License cleanup: add SPDX GPL-2.0 license identifier to files with no license
Many source files in the tree are missing licensing information, which
makes it harder for compliance tools to determine the correct license.
By default all files without license information are under the default
license of the kernel, which is GPL version 2.
Update the files which contain no license information with the 'GPL-2.0'
SPDX license identifier. The SPDX identifier is a legally binding
shorthand, which can be used instead of the full boiler plate text.
This patch is based on work done by Thomas Gleixner and Kate Stewart and
Philippe Ombredanne.
How this work was done:
Patches were generated and checked against linux-4.14-rc6 for a subset of
the use cases:
- file had no licensing information it it.
- file was a */uapi/* one with no licensing information in it,
- file was a */uapi/* one with existing licensing information,
Further patches will be generated in subsequent months to fix up cases
where non-standard license headers were used, and references to license
had to be inferred by heuristics based on keywords.
The analysis to determine which SPDX License Identifier to be applied to
a file was done in a spreadsheet of side by side results from of the
output of two independent scanners (ScanCode & Windriver) producing SPDX
tag:value files created by Philippe Ombredanne. Philippe prepared the
base worksheet, and did an initial spot review of a few 1000 files.
The 4.13 kernel was the starting point of the analysis with 60,537 files
assessed. Kate Stewart did a file by file comparison of the scanner
results in the spreadsheet to determine which SPDX license identifier(s)
to be applied to the file. She confirmed any determination that was not
immediately clear with lawyers working with the Linux Foundation.
Criteria used to select files for SPDX license identifier tagging was:
- Files considered eligible had to be source code files.
- Make and config files were included as candidates if they contained >5
lines of source
- File already had some variant of a license header in it (even if <5
lines).
All documentation files were explicitly excluded.
The following heuristics were used to determine which SPDX license
identifiers to apply.
- when both scanners couldn't find any license traces, file was
considered to have no license information in it, and the top level
COPYING file license applied.
For non */uapi/* files that summary was:
SPDX license identifier # files
---------------------------------------------------|-------
GPL-2.0 11139
and resulted in the first patch in this series.
If that file was a */uapi/* path one, it was "GPL-2.0 WITH
Linux-syscall-note" otherwise it was "GPL-2.0". Results of that was:
SPDX license identifier # files
---------------------------------------------------|-------
GPL-2.0 WITH Linux-syscall-note 930
and resulted in the second patch in this series.
- if a file had some form of licensing information in it, and was one
of the */uapi/* ones, it was denoted with the Linux-syscall-note if
any GPL family license was found in the file or had no licensing in
it (per prior point). Results summary:
SPDX license identifier # files
---------------------------------------------------|------
GPL-2.0 WITH Linux-syscall-note 270
GPL-2.0+ WITH Linux-syscall-note 169
((GPL-2.0 WITH Linux-syscall-note) OR BSD-2-Clause) 21
((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Clause) 17
LGPL-2.1+ WITH Linux-syscall-note 15
GPL-1.0+ WITH Linux-syscall-note 14
((GPL-2.0+ WITH Linux-syscall-note) OR BSD-3-Clause) 5
LGPL-2.0+ WITH Linux-syscall-note 4
LGPL-2.1 WITH Linux-syscall-note 3
((GPL-2.0 WITH Linux-syscall-note) OR MIT) 3
((GPL-2.0 WITH Linux-syscall-note) AND MIT) 1
and that resulted in the third patch in this series.
- when the two scanners agreed on the detected license(s), that became
the concluded license(s).
- when there was disagreement between the two scanners (one detected a
license but the other didn't, or they both detected different
licenses) a manual inspection of the file occurred.
- In most cases a manual inspection of the information in the file
resulted in a clear resolution of the license that should apply (and
which scanner probably needed to revisit its heuristics).
- When it was not immediately clear, the license identifier was
confirmed with lawyers working with the Linux Foundation.
- If there was any question as to the appropriate license identifier,
the file was flagged for further research and to be revisited later
in time.
In total, over 70 hours of logged manual review was done on the
spreadsheet to determine the SPDX license identifiers to apply to the
source files by Kate, Philippe, Thomas and, in some cases, confirmation
by lawyers working with the Linux Foundation.
Kate also obtained a third independent scan of the 4.13 code base from
FOSSology, and compared selected files where the other two scanners
disagreed against that SPDX file, to see if there was new insights. The
Windriver scanner is based on an older version of FOSSology in part, so
they are related.
Thomas did random spot checks in about 500 files from the spreadsheets
for the uapi headers and agreed with SPDX license identifier in the
files he inspected. For the non-uapi files Thomas did random spot checks
in about 15000 files.
In initial set of patches against 4.14-rc6, 3 files were found to have
copy/paste license identifier errors, and have been fixed to reflect the
correct identifier.
Additionally Philippe spent 10 hours this week doing a detailed manual
inspection and review of the 12,461 patched files from the initial patch
version early this week with:
- a full scancode scan run, collecting the matched texts, detected
license ids and scores
- reviewing anything where there was a license detected (about 500+
files) to ensure that the applied SPDX license was correct
- reviewing anything where there was no detection but the patch license
was not GPL-2.0 WITH Linux-syscall-note to ensure that the applied
SPDX license was correct
This produced a worksheet with 20 files needing minor correction. This
worksheet was then exported into 3 different .csv files for the
different types of files to be modified.
These .csv files were then reviewed by Greg. Thomas wrote a script to
parse the csv files and add the proper SPDX tag to the file, in the
format that the file expected. This script was further refined by Greg
based on the output to detect more types of files automatically and to
distinguish between header and source .c files (which need different
comment types.) Finally Greg ran the script using the .csv files to
generate the patches.
Reviewed-by: Kate Stewart <kstewart@linuxfoundation.org>
Reviewed-by: Philippe Ombredanne <pombredanne@nexb.com>
Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-11-01 22:07:57 +08:00
|
|
|
// SPDX-License-Identifier: GPL-2.0
|
2005-04-17 06:20:36 +08:00
|
|
|
/*
|
|
|
|
* Copyright (C) 1995 Linus Torvalds
|
2009-02-21 02:56:40 +08:00
|
|
|
* Copyright (C) 2001, 2002 Andi Kleen, SuSE Labs.
|
2009-02-21 06:13:36 +08:00
|
|
|
* Copyright (C) 2008-2009, Red Hat Inc., Ingo Molnar
|
2005-04-17 06:20:36 +08:00
|
|
|
*/
|
2009-03-30 05:47:48 +08:00
|
|
|
#include <linux/sched.h> /* test_thread_flag(), ... */
|
2017-02-09 01:51:37 +08:00
|
|
|
#include <linux/sched/task_stack.h> /* task_stack_*(), ... */
|
2009-03-30 05:47:48 +08:00
|
|
|
#include <linux/kdebug.h> /* oops_begin/end, ... */
|
2016-10-12 14:38:39 +08:00
|
|
|
#include <linux/extable.h> /* search_exception_tables */
|
2018-10-31 06:09:49 +08:00
|
|
|
#include <linux/memblock.h> /* max_low_pfn */
|
2014-04-17 16:18:14 +08:00
|
|
|
#include <linux/kprobes.h> /* NOKPROBE_SYMBOL, ... */
|
2009-03-30 05:47:48 +08:00
|
|
|
#include <linux/mmiotrace.h> /* kmmio_handler, ... */
|
perf: Do the big rename: Performance Counters -> Performance Events
Bye-bye Performance Counters, welcome Performance Events!
In the past few months the perfcounters subsystem has grown out its
initial role of counting hardware events, and has become (and is
becoming) a much broader generic event enumeration, reporting, logging,
monitoring, analysis facility.
Naming its core object 'perf_counter' and naming the subsystem
'perfcounters' has become more and more of a misnomer. With pending
code like hw-breakpoints support the 'counter' name is less and
less appropriate.
All in one, we've decided to rename the subsystem to 'performance
events' and to propagate this rename through all fields, variables
and API names. (in an ABI compatible fashion)
The word 'event' is also a bit shorter than 'counter' - which makes
it slightly more convenient to write/handle as well.
Thanks goes to Stephane Eranian who first observed this misnomer and
suggested a rename.
User-space tooling and ABI compatibility is not affected - this patch
should be function-invariant. (Also, defconfigs were not touched to
keep the size down.)
This patch has been generated via the following script:
FILES=$(find * -type f | grep -vE 'oprofile|[^K]config')
sed -i \
-e 's/PERF_EVENT_/PERF_RECORD_/g' \
-e 's/PERF_COUNTER/PERF_EVENT/g' \
-e 's/perf_counter/perf_event/g' \
-e 's/nb_counters/nb_events/g' \
-e 's/swcounter/swevent/g' \
-e 's/tpcounter_event/tp_event/g' \
$FILES
for N in $(find . -name perf_counter.[ch]); do
M=$(echo $N | sed 's/perf_counter/perf_event/g')
mv $N $M
done
FILES=$(find . -name perf_event.*)
sed -i \
-e 's/COUNTER_MASK/REG_MASK/g' \
-e 's/COUNTER/EVENT/g' \
-e 's/\<event\>/event_id/g' \
-e 's/counter/event/g' \
-e 's/Counter/Event/g' \
$FILES
... to keep it as correct as possible. This script can also be
used by anyone who has pending perfcounters patches - it converts
a Linux kernel tree over to the new naming. We tried to time this
change to the point in time where the amount of pending patches
is the smallest: the end of the merge window.
Namespace clashes were fixed up in a preparatory patch - and some
stylistic fallout will be fixed up in a subsequent patch.
( NOTE: 'counters' are still the proper terminology when we deal
with hardware registers - and these sed scripts are a bit
over-eager in renaming them. I've undone some of that, but
in case there's something left where 'counter' would be
better than 'event' we can undo that on an individual basis
instead of touching an otherwise nicely automated patch. )
Suggested-by: Stephane Eranian <eranian@google.com>
Acked-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
Acked-by: Paul Mackerras <paulus@samba.org>
Reviewed-by: Arjan van de Ven <arjan@linux.intel.com>
Cc: Mike Galbraith <efault@gmx.de>
Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Frederic Weisbecker <fweisbec@gmail.com>
Cc: Steven Rostedt <rostedt@goodmis.org>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: David Howells <dhowells@redhat.com>
Cc: Kyle McMartin <kyle@mcmartin.ca>
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: <linux-arch@vger.kernel.org>
LKML-Reference: <new-submission>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2009-09-21 18:02:48 +08:00
|
|
|
#include <linux/perf_event.h> /* perf_sw_event */
|
2010-09-28 04:05:55 +08:00
|
|
|
#include <linux/hugetlb.h> /* hstate_index_to_shift */
|
2011-05-21 03:50:29 +08:00
|
|
|
#include <linux/prefetch.h> /* prefetchw */
|
2013-02-24 07:23:25 +08:00
|
|
|
#include <linux/context_tracking.h> /* exception_enter(), ... */
|
2015-05-11 23:52:11 +08:00
|
|
|
#include <linux/uaccess.h> /* faulthandler_disabled() */
|
2018-09-12 03:15:22 +08:00
|
|
|
#include <linux/efi.h> /* efi_recover_from_page_fault()*/
|
2018-08-18 06:44:47 +08:00
|
|
|
#include <linux/mm_types.h>
|
2009-02-21 02:56:40 +08:00
|
|
|
|
2016-02-13 05:02:14 +08:00
|
|
|
#include <asm/cpufeature.h> /* boot_cpu_has, ... */
|
2009-03-30 05:47:48 +08:00
|
|
|
#include <asm/traps.h> /* dotraplinkage, ... */
|
2014-05-06 03:19:36 +08:00
|
|
|
#include <asm/fixmap.h> /* VSYSCALL_ADDR */
|
|
|
|
#include <asm/vsyscall.h> /* emulate_vsyscall */
|
2015-07-29 13:41:21 +08:00
|
|
|
#include <asm/vm86.h> /* struct vm86 */
|
2016-02-13 05:02:14 +08:00
|
|
|
#include <asm/mmu_context.h> /* vma_pkey() */
|
2018-09-12 03:15:22 +08:00
|
|
|
#include <asm/efi.h> /* efi_recover_from_page_fault()*/
|
2018-11-22 07:11:25 +08:00
|
|
|
#include <asm/desc.h> /* store_idt(), ... */
|
2019-04-14 23:59:50 +08:00
|
|
|
#include <asm/cpu_entry_area.h> /* exception stack */
|
2019-11-29 15:17:25 +08:00
|
|
|
#include <asm/pgtable_areas.h> /* VMALLOC_START, ... */
|
2020-02-29 02:42:48 +08:00
|
|
|
#include <asm/kvm_para.h> /* kvm_handle_async_pf */
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2013-10-31 04:39:03 +08:00
|
|
|
#define CREATE_TRACE_POINTS
|
|
|
|
#include <asm/trace/exceptions.h>
|
|
|
|
|
2009-02-21 05:32:10 +08:00
|
|
|
/*
|
2009-02-22 17:24:18 +08:00
|
|
|
* Returns 0 if mmiotrace is disabled, or if the fault is not
|
|
|
|
* handled by mmiotrace:
|
2009-02-21 05:32:10 +08:00
|
|
|
*/
|
2014-04-17 16:18:14 +08:00
|
|
|
static nokprobe_inline int
|
2009-08-28 01:23:11 +08:00
|
|
|
kmmio_fault(struct pt_regs *regs, unsigned long addr)
|
2008-05-13 03:20:56 +08:00
|
|
|
{
|
x86: mmiotrace full patch, preview 1
kmmio.c handles the list of mmio probes with callbacks, list of traced
pages, and attaching into the page fault handler and die notifier. It
arms, traps and disarms the given pages, this is the core of mmiotrace.
mmio-mod.c is a user interface, hooking into ioremap functions and
registering the mmio probes. It also decodes the required information
from trapped mmio accesses via the pre and post callbacks in each probe.
Currently, hooking into ioremap functions works by redefining the symbols
of the target (binary) kernel module, so that it calls the traced
versions of the functions.
The most notable changes done since the last discussion are:
- kmmio.c is a built-in, not part of the module
- direct call from fault.c to kmmio.c, removing all dynamic hooks
- prepare for unregistering probes at any time
- make kmmio re-initializable and accessible to more than one user
- rewrite kmmio locking to remove all spinlocks from page fault path
Can I abuse call_rcu() like I do in kmmio.c:unregister_kmmio_probe()
or is there a better way?
The function called via call_rcu() itself calls call_rcu() again,
will this work or break? There I need a second grace period for RCU
after the first grace period for page faults.
Mmiotrace itself (mmio-mod.c) is still a module, I am going to attack
that next. At some point I will start looking into how to make mmiotrace
a tracer component of ftrace (thanks for the hint, Ingo). Ftrace should
make the user space part of mmiotracing as simple as
'cat /debug/trace/mmio > dump.txt'.
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
2008-05-13 03:20:57 +08:00
|
|
|
if (unlikely(is_kmmio_active()))
|
|
|
|
if (kmmio_handler(regs, addr) == 1)
|
|
|
|
return -1;
|
|
|
|
return 0;
|
2008-05-13 03:20:56 +08:00
|
|
|
}
|
|
|
|
|
2008-01-30 20:32:35 +08:00
|
|
|
/*
|
2009-02-21 02:56:40 +08:00
|
|
|
* Prefetch quirks:
|
|
|
|
*
|
|
|
|
* 32-bit mode:
|
|
|
|
*
|
|
|
|
* Sometimes AMD Athlon/Opteron CPUs report invalid exceptions on prefetch.
|
|
|
|
* Check that here and ignore it.
|
2008-01-30 20:32:35 +08:00
|
|
|
*
|
2009-02-21 02:56:40 +08:00
|
|
|
* 64-bit mode:
|
2008-01-30 20:32:35 +08:00
|
|
|
*
|
2009-02-21 02:56:40 +08:00
|
|
|
* Sometimes the CPU reports invalid exceptions on prefetch.
|
|
|
|
* Check that here and ignore it.
|
|
|
|
*
|
|
|
|
* Opcode checker based on code by Richard Brunner.
|
2008-01-30 20:32:35 +08:00
|
|
|
*/
|
2009-02-21 03:37:05 +08:00
|
|
|
static inline int
|
|
|
|
check_prefetch_opcode(struct pt_regs *regs, unsigned char *instr,
|
|
|
|
unsigned char opcode, int *prefetch)
|
|
|
|
{
|
|
|
|
unsigned char instr_hi = opcode & 0xf0;
|
|
|
|
unsigned char instr_lo = opcode & 0x0f;
|
|
|
|
|
|
|
|
switch (instr_hi) {
|
|
|
|
case 0x20:
|
|
|
|
case 0x30:
|
|
|
|
/*
|
|
|
|
* Values 0x26,0x2E,0x36,0x3E are valid x86 prefixes.
|
|
|
|
* In X86_64 long mode, the CPU will signal invalid
|
|
|
|
* opcode if some of these prefixes are present so
|
|
|
|
* X86_64 will never get here anyway
|
|
|
|
*/
|
|
|
|
return ((instr_lo & 7) == 0x6);
|
|
|
|
#ifdef CONFIG_X86_64
|
|
|
|
case 0x40:
|
|
|
|
/*
|
|
|
|
* In AMD64 long mode 0x40..0x4F are valid REX prefixes
|
|
|
|
* Need to figure out under what instruction mode the
|
|
|
|
* instruction was issued. Could check the LDT for lm,
|
|
|
|
* but for now it's good enough to assume that long
|
|
|
|
* mode only uses well known segments or kernel.
|
|
|
|
*/
|
2011-08-03 21:31:53 +08:00
|
|
|
return (!user_mode(regs) || user_64bit_mode(regs));
|
2009-02-21 03:37:05 +08:00
|
|
|
#endif
|
|
|
|
case 0x60:
|
|
|
|
/* 0x64 thru 0x67 are valid prefixes in all modes. */
|
|
|
|
return (instr_lo & 0xC) == 0x4;
|
|
|
|
case 0xF0:
|
|
|
|
/* 0xF0, 0xF2, 0xF3 are valid prefixes in all modes. */
|
|
|
|
return !instr_lo || (instr_lo>>1) == 1;
|
|
|
|
case 0x00:
|
|
|
|
/* Prefetch instruction is 0x0F0D or 0x0F18 */
|
2020-06-17 15:37:55 +08:00
|
|
|
if (get_kernel_nofault(opcode, instr))
|
2009-02-21 03:37:05 +08:00
|
|
|
return 0;
|
|
|
|
|
|
|
|
*prefetch = (instr_lo == 0xF) &&
|
|
|
|
(opcode == 0x0D || opcode == 0x18);
|
|
|
|
return 0;
|
|
|
|
default:
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2009-02-21 02:56:40 +08:00
|
|
|
static int
|
|
|
|
is_prefetch(struct pt_regs *regs, unsigned long error_code, unsigned long addr)
|
2008-01-30 20:32:19 +08:00
|
|
|
{
|
2009-02-21 02:56:40 +08:00
|
|
|
unsigned char *max_instr;
|
2006-12-07 09:14:06 +08:00
|
|
|
unsigned char *instr;
|
2008-01-30 20:32:19 +08:00
|
|
|
int prefetch = 0;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2008-03-28 04:29:09 +08:00
|
|
|
/*
|
|
|
|
* If it was a exec (instruction fetch) fault on NX page, then
|
|
|
|
* do not ignore the fault:
|
|
|
|
*/
|
2017-10-28 04:25:28 +08:00
|
|
|
if (error_code & X86_PF_INSTR)
|
2005-04-17 06:20:36 +08:00
|
|
|
return 0;
|
2008-01-30 20:32:35 +08:00
|
|
|
|
2009-02-21 03:37:05 +08:00
|
|
|
instr = (void *)convert_ip_to_linear(current, regs);
|
2005-04-17 06:24:59 +08:00
|
|
|
max_instr = instr + 15;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2015-03-19 09:33:27 +08:00
|
|
|
if (user_mode(regs) && instr >= (unsigned char *)TASK_SIZE_MAX)
|
2005-04-17 06:20:36 +08:00
|
|
|
return 0;
|
|
|
|
|
2009-02-21 03:37:05 +08:00
|
|
|
while (instr < max_instr) {
|
2009-02-21 02:56:40 +08:00
|
|
|
unsigned char opcode;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2020-06-17 15:37:55 +08:00
|
|
|
if (get_kernel_nofault(opcode, instr))
|
2008-01-30 20:32:19 +08:00
|
|
|
break;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
instr++;
|
|
|
|
|
2009-02-21 03:37:05 +08:00
|
|
|
if (!check_prefetch_opcode(regs, instr, opcode, &prefetch))
|
2005-04-17 06:20:36 +08:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
return prefetch;
|
|
|
|
}
|
|
|
|
|
2009-02-21 05:50:24 +08:00
|
|
|
DEFINE_SPINLOCK(pgd_lock);
|
|
|
|
LIST_HEAD(pgd_list);
|
|
|
|
|
|
|
|
#ifdef CONFIG_X86_32
|
|
|
|
static inline pmd_t *vmalloc_sync_one(pgd_t *pgd, unsigned long address)
|
2008-01-30 20:32:19 +08:00
|
|
|
{
|
2009-02-21 05:50:24 +08:00
|
|
|
unsigned index = pgd_index(address);
|
|
|
|
pgd_t *pgd_k;
|
2017-03-13 22:33:05 +08:00
|
|
|
p4d_t *p4d, *p4d_k;
|
2009-02-21 05:50:24 +08:00
|
|
|
pud_t *pud, *pud_k;
|
|
|
|
pmd_t *pmd, *pmd_k;
|
2009-02-21 02:56:40 +08:00
|
|
|
|
2009-02-21 05:50:24 +08:00
|
|
|
pgd += index;
|
|
|
|
pgd_k = init_mm.pgd + index;
|
|
|
|
|
|
|
|
if (!pgd_present(*pgd_k))
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* set_pgd(pgd, *pgd_k); here would be useless on PAE
|
|
|
|
* and redundant with the set_pmd() on non-PAE. As would
|
2017-03-13 22:33:05 +08:00
|
|
|
* set_p4d/set_pud.
|
2009-02-21 05:50:24 +08:00
|
|
|
*/
|
2017-03-13 22:33:05 +08:00
|
|
|
p4d = p4d_offset(pgd, address);
|
|
|
|
p4d_k = p4d_offset(pgd_k, address);
|
|
|
|
if (!p4d_present(*p4d_k))
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
pud = pud_offset(p4d, address);
|
|
|
|
pud_k = pud_offset(p4d_k, address);
|
2009-02-21 05:50:24 +08:00
|
|
|
if (!pud_present(*pud_k))
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
pmd = pmd_offset(pud, address);
|
|
|
|
pmd_k = pmd_offset(pud_k, address);
|
|
|
|
|
2019-07-20 02:46:51 +08:00
|
|
|
if (pmd_present(*pmd) != pmd_present(*pmd_k))
|
2009-02-21 05:50:24 +08:00
|
|
|
set_pmd(pmd, *pmd_k);
|
2019-07-20 02:46:51 +08:00
|
|
|
|
|
|
|
if (!pmd_present(*pmd_k))
|
|
|
|
return NULL;
|
2009-02-18 15:05:19 +08:00
|
|
|
else
|
2019-07-20 02:46:50 +08:00
|
|
|
BUG_ON(pmd_pfn(*pmd) != pmd_pfn(*pmd_k));
|
2009-02-21 05:50:24 +08:00
|
|
|
|
|
|
|
return pmd_k;
|
|
|
|
}
|
|
|
|
|
2020-09-02 23:59:04 +08:00
|
|
|
/*
|
|
|
|
* Handle a fault on the vmalloc or module mapping area
|
|
|
|
*
|
|
|
|
* This is needed because there is a race condition between the time
|
|
|
|
* when the vmalloc mapping code updates the PMD to the point in time
|
|
|
|
* where it synchronizes this update with the other page-tables in the
|
|
|
|
* system.
|
|
|
|
*
|
|
|
|
* In this race window another thread/CPU can map an area on the same
|
|
|
|
* PMD, finds it already present and does not synchronize it with the
|
|
|
|
* rest of the system yet. As a result v[mz]alloc might return areas
|
|
|
|
* which are not mapped in every page-table in the system, causing an
|
|
|
|
* unhandled page-fault when they are accessed.
|
|
|
|
*/
|
|
|
|
static noinline int vmalloc_fault(unsigned long address)
|
|
|
|
{
|
|
|
|
unsigned long pgd_paddr;
|
|
|
|
pmd_t *pmd_k;
|
|
|
|
pte_t *pte_k;
|
|
|
|
|
|
|
|
/* Make sure we are in vmalloc area: */
|
|
|
|
if (!(address >= VMALLOC_START && address < VMALLOC_END))
|
|
|
|
return -1;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Synchronize this task's top level page-table
|
|
|
|
* with the 'reference' page table.
|
|
|
|
*
|
|
|
|
* Do _not_ use "current" here. We might be inside
|
|
|
|
* an interrupt in the middle of a task switch..
|
|
|
|
*/
|
|
|
|
pgd_paddr = read_cr3_pa();
|
|
|
|
pmd_k = vmalloc_sync_one(__va(pgd_paddr), address);
|
|
|
|
if (!pmd_k)
|
|
|
|
return -1;
|
|
|
|
|
|
|
|
if (pmd_large(*pmd_k))
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
pte_k = pte_offset_kernel(pmd_k, address);
|
|
|
|
if (!pte_present(*pte_k))
|
|
|
|
return -1;
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
NOKPROBE_SYMBOL(vmalloc_fault);
|
|
|
|
|
2020-06-02 12:52:33 +08:00
|
|
|
void arch_sync_kernel_mappings(unsigned long start, unsigned long end)
|
2009-02-21 05:50:24 +08:00
|
|
|
{
|
2020-06-02 12:52:33 +08:00
|
|
|
unsigned long addr;
|
2009-02-21 05:50:24 +08:00
|
|
|
|
2020-06-02 12:52:33 +08:00
|
|
|
for (addr = start & PMD_MASK;
|
|
|
|
addr >= TASK_SIZE_MAX && addr < VMALLOC_END;
|
|
|
|
addr += PMD_SIZE) {
|
2009-02-21 05:50:24 +08:00
|
|
|
struct page *page;
|
|
|
|
|
2011-02-17 07:45:22 +08:00
|
|
|
spin_lock(&pgd_lock);
|
2009-02-21 05:50:24 +08:00
|
|
|
list_for_each_entry(page, &pgd_list, lru) {
|
2010-09-22 03:01:51 +08:00
|
|
|
spinlock_t *pgt_lock;
|
|
|
|
|
2011-02-17 07:45:22 +08:00
|
|
|
/* the pgt_lock only for Xen */
|
2010-09-22 03:01:51 +08:00
|
|
|
pgt_lock = &pgd_page_get_mm(page)->page_table_lock;
|
|
|
|
|
|
|
|
spin_lock(pgt_lock);
|
2020-06-02 12:52:33 +08:00
|
|
|
vmalloc_sync_one(page_address(page), addr);
|
2010-09-22 03:01:51 +08:00
|
|
|
spin_unlock(pgt_lock);
|
2009-02-21 05:50:24 +08:00
|
|
|
}
|
2011-02-17 07:45:22 +08:00
|
|
|
spin_unlock(&pgd_lock);
|
2009-02-21 05:50:24 +08:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Did it hit the DOS screen memory VA from vm86 mode?
