Received: by 2002:a05:6a10:2726:0:0:0:0 with SMTP id ib38csp826298pxb; Wed, 6 Apr 2022 00:56:51 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwGsDNP8qbHZeluihV79tZEhFV3zAtYvL47DLezwFrX2HM4kwOKYuLoMpHGgS+aPO9vDZ+D X-Received: by 2002:a63:2ad0:0:b0:398:31d7:9955 with SMTP id q199-20020a632ad0000000b0039831d79955mr5982550pgq.198.1649231811474; Wed, 06 Apr 2022 00:56:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1649231811; cv=none; d=google.com; s=arc-20160816; b=m3HiEQVqb3zoRgEEHVO8DeT94HgMxS6DovzqiCGjuOvEfiotCMKuIsvLQOjPXuqKAk LASrchri1AL5j2FRCX/w4aDwp1P6rtHP2zsbjTE65KRt9ZiXnOQApgyrSuD1mo7RUp0n 4kvAXb1TpIzctMXlXrHZ+DAcm35WhbqEwW4QSB8ZbxfE5+tKDg5v2QfhVNWQ4WOrqkM5 doRz8cWFpdajII/erfPjIQNwqhgHQMNFITpUhMhB6f/fvFuSO+AcAmAOIOTGD2kw8wg8 gZGJmbYBw12nDQK1Ol1KRAUdY9nlj8vMM7sSt86AV6CQXeBAg9V9wKD9NhfYVj9NbOQq chJA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=rt4TKgaI9XA6k200Kan7P1fiwqeGJx5sTfFcJD/8fVQ=; b=0AmQ7ADLgQbHlEPTowfx4ampd2kOyNB8BPFWqI/t895bTqXQ6sxitMa0pAaNaGzV9S IniXWmOSu9/TpBlqho3efhqdySyUOZHxXOeBEQpry+IZwQiplkdqaCU6EsrAMHds+fPT nrLlRMABlPJVknC4AuhAqvb0tfBVHfoBfScEJH/cBOwtSFAOEVioBk0VuJfvGFnRfgQ1 Ls8fuQlrJegk7d5thN+xM7i/xTPHJGWQS6aY/31suHtaqGeBupIcWFsQnPm7QMdqJflw Dm6+RCfAwsXbFTImEbgmR6aaUPgRfLrNwSIem65w+S39Q3XG2/i6lgT6NpqTXYVWKuOx vbPw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=odYx+DzG; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id q1-20020a63ae01000000b00381f044e11fsi15336530pgf.550.2022.04.06.00.56.51 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 06 Apr 2022 00:56:51 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=odYx+DzG; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 877A7370652; Wed, 6 Apr 2022 00:30:23 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1386792AbiDEVuq (ORCPT + 99 others); Tue, 5 Apr 2022 17:50:46 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39024 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1351860AbiDEKDZ (ORCPT ); Tue, 5 Apr 2022 06:03:25 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0FDB084EC1; Tue, 5 Apr 2022 02:52:30 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id D54236165C; Tue, 5 Apr 2022 09:52:28 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id E819DC385A2; Tue, 5 Apr 2022 09:52:27 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1649152348; bh=CV240FBWJ+J/RE78ZouTlWfvTag+OZii7101escWnGk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=odYx+DzG+kW7XD424NoO0rwVE7Gh+4p4/Wqu/xX8J33ucBROu0HIPkr1rx+8LxtEN mROqrJW7ocapFFW6L7IZKnwHcCalgWWiFxhVvxl8maX9iFqjh/4+i/jry5qPQ7Jfml zXADytHwMoJwNi4If9nZJ0HrR2/fRCNof6ZsT+VI= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, John David Anglin , Helge Deller , Sasha Levin Subject: [PATCH 5.15 706/913] parisc: Fix handling off probe non-access faults Date: Tue, 5 Apr 2022 09:29:28 +0200 Message-Id: <20220405070400.997396038@linuxfoundation.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220405070339.801210740@linuxfoundation.org> References: <20220405070339.801210740@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: John David Anglin [ Upstream commit e00b0a2ab8ec019c344e53bfc76e31c18bb587b7 ] Currently, the parisc kernel does not fully support non-access TLB fault handling for probe instructions. In the fast path, we set the target register to zero if it is not a shadowed register. The slow path is not implemented, so we call do_page_fault. The architecture indicates that non-access faults should not cause a page fault from disk. This change adds to code to provide non-access fault support for probe instructions. It also modifies the handling of faults on userspace so that if the address lies in a valid VMA and the access type matches that for the VMA, the probe target register is set to one. Otherwise, the target register is set to zero. This was done to make probe instructions more useful for userspace. Probe instructions are not very useful if they