: 460 + child->thread.per_flags |= PER_FLAG_TE_ABORT_RAND; 461 + child->thread.per_flags |= PER_FLAG_TE_ABORT_RAND_TEND; 462 + break; 463 + case 2UL: 464 + child->thread.per_flags |= PER_FLAG_TE_ABORT_RAND; 465 + child->thread.per_flags &= ~PER_FLAG_TE_ABORT_RAND_TEND; 466 + break; 467 + default: 468 + return -EINVAL; 469 + } 458 470 return 0; 459 471 default: 460 472 /* Removing high order bit from addr (only for 31 bit). */
+88 -25
arch/s390/net/bpf_jit_comp.c
··· 9 9 #include <linux/netdevice.h> 10 10 #include <linux/if_vlan.h> 11 11 #include <linux/filter.h> 12 + #include <linux/random.h> 13 + #include <linux/init.h> 12 14 #include <asm/cacheflush.h> 13 15 #include <asm/processor.h> 14 16 #include <asm/facility.h> ··· 222 220 /* br %r14 */ 223 221 EMIT2(0x07fe); 224 222 } 223 + 224 + /* Helper to find the offset of pkt_type in sk_buff 225 + * Make sure its still a 3bit field starting at the MSBs within a byte. 226 + */ 227 + #define PKT_TYPE_MAX 0xe0 228 + static int pkt_type_offset; 229 + 230 + static int __init bpf_pkt_type_offset_init(void) 231 + { 232 + struct sk_buff skb_probe = { 233 + .pkt_type = ~0, 234 + }; 235 + char *ct = (char *)&skb_probe; 236 + int off; 237 + 238 + pkt_type_offset = -1; 239 + for (off = 0; off < sizeof(struct sk_buff); off++) { 240 + if (!ct[off]) 241 + continue; 242 + if (ct[off] == PKT_TYPE_MAX) 243 + pkt_type_offset = off; 244 + else { 245 + /* Found non matching bit pattern, fix needed. */ 246 + WARN_ON_ONCE(1); 247 + pkt_type_offset = -1; 248 + return -1; 249 + } 250 + } 251 + return 0; 252 + } 253 + device_initcall(bpf_pkt_type_offset_init); 225 254 226 255 /* 227 256 * make sure we dont leak kernel information to user ··· 753 720 EMIT4_DISP(0x88500000, 12); 754 721 } 755 722 break; 723 + case BPF_S_ANC_PKTTYPE: 724 + if (pkt_type_offset < 0) 725 + goto out; 726 + /* lhi %r5,0 */ 727 + EMIT4(0xa7580000); 728 + /* ic %r5,<d(pkt_type_offset)>(%r2) */ 729 + EMIT4_DISP(0x43502000, pkt_type_offset); 730 + /* srl %r5,5 */ 731 + EMIT4_DISP(0x88500000, 5); 732 + break; 756 733 case BPF_S_ANC_CPU: /* A = smp_processor_id() */ 757 734 #ifdef CONFIG_SMP 758 735 /* l %r5,<d(cpu_nr)> */ ··· 781 738 return -1; 782 739 } 783 740 741 + /* 742 + * Note: for security reasons, bpf code will follow a randomly 743 + * sized amount of illegal instructions. 744 + */ 745 + struct bpf_binary_header { 746 + unsigned int pages; 747 + u8 image[]; 748 + }; 749 + 750 + static struct bpf_binary_header *bpf_alloc_binary(unsigned int bpfsize, 751 + u8 **image_ptr) 752 + { 753 + struct bpf_binary_header *header; 754 + unsigned int sz, hole; 755 + 756 + /* Most BPF filters are really small, but if some of them fill a page, 757 + * allow at least 128 extra bytes for illegal instructions. 758 + */ 759 + sz = round_up(bpfsize + sizeof(*header) + 128, PAGE_SIZE); 760 + header = module_alloc(sz); 761 + if (!header) 762 + return NULL; 763 + memset(header, 0, sz); 764 + header->pages = sz / PAGE_SIZE; 765 + hole = sz - bpfsize + sizeof(*header); 766 + /* Insert random number of illegal instructions before BPF code 767 + * and make sure the first instruction starts at an even address. 