|
|
|
|
*/
|
|
|
|
static inline void
|
|
|
|
check_v8086_mode(struct pt_regs *regs, unsigned long address,
|
|
|
|
struct task_struct *tsk)
|
|
|
|
{
|
2015-07-29 13:41:16 +08:00
|
|
|
#ifdef CONFIG_VM86
|
2009-02-21 05:50:24 +08:00
|
|
|
unsigned long bit;
|
|
|
|
|
2015-07-29 13:41:16 +08:00
|
|
|
if (!v8086_mode(regs) || !tsk->thread.vm86)
|
2009-02-21 05:50:24 +08:00
|
|
|
return;
|
|
|
|
|
|
|
|
bit = (address - 0xA0000) >> PAGE_SHIFT;
|
|
|
|
if (bit < 32)
|
2015-07-29 13:41:16 +08:00
|
|
|
tsk->thread.vm86->screen_bitmap |= 1 << bit;
|
|
|
|
#endif
|
2008-01-30 20:32:19 +08:00
|
|
|
}
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2009-06-27 14:35:15 +08:00
|
|
|
static bool low_pfn(unsigned long pfn)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
2009-06-27 14:35:15 +08:00
|
|
|
return pfn < max_low_pfn;
|
|
|
|
}
|
2008-01-30 20:34:10 +08:00
|
|
|
|
2009-06-27 14:35:15 +08:00
|
|
|
static void dump_pagetable(unsigned long address)
|
|
|
|
{
|
2017-06-13 01:26:14 +08:00
|
|
|
pgd_t *base = __va(read_cr3_pa());
|
2009-06-27 14:35:15 +08:00
|
|
|
pgd_t *pgd = &base[pgd_index(address)];
|
2017-03-13 22:33:05 +08:00
|
|
|
p4d_t *p4d;
|
|
|
|
pud_t *pud;
|
2009-06-27 14:35:15 +08:00
|
|
|
pmd_t *pmd;
|
|
|
|
pte_t *pte;
|
2009-02-21 02:56:40 +08:00
|
|
|
|
2008-01-30 20:34:10 +08:00
|
|
|
#ifdef CONFIG_X86_PAE
|
2017-08-31 15:30:19 +08:00
|
|
|
pr_info("*pdpt = %016Lx ", pgd_val(*pgd));
|
2009-06-27 14:35:15 +08:00
|
|
|
if (!low_pfn(pgd_val(*pgd) >> PAGE_SHIFT) || !pgd_present(*pgd))
|
|
|
|
goto out;
|
2017-08-31 15:30:19 +08:00
|
|
|
#define pr_pde pr_cont
|
|
|
|
#else
|
|
|
|
#define pr_pde pr_info
|
2008-01-30 20:34:10 +08:00
|
|
|
#endif
|
2017-03-13 22:33:05 +08:00
|
|
|
p4d = p4d_offset(pgd, address);
|
|
|
|
pud = pud_offset(p4d, address);
|
|
|
|
pmd = pmd_offset(pud, address);
|
2017-08-31 15:30:19 +08:00
|
|
|
pr_pde("*pde = %0*Lx ", sizeof(*pmd) * 2, (u64)pmd_val(*pmd));
|
|
|
|
#undef pr_pde
|
2008-01-30 20:34:10 +08:00
|
|
|
|
|
|
|
/*
|
|
|
|
* We must not directly access the pte in the highpte
|
|
|
|
* case if the page table is located in highmem.
|
|
|
|
* And let's rather not kmap-atomic the pte, just in case
|
2009-02-21 02:56:40 +08:00
|
|
|
* it's allocated already:
|
2008-01-30 20:34:10 +08:00
|
|
|
*/
|
2009-06-27 14:35:15 +08:00
|
|
|
if (!low_pfn(pmd_pfn(*pmd)) || !pmd_present(*pmd) || pmd_large(*pmd))
|
|
|
|
goto out;
|
2008-01-30 20:34:10 +08:00
|
|
|
|
2009-06-27 14:35:15 +08:00
|
|
|
pte = pte_offset_kernel(pmd, address);
|
2017-08-31 15:30:19 +08:00
|
|
|
pr_cont("*pte = %0*Lx ", sizeof(*pte) * 2, (u64)pte_val(*pte));
|
2009-06-27 14:35:15 +08:00
|
|
|
out:
|
2017-08-31 15:30:19 +08:00
|
|
|
pr_cont("\n");
|
2009-02-21 05:50:24 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
#else /* CONFIG_X86_64: */
|
|
|
|
|
2011-09-28 23:56:51 +08:00
|
|
|
#ifdef CONFIG_CPU_SUP_AMD
|
2009-02-21 05:50:24 +08:00
|
|
|
static const char errata93_warning[] =
|
2009-07-07 04:05:40 +08:00
|
|
|
KERN_ERR
|
|
|
|
"******* Your BIOS seems to not contain a fix for K8 errata #93\n"
|
|
|
|
"******* Working around it, but it may cause SEGVs or burn power.\n"
|
|
|
|
"******* Please consider a BIOS update.\n"
|
|
|
|
"******* Disabling USB legacy in the BIOS may also help.\n";
|
2011-09-28 23:56:51 +08:00
|
|
|
#endif
|
2009-02-21 05:50:24 +08:00
|
|
|
|
|
|
|
/*
|
|
|
|
* No vm86 mode in 64-bit mode:
|
|
|
|
*/
|
|
|
|
static inline void
|
|
|
|
check_v8086_mode(struct pt_regs *regs, unsigned long address,
|
|
|
|
struct task_struct *tsk)
|
|
|
|
{
|
|
|
|
}
|
|
|
|
|
|
|
|
static int bad_address(void *p)
|
|
|
|
{
|
|
|
|
unsigned long dummy;
|
|
|
|
|
2020-06-17 15:37:55 +08:00
|
|
|
return get_kernel_nofault(dummy, (unsigned long *)p);
|
2009-02-21 05:50:24 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
static void dump_pagetable(unsigned long address)
|
|
|
|
{
|
2017-06-13 01:26:14 +08:00
|
|
|
pgd_t *base = __va(read_cr3_pa());
|
2009-06-27 14:35:15 +08:00
|
|
|
pgd_t *pgd = base + pgd_index(address);
|
2017-03-13 22:33:05 +08:00
|
|
|
p4d_t *p4d;
|
2005-04-17 06:20:36 +08:00
|
|
|
pud_t *pud;
|
|
|
|
pmd_t *pmd;
|
|
|
|
pte_t *pte;
|
|
|
|
|
2009-02-21 02:56:40 +08:00
|
|
|
if (bad_address(pgd))
|
|
|
|
goto bad;
|
|
|
|
|
2017-08-31 15:30:19 +08:00
|
|
|
pr_info("PGD %lx ", pgd_val(*pgd));
|
2009-02-21 02:56:40 +08:00
|
|
|
|
|
|
|
if (!pgd_present(*pgd))
|
|
|
|
goto out;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2017-03-13 22:33:05 +08:00
|
|
|
p4d = p4d_offset(pgd, address);
|
|
|
|
if (bad_address(p4d))
|
|
|
|
goto bad;
|
|
|
|
|
2017-08-31 15:30:19 +08:00
|
|
|
pr_cont("P4D %lx ", p4d_val(*p4d));
|
2017-03-13 22:33:05 +08:00
|
|
|
if (!p4d_present(*p4d) || p4d_large(*p4d))
|
|
|
|
goto out;
|
|
|
|
|
|
|
|
pud = pud_offset(p4d, address);
|
2009-02-21 02:56:40 +08:00
|
|
|
if (bad_address(pud))
|
|
|
|
goto bad;
|
|
|
|
|
2017-08-31 15:30:19 +08:00
|
|
|
pr_cont("PUD %lx ", pud_val(*pud));
|
2008-02-04 23:48:09 +08:00
|
|
|
if (!pud_present(*pud) || pud_large(*pud))
|
2009-02-21 02:56:40 +08:00
|
|
|
goto out;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
pmd = pmd_offset(pud, address);
|
2009-02-21 02:56:40 +08:00
|
|
|
if (bad_address(pmd))
|
|
|
|
goto bad;
|
|
|
|
|
2017-08-31 15:30:19 +08:00
|
|
|
pr_cont("PMD %lx ", pmd_val(*pmd));
|
2009-02-21 02:56:40 +08:00
|
|
|
if (!pmd_present(*pmd) || pmd_large(*pmd))
|
|
|
|
goto out;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
pte = pte_offset_kernel(pmd, address);
|
2009-02-21 02:56:40 +08:00
|
|
|
if (bad_address(pte))
|
|
|
|
goto bad;
|
|
|
|
|
2017-08-31 15:30:19 +08:00
|
|
|
pr_cont("PTE %lx", pte_val(*pte));
|
2009-02-21 02:56:40 +08:00
|
|
|
out:
|
2017-08-31 15:30:19 +08:00
|
|
|
pr_cont("\n");
|
2005-04-17 06:20:36 +08:00
|
|
|
return;
|
|
|
|
bad:
|
2017-08-31 15:30:19 +08:00
|
|
|
pr_info("BAD\n");
|
2009-02-21 05:12:18 +08:00
|
|
|
}
|
|
|
|
|
2009-02-21 05:50:24 +08:00
|
|
|
#endif /* CONFIG_X86_64 */
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2009-02-21 02:56:40 +08:00
|
|
|
/*
|
|
|
|
* Workaround for K8 erratum #93 & buggy BIOS.
|
|
|
|
*
|
|
|
|
* BIOS SMM functions are required to use a specific workaround
|
|
|
|
* to avoid corruption of the 64bit RIP register on C stepping K8.
|
|
|
|
*
|
|
|
|
* A lot of BIOS that didn't get tested properly miss this.
|
|
|
|
*
|
|
|
|
* The OS sees this as a page fault with the upper 32bits of RIP cleared.
|
|
|
|
* Try to work around it here.
|
|
|
|
*
|
|
|
|
* Note we only handle faults in kernel here.
|
|
|
|
* Does nothing on 32-bit.
|
2008-01-30 20:33:13 +08:00
|
|
|
*/
|
2008-01-30 20:32:19 +08:00
|
|
|
static int is_errata93(struct pt_regs *regs, unsigned long address)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
2011-09-28 23:56:51 +08:00
|
|
|
#if defined(CONFIG_X86_64) && defined(CONFIG_CPU_SUP_AMD)
|
|
|
|
if (boot_cpu_data.x86_vendor != X86_VENDOR_AMD
|
|
|
|
|| boot_cpu_data.x86 != 0xf)
|
|
|
|
return 0;
|
|
|
|
|
2008-01-30 20:30:56 +08:00
|
|
|
if (address != regs->ip)
|
2005-04-17 06:20:36 +08:00
|
|
|
return 0;
|
2009-02-21 02:56:40 +08:00
|
|
|
|
2008-01-30 20:32:19 +08:00
|
|
|
if ((address >> 32) != 0)
|
2005-04-17 06:20:36 +08:00
|
|
|
return 0;
|
2009-02-21 02:56:40 +08:00
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
address |= 0xffffffffUL << 32;
|
2008-01-30 20:32:19 +08:00
|
|
|
if ((address >= (u64)_stext && address <= (u64)_etext) ||
|
|
|
|
(address >= MODULES_VADDR && address <= MODULES_END)) {
|
2009-05-03 16:09:03 +08:00
|
|
|
printk_once(errata93_warning);
|
2008-01-30 20:30:56 +08:00
|
|
|
regs->ip = address;
|
2005-04-17 06:20:36 +08:00
|
|
|
return 1;
|
|
|
|
}
|
2008-01-30 20:33:13 +08:00
|
|
|
#endif
|
2005-04-17 06:20:36 +08:00
|
|
|
return 0;
|
2008-01-30 20:32:19 +08:00
|
|
|
}
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2008-01-30 20:34:09 +08:00
|
|
|
/*
|
2009-02-21 02:56:40 +08:00
|
|
|
* Work around K8 erratum #100 K8 in compat mode occasionally jumps
|
|
|
|
* to illegal addresses >4GB.
|
|
|
|
*
|
|
|
|
* We catch this in the page fault handler because these addresses
|
|
|
|
* are not reachable. Just detect this case and return. Any code
|
2008-01-30 20:34:09 +08:00
|
|
|
* segment in LDT is compatibility mode.
|
|
|
|
*/
|
|
|
|
static int is_errata100(struct pt_regs *regs, unsigned long address)
|
|
|
|
{
|
|
|
|
#ifdef CONFIG_X86_64
|
2009-02-21 02:56:40 +08:00
|
|
|
if ((regs->cs == __USER32_CS || (regs->cs & (1<<2))) && (address >> 32))
|
2008-01-30 20:34:09 +08:00
|
|
|
return 1;
|
|
|
|
#endif
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2020-05-28 22:53:20 +08:00
|
|
|
/* Pentium F0 0F C7 C8 bug workaround: */
|
2008-01-30 20:34:09 +08:00
|
|
|
static int is_f00f_bug(struct pt_regs *regs, unsigned long address)
|
|
|
|
{
|
|
|
|
#ifdef CONFIG_X86_F00F_BUG
|
2020-05-28 22:53:20 +08:00
|
|
|
if (boot_cpu_has_bug(X86_BUG_F00F) && idt_is_f00f_address(address)) {
|
|
|
|
handle_invalid_op(regs);
|
|
|
|
return 1;
|
2008-01-30 20:34:09 +08:00
|
|
|
}
|
|
|
|
#endif
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2018-11-22 07:11:25 +08:00
|
|
|
static void show_ldttss(const struct desc_ptr *gdt, const char *name, u16 index)
|
|
|
|
{
|
|
|
|
u32 offset = (index >> 3) * sizeof(struct desc_struct);
|
|
|
|
unsigned long addr;
|
|
|
|
struct ldttss_desc desc;
|
|
|
|
|
|
|
|
if (index == 0) {
|
|
|
|
pr_alert("%s: NULL\n", name);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (offset + sizeof(struct ldttss_desc) >= gdt->size) {
|
|
|
|
pr_alert("%s: 0x%hx -- out of bounds\n", name, index);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2020-06-17 15:37:53 +08:00
|
|
|
if (copy_from_kernel_nofault(&desc, (void *)(gdt->address + offset),
|
2018-11-22 07:11:25 +08:00
|
|
|
sizeof(struct ldttss_desc))) {
|
|
|
|
pr_alert("%s: 0x%hx -- GDT entry is not readable\n",
|
|
|
|
name, index);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2018-12-23 03:11:16 +08:00
|
|
|
addr = desc.base0 | (desc.base1 << 16) | ((unsigned long)desc.base2 << 24);
|
2018-11-22 07:11:25 +08:00
|
|
|
#ifdef CONFIG_X86_64
|
|
|
|
addr |= ((u64)desc.base3 << 32);
|
|
|
|
#endif
|
|
|
|
pr_alert("%s: 0x%hx -- base=0x%lx limit=0x%x\n",
|
|
|
|
name, index, addr, (desc.limit0 | (desc.limit1 << 16)));
|
|
|
|
}
|
|
|
|
|
2009-02-21 02:56:40 +08:00
|
|
|
static void
|
2018-11-22 16:34:03 +08:00
|
|
|
show_fault_oops(struct pt_regs *regs, unsigned long error_code, unsigned long address)
|
2008-01-30 20:34:10 +08:00
|
|
|
{
|
2008-01-30 20:34:10 +08:00
|
|
|
if (!oops_may_print())
|
|
|
|
return;
|
|
|
|
|
2017-10-28 04:25:28 +08:00
|
|
|
if (error_code & X86_PF_INSTR) {
|
2008-02-02 00:49:43 +08:00
|
|
|
unsigned int level;
|
2013-12-07 05:13:04 +08:00
|
|
|
pgd_t *pgd;
|
|
|
|
pte_t *pte;
|
2009-02-21 02:56:40 +08:00
|
|
|
|
2017-06-13 01:26:14 +08:00
|
|
|
pgd = __va(read_cr3_pa());
|
2013-12-07 05:13:04 +08:00
|
|
|
pgd += pgd_index(address);
|
|
|
|
|
|
|
|
pte = lookup_address_in_pgd(pgd, address, &level);
|
2008-01-30 20:34:10 +08:00
|
|
|
|
2009-02-21 06:00:29 +08:00
|
|
|
if (pte && pte_present(*pte) && !pte_exec(*pte))
|
2018-06-27 17:07:15 +08:00
|
|
|
pr_crit("kernel tried to execute NX-protected page - exploit attempt? (uid: %d)\n",
|
|
|
|
from_kuid(&init_user_ns, current_uid()));
|
2014-06-11 04:49:31 +08:00
|
|
|
if (pte && pte_present(*pte) && pte_exec(*pte) &&
|
|
|
|
(pgd_flags(*pgd) & _PAGE_USER) &&
|
2014-10-25 06:58:08 +08:00
|
|
|
(__read_cr4() & X86_CR4_SMEP))
|
2018-06-27 17:07:15 +08:00
|
|
|
pr_crit("unable to execute userspace code (SMEP?) (uid: %d)\n",
|
|
|
|
from_kuid(&init_user_ns, current_uid()));
|
2008-01-30 20:34:10 +08:00
|
|
|
}
|
|
|
|
|
x86/fault: Reword initial BUG message for unhandled page faults
Reword the NULL pointer dereference case to simply state that a NULL
pointer was dereferenced, i.e. drop "unable to handle" as that implies
that there are instances where the kernel actual does handle NULL
pointer dereferences, which is not true barring funky exception fixup.
For the non-NULL case, replace "kernel paging request" with "page fault"
as the kernel can technically oops on faults that originated in user
code. Dropping "kernel" also allows future patches to provide detailed
information on where the fault occurred, e.g. user vs. kernel, without
conflicting with the initial BUG message.
In both cases, replace "at address=" with wording more appropriate to
the oops, as "at" may be interpreted as stating that the address is the
RIP of the instruction that faulted.
Last, and probably least, further qualify the NULL-pointer path by
checking that the fault actually originated in kernel code. It's
technically possible for userspace to map address 0, and not printing
a super specific message is the least of our worries if the kernel does
manage to oops on an actual NULL pointer dereference from userspace.
Before:
BUG: unable to handle kernel NULL pointer dereference at ffffbeef00000000
BUG: unable to handle kernel paging request at ffffbeef00000000
After:
BUG: kernel NULL pointer dereference, address = 0000000000000008
BUG: unable to handle page fault for address = ffffbeef00000000
Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Dave Hansen <dave.hansen@linux.intel.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Rik van Riel <riel@surriel.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Yu-cheng Yu <yu-cheng.yu@intel.com>
Link: http://lkml.kernel.org/r/20181221213657.27628-2-sean.j.christopherson@intel.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2018-12-22 05:36:56 +08:00
|
|
|
if (address < PAGE_SIZE && !user_mode(regs))
|
2019-04-22 02:35:24 +08:00
|
|
|
pr_alert("BUG: kernel NULL pointer dereference, address: %px\n",
|
x86/fault: Reword initial BUG message for unhandled page faults
Reword the NULL pointer dereference case to simply state that a NULL
pointer was dereferenced, i.e. drop "unable to handle" as that implies
that there are instances where the kernel actual does handle NULL
pointer dereferences, which is not true barring funky exception fixup.
For the non-NULL case, replace "kernel paging request" with "page fault"
as the kernel can technically oops on faults that originated in user
code. Dropping "kernel" also allows future patches to provide detailed
information on where the fault occurred, e.g. user vs. kernel, without
conflicting with the initial BUG message.
In both cases, replace "at address=" with wording more appropriate to
the oops, as "at" may be interpreted as stating that the address is the
RIP of the instruction that faulted.
Last, and probably least, further qualify the NULL-pointer path by
checking that the fault actually originated in kernel code. It's
technically possible for userspace to map address 0, and not printing
a super specific message is the least of our worries if the kernel does
manage to oops on an actual NULL pointer dereference from userspace.
Before:
BUG: unable to handle kernel NULL pointer dereference at ffffbeef00000000
BUG: unable to handle kernel paging request at ffffbeef00000000
After:
BUG: kernel NULL pointer dereference, address = 0000000000000008
BUG: unable to handle page fault for address = ffffbeef00000000
Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Dave Hansen <dave.hansen@linux.intel.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Rik van Riel <riel@surriel.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Yu-cheng Yu <yu-cheng.yu@intel.com>
Link: http://lkml.kernel.org/r/20181221213657.27628-2-sean.j.christopherson@intel.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2018-12-22 05:36:56 +08:00
|
|
|
(void *)address);
|
|
|
|
else
|
2019-04-22 02:35:24 +08:00
|
|
|
pr_alert("BUG: unable to handle page fault for address: %px\n",
|
x86/fault: Reword initial BUG message for unhandled page faults
Reword the NULL pointer dereference case to simply state that a NULL
pointer was dereferenced, i.e. drop "unable to handle" as that implies
that there are instances where the kernel actual does handle NULL
pointer dereferences, which is not true barring funky exception fixup.
For the non-NULL case, replace "kernel paging request" with "page fault"
as the kernel can technically oops on faults that originated in user
code. Dropping "kernel" also allows future patches to provide detailed
information on where the fault occurred, e.g. user vs. kernel, without
conflicting with the initial BUG message.
In both cases, replace "at address=" with wording more appropriate to
the oops, as "at" may be interpreted as stating that the address is the
RIP of the instruction that faulted.
Last, and probably least, further qualify the NULL-pointer path by
checking that the fault actually originated in kernel code. It's
technically possible for userspace to map address 0, and not printing
a super specific message is the least of our worries if the kernel does
manage to oops on an actual NULL pointer dereference from userspace.
Before:
BUG: unable to handle kernel NULL pointer dereference at ffffbeef00000000
BUG: unable to handle kernel paging request at ffffbeef00000000
After:
BUG: kernel NULL pointer dereference, address = 0000000000000008
BUG: unable to handle page fault for address = ffffbeef00000000
Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Dave Hansen <dave.hansen@linux.intel.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Rik van Riel <riel@surriel.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Yu-cheng Yu <yu-cheng.yu@intel.com>
Link: http://lkml.kernel.org/r/20181221213657.27628-2-sean.j.christopherson@intel.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2018-12-22 05:36:56 +08:00
|
|
|
(void *)address);
|
2009-02-21 02:56:40 +08:00
|
|
|
|
2019-04-22 02:35:24 +08:00
|
|
|
pr_alert("#PF: %s %s in %s mode\n",
|
2018-12-22 05:36:57 +08:00
|
|
|
(error_code & X86_PF_USER) ? "user" : "supervisor",
|
|
|
|
(error_code & X86_PF_INSTR) ? "instruction fetch" :
|
|
|
|
(error_code & X86_PF_WRITE) ? "write access" :
|
|
|
|
"read access",
|
|
|
|
user_mode(regs) ? "user" : "kernel");
|
|
|
|
pr_alert("#PF: error_code(0x%04lx) - %s\n", error_code,
|
|
|
|
!(error_code & X86_PF_PROT) ? "not-present page" :
|
|
|
|
(error_code & X86_PF_RSVD) ? "reserved bit violation" :
|
|
|
|
(error_code & X86_PF_PK) ? "protection keys violation" :
|
|
|
|
"permissions violation");
|
2018-11-22 16:34:03 +08:00
|
|
|
|
2018-11-22 07:11:25 +08:00
|
|
|
if (!(error_code & X86_PF_USER) && user_mode(regs)) {
|
|
|
|
struct desc_ptr idt, gdt;
|
|
|
|
u16 ldtr, tr;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* This can happen for quite a few reasons. The more obvious
|
|
|
|
* ones are faults accessing the GDT, or LDT. Perhaps
|
|
|
|
* surprisingly, if the CPU tries to deliver a benign or
|
|
|
|
* contributory exception from user code and gets a page fault
|
|
|
|
* during delivery, the page fault can be delivered as though
|
|
|
|
* it originated directly from user code. This could happen
|
|
|
|
* due to wrong permissions on the IDT, GDT, LDT, TSS, or
|
|
|
|
* kernel or IST stack.
|
|
|
|
*/
|
|
|
|
store_idt(&idt);
|
|
|
|
|
|
|
|
/* Usable even on Xen PV -- it's just slow. */
|
|
|
|
native_store_gdt(&gdt);
|
|
|
|
|
|
|
|
pr_alert("IDT: 0x%lx (limit=0x%hx) GDT: 0x%lx (limit=0x%hx)\n",
|
|
|
|
idt.address, idt.size, gdt.address, gdt.size);
|
|
|
|
|
|
|
|
store_ldt(ldtr);
|
|
|
|
show_ldttss(&gdt, "LDTR", ldtr);
|
|
|
|
|
|
|
|
store_tr(tr);
|
|
|
|
show_ldttss(&gdt, "TR", tr);
|
|
|
|
}
|
|
|
|
|
2008-01-30 20:34:10 +08:00
|
|
|
dump_pagetable(address);
|
|
|
|
}
|
|
|
|
|
2009-02-21 02:56:40 +08:00
|
|
|
static noinline void
|
|
|
|
pgtable_bad(struct pt_regs *regs, unsigned long error_code,
|
|
|
|
unsigned long address)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
2009-02-21 02:56:40 +08:00
|
|
|
struct task_struct *tsk;
|
|
|
|
unsigned long flags;
|
|
|
|
int sig;
|
|
|
|
|
|
|
|
flags = oops_begin();
|
|
|
|
tsk = current;
|
|
|
|
sig = SIGKILL;
|
2005-09-13 00:49:24 +08:00
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
printk(KERN_ALERT "%s: Corrupted page table at address %lx\n",
|
x86: optimise x86's do_page_fault (C entry point for the page fault path)
Impact: cleanup, restructure code to improve assembly
gcc isn't _all_ that smart about spilling registers to stack or reusing
stack slots, even with branch annotations. do_page_fault contained a lot
of functionality, so split unlikely paths into their own functions, and
mark them as noinline just to be sure. I consider this actually to be
somewhat of a cleanup too: the main function now contains about half
the number of lines so the normal path is easier to read, while the error
cases are also nicely split away.
Also, ensure the order of arguments to functions is always the same: regs,
addr, error_code. This can reduce code size a tiny bit, and just looks neater
too.
And add a couple of branch annotations.
Before:
do_page_fault:
subq $360, %rsp #,
After:
do_page_fault:
subq $56, %rsp #,
bloat-o-meter:
add/remove: 8/0 grow/shrink: 0/1 up/down: 2222/-1680 (542)
function old new delta
__bad_area_nosemaphore - 506 +506
no_context - 474 +474
vmalloc_fault - 424 +424
spurious_fault - 358 +358
mm_fault_error - 272 +272
bad_area_access_error - 89 +89
bad_area - 89 +89
bad_area_nosemaphore - 10 +10
do_page_fault 2464 784 -1680
Yes, the total size increases by 542 bytes, due to the extra function calls.