set the target register to zero whenever a page is not present in memory. Nominally, the purpose of the probe instruction is determine whether read or write access to a given address is allowed. This fixes a problem in function pointer comparison noticed in the glibc testsuite (stdio-common/tst-vfprintf-user-type). The same problem is likely in glibc (_dl_lookup_address). V2 adds flush and lpa instruction support to handle_nadtlb_fault. Signed-off-by: John David Anglin Signed-off-by: Helge Deller Signed-off-by: Sasha Levin --- arch/parisc/include/asm/traps.h | 1 + arch/parisc/kernel/traps.c | 2 + arch/parisc/mm/fault.c | 89 +++++++++++++++++++++++++++++++++ 3 files changed, 92 insertions(+) diff --git a/arch/parisc/include/asm/traps.h b/arch/parisc/include/asm/traps.h index 8ecc1f0c0483..d0e090a2c000 100644 --- a/arch/parisc/include/asm/traps.h +++ b/arch/parisc/include/asm/traps.h @@ -17,6 +17,7 @@ void die_if_kernel(char *str, struct pt_regs *regs, long err); const char *trap_name(unsigned long code); void do_page_fault(struct pt_regs *regs, unsigned long code, unsigned long address); +int handle_nadtlb_fault(struct pt_regs *regs); #endif #endif diff --git a/arch/parisc/kernel/traps.c b/arch/parisc/kernel/traps.c index afe8b902a8fc..6fe5a3e98edc 100644 --- a/arch/parisc/kernel/traps.c +++ b/arch/parisc/kernel/traps.c @@ -661,6 +661,8 @@ void notrace handle_interruption(int code, struct pt_regs *regs) by hand. Technically we need to emulate: fdc,fdce,pdc,"fic,4f",prober,probeir,probew, probeiw */ + if (code == 17 && handle_nadtlb_fault(regs)) + return; fault_address = regs->ior; fault_space = regs->isr; break; diff --git a/arch/parisc/mm/fault.c b/arch/parisc/mm/fault.c index 716960f5d92e..5faa3cff4738 100644 --- a/arch/parisc/mm/fault.c +++ b/arch/parisc/mm/fault.c @@ -424,3 +424,92 @@ void do_page_fault(struct pt_regs *regs, unsigned long code, goto no_context; pagefault_out_of_memory(); } + +/* Handle non-access data TLB miss faults. + * + * For probe instructions, accesses to userspace are considered allowed + * if they lie in a valid VMA and the access type matches. We are not + * allowed to handle MM faults here so there may be situations where an + * actual access would fail even though a probe was successful. + */ +int +handle_nadtlb_fault(struct pt_regs *regs) +{ + unsigned long insn = regs->iir; + int breg, treg, xreg, val = 0; + struct vm_area_struct *vma, *prev_vma; + struct task_struct *tsk; + struct mm_struct *mm; + unsigned long address; + unsigned long acc_type; + + switch (insn & 0x380) { + case 0x280: + /* FDC instruction */ + fallthrough; + case 0x380: + /* PDC and FIC instructions */ + if (printk_ratelimit()) { + pr_warn("BUG: nullifying cache flush/purge instruction\n"); + show_regs(regs); + } + if (insn & 0x20) { + /* Base modification */ + breg = (insn >> 21) & 0x1f; + xreg = (insn >> 16) & 0x1f; + if (breg && xreg) + regs->gr[breg] += regs->gr[xreg]; + } + regs->gr[0] |= PSW_N; + return 1; + + case 0x180: + /* PROBE instruction */ + treg = insn & 0x1f; + if (regs->isr) { + tsk = current; + mm = tsk->mm; + if (mm) { + /* Search for VMA */ + address = regs->ior; + mmap_read_lock(mm); + vma = find_vma_prev(mm, address, &prev_vma); + mmap_read_unlock(mm); + + /* + * Check if access to the VMA is okay. + * We don't allow for stack expansion. + */ + acc_type = (insn & 0x40) ? VM_WRITE : VM_READ; + if (vma + && address >= vma->vm_start + && (vma->vm_flags & acc_type) == acc_type) + val = 1; + } + } + if (treg) + regs->gr[treg] = val; + regs->gr[0] |= PSW_N; + return 1; + + case 0x300: + /* LPA instruction */ + if (insn & 0x20) { + /* Base modification */ + breg = (insn >> 21) & 0x1f; + xreg = (insn >> 16) & 0x1f; + if (breg && xreg) + regs->gr[breg] += regs->gr[xreg]; + } + treg = insn & 0x1f; + if (treg) + regs->gr[treg] = 0; + regs->gr[0] |= PSW_N; + return 1; + + default: + break; + } + + return 0; +} -- 2.34.1