linux/arch/s390/mm/maccess.c

/*
 * Access kernel memory without faulting -- s390 specific implementation.
 *
 * Copyright IBM Corp. 2009
 *
 *   Author(s): Heiko Carstens <heiko.carstens@de.ibm.com>,
 *
 */

#include <linux/uaccess.h>
#include <linux/kernel.h>
#include <linux/types.h>
#include <linux/errno.h>
#include <linux/gfp.h>
#include <asm/system.h>

/*
 * This function writes to kernel memory bypassing DAT and possible
 * write protection. It copies one to four bytes from src to dst
 * using the stura instruction.
 * Returns the number of bytes copied or -EFAULT.
 */
static long probe_kernel_write_odd(void *dst, const void *src, size_t size)
{
	unsigned long count, aligned;
	int offset, mask;
	int rc = -EFAULT;

	aligned = (unsigned long) dst & ~3UL;
	offset = (unsigned long) dst & 3;
	count = min_t(unsigned long, 4 - offset, size);
	mask = (0xf << (4 - count)) & 0xf;
	mask >>= offset;
	asm volatile(
		"	bras	1,0f\n"
		"	icm	0,0,0(%3)\n"
		"0:	l	0,0(%1)\n"
		"	lra	%1,0(%1)\n"
		"1:	ex	%2,0(1)\n"
		"2:	stura	0,%1\n"
		"	la	%0,0\n"
		"3:\n"
		EX_TABLE(0b,3b) EX_TABLE(1b,3b) EX_TABLE(2b,3b)
		: "+d" (rc), "+a" (aligned)
		: "a" (mask), "a" (src) : "cc", "memory", "0", "1");
	return rc ? rc : count;
}

long probe_kernel_write(void *dst, const void *src, size_t size)
{
	long copied = 0;

	while (size) {
		copied = probe_kernel_write_odd(dst, src, size);
		if (copied < 0)
			break;
		dst += copied;
		src += copied;
		size -= copied;
	}
	return copied < 0 ? -EFAULT : 0;
}

/*
 * Copy memory in real mode (kernel to kernel)
 */
int memcpy_real(void *dest, void *src, size_t count)
{
	register unsigned long _dest asm("2") = (unsigned long) dest;
	register unsigned long _len1 asm("3") = (unsigned long) count;
	register unsigned long _src  asm("4") = (unsigned long) src;
	register unsigned long _len2 asm("5") = (unsigned long) count;
	unsigned long flags;
	int rc = -EFAULT;

	if (!count)
		return 0;
	flags = __arch_local_irq_stnsm(0xf8UL);
	asm volatile (
		"0:	mvcle	%1,%2,0x0\n"
		"1:	jo	0b\n"
		"	lhi	%0,0x0\n"
		"2:\n"
		EX_TABLE(1b,2b)
		: "+d" (rc), "+d" (_dest), "+d" (_src), "+d" (_len1),
		  "+d" (_len2), "=m" (*((long *) dest))
		: "m" (*((long *) src))
		: "cc", "memory");
	arch_local_irq_restore(flags);
	return rc;
}

/*
 * Copy memory to absolute zero
 */
void copy_to_absolute_zero(void *dest, void *src, size_t count)
{
	unsigned long cr0;

	BUG_ON((unsigned long) dest + count >= sizeof(struct _lowcore));
	preempt_disable();
	__ctl_store(cr0, 0, 0);
	__ctl_clear_bit(0, 28); /* disable lowcore protection */
	memcpy_real(dest + store_prefix(), src, count);
	__ctl_load(cr0, 0, 0);
	preempt_enable();
}

/*
 * Copy memory from kernel (real) to user (virtual)
 */
int copy_to_user_real(void __user *dest, void *src, size_t count)
{
	int offs = 0, size, rc;
	char *buf;

	buf = (char *) __get_free_page(GFP_KERNEL);
	if (!buf)
		return -ENOMEM;
	rc = -EFAULT;
	while (offs < count) {
		size = min(PAGE_SIZE, count - offs);
		if (memcpy_real(buf, src + offs, size))
			goto out;
		if (copy_to_user(dest + offs, buf, size))
			goto out;
		offs += size;
	}
	rc = 0;
out:
	free_page((unsigned long) buf);
	return rc;
}