But these will very rarely be called (except for vmalloc_fault) in a normal
workload. Importantly, do_page_fault is less than 1/3rd it's original size,
and touches far less stack.
Existing gotos and branch hints did move a lot of the infrequently used text
out of the fastpath, but that's even further improved after this patch.
Signed-off-by: Nick Piggin <npiggin@suse.de>
Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2009-01-20 11:24:26 +08:00
|
|
|
tsk->comm, address);
|
2005-04-17 06:20:36 +08:00
|
|
|
dump_pagetable(address);
|
2009-02-21 02:56:40 +08:00
|
|
|
|
2008-01-30 20:31:23 +08:00
|
|
|
if (__die("Bad pagetable", regs, error_code))
|
2008-10-22 18:00:09 +08:00
|
|
|
sig = 0;
|
2009-02-21 02:56:40 +08:00
|
|
|
|
2008-10-22 18:00:09 +08:00
|
|
|
oops_end(flags, regs, sig);
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
2018-11-20 06:45:31 +08:00
|
|
|
static void set_signal_archinfo(unsigned long address,
|
|
|
|
unsigned long error_code)
|
|
|
|
{
|
|
|
|
struct task_struct *tsk = current;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* To avoid leaking information about the kernel page
|
|
|
|
* table layout, pretend that user-mode accesses to
|
|
|
|
* kernel addresses are always protection faults.
|
2019-06-27 12:45:05 +08:00
|
|
|
*
|
|
|
|
* NB: This means that failed vsyscalls with vsyscall=none
|
|
|
|
* will have the PROT bit. This doesn't leak any
|
|
|
|
* information and does not appear to cause any problems.
|
2018-11-20 06:45:31 +08:00
|
|
|
*/
|
|
|
|
if (address >= TASK_SIZE_MAX)
|
|
|
|
error_code |= X86_PF_PROT;
|
|
|
|
|
|
|
|
tsk->thread.trap_nr = X86_TRAP_PF;
|
|
|
|
tsk->thread.error_code = error_code | X86_PF_USER;
|
|
|
|
tsk->thread.cr2 = address;
|
|
|
|
}
|
|
|
|
|
2009-02-21 02:56:40 +08:00
|
|
|
static noinline void
|
|
|
|
no_context(struct pt_regs *regs, unsigned long error_code,
|
2011-11-08 08:33:40 +08:00
|
|
|
unsigned long address, int signal, int si_code)
|
x86: optimise x86's do_page_fault (C entry point for the page fault path)
Impact: cleanup, restructure code to improve assembly
gcc isn't _all_ that smart about spilling registers to stack or reusing
stack slots, even with branch annotations. do_page_fault contained a lot
of functionality, so split unlikely paths into their own functions, and
mark them as noinline just to be sure. I consider this actually to be
somewhat of a cleanup too: the main function now contains about half
the number of lines so the normal path is easier to read, while the error
cases are also nicely split away.
Also, ensure the order of arguments to functions is always the same: regs,
addr, error_code. This can reduce code size a tiny bit, and just looks neater
too.
And add a couple of branch annotations.
Before:
do_page_fault:
subq $360, %rsp #,
After:
do_page_fault:
subq $56, %rsp #,
bloat-o-meter:
add/remove: 8/0 grow/shrink: 0/1 up/down: 2222/-1680 (542)
function old new delta
__bad_area_nosemaphore - 506 +506
no_context - 474 +474
vmalloc_fault - 424 +424
spurious_fault - 358 +358
mm_fault_error - 272 +272
bad_area_access_error - 89 +89
bad_area - 89 +89
bad_area_nosemaphore - 10 +10
do_page_fault 2464 784 -1680
Yes, the total size increases by 542 bytes, due to the extra function calls.
But these will very rarely be called (except for vmalloc_fault) in a normal
workload. Importantly, do_page_fault is less than 1/3rd it's original size,
and touches far less stack.
Existing gotos and branch hints did move a lot of the infrequently used text
out of the fastpath, but that's even further improved after this patch.
Signed-off-by: Nick Piggin <npiggin@suse.de>
Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2009-01-20 11:24:26 +08:00
|
|
|
{
|
|
|
|
struct task_struct *tsk = current;
|
|
|
|
unsigned long flags;
|
|
|
|
int sig;
|
|
|
|
|
2018-11-22 07:11:23 +08:00
|
|
|
if (user_mode(regs)) {
|
|
|
|
/*
|
|
|
|
* This is an implicit supervisor-mode access from user
|
|
|
|
* mode. Bypass all the kernel-mode recovery code and just
|
|
|
|
* OOPS.
|
|
|
|
*/
|
|
|
|
goto oops;
|
|
|
|
}
|
|
|
|
|
2009-02-21 02:56:40 +08:00
|
|
|
/* Are we prepared to handle this kernel fault? */
|
2018-08-29 04:14:19 +08:00
|
|
|
if (fixup_exception(regs, X86_TRAP_PF, error_code, address)) {
|
2014-01-11 04:06:03 +08:00
|
|
|
/*
|
|
|
|
* Any interrupt that takes a fault gets the fixup. This makes
|
|
|
|
* the below recursive fault logic only apply to a faults from
|
|
|
|
* task context.
|
|
|
|
*/
|
|
|
|
if (in_interrupt())
|
|
|
|
return;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Per the above we're !in_interrupt(), aka. task context.
|
|
|
|
*
|
|
|
|
* In this case we need to make sure we're not recursively
|
|
|
|
* faulting through the emulate_vsyscall() logic.
|
|
|
|
*/
|
2016-07-15 16:21:11 +08:00
|
|
|
if (current->thread.sig_on_uaccess_err && signal) {
|
2018-11-20 06:45:31 +08:00
|
|
|
set_signal_archinfo(address, error_code);
|
2011-11-08 08:33:40 +08:00
|
|
|
|
|
|
|
/* XXX: hwpoison faults will set the wrong code. */
|
2019-05-24 00:04:24 +08:00
|
|
|
force_sig_fault(signal, si_code, (void __user *)address);
|
2011-11-08 08:33:40 +08:00
|
|
|
}
|
2014-01-11 04:06:03 +08:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Barring that, we can do the fixup and be happy.
|
|
|
|
*/
|
x86: optimise x86's do_page_fault (C entry point for the page fault path)
Impact: cleanup, restructure code to improve assembly
gcc isn't _all_ that smart about spilling registers to stack or reusing
stack slots, even with branch annotations. do_page_fault contained a lot
of functionality, so split unlikely paths into their own functions, and
mark them as noinline just to be sure. I consider this actually to be
somewhat of a cleanup too: the main function now contains about half
the number of lines so the normal path is easier to read, while the error
cases are also nicely split away.
Also, ensure the order of arguments to functions is always the same: regs,
addr, error_code. This can reduce code size a tiny bit, and just looks neater
too.
And add a couple of branch annotations.
Before:
do_page_fault:
subq $360, %rsp #,
After:
do_page_fault:
subq $56, %rsp #,
bloat-o-meter:
add/remove: 8/0 grow/shrink: 0/1 up/down: 2222/-1680 (542)
function old new delta
__bad_area_nosemaphore - 506 +506
no_context - 474 +474
vmalloc_fault - 424 +424
spurious_fault - 358 +358
mm_fault_error - 272 +272
bad_area_access_error - 89 +89
bad_area - 89 +89
bad_area_nosemaphore - 10 +10
do_page_fault 2464 784 -1680
Yes, the total size increases by 542 bytes, due to the extra function calls.
But these will very rarely be called (except for vmalloc_fault) in a normal
workload. Importantly, do_page_fault is less than 1/3rd it's original size,
and touches far less stack.
Existing gotos and branch hints did move a lot of the infrequently used text
out of the fastpath, but that's even further improved after this patch.
Signed-off-by: Nick Piggin <npiggin@suse.de>
Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2009-01-20 11:24:26 +08:00
|
|
|
return;
|
2011-11-08 08:33:40 +08:00
|
|
|
}
|
x86: optimise x86's do_page_fault (C entry point for the page fault path)
Impact: cleanup, restructure code to improve assembly
gcc isn't _all_ that smart about spilling registers to stack or reusing
stack slots, even with branch annotations. do_page_fault contained a lot
of functionality, so split unlikely paths into their own functions, and
mark them as noinline just to be sure. I consider this actually to be
somewhat of a cleanup too: the main function now contains about half
the number of lines so the normal path is easier to read, while the error
cases are also nicely split away.
Also, ensure the order of arguments to functions is always the same: regs,
addr, error_code. This can reduce code size a tiny bit, and just looks neater
too.
And add a couple of branch annotations.
Before:
do_page_fault:
subq $360, %rsp #,
After:
do_page_fault:
subq $56, %rsp #,
bloat-o-meter:
add/remove: 8/0 grow/shrink: 0/1 up/down: 2222/-1680 (542)
function old new delta
__bad_area_nosemaphore - 506 +506
no_context - 474 +474
vmalloc_fault - 424 +424
spurious_fault - 358 +358
mm_fault_error - 272 +272
bad_area_access_error - 89 +89
bad_area - 89 +89
bad_area_nosemaphore - 10 +10
do_page_fault 2464 784 -1680
Yes, the total size increases by 542 bytes, due to the extra function calls.
But these will very rarely be called (except for vmalloc_fault) in a normal
workload. Importantly, do_page_fault is less than 1/3rd it's original size,
and touches far less stack.
Existing gotos and branch hints did move a lot of the infrequently used text
out of the fastpath, but that's even further improved after this patch.
Signed-off-by: Nick Piggin <npiggin@suse.de>
Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2009-01-20 11:24:26 +08:00
|
|
|
|
2016-08-31 08:27:57 +08:00
|
|
|
#ifdef CONFIG_VMAP_STACK
|
|
|
|
/*
|
|
|
|
* Stack overflow? During boot, we can fault near the initial
|
|
|
|
* stack in the direct map, but that's not an overflow -- check
|
|
|
|
* that we're in vmalloc space to avoid this.
|
|
|
|
*/
|
|
|
|
if (is_vmalloc_addr((void *)address) &&
|
|
|
|
(((unsigned long)tsk->stack - 1 - address < PAGE_SIZE) ||
|
|
|
|
address - ((unsigned long)tsk->stack + THREAD_SIZE) < PAGE_SIZE)) {
|
2019-04-14 23:59:50 +08:00
|
|
|
unsigned long stack = __this_cpu_ist_top_va(DF) - sizeof(void *);
|
2016-08-31 08:27:57 +08:00
|
|
|
/*
|
|
|
|
* We're likely to be running with very little stack space
|
|
|
|
* left. It's plausible that we'd hit this condition but
|
|
|
|
* double-fault even before we get this far, in which case
|
|
|
|
* we're fine: the double-fault handler will deal with it.
|
|
|
|
*
|
|
|
|
* We don't want to make it all the way into the oops code
|
|
|
|
* and then double-fault, though, because we're likely to
|
|
|
|
* break the console driver and lose most of the stack dump.
|
|
|
|
*/
|
|
|
|
asm volatile ("movq %[stack], %%rsp\n\t"
|
|
|
|
"call handle_stack_overflow\n\t"
|
|
|
|
"1: jmp 1b"
|
x86/asm: Fix inline asm call constraints for Clang
For inline asm statements which have a CALL instruction, we list the
stack pointer as a constraint to convince GCC to ensure the frame
pointer is set up first:
static inline void foo()
{
register void *__sp asm(_ASM_SP);
asm("call bar" : "+r" (__sp))
}
Unfortunately, that pattern causes Clang to corrupt the stack pointer.
The fix is easy: convert the stack pointer register variable to a global
variable.
It should be noted that the end result is different based on the GCC
version. With GCC 6.4, this patch has exactly the same result as
before:
defconfig defconfig-nofp distro distro-nofp
before 9820389 9491555 8816046 8516940
after 9820389 9491555 8816046 8516940
With GCC 7.2, however, GCC's behavior has changed. It now changes its
behavior based on the conversion of the register variable to a global.
That somehow convinces it to *always* set up the frame pointer before
inserting *any* inline asm. (Therefore, listing the variable as an
output constraint is a no-op and is no longer necessary.) It's a bit
overkill, but the performance impact should be negligible. And in fact,
there's a nice improvement with frame pointers disabled:
defconfig defconfig-nofp distro distro-nofp
before 9796316 9468236 9076191 8790305
after 9796957 9464267 9076381 8785949
So in summary, while listing the stack pointer as an output constraint
is no longer necessary for newer versions of GCC, it's still needed for
older versions.
Suggested-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
Reported-by: Matthias Kaehlcke <mka@chromium.org>
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Alexander Potapenko <glider@google.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Dmitriy Vyukov <dvyukov@google.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Miguel Bernal Marin <miguel.bernal.marin@linux.intel.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Link: http://lkml.kernel.org/r/3db862e970c432ae823cf515c52b54fec8270e0e.1505942196.git.jpoimboe@redhat.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2017-09-21 05:24:33 +08:00
|
|
|
: ASM_CALL_CONSTRAINT
|
2016-08-31 08:27:57 +08:00
|
|
|
: "D" ("kernel stack overflow (page fault)"),
|
|
|
|
"S" (regs), "d" (address),
|
|
|
|
[stack] "rm" (stack));
|
|
|
|
unreachable();
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
x86: optimise x86's do_page_fault (C entry point for the page fault path)
Impact: cleanup, restructure code to improve assembly
gcc isn't _all_ that smart about spilling registers to stack or reusing
stack slots, even with branch annotations. do_page_fault contained a lot
of functionality, so split unlikely paths into their own functions, and
mark them as noinline just to be sure. I consider this actually to be
somewhat of a cleanup too: the main function now contains about half
the number of lines so the normal path is easier to read, while the error
cases are also nicely split away.
Also, ensure the order of arguments to functions is always the same: regs,
addr, error_code. This can reduce code size a tiny bit, and just looks neater
too.
And add a couple of branch annotations.
Before:
do_page_fault:
subq $360, %rsp #,
After:
do_page_fault:
subq $56, %rsp #,
bloat-o-meter:
add/remove: 8/0 grow/shrink: 0/1 up/down: 2222/-1680 (542)
function old new delta
__bad_area_nosemaphore - 506 +506
no_context - 474 +474
vmalloc_fault - 424 +424
spurious_fault - 358 +358
mm_fault_error - 272 +272
bad_area_access_error - 89 +89
bad_area - 89 +89
bad_area_nosemaphore - 10 +10
do_page_fault 2464 784 -1680
Yes, the total size increases by 542 bytes, due to the extra function calls.
But these will very rarely be called (except for vmalloc_fault) in a normal
workload. Importantly, do_page_fault is less than 1/3rd it's original size,
and touches far less stack.
Existing gotos and branch hints did move a lot of the infrequently used text
out of the fastpath, but that's even further improved after this patch.
Signed-off-by: Nick Piggin <npiggin@suse.de>
Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2009-01-20 11:24:26 +08:00
|
|
|
/*
|
2009-02-21 02:56:40 +08:00
|
|
|
* 32-bit:
|
|
|
|
*
|
|
|
|
* Valid to do another page fault here, because if this fault
|
|
|
|
* had been triggered by is_prefetch fixup_exception would have
|
|
|
|
* handled it.
|
|
|
|
*
|
|
|
|
* 64-bit:
|
x86: optimise x86's do_page_fault (C entry point for the page fault path)
Impact: cleanup, restructure code to improve assembly
gcc isn't _all_ that smart about spilling registers to stack or reusing
stack slots, even with branch annotations. do_page_fault contained a lot
of functionality, so split unlikely paths into their own functions, and
mark them as noinline just to be sure. I consider this actually to be
somewhat of a cleanup too: the main function now contains about half
the number of lines so the normal path is easier to read, while the error
cases are also nicely split away.
Also, ensure the order of arguments to functions is always the same: regs,
addr, error_code. This can reduce code size a tiny bit, and just looks neater
too.
And add a couple of branch annotations.
Before:
do_page_fault:
subq $360, %rsp #,
After:
do_page_fault:
subq $56, %rsp #,
bloat-o-meter:
add/remove: 8/0 grow/shrink: 0/1 up/down: 2222/-1680 (542)
function old new delta
__bad_area_nosemaphore - 506 +506
no_context - 474 +474
vmalloc_fault - 424 +424
spurious_fault - 358 +358
mm_fault_error - 272 +272
bad_area_access_error - 89 +89
bad_area - 89 +89
bad_area_nosemaphore - 10 +10
do_page_fault 2464 784 -1680
Yes, the total size increases by 542 bytes, due to the extra function calls.
But these will very rarely be called (except for vmalloc_fault) in a normal
workload. Importantly, do_page_fault is less than 1/3rd it's original size,
and touches far less stack.
Existing gotos and branch hints did move a lot of the infrequently used text
out of the fastpath, but that's even further improved after this patch.
Signed-off-by: Nick Piggin <npiggin@suse.de>
Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2009-01-20 11:24:26 +08:00
|
|
|
*
|
2009-02-21 02:56:40 +08:00
|
|
|
* Hall of shame of CPU/BIOS bugs.
|
x86: optimise x86's do_page_fault (C entry point for the page fault path)
Impact: cleanup, restructure code to improve assembly
gcc isn't _all_ that smart about spilling registers to stack or reusing
stack slots, even with branch annotations. do_page_fault contained a lot
of functionality, so split unlikely paths into their own functions, and
mark them as noinline just to be sure. I consider this actually to be
somewhat of a cleanup too: the main function now contains about half
the number of lines so the normal path is easier to read, while the error
cases are also nicely split away.
Also, ensure the order of arguments to functions is always the same: regs,
addr, error_code. This can reduce code size a tiny bit, and just looks neater
too.
And add a couple of branch annotations.
Before:
do_page_fault:
subq $360, %rsp #,
After:
do_page_fault:
subq $56, %rsp #,
bloat-o-meter:
add/remove: 8/0 grow/shrink: 0/1 up/down: 2222/-1680 (542)
function old new delta
__bad_area_nosemaphore - 506 +506
no_context - 474 +474
vmalloc_fault - 424 +424
spurious_fault - 358 +358
mm_fault_error - 272 +272
bad_area_access_error - 89 +89
bad_area - 89 +89
bad_area_nosemaphore - 10 +10
do_page_fault 2464 784 -1680
Yes, the total size increases by 542 bytes, due to the extra function calls.
But these will very rarely be called (except for vmalloc_fault) in a normal
workload. Importantly, do_page_fault is less than 1/3rd it's original size,
and touches far less stack.
Existing gotos and branch hints did move a lot of the infrequently used text
out of the fastpath, but that's even further improved after this patch.
Signed-off-by: Nick Piggin <npiggin@suse.de>
Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2009-01-20 11:24:26 +08:00
|
|
|
*/
|
|
|
|
if (is_prefetch(regs, error_code, address))
|
|
|
|
return;
|
|
|
|
|
|
|
|
if (is_errata93(regs, address))
|
|
|
|
return;
|
|
|
|
|
2018-09-12 03:15:22 +08:00
|
|
|
/*
|
|
|
|
* Buggy firmware could access regions which might page fault, try to
|
|
|
|
* recover from such faults.
|
|
|
|
*/
|
|
|
|
if (IS_ENABLED(CONFIG_EFI))
|
|
|
|
efi_recover_from_page_fault(address);
|
|
|
|
|
2018-11-22 07:11:23 +08:00
|
|
|
oops:
|
x86: optimise x86's do_page_fault (C entry point for the page fault path)
Impact: cleanup, restructure code to improve assembly
gcc isn't _all_ that smart about spilling registers to stack or reusing
stack slots, even with branch annotations. do_page_fault contained a lot
of functionality, so split unlikely paths into their own functions, and
mark them as noinline just to be sure. I consider this actually to be
somewhat of a cleanup too: the main function now contains about half
the number of lines so the normal path is easier to read, while the error
cases are also nicely split away.
Also, ensure the order of arguments to functions is always the same: regs,
addr, error_code. This can reduce code size a tiny bit, and just looks neater
too.
And add a couple of branch annotations.
Before:
do_page_fault:
subq $360, %rsp #,
After:
do_page_fault:
subq $56, %rsp #,
bloat-o-meter:
add/remove: 8/0 grow/shrink: 0/1 up/down: 2222/-1680 (542)
function old new delta
__bad_area_nosemaphore - 506 +506
no_context - 474 +474
vmalloc_fault - 424 +424
spurious_fault - 358 +358
mm_fault_error - 272 +272
bad_area_access_error - 89 +89
bad_area - 89 +89
bad_area_nosemaphore - 10 +10
do_page_fault 2464 784 -1680
Yes, the total size increases by 542 bytes, due to the extra function calls.
But these will very rarely be called (except for vmalloc_fault) in a normal
workload. Importantly, do_page_fault is less than 1/3rd it's original size,
and touches far less stack.
Existing gotos and branch hints did move a lot of the infrequently used text
out of the fastpath, but that's even further improved after this patch.
Signed-off-by: Nick Piggin <npiggin@suse.de>
Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2009-01-20 11:24:26 +08:00
|
|
|
/*
|
|
|
|
* Oops. The kernel tried to access some bad page. We'll have to
|
2009-02-21 02:56:40 +08:00
|
|
|
* terminate things with extreme prejudice:
|
x86: optimise x86's do_page_fault (C entry point for the page fault path)
Impact: cleanup, restructure code to improve assembly
gcc isn't _all_ that smart about spilling registers to stack or reusing
stack slots, even with branch annotations. do_page_fault contained a lot
of functionality, so split unlikely paths into their own functions, and
mark them as noinline just to be sure. I consider this actually to be
somewhat of a cleanup too: the main function now contains about half
the number of lines so the normal path is easier to read, while the error
cases are also nicely split away.
Also, ensure the order of arguments to functions is always the same: regs,
addr, error_code. This can reduce code size a tiny bit, and just looks neater
too.
And add a couple of branch annotations.
Before:
do_page_fault:
subq $360, %rsp #,
After:
do_page_fault:
subq $56, %rsp #,
bloat-o-meter:
add/remove: 8/0 grow/shrink: 0/1 up/down: 2222/-1680 (542)
function old new delta
__bad_area_nosemaphore - 506 +506
no_context - 474 +474
vmalloc_fault - 424 +424
spurious_fault - 358 +358
mm_fault_error - 272 +272
bad_area_access_error - 89 +89
bad_area - 89 +89
bad_area_nosemaphore - 10 +10
do_page_fault 2464 784 -1680
Yes, the total size increases by 542 bytes, due to the extra function calls.
But these will very rarely be called (except for vmalloc_fault) in a normal
workload. Importantly, do_page_fault is less than 1/3rd it's original size,
and touches far less stack.
Existing gotos and branch hints did move a lot of the infrequently used text
out of the fastpath, but that's even further improved after this patch.
Signed-off-by: Nick Piggin <npiggin@suse.de>
Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2009-01-20 11:24:26 +08:00
|
|
|
*/
|
|
|
|
flags = oops_begin();
|
|
|
|
|
|
|
|
show_fault_oops(regs, error_code, address);
|
|
|
|
|
2014-09-12 21:16:18 +08:00
|
|
|
if (task_stack_end_corrupted(tsk))
|
bugs, x86: Fix printk levels for panic, softlockups and stack dumps
rsyslog will display KERN_EMERG messages on a connected
terminal. However, these messages are useless/undecipherable
for a general user.
For example, after a softlockup we get:
Message from syslogd@intel-s3e37-04 at Jan 25 14:18:06 ...
kernel:Stack:
Message from syslogd@intel-s3e37-04 at Jan 25 14:18:06 ...
kernel:Call Trace:
Message from syslogd@intel-s3e37-04 at Jan 25 14:18:06 ...
kernel:Code: ff ff a8 08 75 25 31 d2 48 8d 86 38 e0 ff ff 48 89
d1 0f 01 c8 0f ae f0 48 8b 86 38 e0 ff ff a8 08 75 08 b1 01 4c 89 e0 0f 01 c9 <e8> ea 69 dd ff 4c 29 e8 48 89 c7 e8 0f bc da ff 49 89 c4 49 89
This happens because the printk levels for these messages are
incorrect. Only an informational message should be displayed on
a terminal.
I modified the printk levels for various messages in the kernel
and tested the output by using the drivers/misc/lkdtm.c kernel
modules (ie, softlockups, panics, hard lockups, etc.) and
confirmed that the console output was still the same and that
the output to the terminals was correct.
For example, in the case of a softlockup we now see the much
more informative:
Message from syslogd@intel-s3e37-04 at Jan 25 10:18:06 ...
BUG: soft lockup - CPU4 stuck for 60s!
instead of the above confusing messages.
AFAICT, the messages no longer have to be KERN_EMERG. In the
most important case of a panic we set console_verbose(). As for
the other less severe cases the correct data is output to the
console and /var/log/messages.
Successfully tested by me using the drivers/misc/lkdtm.c module.
Signed-off-by: Prarit Bhargava <prarit@redhat.com>
Cc: dzickus@redhat.com
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Link: http://lkml.kernel.org/r/1327586134-11926-1-git-send-email-prarit@redhat.com
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2012-01-26 21:55:34 +08:00
|
|
|
printk(KERN_EMERG "Thread overran stack, or stack corrupted\n");
|
2009-01-21 17:39:51 +08:00
|
|
|
|
x86: optimise x86's do_page_fault (C entry point for the page fault path)
Impact: cleanup, restructure code to improve assembly
gcc isn't _all_ that smart about spilling registers to stack or reusing
stack slots, even with branch annotations. do_page_fault contained a lot
of functionality, so split unlikely paths into their own functions, and
mark them as noinline just to be sure. I consider this actually to be
somewhat of a cleanup too: the main function now contains about half
the number of lines so the normal path is easier to read, while the error
cases are also nicely split away.
Also, ensure the order of arguments to functions is always the same: regs,
addr, error_code. This can reduce code size a tiny bit, and just looks neater
too.
And add a couple of branch annotations.
Before:
do_page_fault:
subq $360, %rsp #,
After:
do_page_fault:
subq $56, %rsp #,
bloat-o-meter:
add/remove: 8/0 grow/shrink: 0/1 up/down: 2222/-1680 (542)
function old new delta
__bad_area_nosemaphore - 506 +506
no_context - 474 +474
vmalloc_fault - 424 +424
spurious_fault - 358 +358
mm_fault_error - 272 +272
bad_area_access_error - 89 +89
bad_area - 89 +89
bad_area_nosemaphore - 10 +10
do_page_fault 2464 784 -1680
Yes, the total size increases by 542 bytes, due to the extra function calls.
But these will very rarely be called (except for vmalloc_fault) in a normal
workload. Importantly, do_page_fault is less than 1/3rd it's original size,
and touches far less stack.
Existing gotos and branch hints did move a lot of the infrequently used text
out of the fastpath, but that's even further improved after this patch.