768 + */ 769 + *image_ptr = &header->image[(prandom_u32() % hole) & -2]; 770 + return header; 771 + } 772 + 784 773 void bpf_jit_compile(struct sk_filter *fp) 785 774 { 775 + struct bpf_binary_header *header = NULL; 786 776 unsigned long size, prg_len, lit_len; 787 777 struct bpf_jit jit, cjit; 788 778 unsigned int *addrs; ··· 848 772 } else if (jit.prg == cjit.prg && jit.lit == cjit.lit) { 849 773 prg_len = jit.prg - jit.start; 850 774 lit_len = jit.lit - jit.mid; 851 - size = max_t(unsigned long, prg_len + lit_len, 852 - sizeof(struct work_struct)); 775 + size = prg_len + lit_len; 853 776 if (size >= BPF_SIZE_MAX) 854 777 goto out; 855 - jit.start = module_alloc(size); 856 - if (!jit.start) 778 + header = bpf_alloc_binary(size, &jit.start); 779 + if (!header) 857 780 goto out; 858 781 jit.prg = jit.mid = jit.start + prg_len; 859 782 jit.lit = jit.end = jit.start + prg_len + lit_len; ··· 863 788 cjit = jit; 864 789 } 865 790 if (bpf_jit_enable > 1) { 866 - pr_err("flen=%d proglen=%lu pass=%d image=%p\n", 867 - fp->len, jit.end - jit.start, pass, jit.start); 868 - if (jit.start) { 869 - printk(KERN_ERR "JIT code:\n"); 791 + bpf_jit_dump(fp->len, jit.end - jit.start, pass, jit.start); 792 + if (jit.start) 870 793 print_fn_code(jit.start, jit.mid - jit.start); 871 - print_hex_dump(KERN_ERR, "JIT literals:\n", 872 - DUMP_PREFIX_ADDRESS, 16, 1, 873 - jit.mid, jit.end - jit.mid, false); 874 - } 875 794 } 876 - if (jit.start) 795 + if (jit.start) { 796 + set_memory_ro((unsigned long)header, header->pages); 877 797 fp->bpf_func = (void *) jit.start; 798 + } 878 799 out: 879 800 kfree(addrs); 880 801 } 881 802 882 - static void jit_free_defer(struct work_struct *arg) 883 - { 884 - module_free(NULL, arg); 885 - } 886 - 887 - /* run from softirq, we must use a work_struct to call 888 - * module_free() from process context 889 - */ 890 803 void bpf_jit_free(struct sk_filter *fp) 891 804 { 892 - struct work_struct *work; 805 + unsigned long addr = (unsigned long)fp->bpf_func & PAGE_MASK; 806 + struct bpf_binary_header *header = (void *)addr; 893 807 894 808 if (fp->bpf_func == sk_run_filter) 895 809 return; 896 - work = (struct work_struct *)fp->bpf_func; 897 - INIT_WORK(work, jit_free_defer); 898 - schedule_work(work); 810 + set_memory_rw(addr, header->pages); 811 + module_free(NULL, header); 899 812 }
+2 -2
drivers/s390/cio/qdio_main.c
··· 1497 1497 static int handle_inbound(struct qdio_q *q, unsigned int callflags, 1498 1498 int bufnr, int count) 1499 1499 { 1500 - int used, diff; 1500 + int diff; 1501 1501 1502 1502 qperf_inc(q, inbound_call); 1503 1503 ··· 1530 1530 1531 1531 set: 1532 1532 count = set_buf_states(q, bufnr, SLSB_CU_INPUT_EMPTY, count); 1533 - used = atomic_add_return(count, &q->nr_buf_used) - count; 1533 + atomic_add(count, &q->nr_buf_used); 1534 1534 1535 1535 if (need_siga_in(q)) 1536 1536 return qdio_siga_input(q);
+1
drivers/s390/crypto/ap_bus.c
··· 71 71 MODULE_DESCRIPTION("Adjunct Processor Bus driver, " \ 72 72 "Copyright IBM Corp. 2006, 2012"); 73 73 MODULE_LICENSE("GPL"); 74 + MODULE_ALIAS("z90crypt"); 74 75 75 76 /* 76 77 * Module parameter
+1 -1
fs/proc/vmcore.c
··· 223 223 * regions in the 1st kernel pointed to by PT_LOAD entries) into 224 224 * virtually contiguous user-space in ELF layout. 225 225 */ 226 - #ifdef CONFIG_MMU 226 + #if defined(CONFIG_MMU) && !defined(CONFIG_S390) 227 227 static int mmap_vmcore(struct file *file, struct vm_area_struct *vma) 228 228 { 229 229 size_t size = vma->vm_end - vma->vm_start;