/*
 * Copy memory from user (virtual) to kernel (real)
 */
int copy_from_user_real(void *dest, void __user *src, size_t count)
{
	int offs = 0, size, rc;
	char *buf;

	buf = (char *) __get_free_page(GFP_KERNEL);
	if (!buf)
		return -ENOMEM;
	rc = -EFAULT;
	while (offs < count) {
		size = min(PAGE_SIZE, count - offs);
		if (copy_from_user(buf, src + offs, size))
			goto out;
		if (memcpy_real(dest + offs, buf, size))
			goto out;
		offs += size;
	}
	rc = 0;
out:
	free_page((unsigned long) buf);
	return rc;
}
[S390] maccess: arch specific probe_kernel_write() implementation Add an s390 specific probe_kernel_write() function which allows to write to the kernel text segment even if write protection is enabled. This is implemented using the lra (load real address) and stura (store using real address) instructions. Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com> 2009-06-12 12:26:42 +04:00			`/*`
			`* Access kernel memory without faulting -- s390 specific implementation.`
			`*`
			`* Copyright IBM Corp. 2009`
			`*`
			`* Author(s): Heiko Carstens <heiko.carstens@de.ibm.com>,`
			`*`
			`*/`

			`#include <linux/uaccess.h>`
			`#include <linux/kernel.h>`
			`#include <linux/types.h>`
			`#include <linux/errno.h>`
[S390] Add real memory access functions Add access function for real memory needed by s390 kdump backend. Signed-off-by: Michael Holzheu <holzheu@linux.vnet.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com> 2011-10-30 18:16:39 +04:00			`#include <linux/gfp.h>`
[S390] maccess: arch specific probe_kernel_write() implementation Add an s390 specific probe_kernel_write() function which allows to write to the kernel text segment even if write protection is enabled. This is implemented using the lra (load real address) and stura (store using real address) instructions. Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com> 2009-06-12 12:26:42 +04:00			`#include <asm/system.h>`

			`/*`
			`* This function writes to kernel memory bypassing DAT and possible`
			`* write protection. It copies one to four bytes from src to dst`
			`* using the stura instruction.`
			`* Returns the number of bytes copied or -EFAULT.`
			`*/`
maccess,probe_kernel: Make write/read src const void * The functions probe_kernel_write() and probe_kernel_read() do not modify the src pointer. Allow const pointers to be passed in without the need of a typecast. Acked-by: Mike Frysinger <vapier@gentoo.org> Acked-by: Heiko Carstens <heiko.carstens@de.ibm.com> Acked-by: Martin Schwidefsky <schwidefsky@de.ibm.com> Signed-off-by: Steven Rostedt <rostedt@goodmis.org> Link: http://lkml.kernel.org/r/1305824936.1465.4.camel@gandalf.stny.rr.com 2011-05-19 22:35:33 +04:00			`static long probe_kernel_write_odd(void dst, const void src, size_t size)`
[S390] maccess: arch specific probe_kernel_write() implementation Add an s390 specific probe_kernel_write() function which allows to write to the kernel text segment even if write protection is enabled. This is implemented using the lra (load real address) and stura (store using real address) instructions. Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com> 2009-06-12 12:26:42 +04:00			`{`
			`unsigned long count, aligned;`
			`int offset, mask;`
			`int rc = -EFAULT;`

			`aligned = (unsigned long) dst & ~3UL;`
			`offset = (unsigned long) dst & 3;`
			`count = min_t(unsigned long, 4 - offset, size);`
			`mask = (0xf << (4 - count)) & 0xf;`
			`mask >>= offset;`
			`asm volatile(`
			`" bras 1,0f\n"`
			`" icm 0,0,0(%3)\n"`
			`"0: l 0,0(%1)\n"`
			`" lra %1,0(%1)\n"`
			`"1: ex %2,0(1)\n"`
			`"2: stura 0,%1\n"`
			`" la %0,0\n"`
			`"3:\n"`
			`EX_TABLE(0b,3b) EX_TABLE(1b,3b) EX_TABLE(2b,3b)`
			`: "+d" (rc), "+a" (aligned)`
			`: "a" (mask), "a" (src) : "cc", "memory", "0", "1");`
			`return rc ? rc : count;`
			`}`

maccess,probe_kernel: Make write/read src const void * The functions probe_kernel_write() and probe_kernel_read() do not modify the src pointer. Allow const pointers to be passed in without the need of a typecast. Acked-by: Mike Frysinger <vapier@gentoo.org> Acked-by: Heiko Carstens <heiko.carstens@de.ibm.com> Acked-by: Martin Schwidefsky <schwidefsky@de.ibm.com> Signed-off-by: Steven Rostedt <rostedt@goodmis.org> Link: http://lkml.kernel.org/r/1305824936.1465.4.camel@gandalf.stny.rr.com 2011-05-19 22:35:33 +04:00			`long probe_kernel_write(void dst, const void src, size_t size)`
[S390] maccess: arch specific probe_kernel_write() implementation Add an s390 specific probe_kernel_write() function which allows to write to the kernel text segment even if write protection is enabled. This is implemented using the lra (load real address) and stura (store using real address) instructions. Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com> 2009-06-12 12:26:42 +04:00			`{`
			`long copied = 0;`