Signed-off-by: Nick Piggin <npiggin@suse.de>
Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2009-01-20 11:24:26 +08:00
|
|
|
sig = SIGKILL;
|
|
|
|
if (__die("Oops", regs, error_code))
|
|
|
|
sig = 0;
|
2009-02-21 02:56:40 +08:00
|
|
|
|
x86: optimise x86's do_page_fault (C entry point for the page fault path)
Impact: cleanup, restructure code to improve assembly
gcc isn't _all_ that smart about spilling registers to stack or reusing
stack slots, even with branch annotations. do_page_fault contained a lot
of functionality, so split unlikely paths into their own functions, and
mark them as noinline just to be sure. I consider this actually to be
somewhat of a cleanup too: the main function now contains about half
the number of lines so the normal path is easier to read, while the error
cases are also nicely split away.
Also, ensure the order of arguments to functions is always the same: regs,
addr, error_code. This can reduce code size a tiny bit, and just looks neater
too.
And add a couple of branch annotations.
Before:
do_page_fault:
subq $360, %rsp #,
After:
do_page_fault:
subq $56, %rsp #,
bloat-o-meter:
add/remove: 8/0 grow/shrink: 0/1 up/down: 2222/-1680 (542)
function old new delta
__bad_area_nosemaphore - 506 +506
no_context - 474 +474
vmalloc_fault - 424 +424
spurious_fault - 358 +358
mm_fault_error - 272 +272
bad_area_access_error - 89 +89
bad_area - 89 +89
bad_area_nosemaphore - 10 +10
do_page_fault 2464 784 -1680
Yes, the total size increases by 542 bytes, due to the extra function calls.
But these will very rarely be called (except for vmalloc_fault) in a normal
workload. Importantly, do_page_fault is less than 1/3rd it's original size,
and touches far less stack.
Existing gotos and branch hints did move a lot of the infrequently used text
out of the fastpath, but that's even further improved after this patch.
Signed-off-by: Nick Piggin <npiggin@suse.de>
Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2009-01-20 11:24:26 +08:00
|
|
|
/* Executive summary in case the body of the oops scrolled away */
|
bugs, x86: Fix printk levels for panic, softlockups and stack dumps
rsyslog will display KERN_EMERG messages on a connected
terminal. However, these messages are useless/undecipherable
for a general user.
For example, after a softlockup we get:
Message from syslogd@intel-s3e37-04 at Jan 25 14:18:06 ...
kernel:Stack:
Message from syslogd@intel-s3e37-04 at Jan 25 14:18:06 ...
kernel:Call Trace:
Message from syslogd@intel-s3e37-04 at Jan 25 14:18:06 ...
kernel:Code: ff ff a8 08 75 25 31 d2 48 8d 86 38 e0 ff ff 48 89
d1 0f 01 c8 0f ae f0 48 8b 86 38 e0 ff ff a8 08 75 08 b1 01 4c 89 e0 0f 01 c9 <e8> ea 69 dd ff 4c 29 e8 48 89 c7 e8 0f bc da ff 49 89 c4 49 89
This happens because the printk levels for these messages are
incorrect. Only an informational message should be displayed on
a terminal.
I modified the printk levels for various messages in the kernel
and tested the output by using the drivers/misc/lkdtm.c kernel
modules (ie, softlockups, panics, hard lockups, etc.) and
confirmed that the console output was still the same and that
the output to the terminals was correct.
For example, in the case of a softlockup we now see the much
more informative:
Message from syslogd@intel-s3e37-04 at Jan 25 10:18:06 ...
BUG: soft lockup - CPU4 stuck for 60s!
instead of the above confusing messages.
AFAICT, the messages no longer have to be KERN_EMERG. In the
most important case of a panic we set console_verbose(). As for
the other less severe cases the correct data is output to the
console and /var/log/messages.
Successfully tested by me using the drivers/misc/lkdtm.c module.
Signed-off-by: Prarit Bhargava <prarit@redhat.com>
Cc: dzickus@redhat.com
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Link: http://lkml.kernel.org/r/1327586134-11926-1-git-send-email-prarit@redhat.com
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2012-01-26 21:55:34 +08:00
|
|
|
printk(KERN_DEFAULT "CR2: %016lx\n", address);
|
2009-02-21 02:56:40 +08:00
|
|
|
|
x86: optimise x86's do_page_fault (C entry point for the page fault path)
Impact: cleanup, restructure code to improve assembly
gcc isn't _all_ that smart about spilling registers to stack or reusing
stack slots, even with branch annotations. do_page_fault contained a lot
of functionality, so split unlikely paths into their own functions, and
mark them as noinline just to be sure. I consider this actually to be
somewhat of a cleanup too: the main function now contains about half
the number of lines so the normal path is easier to read, while the error
cases are also nicely split away.
Also, ensure the order of arguments to functions is always the same: regs,
addr, error_code. This can reduce code size a tiny bit, and just looks neater
too.
And add a couple of branch annotations.
Before:
do_page_fault:
subq $360, %rsp #,
After:
do_page_fault:
subq $56, %rsp #,
bloat-o-meter:
add/remove: 8/0 grow/shrink: 0/1 up/down: 2222/-1680 (542)
function old new delta
__bad_area_nosemaphore - 506 +506
no_context - 474 +474
vmalloc_fault - 424 +424
spurious_fault - 358 +358
mm_fault_error - 272 +272
bad_area_access_error - 89 +89
bad_area - 89 +89
bad_area_nosemaphore - 10 +10
do_page_fault 2464 784 -1680
Yes, the total size increases by 542 bytes, due to the extra function calls.
But these will very rarely be called (except for vmalloc_fault) in a normal
workload. Importantly, do_page_fault is less than 1/3rd it's original size,
and touches far less stack.
Existing gotos and branch hints did move a lot of the infrequently used text
out of the fastpath, but that's even further improved after this patch.
Signed-off-by: Nick Piggin <npiggin@suse.de>
Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2009-01-20 11:24:26 +08:00
|
|
|
oops_end(flags, regs, sig);
|
|
|
|
}
|
|
|
|
|
2009-02-21 02:56:40 +08:00
|
|
|
/*
|
|
|
|
* Print out info about fatal segfaults, if the show_unhandled_signals
|
|
|
|
* sysctl is set:
|
|
|
|
*/
|
|
|
|
static inline void
|
|
|
|
show_signal_msg(struct pt_regs *regs, unsigned long error_code,
|
|
|
|
unsigned long address, struct task_struct *tsk)
|
|
|
|
{
|
2018-04-18 00:11:21 +08:00
|
|
|
const char *loglvl = task_pid_nr(tsk) > 1 ? KERN_INFO : KERN_EMERG;
|
|
|
|
|
2009-02-21 02:56:40 +08:00
|
|
|
if (!unhandled_signal(tsk, SIGSEGV))
|
|
|
|
return;
|
|
|
|
|
|
|
|
if (!printk_ratelimit())
|
|
|
|
return;
|
|
|
|
|
2017-12-20 05:52:23 +08:00
|
|
|
printk("%s%s[%d]: segfault at %lx ip %px sp %px error %lx",
|
2018-04-18 00:11:21 +08:00
|
|
|
loglvl, tsk->comm, task_pid_nr(tsk), address,
|
2009-02-21 02:56:40 +08:00
|
|
|
(void *)regs->ip, (void *)regs->sp, error_code);
|
|
|
|
|
|
|
|
print_vma_addr(KERN_CONT " in ", regs->ip);
|
|
|
|
|
|
|
|
printk(KERN_CONT "\n");
|
2018-04-18 00:11:21 +08:00
|
|
|
|
2018-08-28 23:49:01 +08:00
|
|
|
show_opcodes(regs, loglvl);
|
2009-02-21 02:56:40 +08:00
|
|
|
}
|
|
|
|
|
2018-09-29 00:02:28 +08:00
|
|
|
/*
|
|
|
|
* The (legacy) vsyscall page is the long page in the kernel portion
|
|
|
|
* of the address space that has user-accessible permissions.
|
|
|
|
*/
|
|
|
|
static bool is_vsyscall_vaddr(unsigned long vaddr)
|
|
|
|
{
|
2018-09-29 00:02:30 +08:00
|
|
|
return unlikely((vaddr & PAGE_MASK) == VSYSCALL_ADDR);
|
2018-09-29 00:02:28 +08:00
|
|
|
}
|
|
|
|
|
2009-02-21 02:56:40 +08:00
|
|
|
static void
|
|
|
|
__bad_area_nosemaphore(struct pt_regs *regs, unsigned long error_code,
|
2018-09-21 21:27:32 +08:00
|
|
|
unsigned long address, u32 pkey, int si_code)
|
x86: optimise x86's do_page_fault (C entry point for the page fault path)
Impact: cleanup, restructure code to improve assembly
gcc isn't _all_ that smart about spilling registers to stack or reusing
stack slots, even with branch annotations. do_page_fault contained a lot
of functionality, so split unlikely paths into their own functions, and
mark them as noinline just to be sure. I consider this actually to be
somewhat of a cleanup too: the main function now contains about half
the number of lines so the normal path is easier to read, while the error
cases are also nicely split away.
Also, ensure the order of arguments to functions is always the same: regs,
addr, error_code. This can reduce code size a tiny bit, and just looks neater
too.
And add a couple of branch annotations.
Before:
do_page_fault:
subq $360, %rsp #,
After:
do_page_fault:
subq $56, %rsp #,
bloat-o-meter:
add/remove: 8/0 grow/shrink: 0/1 up/down: 2222/-1680 (542)
function old new delta
__bad_area_nosemaphore - 506 +506
no_context - 474 +474
vmalloc_fault - 424 +424
spurious_fault - 358 +358
mm_fault_error - 272 +272
bad_area_access_error - 89 +89
bad_area - 89 +89
bad_area_nosemaphore - 10 +10
do_page_fault 2464 784 -1680
Yes, the total size increases by 542 bytes, due to the extra function calls.
But these will very rarely be called (except for vmalloc_fault) in a normal
workload. Importantly, do_page_fault is less than 1/3rd it's original size,
and touches far less stack.
Existing gotos and branch hints did move a lot of the infrequently used text
out of the fastpath, but that's even further improved after this patch.
Signed-off-by: Nick Piggin <npiggin@suse.de>
Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2009-01-20 11:24:26 +08:00
|
|
|
{
|
|
|
|
struct task_struct *tsk = current;
|
|
|
|
|
|
|
|
/* User mode accesses just cause a SIGSEGV */
|
2018-11-20 06:45:30 +08:00
|
|
|
if (user_mode(regs) && (error_code & X86_PF_USER)) {
|
x86: optimise x86's do_page_fault (C entry point for the page fault path)
Impact: cleanup, restructure code to improve assembly
gcc isn't _all_ that smart about spilling registers to stack or reusing
stack slots, even with branch annotations. do_page_fault contained a lot
of functionality, so split unlikely paths into their own functions, and
mark them as noinline just to be sure. I consider this actually to be
somewhat of a cleanup too: the main function now contains about half
the number of lines so the normal path is easier to read, while the error
cases are also nicely split away.
Also, ensure the order of arguments to functions is always the same: regs,
addr, error_code. This can reduce code size a tiny bit, and just looks neater
too.
And add a couple of branch annotations.
Before:
do_page_fault:
subq $360, %rsp #,
After:
do_page_fault:
subq $56, %rsp #,
bloat-o-meter:
add/remove: 8/0 grow/shrink: 0/1 up/down: 2222/-1680 (542)
function old new delta
__bad_area_nosemaphore - 506 +506
no_context - 474 +474
vmalloc_fault - 424 +424
spurious_fault - 358 +358
mm_fault_error - 272 +272
bad_area_access_error - 89 +89
bad_area - 89 +89
bad_area_nosemaphore - 10 +10
do_page_fault 2464 784 -1680
Yes, the total size increases by 542 bytes, due to the extra function calls.
But these will very rarely be called (except for vmalloc_fault) in a normal
workload. Importantly, do_page_fault is less than 1/3rd it's original size,
and touches far less stack.
Existing gotos and branch hints did move a lot of the infrequently used text
out of the fastpath, but that's even further improved after this patch.
Signed-off-by: Nick Piggin <npiggin@suse.de>
Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2009-01-20 11:24:26 +08:00
|
|
|
/*
|
2009-02-21 02:56:40 +08:00
|
|
|
* It's possible to have interrupts off here:
|
x86: optimise x86's do_page_fault (C entry point for the page fault path)
Impact: cleanup, restructure code to improve assembly
gcc isn't _all_ that smart about spilling registers to stack or reusing
stack slots, even with branch annotations. do_page_fault contained a lot
of functionality, so split unlikely paths into their own functions, and
mark them as noinline just to be sure. I consider this actually to be
somewhat of a cleanup too: the main function now contains about half
the number of lines so the normal path is easier to read, while the error
cases are also nicely split away.
Also, ensure the order of arguments to functions is always the same: regs,
addr, error_code. This can reduce code size a tiny bit, and just looks neater
too.
And add a couple of branch annotations.
Before:
do_page_fault:
subq $360, %rsp #,
After:
do_page_fault:
subq $56, %rsp #,
bloat-o-meter:
add/remove: 8/0 grow/shrink: 0/1 up/down: 2222/-1680 (542)
function old new delta
__bad_area_nosemaphore - 506 +506
no_context - 474 +474
vmalloc_fault - 424 +424
spurious_fault - 358 +358
mm_fault_error - 272 +272
bad_area_access_error - 89 +89
bad_area - 89 +89
bad_area_nosemaphore - 10 +10
do_page_fault 2464 784 -1680
Yes, the total size increases by 542 bytes, due to the extra function calls.
But these will very rarely be called (except for vmalloc_fault) in a normal
workload. Importantly, do_page_fault is less than 1/3rd it's original size,
and touches far less stack.
Existing gotos and branch hints did move a lot of the infrequently used text
out of the fastpath, but that's even further improved after this patch.
Signed-off-by: Nick Piggin <npiggin@suse.de>
Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2009-01-20 11:24:26 +08:00
|
|
|
*/
|
|
|
|
local_irq_enable();
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Valid to do another page fault here because this one came
|
2009-02-21 02:56:40 +08:00
|
|
|
* from user space:
|
x86: optimise x86's do_page_fault (C entry point for the page fault path)
Impact: cleanup, restructure code to improve assembly
gcc isn't _all_ that smart about spilling registers to stack or reusing
stack slots, even with branch annotations. do_page_fault contained a lot
of functionality, so split unlikely paths into their own functions, and
mark them as noinline just to be sure. I consider this actually to be
somewhat of a cleanup too: the main function now contains about half
the number of lines so the normal path is easier to read, while the error
cases are also nicely split away.
Also, ensure the order of arguments to functions is always the same: regs,
addr, error_code. This can reduce code size a tiny bit, and just looks neater
too.
And add a couple of branch annotations.
Before:
do_page_fault:
subq $360, %rsp #,
After:
do_page_fault:
subq $56, %rsp #,
bloat-o-meter:
add/remove: 8/0 grow/shrink: 0/1 up/down: 2222/-1680 (542)
function old new delta
__bad_area_nosemaphore - 506 +506
no_context - 474 +474
vmalloc_fault - 424 +424
spurious_fault - 358 +358
mm_fault_error - 272 +272
bad_area_access_error - 89 +89
bad_area - 89 +89
bad_area_nosemaphore - 10 +10
do_page_fault 2464 784 -1680
Yes, the total size increases by 542 bytes, due to the extra function calls.
But these will very rarely be called (except for vmalloc_fault) in a normal
workload. Importantly, do_page_fault is less than 1/3rd it's original size,
and touches far less stack.
Existing gotos and branch hints did move a lot of the infrequently used text
out of the fastpath, but that's even further improved after this patch.
Signed-off-by: Nick Piggin <npiggin@suse.de>
Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2009-01-20 11:24:26 +08:00
|
|
|
*/
|
|
|
|
if (is_prefetch(regs, error_code, address))
|
|
|
|
return;
|
|
|
|
|
|
|
|
if (is_errata100(regs, address))
|
|
|
|
return;
|
|
|
|
|
2016-05-11 05:10:29 +08:00
|
|
|
/*
|
|
|
|
* To avoid leaking information about the kernel page table
|
|
|
|
* layout, pretend that user-mode accesses to kernel addresses
|
|
|
|
* are always protection faults.
|
|
|
|
*/
|
|
|
|
if (address >= TASK_SIZE_MAX)
|
2017-10-28 04:25:28 +08:00
|
|
|
error_code |= X86_PF_PROT;
|
2011-08-10 23:15:32 +08:00
|
|
|
|
2013-02-08 01:44:13 +08:00
|
|
|
if (likely(show_unhandled_signals))
|
2009-02-21 02:56:40 +08:00
|
|
|
show_signal_msg(regs, error_code, address, tsk);
|
|
|
|
|
2018-11-20 06:45:31 +08:00
|
|
|
set_signal_archinfo(address, error_code);
|
x86: optimise x86's do_page_fault (C entry point for the page fault path)
Impact: cleanup, restructure code to improve assembly
gcc isn't _all_ that smart about spilling registers to stack or reusing
stack slots, even with branch annotations. do_page_fault contained a lot
of functionality, so split unlikely paths into their own functions, and
mark them as noinline just to be sure. I consider this actually to be
somewhat of a cleanup too: the main function now contains about half
the number of lines so the normal path is easier to read, while the error
cases are also nicely split away.
Also, ensure the order of arguments to functions is always the same: regs,
addr, error_code. This can reduce code size a tiny bit, and just looks neater
too.
And add a couple of branch annotations.
Before:
do_page_fault:
subq $360, %rsp #,
After:
do_page_fault:
subq $56, %rsp #,
bloat-o-meter:
add/remove: 8/0 grow/shrink: 0/1 up/down: 2222/-1680 (542)
function old new delta
__bad_area_nosemaphore - 506 +506
no_context - 474 +474
vmalloc_fault - 424 +424
spurious_fault - 358 +358
mm_fault_error - 272 +272
bad_area_access_error - 89 +89
bad_area - 89 +89
bad_area_nosemaphore - 10 +10
do_page_fault 2464 784 -1680
Yes, the total size increases by 542 bytes, due to the extra function calls.
But these will very rarely be called (except for vmalloc_fault) in a normal
workload. Importantly, do_page_fault is less than 1/3rd it's original size,
and touches far less stack.
Existing gotos and branch hints did move a lot of the infrequently used text
out of the fastpath, but that's even further improved after this patch.
Signed-off-by: Nick Piggin <npiggin@suse.de>
Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2009-01-20 11:24:26 +08:00
|
|
|
|
2018-09-18 07:23:35 +08:00
|
|
|
if (si_code == SEGV_PKUERR)
|
2018-09-21 21:27:32 +08:00
|
|
|
force_sig_pkuerr((void __user *)address, pkey);
|
2018-09-18 07:23:35 +08:00
|
|
|
|
2019-05-24 00:04:24 +08:00
|
|
|
force_sig_fault(SIGSEGV, si_code, (void __user *)address);
|
2009-02-21 02:56:40 +08:00
|
|
|
|
2019-10-23 20:27:10 +08:00
|
|
|
local_irq_disable();
|
|
|
|
|
x86: optimise x86's do_page_fault (C entry point for the page fault path)
Impact: cleanup, restructure code to improve assembly
gcc isn't _all_ that smart about spilling registers to stack or reusing
stack slots, even with branch annotations. do_page_fault contained a lot
of functionality, so split unlikely paths into their own functions, and
mark them as noinline just to be sure. I consider this actually to be
somewhat of a cleanup too: the main function now contains about half
the number of lines so the normal path is easier to read, while the error
cases are also nicely split away.
Also, ensure the order of arguments to functions is always the same: regs,
addr, error_code. This can reduce code size a tiny bit, and just looks neater
too.
And add a couple of branch annotations.
Before:
do_page_fault:
subq $360, %rsp #,
After:
do_page_fault:
subq $56, %rsp #,
bloat-o-meter:
add/remove: 8/0 grow/shrink: 0/1 up/down: 2222/-1680 (542)
function old new delta
__bad_area_nosemaphore - 506 +506
no_context - 474 +474
vmalloc_fault - 424 +424
spurious_fault - 358 +358
mm_fault_error - 272 +272
bad_area_access_error - 89 +89
bad_area - 89 +89
bad_area_nosemaphore - 10 +10
do_page_fault 2464 784 -1680
Yes, the total size increases by 542 bytes, due to the extra function calls.
But these will very rarely be called (except for vmalloc_fault) in a normal
workload. Importantly, do_page_fault is less than 1/3rd it's original size,
and touches far less stack.
Existing gotos and branch hints did move a lot of the infrequently used text
out of the fastpath, but that's even further improved after this patch.
Signed-off-by: Nick Piggin <npiggin@suse.de>
Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2009-01-20 11:24:26 +08:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (is_f00f_bug(regs, address))
|
|
|
|
return;
|
|
|
|
|
2011-11-08 08:33:40 +08:00
|
|
|
no_context(regs, error_code, address, SIGSEGV, si_code);
|
x86: optimise x86's do_page_fault (C entry point for the page fault path)
Impact: cleanup, restructure code to improve assembly
gcc isn't _all_ that smart about spilling registers to stack or reusing
stack slots, even with branch annotations. do_page_fault contained a lot
of functionality, so split unlikely paths into their own functions, and
mark them as noinline just to be sure. I consider this actually to be
somewhat of a cleanup too: the main function now contains about half
the number of lines so the normal path is easier to read, while the error
cases are also nicely split away.
Also, ensure the order of arguments to functions is always the same: regs,
addr, error_code. This can reduce code size a tiny bit, and just looks neater
too.
And add a couple of branch annotations.
Before:
do_page_fault:
subq $360, %rsp #,
After:
do_page_fault:
subq $56, %rsp #,
bloat-o-meter:
add/remove: 8/0 grow/shrink: 0/1 up/down: 2222/-1680 (542)
function old new delta
__bad_area_nosemaphore - 506 +506
no_context - 474 +474
vmalloc_fault - 424 +424
spurious_fault - 358 +358
mm_fault_error - 272 +272
bad_area_access_error - 89 +89
bad_area - 89 +89
bad_area_nosemaphore - 10 +10
do_page_fault 2464 784 -1680
Yes, the total size increases by 542 bytes, due to the extra function calls.
But these will very rarely be called (except for vmalloc_fault) in a normal
workload. Importantly, do_page_fault is less than 1/3rd it's original size,
and touches far less stack.
Existing gotos and branch hints did move a lot of the infrequently used text
out of the fastpath, but that's even further improved after this patch.
Signed-off-by: Nick Piggin <npiggin@suse.de>
Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2009-01-20 11:24:26 +08:00
|
|
|
}
|
|
|
|
|
2009-02-21 02:56:40 +08:00
|
|
|
static noinline void
|
|
|
|
bad_area_nosemaphore(struct pt_regs *regs, unsigned long error_code,
|
2018-09-18 06:13:13 +08:00
|
|
|
unsigned long address)
|
x86: optimise x86's do_page_fault (C entry point for the page fault path)
Impact: cleanup, restructure code to improve assembly
gcc isn't _all_ that smart about spilling registers to stack or reusing
stack slots, even with branch annotations. do_page_fault contained a lot
of functionality, so split unlikely paths into their own functions, and
mark them as noinline just to be sure. I consider this actually to be
somewhat of a cleanup too: the main function now contains about half
the number of lines so the normal path is easier to read, while the error
cases are also nicely split away.
Also, ensure the order of arguments to functions is always the same: regs,
addr, error_code. This can reduce code size a tiny bit, and just looks neater
too.
And add a couple of branch annotations.
Before:
do_page_fault:
subq $360, %rsp #,
After:
do_page_fault:
subq $56, %rsp #,
bloat-o-meter:
add/remove: 8/0 grow/shrink: 0/1 up/down: 2222/-1680 (542)
function old new delta
__bad_area_nosemaphore - 506 +506
no_context - 474 +474
vmalloc_fault - 424 +424
spurious_fault - 358 +358
mm_fault_error - 272 +272
bad_area_access_error - 89 +89
bad_area - 89 +89
bad_area_nosemaphore - 10 +10
do_page_fault 2464 784 -1680
Yes, the total size increases by 542 bytes, due to the extra function calls.
But these will very rarely be called (except for vmalloc_fault) in a normal
workload. Importantly, do_page_fault is less than 1/3rd it's original size,
and touches far less stack.
Existing gotos and branch hints did move a lot of the infrequently used text
out of the fastpath, but that's even further improved after this patch.
Signed-off-by: Nick Piggin <npiggin@suse.de>
Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2009-01-20 11:24:26 +08:00
|
|
|
{
|
2018-09-21 21:27:32 +08:00
|
|
|
__bad_area_nosemaphore(regs, error_code, address, 0, SEGV_MAPERR);
|
x86: optimise x86's do_page_fault (C entry point for the page fault path)
Impact: cleanup, restructure code to improve assembly
gcc isn't _all_ that smart about spilling registers to stack or reusing
stack slots, even with branch annotations. do_page_fault contained a lot
of functionality, so split unlikely paths into their own functions, and
mark them as noinline just to be sure. I consider this actually to be
somewhat of a cleanup too: the main function now contains about half
the number of lines so the normal path is easier to read, while the error
cases are also nicely split away.
Also, ensure the order of arguments to functions is always the same: regs,
addr, error_code. This can reduce code size a tiny bit, and just looks neater
too.
And add a couple of branch annotations.
Before:
do_page_fault:
subq $360, %rsp #,
After:
do_page_fault:
subq $56, %rsp #,
bloat-o-meter:
add/remove: 8/0 grow/shrink: 0/1 up/down: 2222/-1680 (542)
function old new delta
__bad_area_nosemaphore - 506 +506
no_context - 474 +474
vmalloc_fault - 424 +424
spurious_fault - 358 +358
mm_fault_error - 272 +272
bad_area_access_error - 89 +89
bad_area - 89 +89
bad_area_nosemaphore - 10 +10
do_page_fault 2464 784 -1680
Yes, the total size increases by 542 bytes, due to the extra function calls.
But these will very rarely be called (except for vmalloc_fault) in a normal
workload. Importantly, do_page_fault is less than 1/3rd it's original size,
and touches far less stack.
Existing gotos and branch hints did move a lot of the infrequently used text
out of the fastpath, but that's even further improved after this patch.
Signed-off-by: Nick Piggin <npiggin@suse.de>
Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2009-01-20 11:24:26 +08:00
|
|
|
}
|
|
|
|
|
2009-02-21 02:56:40 +08:00
|
|
|
static void
|
|
|
|
__bad_area(struct pt_regs *regs, unsigned long error_code,
|
2018-09-21 21:27:32 +08:00
|
|
|
unsigned long address, u32 pkey, int si_code)
|
x86: optimise x86's do_page_fault (C entry point for the page fault path)
Impact: cleanup, restructure code to improve assembly
gcc isn't _all_ that smart about spilling registers to stack or reusing
stack slots, even with branch annotations. do_page_fault contained a lot
of functionality, so split unlikely paths into their own functions, and
mark them as noinline just to be sure. I consider this actually to be
somewhat of a cleanup too: the main function now contains about half
the number of lines so the normal path is easier to read, while the error
cases are also nicely split away.