			`while (size) {`
			`copied = probe_kernel_write_odd(dst, src, size);`
			`if (copied < 0)`
			`break;`
			`dst += copied;`
			`src += copied;`
			`size -= copied;`
			`}`
			`return copied < 0 ? -EFAULT : 0;`
			`}`
[S390] zcore: CPU registers are not saved under LPAR To save the registers for all CPUs a sigp "store status" is done that stores the registers to address absolute zero. To access storage at absolute zero, normally the address of the prefix register of the accessing CPU has to be used. This does not work when large pages are active (currently only under LPAR). In order to fix that problem, instead of memcpy memcpy_real is used, which switches to real mode where prefixing works. Signed-off-by: Michael Holzheu <holzheu@linux.vnet.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com> 2010-03-24 13:49:50 +03:00
[S390] Add real memory access functions Add access function for real memory needed by s390 kdump backend. Signed-off-by: Michael Holzheu <holzheu@linux.vnet.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com> 2011-10-30 18:16:39 +04:00			`/*`
			`* Copy memory in real mode (kernel to kernel)`
			`*/`
[S390] zcore: CPU registers are not saved under LPAR To save the registers for all CPUs a sigp "store status" is done that stores the registers to address absolute zero. To access storage at absolute zero, normally the address of the prefix register of the accessing CPU has to be used. This does not work when large pages are active (currently only under LPAR). In order to fix that problem, instead of memcpy memcpy_real is used, which switches to real mode where prefixing works. Signed-off-by: Michael Holzheu <holzheu@linux.vnet.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com> 2010-03-24 13:49:50 +03:00			`int memcpy_real(void dest, void src, size_t count)`
			`{`
			`register unsigned long _dest asm("2") = (unsigned long) dest;`
			`register unsigned long _len1 asm("3") = (unsigned long) count;`
			`register unsigned long _src asm("4") = (unsigned long) src;`
			`register unsigned long _len2 asm("5") = (unsigned long) count;`
			`unsigned long flags;`
			`int rc = -EFAULT;`

			`if (!count)`
			`return 0;`
Fix IRQ flag handling naming Fix the IRQ flag handling naming. In linux/irqflags.h under one configuration, it maps: local_irq_enable() -> raw_local_irq_enable() local_irq_disable() -> raw_local_irq_disable() local_irq_save() -> raw_local_irq_save() ... and under the other configuration, it maps: raw_local_irq_enable() -> local_irq_enable() raw_local_irq_disable() -> local_irq_disable() raw_local_irq_save() -> local_irq_save() ... This is quite confusing. There should be one set of names expected of the arch, and this should be wrapped to give another set of names that are expected by users of this facility. Change this to have the arch provide: flags = arch_local_save_flags() flags = arch_local_irq_save() arch_local_irq_restore(flags) arch_local_irq_disable() arch_local_irq_enable() arch_irqs_disabled_flags(flags) arch_irqs_disabled() arch_safe_halt() Then linux/irqflags.h wraps these to provide: raw_local_save_flags(flags) raw_local_irq_save(flags) raw_local_irq_restore(flags) raw_local_irq_disable() raw_local_irq_enable() raw_irqs_disabled_flags(flags) raw_irqs_disabled() raw_safe_halt() with type checking on the flags 'arguments', and then wraps those to provide: local_save_flags(flags) local_irq_save(flags) local_irq_restore(flags) local_irq_disable() local_irq_enable() irqs_disabled_flags(flags) irqs_disabled() safe_halt() with tracing included if enabled. The arch functions can now all be inline functions rather than some of them having to be macros. Signed-off-by: David Howells <dhowells@redhat.com> [X86, FRV, MN10300] Signed-off-by: Chris Metcalf <cmetcalf@tilera.com> [Tile] Signed-off-by: Michal Simek <monstr@monstr.eu> [Microblaze] Tested-by: Catalin Marinas <catalin.marinas@arm.com> [ARM] Acked-by: Thomas Gleixner <tglx@linutronix.de> Acked-by: Haavard Skinnemoen <haavard.skinnemoen@atmel.com> [AVR] Acked-by: Tony Luck <tony.luck@intel.com> [IA-64] Acked-by: Hirokazu Takata <takata@linux-m32r.org> [M32R] Acked-by: Greg Ungerer <gerg@uclinux.org> [M68K/M68KNOMMU] Acked-by: Ralf Baechle <ralf@linux-mips.org> [MIPS] Acked-by: Kyle McMartin <kyle@mcmartin.ca> [PA-RISC] Acked-by: Paul Mackerras <paulus@samba.org> [PowerPC] Acked-by: Martin Schwidefsky <schwidefsky@de.ibm.com> [S390] Acked-by: Chen Liqin <liqin.chen@sunplusct.com> [Score] Acked-by: Matt Fleming <matt@console-pimps.org> [SH] Acked-by: David S. Miller <davem@davemloft.net> [Sparc] Acked-by: Chris Zankel <chris@zankel.net> [Xtensa] Reviewed-by: Richard Henderson <rth@twiddle.net> [Alpha] Reviewed-by: Yoshinori Sato <ysato@users.sourceforge.jp> [H8300] Cc: starvik@axis.com [CRIS] Cc: jesper.nilsson@axis.com [CRIS] Cc: linux-cris-kernel@axis.com 2010-10-07 17:08:55 +04:00			`flags = __arch_local_irq_stnsm(0xf8UL);`
[S390] zcore: CPU registers are not saved under LPAR To save the registers for all CPUs a sigp "store status" is done that stores the registers to address absolute zero. To access storage at absolute zero, normally the address of the prefix register of the accessing CPU has to be used. This does not work when large pages are active (currently only under LPAR). In order to fix that problem, instead of memcpy memcpy_real is used, which switches to real mode where prefixing works. Signed-off-by: Michael Holzheu <holzheu@linux.vnet.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com> 2010-03-24 13:49:50 +03:00			`asm volatile (`
			`"0: mvcle %1,%2,0x0\n"`
			`"1: jo 0b\n"`
			`" lhi %0,0x0\n"`
			`"2:\n"`
			`EX_TABLE(1b,2b)`
			`: "+d" (rc), "+d" (_dest), "+d" (_src), "+d" (_len1),`
			`"+d" (_len2), "=m" (((long ) dest))`
			`: "m" (((long ) src))`
			`: "cc", "memory");`
Fix IRQ flag handling naming Fix the IRQ flag handling naming. In linux/irqflags.h under one configuration, it maps: local_irq_enable() -> raw_local_irq_enable() local_irq_disable() -> raw_local_irq_disable() local_irq_save() -> raw_local_irq_save() ... and under the other configuration, it maps: raw_local_irq_enable() -> local_irq_enable() raw_local_irq_disable() -> local_irq_disable() raw_local_irq_save() -> local_irq_save() ... This is quite confusing. There should be one set of names expected of the arch, and this should be wrapped to give another set of names that are expected by users of this facility. Change this to have the arch provide: flags = arch_local_save_flags() flags = arch_local_irq_save() arch_local_irq_restore(flags) arch_local_irq_disable() arch_local_irq_enable() arch_irqs_disabled_flags(flags) arch_irqs_disabled() arch_safe_halt() Then linux/irqflags.h wraps these to provide: raw_local_save_flags(flags) raw_local_irq_save(flags) raw_local_irq_restore(flags) raw_local_irq_disable() raw_local_irq_enable() raw_irqs_disabled_flags(flags) raw_irqs_disabled() raw_safe_halt() with type checking on the flags 'arguments', and then wraps those to provide: local_save_flags(flags) local_irq_save(flags) local_irq_restore(flags) local_irq_disable() local_irq_enable() irqs_disabled_flags(flags) irqs_disabled() safe_halt() with tracing included if enabled. The arch functions can now all be inline functions rather than some of them having to be macros. Signed-off-by: David Howells <dhowells@redhat.com> [X86, FRV, MN10300] Signed-off-by: Chris Metcalf <cmetcalf@tilera.com> [Tile] Signed-off-by: Michal Simek <monstr@monstr.eu> [Microblaze] Tested-by: Catalin Marinas <catalin.marinas@arm.com> [ARM] Acked-by: Thomas Gleixner <tglx@linutronix.de> Acked-by: Haavard Skinnemoen <haavard.skinnemoen@atmel.com> [AVR] Acked-by: Tony Luck <tony.luck@intel.com> [IA-64] Acked-by: Hirokazu Takata <takata@linux-m32r.org> [M32R] Acked-by: Greg Ungerer <gerg@uclinux.org> [M68K/M68KNOMMU] Acked-by: Ralf Baechle <ralf@linux-mips.org> [MIPS] Acked-by: Kyle McMartin <kyle@mcmartin.ca> [PA-RISC] Acked-by: Paul Mackerras <paulus@samba.org> [PowerPC] Acked-by: Martin Schwidefsky <schwidefsky@de.ibm.com> [S390] Acked-by: Chen Liqin <liqin.chen@sunplusct.com> [Score] Acked-by: Matt Fleming <matt@console-pimps.org> [SH] Acked-by: David S. Miller <davem@davemloft.net> [Sparc] Acked-by: Chris Zankel <chris@zankel.net> [Xtensa] Reviewed-by: Richard Henderson <rth@twiddle.net> [Alpha] Reviewed-by: Yoshinori Sato <ysato@users.sourceforge.jp> [H8300] Cc: starvik@axis.com [CRIS] Cc: jesper.nilsson@axis.com [CRIS] Cc: linux-cris-kernel@axis.com 2010-10-07 17:08:55 +04:00			`arch_local_irq_restore(flags);`
[S390] zcore: CPU registers are not saved under LPAR To save the registers for all CPUs a sigp "store status" is done that stores the registers to address absolute zero. To access storage at absolute zero, normally the address of the prefix register of the accessing CPU has to be used. This does not work when large pages are active (currently only under LPAR). In order to fix that problem, instead of memcpy memcpy_real is used, which switches to real mode where prefixing works. Signed-off-by: Michael Holzheu <holzheu@linux.vnet.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com> 2010-03-24 13:49:50 +03:00			`return rc;`
			`}`
[S390] Add PSW restart shutdown trigger With this patch a new S390 shutdown trigger "restart" is added. If under z/VM "systerm restart" is entered or under the HMC the "PSW restart" button is pressed, the PSW located at 0 (31 bit) or 0x1a0 (64 bit) bit is loaded. Now we execute do_restart() that processes the restart action that is defined under /sys/firmware/shutdown_actions/on_restart. Currently the following actions are possible: reipl (default), stop, vmcmd, dump, and dump_reipl. Signed-off-by: Michael Holzheu <holzheu@linux.vnet.ibm.com> Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> 2011-08-03 18:44:19 +04:00
			`/*`
			`* Copy memory to absolute zero`
			`*/`
			`void copy_to_absolute_zero(void dest, void src, size_t count)`
			`{`
			`unsigned long cr0;`