Also, ensure the order of arguments to functions is always the same: regs,
addr, error_code. This can reduce code size a tiny bit, and just looks neater
too.
And add a couple of branch annotations.
Before:
do_page_fault:
subq $360, %rsp #,
After:
do_page_fault:
subq $56, %rsp #,
bloat-o-meter:
add/remove: 8/0 grow/shrink: 0/1 up/down: 2222/-1680 (542)
function old new delta
__bad_area_nosemaphore - 506 +506
no_context - 474 +474
vmalloc_fault - 424 +424
spurious_fault - 358 +358
mm_fault_error - 272 +272
bad_area_access_error - 89 +89
bad_area - 89 +89
bad_area_nosemaphore - 10 +10
do_page_fault 2464 784 -1680
Yes, the total size increases by 542 bytes, due to the extra function calls.
But these will very rarely be called (except for vmalloc_fault) in a normal
workload. Importantly, do_page_fault is less than 1/3rd it's original size,
and touches far less stack.
Existing gotos and branch hints did move a lot of the infrequently used text
out of the fastpath, but that's even further improved after this patch.
Signed-off-by: Nick Piggin <npiggin@suse.de>
Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2009-01-20 11:24:26 +08:00
|
|
|
{
|
|
|
|
struct mm_struct *mm = current->mm;
|
|
|
|
/*
|
|
|
|
* Something tried to access memory that isn't in our memory map..
|
|
|
|
* Fix it, but check if it's kernel or user first..
|
|
|
|
*/
|
2020-06-09 12:33:25 +08:00
|
|
|
mmap_read_unlock(mm);
|
x86: optimise x86's do_page_fault (C entry point for the page fault path)
Impact: cleanup, restructure code to improve assembly
gcc isn't _all_ that smart about spilling registers to stack or reusing
stack slots, even with branch annotations. do_page_fault contained a lot
of functionality, so split unlikely paths into their own functions, and
mark them as noinline just to be sure. I consider this actually to be
somewhat of a cleanup too: the main function now contains about half
the number of lines so the normal path is easier to read, while the error
cases are also nicely split away.
Also, ensure the order of arguments to functions is always the same: regs,
addr, error_code. This can reduce code size a tiny bit, and just looks neater
too.
And add a couple of branch annotations.
Before:
do_page_fault:
subq $360, %rsp #,
After:
do_page_fault:
subq $56, %rsp #,
bloat-o-meter:
add/remove: 8/0 grow/shrink: 0/1 up/down: 2222/-1680 (542)
function old new delta
__bad_area_nosemaphore - 506 +506
no_context - 474 +474
vmalloc_fault - 424 +424
spurious_fault - 358 +358
mm_fault_error - 272 +272
bad_area_access_error - 89 +89
bad_area - 89 +89
bad_area_nosemaphore - 10 +10
do_page_fault 2464 784 -1680
Yes, the total size increases by 542 bytes, due to the extra function calls.
But these will very rarely be called (except for vmalloc_fault) in a normal
workload. Importantly, do_page_fault is less than 1/3rd it's original size,
and touches far less stack.
Existing gotos and branch hints did move a lot of the infrequently used text
out of the fastpath, but that's even further improved after this patch.
Signed-off-by: Nick Piggin <npiggin@suse.de>
Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2009-01-20 11:24:26 +08:00
|
|
|
|
2018-09-18 06:39:49 +08:00
|
|
|
__bad_area_nosemaphore(regs, error_code, address, pkey, si_code);
|
x86: optimise x86's do_page_fault (C entry point for the page fault path)
Impact: cleanup, restructure code to improve assembly
gcc isn't _all_ that smart about spilling registers to stack or reusing
stack slots, even with branch annotations. do_page_fault contained a lot
of functionality, so split unlikely paths into their own functions, and
mark them as noinline just to be sure. I consider this actually to be
somewhat of a cleanup too: the main function now contains about half
the number of lines so the normal path is easier to read, while the error
cases are also nicely split away.
Also, ensure the order of arguments to functions is always the same: regs,
addr, error_code. This can reduce code size a tiny bit, and just looks neater
too.
And add a couple of branch annotations.
Before:
do_page_fault:
subq $360, %rsp #,
After:
do_page_fault:
subq $56, %rsp #,
bloat-o-meter:
add/remove: 8/0 grow/shrink: 0/1 up/down: 2222/-1680 (542)
function old new delta
__bad_area_nosemaphore - 506 +506
no_context - 474 +474
vmalloc_fault - 424 +424
spurious_fault - 358 +358
mm_fault_error - 272 +272
bad_area_access_error - 89 +89
bad_area - 89 +89
bad_area_nosemaphore - 10 +10
do_page_fault 2464 784 -1680
Yes, the total size increases by 542 bytes, due to the extra function calls.
But these will very rarely be called (except for vmalloc_fault) in a normal
workload. Importantly, do_page_fault is less than 1/3rd it's original size,
and touches far less stack.
Existing gotos and branch hints did move a lot of the infrequently used text
out of the fastpath, but that's even further improved after this patch.
Signed-off-by: Nick Piggin <npiggin@suse.de>
Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2009-01-20 11:24:26 +08:00
|
|
|
}
|
|
|
|
|
2009-02-21 02:56:40 +08:00
|
|
|
static noinline void
|
|
|
|
bad_area(struct pt_regs *regs, unsigned long error_code, unsigned long address)
|
x86: optimise x86's do_page_fault (C entry point for the page fault path)
Impact: cleanup, restructure code to improve assembly
gcc isn't _all_ that smart about spilling registers to stack or reusing
stack slots, even with branch annotations. do_page_fault contained a lot
of functionality, so split unlikely paths into their own functions, and
mark them as noinline just to be sure. I consider this actually to be
somewhat of a cleanup too: the main function now contains about half
the number of lines so the normal path is easier to read, while the error
cases are also nicely split away.
Also, ensure the order of arguments to functions is always the same: regs,
addr, error_code. This can reduce code size a tiny bit, and just looks neater
too.
And add a couple of branch annotations.
Before:
do_page_fault:
subq $360, %rsp #,
After:
do_page_fault:
subq $56, %rsp #,
bloat-o-meter:
add/remove: 8/0 grow/shrink: 0/1 up/down: 2222/-1680 (542)
function old new delta
__bad_area_nosemaphore - 506 +506
no_context - 474 +474
vmalloc_fault - 424 +424
spurious_fault - 358 +358
mm_fault_error - 272 +272
bad_area_access_error - 89 +89
bad_area - 89 +89
bad_area_nosemaphore - 10 +10
do_page_fault 2464 784 -1680
Yes, the total size increases by 542 bytes, due to the extra function calls.
But these will very rarely be called (except for vmalloc_fault) in a normal
workload. Importantly, do_page_fault is less than 1/3rd it's original size,
and touches far less stack.
Existing gotos and branch hints did move a lot of the infrequently used text
out of the fastpath, but that's even further improved after this patch.
Signed-off-by: Nick Piggin <npiggin@suse.de>
Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2009-01-20 11:24:26 +08:00
|
|
|
{
|
2018-09-21 21:27:32 +08:00
|
|
|
__bad_area(regs, error_code, address, 0, SEGV_MAPERR);
|
x86: optimise x86's do_page_fault (C entry point for the page fault path)
Impact: cleanup, restructure code to improve assembly
gcc isn't _all_ that smart about spilling registers to stack or reusing
stack slots, even with branch annotations. do_page_fault contained a lot
of functionality, so split unlikely paths into their own functions, and
mark them as noinline just to be sure. I consider this actually to be
somewhat of a cleanup too: the main function now contains about half
the number of lines so the normal path is easier to read, while the error
cases are also nicely split away.
Also, ensure the order of arguments to functions is always the same: regs,
addr, error_code. This can reduce code size a tiny bit, and just looks neater
too.
And add a couple of branch annotations.
Before:
do_page_fault:
subq $360, %rsp #,
After:
do_page_fault:
subq $56, %rsp #,
bloat-o-meter:
add/remove: 8/0 grow/shrink: 0/1 up/down: 2222/-1680 (542)
function old new delta
__bad_area_nosemaphore - 506 +506
no_context - 474 +474
vmalloc_fault - 424 +424
spurious_fault - 358 +358
mm_fault_error - 272 +272
bad_area_access_error - 89 +89
bad_area - 89 +89
bad_area_nosemaphore - 10 +10
do_page_fault 2464 784 -1680
Yes, the total size increases by 542 bytes, due to the extra function calls.
But these will very rarely be called (except for vmalloc_fault) in a normal
workload. Importantly, do_page_fault is less than 1/3rd it's original size,
and touches far less stack.
Existing gotos and branch hints did move a lot of the infrequently used text
out of the fastpath, but that's even further improved after this patch.
Signed-off-by: Nick Piggin <npiggin@suse.de>
Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2009-01-20 11:24:26 +08:00
|
|
|
}
|
|
|
|
|
mm/gup, x86/mm/pkeys: Check VMAs and PTEs for protection keys
Today, for normal faults and page table walks, we check the VMA
and/or PTE to ensure that it is compatible with the action. For
instance, if we get a write fault on a non-writeable VMA, we
SIGSEGV.
We try to do the same thing for protection keys. Basically, we
try to make sure that if a user does this:
mprotect(ptr, size, PROT_NONE);
*ptr = foo;
they see the same effects with protection keys when they do this:
mprotect(ptr, size, PROT_READ|PROT_WRITE);
set_pkey(ptr, size, 4);
wrpkru(0xffffff3f); // access disable pkey 4
*ptr = foo;
The state to do that checking is in the VMA, but we also
sometimes have to do it on the page tables only, like when doing
a get_user_pages_fast() where we have no VMA.
We add two functions and expose them to generic code:
arch_pte_access_permitted(pte_flags, write)
arch_vma_access_permitted(vma, write)
These are, of course, backed up in x86 arch code with checks
against the PTE or VMA's protection key.
But, there are also cases where we do not want to respect
protection keys. When we ptrace(), for instance, we do not want
to apply the tracer's PKRU permissions to the PTEs from the
process being traced.
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Alexey Kardashevskiy <aik@ozlabs.ru>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Boaz Harrosh <boaz@plexistor.com>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Dan Williams <dan.j.williams@intel.com>
Cc: Dave Hansen <dave@sr71.net>
Cc: David Gibson <david@gibson.dropbear.id.au>
Cc: David Hildenbrand <dahi@linux.vnet.ibm.com>
Cc: David Vrabel <david.vrabel@citrix.com>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: Dominik Dingel <dingel@linux.vnet.ibm.com>
Cc: Dominik Vogt <vogt@linux.vnet.ibm.com>
Cc: Guan Xuetao <gxt@mprc.pku.edu.cn>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
Cc: Hugh Dickins <hughd@google.com>
Cc: Jason Low <jason.low2@hp.com>
Cc: Jerome Marchand <jmarchan@redhat.com>
Cc: Juergen Gross <jgross@suse.com>
Cc: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Cc: Laurent Dufour <ldufour@linux.vnet.ibm.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Cc: Matthew Wilcox <willy@linux.intel.com>
Cc: Mel Gorman <mgorman@suse.de>
Cc: Michael Ellerman <mpe@ellerman.id.au>
Cc: Michal Hocko <mhocko@suse.com>
Cc: Mikulas Patocka <mpatocka@redhat.com>
Cc: Minchan Kim <minchan@kernel.org>
Cc: Paul Mackerras <paulus@samba.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Rik van Riel <riel@redhat.com>
Cc: Sasha Levin <sasha.levin@oracle.com>
Cc: Shachar Raindel <raindel@mellanox.com>
Cc: Stephen Smalley <sds@tycho.nsa.gov>
Cc: Toshi Kani <toshi.kani@hpe.com>
Cc: Vlastimil Babka <vbabka@suse.cz>
Cc: linux-arch@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Cc: linux-mm@kvack.org
Cc: linux-s390@vger.kernel.org
Cc: linuxppc-dev@lists.ozlabs.org
Link: http://lkml.kernel.org/r/20160212210219.14D5D715@viggo.jf.intel.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2016-02-13 05:02:19 +08:00
|
|
|
static inline bool bad_area_access_from_pkeys(unsigned long error_code,
|
|
|
|
struct vm_area_struct *vma)
|
|
|
|
{
|
2016-02-13 05:02:22 +08:00
|
|
|
/* This code is always called on the current mm */
|
|
|
|
bool foreign = false;
|
|
|
|
|
mm/gup, x86/mm/pkeys: Check VMAs and PTEs for protection keys
Today, for normal faults and page table walks, we check the VMA
and/or PTE to ensure that it is compatible with the action. For
instance, if we get a write fault on a non-writeable VMA, we
SIGSEGV.
We try to do the same thing for protection keys. Basically, we
try to make sure that if a user does this:
mprotect(ptr, size, PROT_NONE);
*ptr = foo;
they see the same effects with protection keys when they do this:
mprotect(ptr, size, PROT_READ|PROT_WRITE);
set_pkey(ptr, size, 4);
wrpkru(0xffffff3f); // access disable pkey 4
*ptr = foo;
The state to do that checking is in the VMA, but we also
sometimes have to do it on the page tables only, like when doing
a get_user_pages_fast() where we have no VMA.
We add two functions and expose them to generic code:
arch_pte_access_permitted(pte_flags, write)
arch_vma_access_permitted(vma, write)
These are, of course, backed up in x86 arch code with checks
against the PTE or VMA's protection key.
But, there are also cases where we do not want to respect
protection keys. When we ptrace(), for instance, we do not want
to apply the tracer's PKRU permissions to the PTEs from the
process being traced.
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Alexey Kardashevskiy <aik@ozlabs.ru>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Boaz Harrosh <boaz@plexistor.com>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Dan Williams <dan.j.williams@intel.com>
Cc: Dave Hansen <dave@sr71.net>
Cc: David Gibson <david@gibson.dropbear.id.au>
Cc: David Hildenbrand <dahi@linux.vnet.ibm.com>
Cc: David Vrabel <david.vrabel@citrix.com>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: Dominik Dingel <dingel@linux.vnet.ibm.com>
Cc: Dominik Vogt <vogt@linux.vnet.ibm.com>
Cc: Guan Xuetao <gxt@mprc.pku.edu.cn>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
Cc: Hugh Dickins <hughd@google.com>
Cc: Jason Low <jason.low2@hp.com>
Cc: Jerome Marchand <jmarchan@redhat.com>
Cc: Juergen Gross <jgross@suse.com>
Cc: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Cc: Laurent Dufour <ldufour@linux.vnet.ibm.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Cc: Matthew Wilcox <willy@linux.intel.com>
Cc: Mel Gorman <mgorman@suse.de>
Cc: Michael Ellerman <mpe@ellerman.id.au>
Cc: Michal Hocko <mhocko@suse.com>
Cc: Mikulas Patocka <mpatocka@redhat.com>
Cc: Minchan Kim <minchan@kernel.org>
Cc: Paul Mackerras <paulus@samba.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Rik van Riel <riel@redhat.com>
Cc: Sasha Levin <sasha.levin@oracle.com>
Cc: Shachar Raindel <raindel@mellanox.com>
Cc: Stephen Smalley <sds@tycho.nsa.gov>
Cc: Toshi Kani <toshi.kani@hpe.com>
Cc: Vlastimil Babka <vbabka@suse.cz>
Cc: linux-arch@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Cc: linux-mm@kvack.org
Cc: linux-s390@vger.kernel.org
Cc: linuxppc-dev@lists.ozlabs.org
Link: http://lkml.kernel.org/r/20160212210219.14D5D715@viggo.jf.intel.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2016-02-13 05:02:19 +08:00
|
|
|
if (!boot_cpu_has(X86_FEATURE_OSPKE))
|
|
|
|
return false;
|
2017-10-28 04:25:28 +08:00
|
|
|
if (error_code & X86_PF_PK)
|
mm/gup, x86/mm/pkeys: Check VMAs and PTEs for protection keys
Today, for normal faults and page table walks, we check the VMA
and/or PTE to ensure that it is compatible with the action. For
instance, if we get a write fault on a non-writeable VMA, we
SIGSEGV.
We try to do the same thing for protection keys. Basically, we
try to make sure that if a user does this:
mprotect(ptr, size, PROT_NONE);
*ptr = foo;
they see the same effects with protection keys when they do this:
mprotect(ptr, size, PROT_READ|PROT_WRITE);
set_pkey(ptr, size, 4);
wrpkru(0xffffff3f); // access disable pkey 4
*ptr = foo;
The state to do that checking is in the VMA, but we also
sometimes have to do it on the page tables only, like when doing
a get_user_pages_fast() where we have no VMA.
We add two functions and expose them to generic code:
arch_pte_access_permitted(pte_flags, write)
arch_vma_access_permitted(vma, write)
These are, of course, backed up in x86 arch code with checks
against the PTE or VMA's protection key.
But, there are also cases where we do not want to respect
protection keys. When we ptrace(), for instance, we do not want
to apply the tracer's PKRU permissions to the PTEs from the
process being traced.
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Alexey Kardashevskiy <aik@ozlabs.ru>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Boaz Harrosh <boaz@plexistor.com>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Dan Williams <dan.j.williams@intel.com>
Cc: Dave Hansen <dave@sr71.net>
Cc: David Gibson <david@gibson.dropbear.id.au>
Cc: David Hildenbrand <dahi@linux.vnet.ibm.com>
Cc: David Vrabel <david.vrabel@citrix.com>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: Dominik Dingel <dingel@linux.vnet.ibm.com>
Cc: Dominik Vogt <vogt@linux.vnet.ibm.com>
Cc: Guan Xuetao <gxt@mprc.pku.edu.cn>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
Cc: Hugh Dickins <hughd@google.com>
Cc: Jason Low <jason.low2@hp.com>
Cc: Jerome Marchand <jmarchan@redhat.com>
Cc: Juergen Gross <jgross@suse.com>
Cc: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Cc: Laurent Dufour <ldufour@linux.vnet.ibm.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Cc: Matthew Wilcox <willy@linux.intel.com>
Cc: Mel Gorman <mgorman@suse.de>
Cc: Michael Ellerman <mpe@ellerman.id.au>
Cc: Michal Hocko <mhocko@suse.com>
Cc: Mikulas Patocka <mpatocka@redhat.com>
Cc: Minchan Kim <minchan@kernel.org>
Cc: Paul Mackerras <paulus@samba.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Rik van Riel <riel@redhat.com>
Cc: Sasha Levin <sasha.levin@oracle.com>
Cc: Shachar Raindel <raindel@mellanox.com>
Cc: Stephen Smalley <sds@tycho.nsa.gov>
Cc: Toshi Kani <toshi.kani@hpe.com>
Cc: Vlastimil Babka <vbabka@suse.cz>
Cc: linux-arch@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Cc: linux-mm@kvack.org
Cc: linux-s390@vger.kernel.org
Cc: linuxppc-dev@lists.ozlabs.org
Link: http://lkml.kernel.org/r/20160212210219.14D5D715@viggo.jf.intel.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2016-02-13 05:02:19 +08:00
|
|
|
return true;
|
2016-02-13 05:02:22 +08:00
|
|
|
/* this checks permission keys on the VMA: */
|
2017-10-28 04:25:28 +08:00
|
|
|
if (!arch_vma_access_permitted(vma, (error_code & X86_PF_WRITE),
|
|
|
|
(error_code & X86_PF_INSTR), foreign))
|
2016-02-13 05:02:22 +08:00
|
|
|
return true;
|
mm/gup, x86/mm/pkeys: Check VMAs and PTEs for protection keys
Today, for normal faults and page table walks, we check the VMA
and/or PTE to ensure that it is compatible with the action. For
instance, if we get a write fault on a non-writeable VMA, we
SIGSEGV.
We try to do the same thing for protection keys. Basically, we
try to make sure that if a user does this:
mprotect(ptr, size, PROT_NONE);
*ptr = foo;
they see the same effects with protection keys when they do this:
mprotect(ptr, size, PROT_READ|PROT_WRITE);
set_pkey(ptr, size, 4);
wrpkru(0xffffff3f); // access disable pkey 4
*ptr = foo;
The state to do that checking is in the VMA, but we also
sometimes have to do it on the page tables only, like when doing
a get_user_pages_fast() where we have no VMA.
We add two functions and expose them to generic code:
arch_pte_access_permitted(pte_flags, write)
arch_vma_access_permitted(vma, write)
These are, of course, backed up in x86 arch code with checks
against the PTE or VMA's protection key.
But, there are also cases where we do not want to respect
protection keys. When we ptrace(), for instance, we do not want
to apply the tracer's PKRU permissions to the PTEs from the
process being traced.
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Alexey Kardashevskiy <aik@ozlabs.ru>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Boaz Harrosh <boaz@plexistor.com>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Dan Williams <dan.j.williams@intel.com>
Cc: Dave Hansen <dave@sr71.net>
Cc: David Gibson <david@gibson.dropbear.id.au>
Cc: David Hildenbrand <dahi@linux.vnet.ibm.com>
Cc: David Vrabel <david.vrabel@citrix.com>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: Dominik Dingel <dingel@linux.vnet.ibm.com>
Cc: Dominik Vogt <vogt@linux.vnet.ibm.com>
Cc: Guan Xuetao <gxt@mprc.pku.edu.cn>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
Cc: Hugh Dickins <hughd@google.com>
Cc: Jason Low <jason.low2@hp.com>
Cc: Jerome Marchand <jmarchan@redhat.com>
Cc: Juergen Gross <jgross@suse.com>
Cc: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Cc: Laurent Dufour <ldufour@linux.vnet.ibm.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Cc: Matthew Wilcox <willy@linux.intel.com>
Cc: Mel Gorman <mgorman@suse.de>
Cc: Michael Ellerman <mpe@ellerman.id.au>
Cc: Michal Hocko <mhocko@suse.com>
Cc: Mikulas Patocka <mpatocka@redhat.com>
Cc: Minchan Kim <minchan@kernel.org>
Cc: Paul Mackerras <paulus@samba.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Rik van Riel <riel@redhat.com>
Cc: Sasha Levin <sasha.levin@oracle.com>
Cc: Shachar Raindel <raindel@mellanox.com>
Cc: Stephen Smalley <sds@tycho.nsa.gov>
Cc: Toshi Kani <toshi.kani@hpe.com>
Cc: Vlastimil Babka <vbabka@suse.cz>
Cc: linux-arch@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Cc: linux-mm@kvack.org
Cc: linux-s390@vger.kernel.org
Cc: linuxppc-dev@lists.ozlabs.org
Link: http://lkml.kernel.org/r/20160212210219.14D5D715@viggo.jf.intel.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2016-02-13 05:02:19 +08:00
|
|
|
return false;
|
x86: optimise x86's do_page_fault (C entry point for the page fault path)
Impact: cleanup, restructure code to improve assembly
gcc isn't _all_ that smart about spilling registers to stack or reusing
stack slots, even with branch annotations. do_page_fault contained a lot
of functionality, so split unlikely paths into their own functions, and
mark them as noinline just to be sure. I consider this actually to be
somewhat of a cleanup too: the main function now contains about half
the number of lines so the normal path is easier to read, while the error
cases are also nicely split away.
Also, ensure the order of arguments to functions is always the same: regs,
addr, error_code. This can reduce code size a tiny bit, and just looks neater
too.
And add a couple of branch annotations.
Before:
do_page_fault:
subq $360, %rsp #,
After:
do_page_fault:
subq $56, %rsp #,
bloat-o-meter:
add/remove: 8/0 grow/shrink: 0/1 up/down: 2222/-1680 (542)
function old new delta
__bad_area_nosemaphore - 506 +506
no_context - 474 +474
vmalloc_fault - 424 +424
spurious_fault - 358 +358
mm_fault_error - 272 +272
bad_area_access_error - 89 +89
bad_area - 89 +89
bad_area_nosemaphore - 10 +10
do_page_fault 2464 784 -1680
Yes, the total size increases by 542 bytes, due to the extra function calls.
But these will very rarely be called (except for vmalloc_fault) in a normal
workload. Importantly, do_page_fault is less than 1/3rd it's original size,
and touches far less stack.
Existing gotos and branch hints did move a lot of the infrequently used text
out of the fastpath, but that's even further improved after this patch.
Signed-off-by: Nick Piggin <npiggin@suse.de>
Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2009-01-20 11:24:26 +08:00
|
|
|
}
|
|
|
|
|
2009-02-21 02:56:40 +08:00
|
|
|
static noinline void
|
|
|
|
bad_area_access_error(struct pt_regs *regs, unsigned long error_code,
|
2016-02-13 05:02:11 +08:00
|
|
|
unsigned long address, struct vm_area_struct *vma)
|
x86: optimise x86's do_page_fault (C entry point for the page fault path)
Impact: cleanup, restructure code to improve assembly
gcc isn't _all_ that smart about spilling registers to stack or reusing
stack slots, even with branch annotations. do_page_fault contained a lot
of functionality, so split unlikely paths into their own functions, and
mark them as noinline just to be sure. I consider this actually to be
somewhat of a cleanup too: the main function now contains about half
the number of lines so the normal path is easier to read, while the error
cases are also nicely split away.
Also, ensure the order of arguments to functions is always the same: regs,
addr, error_code. This can reduce code size a tiny bit, and just looks neater
too.
And add a couple of branch annotations.
Before:
do_page_fault:
subq $360, %rsp #,
After:
do_page_fault:
subq $56, %rsp #,
bloat-o-meter:
add/remove: 8/0 grow/shrink: 0/1 up/down: 2222/-1680 (542)
function old new delta
__bad_area_nosemaphore - 506 +506
no_context - 474 +474
vmalloc_fault - 424 +424
spurious_fault - 358 +358
mm_fault_error - 272 +272
bad_area_access_error - 89 +89
bad_area - 89 +89
bad_area_nosemaphore - 10 +10
do_page_fault 2464 784 -1680
Yes, the total size increases by 542 bytes, due to the extra function calls.
But these will very rarely be called (except for vmalloc_fault) in a normal
workload. Importantly, do_page_fault is less than 1/3rd it's original size,
and touches far less stack.
Existing gotos and branch hints did move a lot of the infrequently used text
out of the fastpath, but that's even further improved after this patch.
Signed-off-by: Nick Piggin <npiggin@suse.de>
Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2009-01-20 11:24:26 +08:00
|
|
|
{
|
2016-02-13 05:02:14 +08:00
|
|
|
/*
|
|
|
|
* This OSPKE check is not strictly necessary at runtime.
|
|
|
|
* But, doing it this way allows compiler optimizations
|
|
|
|
* if pkeys are compiled out.
|
|
|
|
*/
|
2018-09-18 06:39:49 +08:00
|
|
|
if (bad_area_access_from_pkeys(error_code, vma)) {
|
2018-09-18 07:23:35 +08:00
|
|
|
/*
|
|
|
|
* A protection key fault means that the PKRU value did not allow
|
|
|
|
* access to some PTE. Userspace can figure out what PKRU was
|
|
|
|
* from the XSAVE state. This function captures the pkey from
|
|
|
|
* the vma and passes it to userspace so userspace can discover
|
|
|
|
* which protection key was set on the PTE.
|
|
|
|
*
|
|
|
|
* If we get here, we know that the hardware signaled a X86_PF_PK
|
|
|
|
* fault and that there was a VMA once we got in the fault
|
|
|
|
* handler. It does *not* guarantee that the VMA we find here
|
|
|
|
* was the one that we faulted on.
|
|
|
|
*
|
|
|
|
* 1. T1 : mprotect_key(foo, PAGE_SIZE, pkey=4);
|
|
|
|
* 2. T1 : set PKRU to deny access to pkey=4, touches page
|
|
|
|
* 3. T1 : faults...
|
|
|
|
* 4. T2: mprotect_key(foo, PAGE_SIZE, pkey=5);
|
2020-06-09 12:33:54 +08:00
|
|
|
* 5. T1 : enters fault handler, takes mmap_lock, etc...
|
2018-09-18 07:23:35 +08:00
|
|
|
* 6. T1 : reaches here, sees vma_pkey(vma)=5, when we really
|
|
|
|
* faulted on a pte with its pkey=4.
|
|
|
|
*/
|
2018-09-18 06:39:49 +08:00
|
|
|
u32 pkey = vma_pkey(vma);
|
2018-09-18 07:23:35 +08:00
|
|
|
|
2018-09-21 21:27:32 +08:00
|
|
|
__bad_area(regs, error_code, address, pkey, SEGV_PKUERR);
|
2018-09-18 06:39:49 +08:00
|
|
|
} else {
|
2018-09-21 21:27:32 +08:00
|
|
|
__bad_area(regs, error_code, address, 0, SEGV_ACCERR);
|
2018-09-18 06:39:49 +08:00
|
|
|
}
|
x86: optimise x86's do_page_fault (C entry point for the page fault path)
Impact: cleanup, restructure code to improve assembly
gcc isn't _all_ that smart about spilling registers to stack or reusing
stack slots, even with branch annotations. do_page_fault contained a lot
of functionality, so split unlikely paths into their own functions, and
mark them as noinline just to be sure. I consider this actually to be
somewhat of a cleanup too: the main function now contains about half
the number of lines so the normal path is easier to read, while the error
cases are also nicely split away.
Also, ensure the order of arguments to functions is always the same: regs,
addr, error_code. This can reduce code size a tiny bit, and just looks neater
too.
And add a couple of branch annotations.
Before:
do_page_fault:
subq $360, %rsp #,
After:
do_page_fault:
subq $56, %rsp #,
bloat-o-meter:
add/remove: 8/0 grow/shrink: 0/1 up/down: 2222/-1680 (542)
function old new delta
__bad_area_nosemaphore - 506 +506
no_context - 474 +474
vmalloc_fault - 424 +424
spurious_fault - 358 +358
mm_fault_error - 272 +272
bad_area_access_error - 89 +89
bad_area - 89 +89
bad_area_nosemaphore - 10 +10
do_page_fault 2464 784 -1680
Yes, the total size increases by 542 bytes, due to the extra function calls.
But these will very rarely be called (except for vmalloc_fault) in a normal
workload. Importantly, do_page_fault is less than 1/3rd it's original size,
and touches far less stack.
Existing gotos and branch hints did move a lot of the infrequently used text
out of the fastpath, but that's even further improved after this patch.
Signed-off-by: Nick Piggin <npiggin@suse.de>
Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2009-01-20 11:24:26 +08:00
|
|
|
}
|
|
|
|
|
2009-02-21 02:56:40 +08:00
|
|
|
static void
|
2009-09-16 17:50:09 +08:00
|
|
|
do_sigbus(struct pt_regs *regs, unsigned long error_code, unsigned long address,
|
2019-03-08 08:31:14 +08:00
|
|
|
vm_fault_t fault)
|
x86: optimise x86's do_page_fault (C entry point for the page fault path)
Impact: cleanup, restructure code to improve assembly
gcc isn't _all_ that smart about spilling registers to stack or reusing
stack slots, even with branch annotations. do_page_fault contained a lot
of functionality, so split unlikely paths into their own functions, and
mark them as noinline just to be sure. I consider this actually to be
somewhat of a cleanup too: the main function now contains about half
the number of lines so the normal path is easier to read, while the error
cases are also nicely split away.
Also, ensure the order of arguments to functions is always the same: regs,
addr, error_code. This can reduce code size a tiny bit, and just looks neater
too.
And add a couple of branch annotations.
Before:
do_page_fault:
subq $360, %rsp #,
After:
do_page_fault:
subq $56, %rsp #,
bloat-o-meter:
add/remove: 8/0 grow/shrink: 0/1 up/down: 2222/-1680 (542)
function old new delta
__bad_area_nosemaphore - 506 +506
no_context - 474 +474
vmalloc_fault - 424 +424
spurious_fault - 358 +358
mm_fault_error - 272 +272
bad_area_access_error - 89 +89
bad_area - 89 +89
bad_area_nosemaphore - 10 +10
do_page_fault 2464 784 -1680
Yes, the total size increases by 542 bytes, due to the extra function calls.
But these will very rarely be called (except for vmalloc_fault) in a normal
workload. Importantly, do_page_fault is less than 1/3rd it's original size,
and touches far less stack.
Existing gotos and branch hints did move a lot of the infrequently used text
out of the fastpath, but that's even further improved after this patch.
Signed-off-by: Nick Piggin <npiggin@suse.de>
Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2009-01-20 11:24:26 +08:00
|
|
|
{
|
2009-02-21 02:56:40 +08:00
|
|
|
/* Kernel mode? Handle exceptions or die: */
|
2017-10-28 04:25:28 +08:00
|
|
|
if (!(error_code & X86_PF_USER)) {
|
2011-11-08 08:33:40 +08:00
|
|
|
no_context(regs, error_code, address, SIGBUS, BUS_ADRERR);
|
2010-08-14 00:49:20 +08:00
|
|
|
return;
|
|
|
|
}
|
2009-02-21 02:56:40 +08:00
|
|
|
|
2009-02-21 06:39:02 +08:00
|
|
|
/* User-space => ok to do another page fault: */
|
x86: optimise x86's do_page_fault (C entry point for the page fault path)
Impact: cleanup, restructure code to improve assembly
gcc isn't _all_ that smart about spilling registers to stack or reusing
stack slots, even with branch annotations. do_page_fault contained a lot
of functionality, so split unlikely paths into their own functions, and
mark them as noinline just to be sure. I consider this actually to be
somewhat of a cleanup too: the main function now contains about half
the number of lines so the normal path is easier to read, while the error
cases are also nicely split away.
Also, ensure the order of arguments to functions is always the same: regs,
addr, error_code. This can reduce code size a tiny bit, and just looks neater
too.
And add a couple of branch annotations.
Before:
do_page_fault:
subq $360, %rsp #,
After:
do_page_fault:
subq $56, %rsp #,
bloat-o-meter:
add/remove: 8/0 grow/shrink: 0/1 up/down: 2222/-1680 (542)
function old new delta
__bad_area_nosemaphore - 506 +506
no_context - 474 +474
vmalloc_fault - 424 +424
spurious_fault - 358 +358
mm_fault_error - 272 +272
bad_area_access_error - 89 +89
bad_area - 89 +89
bad_area_nosemaphore - 10 +10
do_page_fault 2464 784 -1680
Yes, the total size increases by 542 bytes, due to the extra function calls.
But these will very rarely be called (except for vmalloc_fault) in a normal
workload. Importantly, do_page_fault is less than 1/3rd it's original size,
and touches far less stack.
Existing gotos and branch hints did move a lot of the infrequently used text
out of the fastpath, but that's even further improved after this patch.
Signed-off-by: Nick Piggin <npiggin@suse.de>
Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2009-01-20 11:24:26 +08:00
|
|
|
if (is_prefetch(regs, error_code, address))
|
|
|
|
return;
|
2009-02-21 02:56:40 +08:00
|
|
|
|
2018-11-20 06:45:31 +08:00
|
|
|
set_signal_archinfo(address, error_code);
|
2009-02-21 02:56:40 +08:00
|
|
|
|
2009-09-16 17:50:09 +08:00
|
|
|
#ifdef CONFIG_MEMORY_FAILURE
|
2010-09-28 04:05:55 +08:00
|
|
|
if (fault & (VM_FAULT_HWPOISON|VM_FAULT_HWPOISON_LARGE)) {
|
2019-06-03 23:23:58 +08:00
|
|
|
struct task_struct *tsk = current;
|
2018-01-20 03:55:17 +08:00
|
|
|
unsigned lsb = 0;
|
|
|
|
|
|
|
|
pr_err(
|
2009-09-16 17:50:09 +08:00
|
|
|
"MCE: Killing %s:%d due to hardware memory corruption fault at %lx\n",
|
|
|
|
tsk->comm, tsk->pid, address);
|
2018-01-20 03:55:17 +08:00
|
|
|
if (fault & VM_FAULT_HWPOISON_LARGE)
|
|
|
|
lsb = hstate_index_to_shift(VM_FAULT_GET_HINDEX(fault));
|
|
|
|
if (fault & VM_FAULT_HWPOISON)
|
|
|
|
lsb = PAGE_SHIFT;
|
2019-02-06 08:14:19 +08:00
|
|
|
force_sig_mceerr(BUS_MCEERR_AR, (void __user *)address, lsb);
|
2018-01-20 03:55:17 +08:00
|
|
|
return;
|
2009-09-16 17:50:09 +08:00
|
|
|
}
|
|
|
|
#endif
|
2019-05-24 00:04:24 +08:00
|
|
|
force_sig_fault(SIGBUS, BUS_ADRERR, (void __user *)address);
|
x86: optimise x86's do_page_fault (C entry point for the page fault path)
Impact: cleanup, restructure code to improve assembly
gcc isn't _all_ that smart about spilling registers to stack or reusing
stack slots, even with branch annotations. do_page_fault contained a lot
of functionality, so split unlikely paths into their own functions, and
mark them as noinline just to be sure. I consider this actually to be
somewhat of a cleanup too: the main function now contains about half
the number of lines so the normal path is easier to read, while the error
cases are also nicely split away.
Also, ensure the order of arguments to functions is always the same: regs,
addr, error_code. This can reduce code size a tiny bit, and just looks neater
too.
And add a couple of branch annotations.
Before:
do_page_fault:
subq $360, %rsp #,
After:
do_page_fault:
subq $56, %rsp #,
bloat-o-meter:
add/remove: 8/0 grow/shrink: 0/1 up/down: 2222/-1680 (542)
function old new delta
__bad_area_nosemaphore - 506 +506
no_context - 474 +474
vmalloc_fault - 424 +424
spurious_fault - 358 +358
mm_fault_error - 272 +272
bad_area_access_error - 89 +89
bad_area - 89 +89
bad_area_nosemaphore - 10 +10
do_page_fault 2464 784 -1680
Yes, the total size increases by 542 bytes, due to the extra function calls.
But these will very rarely be called (except for vmalloc_fault) in a normal
workload. Importantly, do_page_fault is less than 1/3rd it's original size,
and touches far less stack.
Existing gotos and branch hints did move a lot of the infrequently used text
out of the fastpath, but that's even further improved after this patch.
Signed-off-by: Nick Piggin <npiggin@suse.de>
Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2009-01-20 11:24:26 +08:00
|
|
|
}
|
|
|
|
|
2013-09-13 06:13:40 +08:00
|
|
|
static noinline void
|
2009-02-21 02:56:40 +08:00
|
|
|
mm_fault_error(struct pt_regs *regs, unsigned long error_code,
|
2018-09-18 06:22:46 +08:00
|
|
|
unsigned long address, vm_fault_t fault)
|
x86: optimise x86's do_page_fault (C entry point for the page fault path)
Impact: cleanup, restructure code to improve assembly
gcc isn't _all_ that smart about spilling registers to stack or reusing
stack slots, even with branch annotations. do_page_fault contained a lot
of functionality, so split unlikely paths into their own functions, and
mark them as noinline just to be sure. I consider this actually to be
somewhat of a cleanup too: the main function now contains about half
the number of lines so the normal path is easier to read, while the error
cases are also nicely split away.
Also, ensure the order of arguments to functions is always the same: regs,
addr, error_code. This can reduce code size a tiny bit, and just looks neater
too.
And add a couple of branch annotations.
Before:
do_page_fault:
subq $360, %rsp #,
After:
do_page_fault:
subq $56, %rsp #,
bloat-o-meter:
add/remove: 8/0 grow/shrink: 0/1 up/down: 2222/-1680 (542)
function old new delta
__bad_area_nosemaphore - 506 +506
no_context - 474 +474
vmalloc_fault - 424 +424
spurious_fault - 358 +358
mm_fault_error - 272 +272
bad_area_access_error - 89 +89
bad_area - 89 +89
bad_area_nosemaphore - 10 +10
do_page_fault 2464 784 -1680
Yes, the total size increases by 542 bytes, due to the extra function calls.
But these will very rarely be called (except for vmalloc_fault) in a normal
workload. Importantly, do_page_fault is less than 1/3rd it's original size,
and touches far less stack.
Existing gotos and branch hints did move a lot of the infrequently used text
out of the fastpath, but that's even further improved after this patch.
Signed-off-by: Nick Piggin <npiggin@suse.de>
Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2009-01-20 11:24:26 +08:00
|
|
|
{
|
2017-10-28 04:25:28 +08:00
|
|
|
if (fatal_signal_pending(current) && !(error_code & X86_PF_USER)) {
|
2013-09-13 06:13:40 +08:00
|
|
|
no_context(regs, error_code, address, 0, 0);
|
|
|
|
return;
|
2011-05-26 16:12:12 +08:00
|
|
|
}
|
|
|
|
|
2009-02-21 02:56:40 +08:00
|
|
|
if (fault & VM_FAULT_OOM) {
|
x86/mm: Handle mm_fault_error() in kernel space
mm_fault_error() should not execute oom-killer, if page fault
occurs in kernel space. E.g. in copy_from_user()/copy_to_user().
This would happen if we find ourselves in OOM on a
copy_to_user(), or a copy_from_user() which faults.
Without this patch, the kernels hangs up in copy_from_user(),
because OOM killer sends SIG_KILL to current process, but it
can't handle a signal while in syscall, then the kernel returns
to copy_from_user(), reexcute current command and provokes
page_fault again.
With this patch the kernel return -EFAULT from copy_from_user().
The code, which checks that page fault occurred in kernel space,
has been copied from do_sigbus().
This situation is handled by the same way on powerpc, xtensa,
tile, ...
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: <stable@kernel.org>
LKML-Reference: <201103092322.p29NMNPH001682@imap1.linux-foundation.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2011-03-10 07:22:23 +08:00
|
|
|
/* Kernel mode? Handle exceptions or die: */
|
2017-10-28 04:25:28 +08:00
|
|
|
if (!(error_code & X86_PF_USER)) {
|
2011-11-08 08:33:40 +08:00
|
|
|
no_context(regs, error_code, address,
|
|
|
|
SIGSEGV, SEGV_MAPERR);
|
2013-09-13 06:13:40 +08:00
|
|
|
return;
|
x86/mm: Handle mm_fault_error() in kernel space
mm_fault_error() should not execute oom-killer, if page fault
occurs in kernel space. E.g. in copy_from_user()/copy_to_user().
This would happen if we find ourselves in OOM on a
copy_to_user(), or a copy_from_user() which faults.
Without this patch, the kernels hangs up in copy_from_user(),
because OOM killer sends SIG_KILL to current process, but it
can't handle a signal while in syscall, then the kernel returns
to copy_from_user(), reexcute current command and provokes
page_fault again.
With this patch the kernel return -EFAULT from copy_from_user().
The code, which checks that page fault occurred in kernel space,
has been copied from do_sigbus().
This situation is handled by the same way on powerpc, xtensa,
tile, ...
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: <stable@kernel.org>
LKML-Reference: <201103092322.p29NMNPH001682@imap1.linux-foundation.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2011-03-10 07:22:23 +08:00
|
|
|
}
|
|
|
|
|
2012-12-13 05:52:10 +08:00
|
|
|
/*
|
|
|
|
* We ran out of memory, call the OOM killer, and return the
|
|
|
|
* userspace (which will retry the fault, or kill us if we got
|
|
|
|
* oom-killed):
|
|
|
|
*/
|
|
|
|
pagefault_out_of_memory();
|
2009-02-21 02:56:40 +08:00
|
|
|
} else {
|
2010-09-28 04:05:55 +08:00
|
|
|
if (fault & (VM_FAULT_SIGBUS|VM_FAULT_HWPOISON|
|
|
|
|
VM_FAULT_HWPOISON_LARGE))
|
2018-09-18 06:16:01 +08:00
|
|
|
do_sigbus(regs, error_code, address, fault);
|
vm: add VM_FAULT_SIGSEGV handling support
The core VM already knows about VM_FAULT_SIGBUS, but cannot return a
"you should SIGSEGV" error, because the SIGSEGV case was generally
handled by the caller - usually the architecture fault handler.
That results in lots of duplication - all the architecture fault
handlers end up doing very similar "look up vma, check permissions, do
retries etc" - but it generally works. However, there are cases where
the VM actually wants to SIGSEGV, and applications _expect_ SIGSEGV.
In particular, when accessing the stack guard page, libsigsegv expects a
SIGSEGV. And it usually got one, because the stack growth is handled by
that duplicated architecture fault handler.
However, when the generic VM layer started propagating the error return
from the stack expansion in commit fee7e49d4514 ("mm: propagate error
from stack expansion even for guard page"), that now exposed the
existing VM_FAULT_SIGBUS result to user space. And user space really
expected SIGSEGV, not SIGBUS.
To fix that case, we need to add a VM_FAULT_SIGSEGV, and teach all those
duplicate architecture fault handlers about it. They all already have
the code to handle SIGSEGV, so it's about just tying that new return
value to the existing code, but it's all a bit annoying.
This is the mindless minimal patch to do this. A more extensive patch
would be to try to gather up the mostly shared fault handling logic into
one generic helper routine, and long-term we really should do that
cleanup.
Just from this patch, you can generally see that most architectures just
copied (directly or indirectly) the old x86 way of doing things, but in
the meantime that original x86 model has been improved to hold the VM
semaphore for shorter times etc and to handle VM_FAULT_RETRY and other
"newer" things, so it would be a good idea to bring all those
improvements to the generic case and teach other architectures about
them too.
Reported-and-tested-by: Takashi Iwai <tiwai@suse.de>
Tested-by: Jan Engelhardt <jengelh@inai.de>
Acked-by: Heiko Carstens <heiko.carstens@de.ibm.com> # "s390 still compiles and boots"
Cc: linux-arch@vger.kernel.org
Cc: stable@vger.kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2015-01-30 02:51:32 +08:00
|
|
|
else if (fault & VM_FAULT_SIGSEGV)
|
2018-09-18 06:13:13 +08:00
|
|
|
bad_area_nosemaphore(regs, error_code, address);
|
2009-02-21 02:56:40 +08:00
|
|
|
else
|
|
|
|
BUG();
|
|
|
|
}
|
x86: optimise x86's do_page_fault (C entry point for the page fault path)
Impact: cleanup, restructure code to improve assembly
gcc isn't _all_ that smart about spilling registers to stack or reusing
stack slots, even with branch annotations. do_page_fault contained a lot
of functionality, so split unlikely paths into their own functions, and
mark them as noinline just to be sure. I consider this actually to be
somewhat of a cleanup too: the main function now contains about half
the number of lines so the normal path is easier to read, while the error
cases are also nicely split away.
Also, ensure the order of arguments to functions is always the same: regs,
addr, error_code. This can reduce code size a tiny bit, and just looks neater
too.
And add a couple of branch annotations.
Before:
do_page_fault:
subq $360, %rsp #,
After:
do_page_fault:
subq $56, %rsp #,
bloat-o-meter:
add/remove: 8/0 grow/shrink: 0/1 up/down: 2222/-1680 (542)
function old new delta
__bad_area_nosemaphore - 506 +506
no_context - 474 +474
vmalloc_fault - 424 +424
spurious_fault - 358 +358
mm_fault_error - 272 +272
bad_area_access_error - 89 +89
bad_area - 89 +89
bad_area_nosemaphore - 10 +10
do_page_fault 2464 784 -1680
Yes, the total size increases by 542 bytes, due to the extra function calls.
But these will very rarely be called (except for vmalloc_fault) in a normal
workload. Importantly, do_page_fault is less than 1/3rd it's original size,
and touches far less stack.
Existing gotos and branch hints did move a lot of the infrequently used text
out of the fastpath, but that's even further improved after this patch.
Signed-off-by: Nick Piggin <npiggin@suse.de>
Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2009-01-20 11:24:26 +08:00
|
|
|
}
|
|
|
|
|
2018-09-29 00:02:22 +08:00
|
|
|
static int spurious_kernel_fault_check(unsigned long error_code, pte_t *pte)
|
2008-02-07 05:39:43 +08:00
|
|
|
{
|
2017-10-28 04:25:28 +08:00
|
|
|
if ((error_code & X86_PF_WRITE) && !pte_write(*pte))
|
2008-02-07 05:39:43 +08:00
|
|
|
return 0;
|
2009-02-21 02:56:40 +08:00
|
|
|
|
2017-10-28 04:25:28 +08:00
|
|
|
if ((error_code & X86_PF_INSTR) && !pte_exec(*pte))
|
2008-02-07 05:39:43 +08:00
|
|
|
return 0;
|
|
|
|
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
2008-01-30 20:34:11 +08:00
|
|
|
/*
|
2009-02-21 02:56:40 +08:00
|
|
|
* Handle a spurious fault caused by a stale TLB entry.
|
|
|
|
*
|
|
|
|
* This allows us to lazily refresh the TLB when increasing the
|
|
|
|
* permissions of a kernel page (RO -> RW or NX -> X). Doing it
|
|
|
|
* eagerly is very expensive since that implies doing a full
|
|
|
|
* cross-processor TLB flush, even if no stale TLB entries exist
|
|
|
|
* on other processors.
|
|
|
|
*
|
2014-04-11 01:46:45 +08:00
|
|
|
* Spurious faults may only occur if the TLB contains an entry with
|
|
|
|
* fewer permission than the page table entry. Non-present (P = 0)
|
|
|
|
* and reserved bit (R = 1) faults are never spurious.
|
|
|
|
*
|
2008-01-30 20:34:11 +08:00
|
|
|
* There are no security implications to leaving a stale TLB when
|
|
|
|
* increasing the permissions on a page.
|
2014-04-11 01:46:45 +08:00
|
|
|
*
|
|
|
|
* Returns non-zero if a spurious fault was handled, zero otherwise.
|
|
|
|
*
|
|
|
|
* See Intel Developer's Manual Vol 3 Section 4.10.4.3, bullet 3
|
|
|
|
* (Optional Invalidation).
|
2008-01-30 20:34:11 +08:00
|
|
|
*/
|
2014-04-17 16:18:14 +08:00
|
|
|
static noinline int
|
2018-09-29 00:02:22 +08:00
|
|
|
spurious_kernel_fault(unsigned long error_code, unsigned long address)
|
2008-01-30 20:34:11 +08:00
|
|
|
{
|
|
|
|
pgd_t *pgd;
|
2017-03-13 22:33:05 +08:00
|
|
|
p4d_t *p4d;
|
2008-01-30 20:34:11 +08:00
|
|
|
pud_t *pud;
|
|
|
|
pmd_t *pmd;
|
|
|
|
pte_t *pte;
|
2009-02-20 00:46:36 +08:00
|
|
|
int ret;
|
2008-01-30 20:34:11 +08:00
|
|
|
|
2014-04-11 01:46:45 +08:00
|
|
|
/*
|
|
|
|
* Only writes to RO or instruction fetches from NX may cause
|
|
|
|
* spurious faults.
|
|
|
|
*
|
|
|
|
* These could be from user or supervisor accesses but the TLB
|
|
|
|
* is only lazily flushed after a kernel mapping protection
|
|
|
|
* change, so user accesses are not expected to cause spurious
|
|
|
|
* faults.
|
|
|
|
*/
|
2017-10-28 04:25:28 +08:00
|
|
|
if (error_code != (X86_PF_WRITE | X86_PF_PROT) &&
|
|
|
|
error_code != (X86_PF_INSTR | X86_PF_PROT))
|
2008-01-30 20:34:11 +08:00
|
|
|
return 0;
|
|
|
|
|
|
|
|
pgd = init_mm.pgd + pgd_index(address);
|
|
|
|
if (!pgd_present(*pgd))
|
|
|
|
return 0;
|
|
|
|
|
2017-03-13 22:33:05 +08:00
|
|
|
p4d = p4d_offset(pgd, address);
|
|
|
|
if (!p4d_present(*p4d))
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
if (p4d_large(*p4d))
|
2018-09-29 00:02:22 +08:00
|
|
|
return spurious_kernel_fault_check(error_code, (pte_t *) p4d);
|
2017-03-13 22:33:05 +08:00
|
|
|
|
|
|
|
pud = pud_offset(p4d, address);
|
2008-01-30 20:34:11 +08:00
|
|
|
if (!pud_present(*pud))
|
|
|
|
return 0;
|
|
|
|
|
2008-02-07 05:39:43 +08:00
|
|
|
if (pud_large(*pud))
|
2018-09-29 00:02:22 +08:00
|
|
|
return spurious_kernel_fault_check(error_code, (pte_t *) pud);
|
2008-02-07 05:39:43 +08:00
|
|
|
|
2008-01-30 20:34:11 +08:00
|
|
|
pmd = pmd_offset(pud, address);
|
|
|
|
if (!pmd_present(*pmd))
|
|
|
|
return 0;
|
|
|
|
|
2008-02-07 05:39:43 +08:00
|
|
|
if (pmd_large(*pmd))
|
2018-09-29 00:02:22 +08:00
|
|
|
return spurious_kernel_fault_check(error_code, (pte_t *) pmd);
|
2008-02-07 05:39:43 +08:00
|
|
|
|
2008-01-30 20:34:11 +08:00
|
|
|
pte = pte_offset_kernel(pmd, address);
|
2013-02-23 07:11:49 +08:00
|
|
|
if (!pte_present(*pte))
|
2008-01-30 20:34:11 +08:00
|
|
|
return 0;
|
|
|
|
|
2018-09-29 00:02:22 +08:00
|
|
|
ret = spurious_kernel_fault_check(error_code, pte);
|
2009-02-20 00:46:36 +08:00
|
|
|
if (!ret)
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
/*
|
2009-02-21 02:56:40 +08:00
|
|
|
* Make sure we have permissions in PMD.
|
|
|
|
* If not, then there's a bug in the page tables:
|
2009-02-20 00:46:36 +08:00
|
|
|
*/
|
2018-09-29 00:02:22 +08:00
|
|
|
ret = spurious_kernel_fault_check(error_code, (pte_t *) pmd);
|
2009-02-20 00:46:36 +08:00
|
|
|
WARN_ONCE(!ret, "PMD has incorrect permission bits\n");
|
2009-02-21 02:56:40 +08:00
|
|
|
|
2009-02-20 00:46:36 +08:00
|
|
|
return ret;
|
2008-01-30 20:34:11 +08:00
|
|
|
}
|
2018-09-29 00:02:22 +08:00
|
|
|
NOKPROBE_SYMBOL(spurious_kernel_fault);
|
2008-01-30 20:34:11 +08:00
|
|
|
|
2007-07-22 17:12:28 +08:00
|
|
|
int show_unhandled_signals = 1;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2009-02-21 02:56:40 +08:00
|
|
|
static inline int
|
2010-10-27 05:21:58 +08:00
|
|
|
access_error(unsigned long error_code, struct vm_area_struct *vma)
|
x86: optimise x86's do_page_fault (C entry point for the page fault path)
Impact: cleanup, restructure code to improve assembly
gcc isn't _all_ that smart about spilling registers to stack or reusing
stack slots, even with branch annotations. do_page_fault contained a lot
of functionality, so split unlikely paths into their own functions, and
mark them as noinline just to be sure. I consider this actually to be
somewhat of a cleanup too: the main function now contains about half
the number of lines so the normal path is easier to read, while the error
cases are also nicely split away.