			`BUG_ON((unsigned long) dest + count >= sizeof(struct _lowcore));`
			`preempt_disable();`
			`__ctl_store(cr0, 0, 0);`
			`__ctl_clear_bit(0, 28); /* disable lowcore protection */`
			`memcpy_real(dest + store_prefix(), src, count);`
			`__ctl_load(cr0, 0, 0);`
			`preempt_enable();`
			`}`
[S390] Add real memory access functions Add access function for real memory needed by s390 kdump backend. Signed-off-by: Michael Holzheu <holzheu@linux.vnet.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com> 2011-10-30 18:16:39 +04:00
			`/*`
			`* Copy memory from kernel (real) to user (virtual)`
			`*/`
			`int copy_to_user_real(void __user dest, void src, size_t count)`
			`{`
			`int offs = 0, size, rc;`
			`char *buf;`

			`buf = (char *) __get_free_page(GFP_KERNEL);`
			`if (!buf)`
			`return -ENOMEM;`
			`rc = -EFAULT;`
			`while (offs < count) {`
			`size = min(PAGE_SIZE, count - offs);`
			`if (memcpy_real(buf, src + offs, size))`
			`goto out;`
			`if (copy_to_user(dest + offs, buf, size))`
			`goto out;`
			`offs += size;`
			`}`
			`rc = 0;`
			`out:`
			`free_page((unsigned long) buf);`
			`return rc;`
			`}`

			`/*`
			`* Copy memory from user (virtual) to kernel (real)`
			`*/`
			`int copy_from_user_real(void dest, void __user src, size_t count)`
			`{`
			`int offs = 0, size, rc;`
			`char *buf;`

			`buf = (char *) __get_free_page(GFP_KERNEL);`
			`if (!buf)`
			`return -ENOMEM;`
			`rc = -EFAULT;`
			`while (offs < count) {`
			`size = min(PAGE_SIZE, count - offs);`
			`if (copy_from_user(buf, src + offs, size))`
			`goto out;`
			`if (memcpy_real(dest + offs, buf, size))`
			`goto out;`
			`offs += size;`
			`}`
			`rc = 0;`
			`out:`
			`free_page((unsigned long) buf);`
			`return rc;`
			`}`