Also, ensure the order of arguments to functions is always the same: regs,
addr, error_code. This can reduce code size a tiny bit, and just looks neater
too.
And add a couple of branch annotations.
Before:
do_page_fault:
subq $360, %rsp #,
After:
do_page_fault:
subq $56, %rsp #,
bloat-o-meter:
add/remove: 8/0 grow/shrink: 0/1 up/down: 2222/-1680 (542)
function old new delta
__bad_area_nosemaphore - 506 +506
no_context - 474 +474
vmalloc_fault - 424 +424
spurious_fault - 358 +358
mm_fault_error - 272 +272
bad_area_access_error - 89 +89
bad_area - 89 +89
bad_area_nosemaphore - 10 +10
do_page_fault 2464 784 -1680
Yes, the total size increases by 542 bytes, due to the extra function calls.
But these will very rarely be called (except for vmalloc_fault) in a normal
workload. Importantly, do_page_fault is less than 1/3rd it's original size,
and touches far less stack.
Existing gotos and branch hints did move a lot of the infrequently used text
out of the fastpath, but that's even further improved after this patch.
Signed-off-by: Nick Piggin <npiggin@suse.de>
Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2009-01-20 11:24:26 +08:00
|
|
|
{
|
2016-02-13 05:02:22 +08:00
|
|
|
/* This is only called for the current mm, so: */
|
|
|
|
bool foreign = false;
|
2016-07-30 00:30:10 +08:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Read or write was blocked by protection keys. This is
|
|
|
|
* always an unconditional error and can never result in
|
|
|
|
* a follow-up action to resolve the fault, like a COW.
|
|
|
|
*/
|
2017-10-28 04:25:28 +08:00
|
|
|
if (error_code & X86_PF_PK)
|
2016-07-30 00:30:10 +08:00
|
|
|
return 1;
|
|
|
|
|
2016-02-13 05:02:22 +08:00
|
|
|
/*
|
|
|
|
* Make sure to check the VMA so that we do not perform
|
2017-10-28 04:25:28 +08:00
|
|
|
* faults just to hit a X86_PF_PK as soon as we fill in a
|
2016-02-13 05:02:22 +08:00
|
|
|
* page.
|
|
|
|
*/
|
2017-10-28 04:25:28 +08:00
|
|
|
if (!arch_vma_access_permitted(vma, (error_code & X86_PF_WRITE),
|
|
|
|
(error_code & X86_PF_INSTR), foreign))
|
2016-02-13 05:02:22 +08:00
|
|
|
return 1;
|
mm/gup, x86/mm/pkeys: Check VMAs and PTEs for protection keys
Today, for normal faults and page table walks, we check the VMA
and/or PTE to ensure that it is compatible with the action. For
instance, if we get a write fault on a non-writeable VMA, we
SIGSEGV.
We try to do the same thing for protection keys. Basically, we
try to make sure that if a user does this:
mprotect(ptr, size, PROT_NONE);
*ptr = foo;
they see the same effects with protection keys when they do this:
mprotect(ptr, size, PROT_READ|PROT_WRITE);
set_pkey(ptr, size, 4);
wrpkru(0xffffff3f); // access disable pkey 4
*ptr = foo;
The state to do that checking is in the VMA, but we also
sometimes have to do it on the page tables only, like when doing
a get_user_pages_fast() where we have no VMA.
We add two functions and expose them to generic code:
arch_pte_access_permitted(pte_flags, write)
arch_vma_access_permitted(vma, write)
These are, of course, backed up in x86 arch code with checks
against the PTE or VMA's protection key.
But, there are also cases where we do not want to respect
protection keys. When we ptrace(), for instance, we do not want
to apply the tracer's PKRU permissions to the PTEs from the
process being traced.
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Alexey Kardashevskiy <aik@ozlabs.ru>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Boaz Harrosh <boaz@plexistor.com>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Dan Williams <dan.j.williams@intel.com>
Cc: Dave Hansen <dave@sr71.net>
Cc: David Gibson <david@gibson.dropbear.id.au>
Cc: David Hildenbrand <dahi@linux.vnet.ibm.com>
Cc: David Vrabel <david.vrabel@citrix.com>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: Dominik Dingel <dingel@linux.vnet.ibm.com>
Cc: Dominik Vogt <vogt@linux.vnet.ibm.com>
Cc: Guan Xuetao <gxt@mprc.pku.edu.cn>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
Cc: Hugh Dickins <hughd@google.com>
Cc: Jason Low <jason.low2@hp.com>
Cc: Jerome Marchand <jmarchan@redhat.com>
Cc: Juergen Gross <jgross@suse.com>
Cc: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Cc: Laurent Dufour <ldufour@linux.vnet.ibm.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Cc: Matthew Wilcox <willy@linux.intel.com>
Cc: Mel Gorman <mgorman@suse.de>
Cc: Michael Ellerman <mpe@ellerman.id.au>
Cc: Michal Hocko <mhocko@suse.com>
Cc: Mikulas Patocka <mpatocka@redhat.com>
Cc: Minchan Kim <minchan@kernel.org>
Cc: Paul Mackerras <paulus@samba.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Rik van Riel <riel@redhat.com>
Cc: Sasha Levin <sasha.levin@oracle.com>
Cc: Shachar Raindel <raindel@mellanox.com>
Cc: Stephen Smalley <sds@tycho.nsa.gov>
Cc: Toshi Kani <toshi.kani@hpe.com>
Cc: Vlastimil Babka <vbabka@suse.cz>
Cc: linux-arch@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Cc: linux-mm@kvack.org
Cc: linux-s390@vger.kernel.org
Cc: linuxppc-dev@lists.ozlabs.org
Link: http://lkml.kernel.org/r/20160212210219.14D5D715@viggo.jf.intel.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2016-02-13 05:02:19 +08:00
|
|
|
|
2017-10-28 04:25:28 +08:00
|
|
|
if (error_code & X86_PF_WRITE) {
|
2009-02-21 02:56:40 +08:00
|
|
|
/* write, present and write, not present: */
|
x86: optimise x86's do_page_fault (C entry point for the page fault path)
Impact: cleanup, restructure code to improve assembly
gcc isn't _all_ that smart about spilling registers to stack or reusing
stack slots, even with branch annotations. do_page_fault contained a lot
of functionality, so split unlikely paths into their own functions, and
mark them as noinline just to be sure. I consider this actually to be
somewhat of a cleanup too: the main function now contains about half
the number of lines so the normal path is easier to read, while the error
cases are also nicely split away.
Also, ensure the order of arguments to functions is always the same: regs,
addr, error_code. This can reduce code size a tiny bit, and just looks neater
too.
And add a couple of branch annotations.
Before:
do_page_fault:
subq $360, %rsp #,
After:
do_page_fault:
subq $56, %rsp #,
bloat-o-meter:
add/remove: 8/0 grow/shrink: 0/1 up/down: 2222/-1680 (542)
function old new delta
__bad_area_nosemaphore - 506 +506
no_context - 474 +474
vmalloc_fault - 424 +424
spurious_fault - 358 +358
mm_fault_error - 272 +272
bad_area_access_error - 89 +89
bad_area - 89 +89
bad_area_nosemaphore - 10 +10
do_page_fault 2464 784 -1680
Yes, the total size increases by 542 bytes, due to the extra function calls.
But these will very rarely be called (except for vmalloc_fault) in a normal
workload. Importantly, do_page_fault is less than 1/3rd it's original size,
and touches far less stack.
Existing gotos and branch hints did move a lot of the infrequently used text
out of the fastpath, but that's even further improved after this patch.
Signed-off-by: Nick Piggin <npiggin@suse.de>
Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2009-01-20 11:24:26 +08:00
|
|
|
if (unlikely(!(vma->vm_flags & VM_WRITE)))
|
|
|
|
return 1;
|
2009-02-21 02:56:40 +08:00
|
|
|
return 0;
|
x86: optimise x86's do_page_fault (C entry point for the page fault path)
Impact: cleanup, restructure code to improve assembly
gcc isn't _all_ that smart about spilling registers to stack or reusing
stack slots, even with branch annotations. do_page_fault contained a lot
of functionality, so split unlikely paths into their own functions, and
mark them as noinline just to be sure. I consider this actually to be
somewhat of a cleanup too: the main function now contains about half
the number of lines so the normal path is easier to read, while the error
cases are also nicely split away.
Also, ensure the order of arguments to functions is always the same: regs,
addr, error_code. This can reduce code size a tiny bit, and just looks neater
too.
And add a couple of branch annotations.
Before:
do_page_fault:
subq $360, %rsp #,
After:
do_page_fault:
subq $56, %rsp #,
bloat-o-meter:
add/remove: 8/0 grow/shrink: 0/1 up/down: 2222/-1680 (542)
function old new delta
__bad_area_nosemaphore - 506 +506
no_context - 474 +474
vmalloc_fault - 424 +424
spurious_fault - 358 +358
mm_fault_error - 272 +272
bad_area_access_error - 89 +89
bad_area - 89 +89
bad_area_nosemaphore - 10 +10
do_page_fault 2464 784 -1680
Yes, the total size increases by 542 bytes, due to the extra function calls.
But these will very rarely be called (except for vmalloc_fault) in a normal
workload. Importantly, do_page_fault is less than 1/3rd it's original size,
and touches far less stack.
Existing gotos and branch hints did move a lot of the infrequently used text
out of the fastpath, but that's even further improved after this patch.
Signed-off-by: Nick Piggin <npiggin@suse.de>
Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2009-01-20 11:24:26 +08:00
|
|
|
}
|
|
|
|
|
2009-02-21 02:56:40 +08:00
|
|
|
/* read, present: */
|
2017-10-28 04:25:28 +08:00
|
|
|
if (unlikely(error_code & X86_PF_PROT))
|
2009-02-21 02:56:40 +08:00
|
|
|
return 1;
|
|
|
|
|
|
|
|
/* read, not present: */
|
2020-04-07 11:03:47 +08:00
|
|
|
if (unlikely(!vma_is_accessible(vma)))
|
2009-02-21 02:56:40 +08:00
|
|
|
return 1;
|
|
|
|
|
x86: optimise x86's do_page_fault (C entry point for the page fault path)
Impact: cleanup, restructure code to improve assembly
gcc isn't _all_ that smart about spilling registers to stack or reusing
stack slots, even with branch annotations. do_page_fault contained a lot
of functionality, so split unlikely paths into their own functions, and
mark them as noinline just to be sure. I consider this actually to be
somewhat of a cleanup too: the main function now contains about half
the number of lines so the normal path is easier to read, while the error
cases are also nicely split away.
Also, ensure the order of arguments to functions is always the same: regs,
addr, error_code. This can reduce code size a tiny bit, and just looks neater
too.
And add a couple of branch annotations.
Before:
do_page_fault:
subq $360, %rsp #,
After:
do_page_fault:
subq $56, %rsp #,
bloat-o-meter:
add/remove: 8/0 grow/shrink: 0/1 up/down: 2222/-1680 (542)
function old new delta
__bad_area_nosemaphore - 506 +506
no_context - 474 +474
vmalloc_fault - 424 +424
spurious_fault - 358 +358
mm_fault_error - 272 +272
bad_area_access_error - 89 +89
bad_area - 89 +89
bad_area_nosemaphore - 10 +10
do_page_fault 2464 784 -1680
Yes, the total size increases by 542 bytes, due to the extra function calls.
But these will very rarely be called (except for vmalloc_fault) in a normal
workload. Importantly, do_page_fault is less than 1/3rd it's original size,
and touches far less stack.
Existing gotos and branch hints did move a lot of the infrequently used text
out of the fastpath, but that's even further improved after this patch.
Signed-off-by: Nick Piggin <npiggin@suse.de>
Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2009-01-20 11:24:26 +08:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2020-10-07 05:09:10 +08:00
|
|
|
bool fault_in_kernel_space(unsigned long address)
|
2009-02-05 07:24:09 +08:00
|
|
|
{
|
2018-09-29 00:02:30 +08:00
|
|
|
/*
|
|
|
|
* On 64-bit systems, the vsyscall page is at an address above
|
|
|
|
* TASK_SIZE_MAX, but is not considered part of the kernel
|
|
|
|
* address space.
|
|
|
|
*/
|
|
|
|
if (IS_ENABLED(CONFIG_X86_64) && is_vsyscall_vaddr(address))
|
|
|
|
return false;
|
|
|
|
|
2009-02-21 06:32:28 +08:00
|
|
|
return address >= TASK_SIZE_MAX;
|
2009-02-05 07:24:09 +08:00
|
|
|
}
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
/*
|
2018-09-29 00:02:22 +08:00
|
|
|
* Called for all faults where 'address' is part of the kernel address
|
|
|
|
* space. Might get called for faults that originate from *code* that
|
|
|
|
* ran in userspace or the kernel.
|
2005-04-17 06:20:36 +08:00
|
|
|
*/
|
2018-09-29 00:02:22 +08:00
|
|
|
static void
|
|
|
|
do_kern_addr_fault(struct pt_regs *regs, unsigned long hw_error_code,
|
|
|
|
unsigned long address)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
2018-09-29 00:02:31 +08:00
|
|
|
/*
|
|
|
|
* Protection keys exceptions only happen on user pages. We
|
|
|
|
* have no user pages in the kernel portion of the address
|
|
|
|
* space, so do not expect them here.
|
|
|
|
*/
|
|
|
|
WARN_ON_ONCE(hw_error_code & X86_PF_PK);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2020-09-02 23:59:04 +08:00
|
|
|
#ifdef CONFIG_X86_32
|
|
|
|
/*
|
|
|
|
* We can fault-in kernel-space virtual memory on-demand. The
|
|
|
|
* 'reference' page table is init_mm.pgd.
|
|
|
|
*
|
|
|
|
* NOTE! We MUST NOT take any locks for this case. We may
|
|
|
|
* be in an interrupt or a critical region, and should
|
|
|
|
* only copy the information from the master page table,
|
|
|
|
* nothing more.
|
|
|
|
*
|
|
|
|
* Before doing this on-demand faulting, ensure that the
|
|
|
|
* fault is not any of the following:
|
|
|
|
* 1. A fault on a PTE with a reserved bit set.
|
|
|
|
* 2. A fault caused by a user-mode access. (Do not demand-
|
|
|
|
* fault kernel memory due to user-mode accesses).
|
|
|
|
* 3. A fault caused by a page-level protection violation.
|
|
|
|
* (A demand fault would be on a non-present page which
|
|
|
|
* would have X86_PF_PROT==0).
|
|
|
|
*
|
|
|
|
* This is only needed to close a race condition on x86-32 in
|
|
|
|
* the vmalloc mapping/unmapping code. See the comment above
|
|
|
|
* vmalloc_fault() for details. On x86-64 the race does not
|
|
|
|
* exist as the vmalloc mappings don't need to be synchronized
|
|
|
|
* there.
|
|
|
|
*/
|
|
|
|
if (!(hw_error_code & (X86_PF_RSVD | X86_PF_USER | X86_PF_PROT))) {
|
|
|
|
if (vmalloc_fault(address) >= 0)
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
2018-09-29 00:02:22 +08:00
|
|
|
/* Was the fault spurious, caused by lazy TLB invalidation? */
|
|
|
|
if (spurious_kernel_fault(hw_error_code, address))
|
|
|
|
return;
|
2009-02-21 02:56:40 +08:00
|
|
|
|
2018-09-29 00:02:22 +08:00
|
|
|
/* kprobes don't want to hook the spurious faults: */
|
2019-07-17 07:28:00 +08:00
|
|
|
if (kprobe_page_fault(regs, X86_TRAP_PF))
|
x86: optimise x86's do_page_fault (C entry point for the page fault path)
Impact: cleanup, restructure code to improve assembly
gcc isn't _all_ that smart about spilling registers to stack or reusing
stack slots, even with branch annotations. do_page_fault contained a lot
of functionality, so split unlikely paths into their own functions, and
mark them as noinline just to be sure. I consider this actually to be
somewhat of a cleanup too: the main function now contains about half
the number of lines so the normal path is easier to read, while the error
cases are also nicely split away.
Also, ensure the order of arguments to functions is always the same: regs,
addr, error_code. This can reduce code size a tiny bit, and just looks neater
too.
And add a couple of branch annotations.
Before:
do_page_fault:
subq $360, %rsp #,
After:
do_page_fault:
subq $56, %rsp #,
bloat-o-meter:
add/remove: 8/0 grow/shrink: 0/1 up/down: 2222/-1680 (542)
function old new delta
__bad_area_nosemaphore - 506 +506
no_context - 474 +474
vmalloc_fault - 424 +424
spurious_fault - 358 +358
mm_fault_error - 272 +272
bad_area_access_error - 89 +89
bad_area - 89 +89
bad_area_nosemaphore - 10 +10
do_page_fault 2464 784 -1680
Yes, the total size increases by 542 bytes, due to the extra function calls.
But these will very rarely be called (except for vmalloc_fault) in a normal
workload. Importantly, do_page_fault is less than 1/3rd it's original size,
and touches far less stack.
Existing gotos and branch hints did move a lot of the infrequently used text
out of the fastpath, but that's even further improved after this patch.
Signed-off-by: Nick Piggin <npiggin@suse.de>
Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2009-01-20 11:24:26 +08:00
|
|
|
return;
|
2018-09-29 00:02:22 +08:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Note, despite being a "bad area", there are quite a few
|
|
|
|
* acceptable reasons to get here, such as erratum fixups
|
|
|
|
* and handling kernel code that can fault, like get_user().
|
|
|
|
*
|
|
|
|
* Don't take the mm semaphore here. If we fixup a prefetch
|
|
|
|
* fault we could otherwise deadlock:
|
|
|
|
*/
|
2018-10-24 18:22:39 +08:00
|
|
|
bad_area_nosemaphore(regs, hw_error_code, address);
|
2018-09-29 00:02:22 +08:00
|
|
|
}
|
|
|
|
NOKPROBE_SYMBOL(do_kern_addr_fault);
|
|
|
|
|
2018-09-29 00:02:23 +08:00
|
|
|
/* Handle faults in the user portion of the address space */
|
|
|
|
static inline
|
|
|
|
void do_user_addr_fault(struct pt_regs *regs,
|
|
|
|
unsigned long hw_error_code,
|
|
|
|
unsigned long address)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
2009-02-21 02:56:40 +08:00
|
|
|
struct vm_area_struct *vma;
|
2005-04-17 06:20:36 +08:00
|
|
|
struct task_struct *tsk;
|
|
|
|
struct mm_struct *mm;
|
2020-08-12 09:38:49 +08:00
|
|
|
vm_fault_t fault;
|
2020-04-02 12:08:37 +08:00
|
|
|
unsigned int flags = FAULT_FLAG_DEFAULT;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2006-03-25 23:30:10 +08:00
|
|
|
tsk = current;
|
|
|
|
mm = tsk->mm;
|
2008-01-30 20:34:10 +08:00
|
|
|
|
2009-02-21 02:56:40 +08:00
|
|
|
/* kprobes don't want to hook the spurious faults: */
|
2019-07-17 07:28:00 +08:00
|
|
|
if (unlikely(kprobe_page_fault(regs, X86_TRAP_PF)))
|
2009-02-06 06:12:39 +08:00
|
|
|
return;
|
2006-03-25 23:29:40 +08:00
|
|
|
|
2018-09-29 00:02:25 +08:00
|
|
|
/*
|
|
|
|
* Reserved bits are never expected to be set on
|
|
|
|
* entries in the user portion of the page tables.
|
|
|
|
*/
|
2018-09-29 00:02:20 +08:00
|
|
|
if (unlikely(hw_error_code & X86_PF_RSVD))
|
|
|
|
pgtable_bad(regs, hw_error_code, address);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2018-09-29 00:02:25 +08:00
|
|
|
/*
|
2018-11-20 06:45:29 +08:00
|
|
|
* If SMAP is on, check for invalid kernel (supervisor) access to user
|
|
|
|
* pages in the user address space. The odd case here is WRUSS,
|
|
|
|
* which, according to the preliminary documentation, does not respect
|
|
|
|
* SMAP and will have the USER bit set so, in all cases, SMAP
|
|
|
|
* enforcement appears to be consistent with the USER bit.
|
2018-09-29 00:02:25 +08:00
|
|
|
*/
|
2018-11-20 06:45:28 +08:00
|
|
|
if (unlikely(cpu_feature_enabled(X86_FEATURE_SMAP) &&
|
|
|
|
!(hw_error_code & X86_PF_USER) &&
|
2018-11-20 06:45:29 +08:00
|
|
|
!(regs->flags & X86_EFLAGS_AC)))
|
2018-11-20 06:45:28 +08:00
|
|
|
{
|
2018-10-24 18:22:39 +08:00
|
|
|
bad_area_nosemaphore(regs, hw_error_code, address);
|
2014-02-13 23:46:04 +08:00
|
|
|
return;
|
2012-09-22 03:43:14 +08:00
|
|
|
}
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
/*
|
2009-02-21 02:56:40 +08:00
|
|
|
* If we're in an interrupt, have no user context or are running
|
2015-05-11 23:52:11 +08:00
|
|
|
* in a region with pagefaults disabled then we must not take the fault
|
2005-04-17 06:20:36 +08:00
|
|
|
*/
|
2015-05-11 23:52:11 +08:00
|
|
|
if (unlikely(faulthandler_disabled() || !mm)) {
|
2018-10-24 18:22:39 +08:00
|
|
|
bad_area_nosemaphore(regs, hw_error_code, address);
|
x86: optimise x86's do_page_fault (C entry point for the page fault path)
Impact: cleanup, restructure code to improve assembly
gcc isn't _all_ that smart about spilling registers to stack or reusing
stack slots, even with branch annotations. do_page_fault contained a lot
of functionality, so split unlikely paths into their own functions, and
mark them as noinline just to be sure. I consider this actually to be
somewhat of a cleanup too: the main function now contains about half
the number of lines so the normal path is easier to read, while the error
cases are also nicely split away.
Also, ensure the order of arguments to functions is always the same: regs,
addr, error_code. This can reduce code size a tiny bit, and just looks neater
too.
And add a couple of branch annotations.
Before:
do_page_fault:
subq $360, %rsp #,
After:
do_page_fault:
subq $56, %rsp #,
bloat-o-meter:
add/remove: 8/0 grow/shrink: 0/1 up/down: 2222/-1680 (542)
function old new delta
__bad_area_nosemaphore - 506 +506
no_context - 474 +474
vmalloc_fault - 424 +424
spurious_fault - 358 +358
mm_fault_error - 272 +272
bad_area_access_error - 89 +89
bad_area - 89 +89
bad_area_nosemaphore - 10 +10
do_page_fault 2464 784 -1680
Yes, the total size increases by 542 bytes, due to the extra function calls.
But these will very rarely be called (except for vmalloc_fault) in a normal
workload. Importantly, do_page_fault is less than 1/3rd it's original size,
and touches far less stack.
Existing gotos and branch hints did move a lot of the infrequently used text
out of the fastpath, but that's even further improved after this patch.
Signed-off-by: Nick Piggin <npiggin@suse.de>
Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2009-01-20 11:24:26 +08:00
|
|
|
return;
|
|
|
|
}
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2013-10-24 18:52:06 +08:00
|
|
|
/*
|
|
|
|
* It's safe to allow irq's after cr2 has been saved and the
|
|
|
|
* vmalloc fault has been handled.
|
|
|
|
*
|
|
|
|
* User-mode registers count as a user access even for any
|
|
|
|
* potential system fault or CPU buglet:
|
|
|
|
*/
|
2015-03-19 09:33:33 +08:00
|
|
|
if (user_mode(regs)) {
|
2013-10-24 18:52:06 +08:00
|
|
|
local_irq_enable();
|
|
|
|
flags |= FAULT_FLAG_USER;
|
|
|
|
} else {
|
|
|
|
if (regs->flags & X86_EFLAGS_IF)
|
|
|
|
local_irq_enable();
|
|
|
|
}
|
|
|
|
|
|
|
|
perf_sw_event(PERF_COUNT_SW_PAGE_FAULTS, 1, regs, address);
|
|
|
|
|
2018-11-22 07:11:22 +08:00
|
|
|
if (hw_error_code & X86_PF_WRITE)
|
2013-09-13 06:13:39 +08:00
|
|
|
flags |= FAULT_FLAG_WRITE;
|
2018-11-22 07:11:22 +08:00
|
|
|
if (hw_error_code & X86_PF_INSTR)
|
2016-02-13 05:02:24 +08:00
|
|
|
flags |= FAULT_FLAG_INSTRUCTION;
|
2013-09-13 06:13:39 +08:00
|
|
|
|
2018-09-29 00:02:30 +08:00
|
|
|
#ifdef CONFIG_X86_64
|
2008-10-13 23:49:02 +08:00
|
|
|
/*
|
2019-06-27 12:45:04 +08:00
|
|
|
* Faults in the vsyscall page might need emulation. The
|
|
|
|
* vsyscall page is at a high address (>PAGE_OFFSET), but is
|
|
|
|
* considered to be part of the user address space.
|
2005-04-17 06:20:36 +08:00
|
|
|
*
|
2018-09-29 00:02:30 +08:00
|
|
|
* The vsyscall page does not have a "real" VMA, so do this
|
|
|
|
* emulation before we go searching for VMAs.
|
2019-06-27 12:45:05 +08:00
|
|
|
*
|
|
|
|
* PKRU never rejects instruction fetches, so we don't need
|
|
|
|
* to consider the PF_PK bit.
|
2018-09-29 00:02:30 +08:00
|
|
|
*/
|
2019-06-27 12:45:04 +08:00
|
|
|
if (is_vsyscall_vaddr(address)) {
|
|
|
|
if (emulate_vsyscall(hw_error_code, regs, address))
|
2018-09-29 00:02:30 +08:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
2008-10-13 23:49:02 +08:00
|
|
|
/*
|
2018-09-29 00:02:27 +08:00
|
|
|
* Kernel-mode access to the user address space should only occur
|
|
|
|
* on well-defined single instructions listed in the exception
|
|
|
|
* tables. But, an erroneous kernel fault occurring outside one of
|
2020-06-09 12:33:54 +08:00
|
|
|
* those areas which also holds mmap_lock might deadlock attempting
|
2018-09-29 00:02:27 +08:00
|
|
|
* to validate the fault against the address space.
|
2005-04-17 06:20:36 +08:00
|
|
|
*
|
2018-09-29 00:02:27 +08:00
|
|
|
* Only do the expensive exception table search when we might be at
|
|
|
|
* risk of a deadlock. This happens if we
|
2020-06-09 12:33:54 +08:00
|
|
|
* 1. Failed to acquire mmap_lock, and
|
2018-11-20 06:45:25 +08:00
|
|
|
* 2. The access did not originate in userspace.
|
2005-04-17 06:20:36 +08:00
|
|
|
*/
|
2020-06-09 12:33:25 +08:00
|
|
|
if (unlikely(!mmap_read_trylock(mm))) {
|
2018-11-20 06:45:25 +08:00
|
|
|
if (!user_mode(regs) && !search_exception_tables(regs->ip)) {
|
2018-09-29 00:02:27 +08:00
|
|
|
/*
|
|
|
|
* Fault from code in kernel from
|
|
|
|
* which we do not expect faults.
|
|
|
|
*/
|
2018-11-22 07:11:22 +08:00
|
|
|
bad_area_nosemaphore(regs, hw_error_code, address);
|
x86: optimise x86's do_page_fault (C entry point for the page fault path)
Impact: cleanup, restructure code to improve assembly
gcc isn't _all_ that smart about spilling registers to stack or reusing
stack slots, even with branch annotations. do_page_fault contained a lot
of functionality, so split unlikely paths into their own functions, and
mark them as noinline just to be sure. I consider this actually to be
somewhat of a cleanup too: the main function now contains about half
the number of lines so the normal path is easier to read, while the error
cases are also nicely split away.
Also, ensure the order of arguments to functions is always the same: regs,
addr, error_code. This can reduce code size a tiny bit, and just looks neater
too.
And add a couple of branch annotations.
Before:
do_page_fault:
subq $360, %rsp #,
After:
do_page_fault:
subq $56, %rsp #,
bloat-o-meter:
add/remove: 8/0 grow/shrink: 0/1 up/down: 2222/-1680 (542)
function old new delta
__bad_area_nosemaphore - 506 +506
no_context - 474 +474
vmalloc_fault - 424 +424
spurious_fault - 358 +358
mm_fault_error - 272 +272
bad_area_access_error - 89 +89
bad_area - 89 +89
bad_area_nosemaphore - 10 +10
do_page_fault 2464 784 -1680
Yes, the total size increases by 542 bytes, due to the extra function calls.
But these will very rarely be called (except for vmalloc_fault) in a normal
workload. Importantly, do_page_fault is less than 1/3rd it's original size,
and touches far less stack.
Existing gotos and branch hints did move a lot of the infrequently used text
out of the fastpath, but that's even further improved after this patch.
Signed-off-by: Nick Piggin <npiggin@suse.de>
Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2009-01-20 11:24:26 +08:00
|
|
|
return;
|
|
|
|
}
|
2010-10-27 05:21:57 +08:00
|
|
|
retry:
|
2020-06-09 12:33:25 +08:00
|
|
|
mmap_read_lock(mm);
|
2009-01-29 23:02:12 +08:00
|
|
|
} else {
|
|
|
|
/*
|
2009-02-21 02:56:40 +08:00
|
|
|
* The above down_read_trylock() might have succeeded in
|
|
|
|
* which case we'll have missed the might_sleep() from
|
|
|
|
* down_read():
|
2009-01-29 23:02:12 +08:00
|
|
|
*/
|
|
|
|
might_sleep();
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
vma = find_vma(mm, address);
|
x86: optimise x86's do_page_fault (C entry point for the page fault path)
Impact: cleanup, restructure code to improve assembly
gcc isn't _all_ that smart about spilling registers to stack or reusing
stack slots, even with branch annotations. do_page_fault contained a lot
of functionality, so split unlikely paths into their own functions, and
mark them as noinline just to be sure. I consider this actually to be
somewhat of a cleanup too: the main function now contains about half
the number of lines so the normal path is easier to read, while the error
cases are also nicely split away.
Also, ensure the order of arguments to functions is always the same: regs,
addr, error_code. This can reduce code size a tiny bit, and just looks neater
too.
And add a couple of branch annotations.
Before:
do_page_fault:
subq $360, %rsp #,
After:
do_page_fault:
subq $56, %rsp #,
bloat-o-meter:
add/remove: 8/0 grow/shrink: 0/1 up/down: 2222/-1680 (542)
function old new delta
__bad_area_nosemaphore - 506 +506
no_context - 474 +474
vmalloc_fault - 424 +424
spurious_fault - 358 +358
mm_fault_error - 272 +272
bad_area_access_error - 89 +89
bad_area - 89 +89
bad_area_nosemaphore - 10 +10
do_page_fault 2464 784 -1680
Yes, the total size increases by 542 bytes, due to the extra function calls.
But these will very rarely be called (except for vmalloc_fault) in a normal
workload. Importantly, do_page_fault is less than 1/3rd it's original size,
and touches far less stack.
Existing gotos and branch hints did move a lot of the infrequently used text
out of the fastpath, but that's even further improved after this patch.
Signed-off-by: Nick Piggin <npiggin@suse.de>
Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2009-01-20 11:24:26 +08:00
|
|
|
if (unlikely(!vma)) {
|
2018-11-22 07:11:22 +08:00
|
|
|
bad_area(regs, hw_error_code, address);
|
x86: optimise x86's do_page_fault (C entry point for the page fault path)
Impact: cleanup, restructure code to improve assembly
gcc isn't _all_ that smart about spilling registers to stack or reusing
stack slots, even with branch annotations. do_page_fault contained a lot
of functionality, so split unlikely paths into their own functions, and
mark them as noinline just to be sure. I consider this actually to be
somewhat of a cleanup too: the main function now contains about half
the number of lines so the normal path is easier to read, while the error
cases are also nicely split away.
Also, ensure the order of arguments to functions is always the same: regs,
addr, error_code. This can reduce code size a tiny bit, and just looks neater
too.
And add a couple of branch annotations.
Before:
do_page_fault:
subq $360, %rsp #,
After:
do_page_fault:
subq $56, %rsp #,
bloat-o-meter:
add/remove: 8/0 grow/shrink: 0/1 up/down: 2222/-1680 (542)
function old new delta
__bad_area_nosemaphore - 506 +506
no_context - 474 +474
vmalloc_fault - 424 +424
spurious_fault - 358 +358
mm_fault_error - 272 +272
bad_area_access_error - 89 +89
bad_area - 89 +89
bad_area_nosemaphore - 10 +10
do_page_fault 2464 784 -1680
Yes, the total size increases by 542 bytes, due to the extra function calls.
But these will very rarely be called (except for vmalloc_fault) in a normal
workload. Importantly, do_page_fault is less than 1/3rd it's original size,
and touches far less stack.
Existing gotos and branch hints did move a lot of the infrequently used text
out of the fastpath, but that's even further improved after this patch.
Signed-off-by: Nick Piggin <npiggin@suse.de>
Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2009-01-20 11:24:26 +08:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
if (likely(vma->vm_start <= address))
|
2005-04-17 06:20:36 +08:00
|
|
|
goto good_area;
|
x86: optimise x86's do_page_fault (C entry point for the page fault path)
Impact: cleanup, restructure code to improve assembly
gcc isn't _all_ that smart about spilling registers to stack or reusing
stack slots, even with branch annotations. do_page_fault contained a lot
of functionality, so split unlikely paths into their own functions, and
mark them as noinline just to be sure. I consider this actually to be
somewhat of a cleanup too: the main function now contains about half
the number of lines so the normal path is easier to read, while the error
cases are also nicely split away.
Also, ensure the order of arguments to functions is always the same: regs,
addr, error_code. This can reduce code size a tiny bit, and just looks neater
too.
And add a couple of branch annotations.
Before:
do_page_fault:
subq $360, %rsp #,
After:
do_page_fault:
subq $56, %rsp #,
bloat-o-meter:
add/remove: 8/0 grow/shrink: 0/1 up/down: 2222/-1680 (542)
function old new delta
__bad_area_nosemaphore - 506 +506
no_context - 474 +474
vmalloc_fault - 424 +424
spurious_fault - 358 +358
mm_fault_error - 272 +272
bad_area_access_error - 89 +89
bad_area - 89 +89
bad_area_nosemaphore - 10 +10
do_page_fault 2464 784 -1680
Yes, the total size increases by 542 bytes, due to the extra function calls.
But these will very rarely be called (except for vmalloc_fault) in a normal
workload. Importantly, do_page_fault is less than 1/3rd it's original size,
and touches far less stack.
Existing gotos and branch hints did move a lot of the infrequently used text
out of the fastpath, but that's even further improved after this patch.
Signed-off-by: Nick Piggin <npiggin@suse.de>
Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2009-01-20 11:24:26 +08:00
|
|
|
if (unlikely(!(vma->vm_flags & VM_GROWSDOWN))) {
|
2018-11-22 07:11:22 +08:00
|
|
|
bad_area(regs, hw_error_code, address);
|
x86: optimise x86's do_page_fault (C entry point for the page fault path)
Impact: cleanup, restructure code to improve assembly
gcc isn't _all_ that smart about spilling registers to stack or reusing
stack slots, even with branch annotations. do_page_fault contained a lot
of functionality, so split unlikely paths into their own functions, and
mark them as noinline just to be sure. I consider this actually to be
somewhat of a cleanup too: the main function now contains about half
the number of lines so the normal path is easier to read, while the error
cases are also nicely split away.
Also, ensure the order of arguments to functions is always the same: regs,
addr, error_code. This can reduce code size a tiny bit, and just looks neater
too.
And add a couple of branch annotations.
Before:
do_page_fault:
subq $360, %rsp #,
After:
do_page_fault:
subq $56, %rsp #,
bloat-o-meter:
add/remove: 8/0 grow/shrink: 0/1 up/down: 2222/-1680 (542)
function old new delta
__bad_area_nosemaphore - 506 +506
no_context - 474 +474
vmalloc_fault - 424 +424
spurious_fault - 358 +358
mm_fault_error - 272 +272
bad_area_access_error - 89 +89
bad_area - 89 +89
bad_area_nosemaphore - 10 +10
do_page_fault 2464 784 -1680
Yes, the total size increases by 542 bytes, due to the extra function calls.
But these will very rarely be called (except for vmalloc_fault) in a normal
workload. Importantly, do_page_fault is less than 1/3rd it's original size,
and touches far less stack.
Existing gotos and branch hints did move a lot of the infrequently used text
out of the fastpath, but that's even further improved after this patch.
Signed-off-by: Nick Piggin <npiggin@suse.de>
Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2009-01-20 11:24:26 +08:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
if (unlikely(expand_stack(vma, address))) {
|
2018-11-22 07:11:22 +08:00
|
|
|
bad_area(regs, hw_error_code, address);
|
x86: optimise x86's do_page_fault (C entry point for the page fault path)
Impact: cleanup, restructure code to improve assembly
gcc isn't _all_ that smart about spilling registers to stack or reusing
stack slots, even with branch annotations. do_page_fault contained a lot
of functionality, so split unlikely paths into their own functions, and
mark them as noinline just to be sure. I consider this actually to be
somewhat of a cleanup too: the main function now contains about half
the number of lines so the normal path is easier to read, while the error
cases are also nicely split away.
Also, ensure the order of arguments to functions is always the same: regs,
addr, error_code. This can reduce code size a tiny bit, and just looks neater
too.
And add a couple of branch annotations.
Before:
do_page_fault:
subq $360, %rsp #,
After:
do_page_fault:
subq $56, %rsp #,
bloat-o-meter:
add/remove: 8/0 grow/shrink: 0/1 up/down: 2222/-1680 (542)
function old new delta
__bad_area_nosemaphore - 506 +506
no_context - 474 +474
vmalloc_fault - 424 +424
spurious_fault - 358 +358
mm_fault_error - 272 +272
bad_area_access_error - 89 +89
bad_area - 89 +89
bad_area_nosemaphore - 10 +10
do_page_fault 2464 784 -1680
Yes, the total size increases by 542 bytes, due to the extra function calls.
But these will very rarely be called (except for vmalloc_fault) in a normal
workload. Importantly, do_page_fault is less than 1/3rd it's original size,
and touches far less stack.
Existing gotos and branch hints did move a lot of the infrequently used text
out of the fastpath, but that's even further improved after this patch.
Signed-off-by: Nick Piggin <npiggin@suse.de>
Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2009-01-20 11:24:26 +08:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Ok, we have a good vm_area for this memory access, so
|
|
|
|
* we can handle it..
|
|
|
|
*/
|
2005-04-17 06:20:36 +08:00
|
|
|
good_area:
|
2018-11-22 07:11:22 +08:00
|
|
|
if (unlikely(access_error(hw_error_code, vma))) {
|
|
|
|
bad_area_access_error(regs, hw_error_code, address, vma);
|
x86: optimise x86's do_page_fault (C entry point for the page fault path)
Impact: cleanup, restructure code to improve assembly
gcc isn't _all_ that smart about spilling registers to stack or reusing
stack slots, even with branch annotations. do_page_fault contained a lot
of functionality, so split unlikely paths into their own functions, and
mark them as noinline just to be sure. I consider this actually to be
somewhat of a cleanup too: the main function now contains about half
the number of lines so the normal path is easier to read, while the error
cases are also nicely split away.
Also, ensure the order of arguments to functions is always the same: regs,
addr, error_code. This can reduce code size a tiny bit, and just looks neater
too.
And add a couple of branch annotations.
Before:
do_page_fault:
subq $360, %rsp #,
After:
do_page_fault:
subq $56, %rsp #,
bloat-o-meter:
add/remove: 8/0 grow/shrink: 0/1 up/down: 2222/-1680 (542)
function old new delta
__bad_area_nosemaphore - 506 +506
no_context - 474 +474
vmalloc_fault - 424 +424
spurious_fault - 358 +358
mm_fault_error - 272 +272
bad_area_access_error - 89 +89
bad_area - 89 +89
bad_area_nosemaphore - 10 +10
do_page_fault 2464 784 -1680
Yes, the total size increases by 542 bytes, due to the extra function calls.
But these will very rarely be called (except for vmalloc_fault) in a normal
workload. Importantly, do_page_fault is less than 1/3rd it's original size,
and touches far less stack.
Existing gotos and branch hints did move a lot of the infrequently used text
out of the fastpath, but that's even further improved after this patch.
Signed-off-by: Nick Piggin <npiggin@suse.de>
Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2009-01-20 11:24:26 +08:00
|
|
|
return;
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* If for any reason at all we couldn't handle the fault,
|
|
|
|
* make sure we exit gracefully rather than endlessly redo
|
2014-08-07 07:07:24 +08:00
|
|
|
* the fault. Since we never set FAULT_FLAG_RETRY_NOWAIT, if
|
2020-06-09 12:33:54 +08:00
|
|
|
* we get VM_FAULT_RETRY back, the mmap_lock has been unlocked.
|
x86/mm: fix use-after-free of vma during userfaultfd fault
Syzkaller with KASAN has reported a use-after-free of vma->vm_flags in
__do_page_fault() with the following reproducer:
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000002000-0x18)={0xaa, 0x0, 0x0})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1, 0x0})
r1 = gettid()
syz_open_dev$evdev(&(0x7f0000013000-0x12)="2f6465762f696e7075742f6576656e742300", 0x0, 0x0)
tkill(r1, 0x7)
The vma should be pinned by mmap_sem, but handle_userfault() might (in a
return to userspace scenario) release it and then acquire again, so when
we return to __do_page_fault() (with other result than VM_FAULT_RETRY),
the vma might be gone.
Specifically, per Andrea the scenario is
"A return to userland to repeat the page fault later with a
VM_FAULT_NOPAGE retval (potentially after handling any pending signal
during the return to userland). The return to userland is identified
whenever FAULT_FLAG_USER|FAULT_FLAG_KILLABLE are both set in
vmf->flags"
However, since commit a3c4fb7c9c2e ("x86/mm: Fix fault error path using
unsafe vma pointer") there is a vma_pkey() read of vma->vm_flags after
that point, which can thus become use-after-free. Fix this by moving
the read before calling handle_mm_fault().
Reported-by: syzbot <bot+6a5269ce759a7bb12754ed9622076dc93f65a1f6@syzkaller.appspotmail.com>
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Suggested-by: Kirill A. Shutemov <kirill@shutemov.name>
Fixes: 3c4fb7c9c2e ("x86/mm: Fix fault error path using unsafe vma pointer")
Reviewed-by: Andrea Arcangeli <aarcange@redhat.com>
Signed-off-by: Vlastimil Babka <vbabka@suse.cz>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2017-11-01 15:21:25 +08:00
|
|
|
*
|
2020-06-09 12:33:54 +08:00
|
|
|
* Note that handle_userfault() may also release and reacquire mmap_lock
|
x86/mm: fix use-after-free of vma during userfaultfd fault
Syzkaller with KASAN has reported a use-after-free of vma->vm_flags in
__do_page_fault() with the following reproducer:
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000002000-0x18)={0xaa, 0x0, 0x0})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1, 0x0})
r1 = gettid()
syz_open_dev$evdev(&(0x7f0000013000-0x12)="2f6465762f696e7075742f6576656e742300", 0x0, 0x0)
tkill(r1, 0x7)
The vma should be pinned by mmap_sem, but handle_userfault() might (in a
return to userspace scenario) release it and then acquire again, so when
we return to __do_page_fault() (with other result than VM_FAULT_RETRY),
the vma might be gone.
Specifically, per Andrea the scenario is
"A return to userland to repeat the page fault later with a
VM_FAULT_NOPAGE retval (potentially after handling any pending signal
during the return to userland). The return to userland is identified
whenever FAULT_FLAG_USER|FAULT_FLAG_KILLABLE are both set in
vmf->flags"
However, since commit a3c4fb7c9c2e ("x86/mm: Fix fault error path using
unsafe vma pointer") there is a vma_pkey() read of vma->vm_flags after
that point, which can thus become use-after-free. Fix this by moving
the read before calling handle_mm_fault().
Reported-by: syzbot <bot+6a5269ce759a7bb12754ed9622076dc93f65a1f6@syzkaller.appspotmail.com>
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Suggested-by: Kirill A. Shutemov <kirill@shutemov.name>
Fixes: 3c4fb7c9c2e ("x86/mm: Fix fault error path using unsafe vma pointer")
Reviewed-by: Andrea Arcangeli <aarcange@redhat.com>
Signed-off-by: Vlastimil Babka <vbabka@suse.cz>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2017-11-01 15:21:25 +08:00
|
|
|
* (and not return with VM_FAULT_RETRY), when returning to userland to
|
|
|
|
* repeat the page fault later with a VM_FAULT_NOPAGE retval
|
|
|
|
* (potentially after handling any pending signal during the return to
|
|
|
|
* userland). The return to userland is identified whenever
|
|
|
|
* FAULT_FLAG_USER|FAULT_FLAG_KILLABLE are both set in flags.
|
2005-04-17 06:20:36 +08:00
|
|
|
*/
|
2020-08-12 09:38:49 +08:00
|
|
|
fault = handle_mm_fault(vma, address, flags, regs);
|
2009-02-21 02:56:40 +08:00
|
|
|
|
2020-04-02 12:08:10 +08:00
|
|
|
/* Quick path to respond to signals */
|
|
|
|
if (fault_signal_pending(fault, regs)) {
|
|
|
|
if (!user_mode(regs))
|
|
|
|
no_context(regs, hw_error_code, address, SIGBUS,
|
|
|
|
BUS_ADRERR);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2013-09-13 06:13:40 +08:00
|
|
|
/*
|
2020-06-09 12:33:54 +08:00
|
|
|
* If we need to retry the mmap_lock has already been released,
|
2014-12-16 07:07:33 +08:00
|
|
|
* and if there is a fatal signal pending there is no guarantee
|
|
|
|
* that we made any progress. Handle this case first.
|
2013-09-13 06:13:40 +08:00
|
|
|
*/
|
2020-04-02 12:08:10 +08:00
|
|
|
if (unlikely((fault & VM_FAULT_RETRY) &&
|
|
|
|
(flags & FAULT_FLAG_ALLOW_RETRY))) {
|
|
|
|
flags |= FAULT_FLAG_TRIED;
|
|
|
|
goto retry;
|
2014-12-16 07:07:33 +08:00
|
|
|
}
|
2013-09-13 06:13:40 +08:00
|
|
|
|
2020-06-09 12:33:25 +08:00
|
|
|
mmap_read_unlock(mm);
|
2013-09-13 06:13:40 +08:00
|
|
|
if (unlikely(fault & VM_FAULT_ERROR)) {
|
2018-11-22 07:11:22 +08:00
|
|
|
mm_fault_error(regs, hw_error_code, address, fault);
|
2013-09-13 06:13:40 +08:00
|
|
|
return;
|
2011-05-25 08:11:30 +08:00
|
|
|
}
|
|
|
|
|
2009-02-21 05:12:18 +08:00
|
|
|
check_v8086_mode(regs, address, tsk);
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
2018-09-29 00:02:23 +08:00
|
|
|
NOKPROBE_SYMBOL(do_user_addr_fault);
|
|
|
|
|
2019-07-11 19:40:59 +08:00
|
|
|
static __always_inline void
|
|
|
|
trace_page_fault_entries(struct pt_regs *regs, unsigned long error_code,
|
|
|
|
unsigned long address)
|
2013-10-31 04:39:03 +08:00
|
|
|
{
|
2019-07-11 19:40:59 +08:00
|
|
|
if (!trace_pagefault_enabled())
|
|
|
|
return;
|
|
|
|
|
2013-10-31 04:39:03 +08:00
|
|
|
if (user_mode(regs))
|
2014-03-05 21:07:49 +08:00
|
|
|
trace_page_fault_user(address, regs, error_code);
|
2013-10-31 04:39:03 +08:00
|
|
|
else
|
2014-03-05 21:07:49 +08:00
|
|
|
trace_page_fault_kernel(address, regs, error_code);
|
2013-10-31 04:39:03 +08:00
|
|
|
}
|
|
|
|
|
2020-05-22 04:05:28 +08:00
|
|
|
static __always_inline void
|
|
|
|
handle_page_fault(struct pt_regs *regs, unsigned long error_code,
|
|
|
|
unsigned long address)
|
|
|
|
{
|
|
|
|
trace_page_fault_entries(regs, error_code, address);
|
|
|
|
|
|
|
|
if (unlikely(kmmio_fault(regs, address)))
|
|
|
|
return;
|
|
|
|
|
|
|
|
/* Was the fault on kernel-controlled part of the address space? */
|
|
|
|
if (unlikely(fault_in_kernel_space(address))) {
|
|
|
|
do_kern_addr_fault(regs, error_code, address);
|
|
|
|
} else {
|
|
|
|
do_user_addr_fault(regs, error_code, address);
|
|
|
|
/*
|
|
|
|
* User address page fault handling might have reenabled
|
|
|
|
* interrupts. Fixing up all potential exit points of
|
|
|
|
* do_user_addr_fault() and its leaf functions is just not
|
|
|
|
* doable w/o creating an unholy mess or turning the code
|
|
|
|
* upside down.
|
|
|
|
*/
|
|
|
|
local_irq_disable();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
DEFINE_IDTENTRY_RAW_ERRORCODE(exc_page_fault)
|
2013-10-31 04:37:00 +08:00
|
|
|
{
|
2020-05-22 04:05:28 +08:00
|
|
|
unsigned long address = read_cr2();
|
2020-07-23 06:00:08 +08:00
|
|
|
irqentry_state_t state;
|
2020-05-22 04:05:28 +08:00
|
|
|
|
2020-06-09 12:33:47 +08:00
|
|
|
prefetchw(¤t->mm->mmap_lock);
|
2020-05-22 04:05:28 +08:00
|
|
|
|
2020-02-29 02:42:48 +08:00
|
|
|
/*
|
2020-10-02 23:43:13 +08:00
|
|
|
* KVM uses #PF vector to deliver 'page not present' events to guests
|
|
|
|
* (asynchronous page fault mechanism). The event happens when a
|
|
|
|
* userspace task is trying to access some valid (from guest's point of
|
|
|
|
* view) memory which is not currently mapped by the host (e.g. the
|
|
|
|
* memory is swapped out). Note, the corresponding "page ready" event
|
|
|
|
* which is injected when the memory becomes available, is delived via
|
|
|
|
* an interrupt mechanism and not a #PF exception
|
|
|
|
* (see arch/x86/kernel/kvm.c: sysvec_kvm_asyncpf_interrupt()).
|
2020-02-29 02:42:48 +08:00
|
|
|
*
|
|
|
|
* We are relying on the interrupted context being sane (valid RSP,
|
|
|
|
* relevant locks not held, etc.), which is fine as long as the
|
|
|
|
* interrupted context had IF=1. We are also relying on the KVM
|
|
|
|
* async pf type field and CR2 being read consistently instead of
|
|
|
|
* getting values from real and async page faults mixed up.
|
|
|
|
*
|
|
|
|
* Fingers crossed.
|
2020-05-22 04:05:28 +08:00
|
|
|
*
|
|
|
|
* The async #PF handling code takes care of idtentry handling
|
|
|
|
* itself.
|
2020-02-29 02:42:48 +08:00
|
|
|
*/
|
|
|
|
if (kvm_handle_async_pf(regs, (u32)address))
|
|
|
|
return;
|
|
|
|
|
2020-05-22 04:05:28 +08:00
|
|
|
/*
|
|
|
|
* Entry handling for valid #PF from kernel mode is slightly
|
|
|
|
* different: RCU is already watching and rcu_irq_enter() must not
|
|
|
|
* be invoked because a kernel fault on a user space address might
|
|
|
|
* sleep.
|
|
|
|
*
|
|
|
|
* In case the fault hit a RCU idle region the conditional entry
|
|
|
|
* code reenabled RCU to avoid subsequent wreckage which helps
|
|
|
|
* debugability.
|
|
|
|
*/
|
2020-07-23 06:00:08 +08:00
|
|
|
state = irqentry_enter(regs);
|
2013-10-31 04:37:00 +08:00
|
|
|
|
2020-05-22 04:05:28 +08:00
|
|
|
instrumentation_begin();
|
|
|
|
handle_page_fault(regs, error_code, address);
|
|
|
|
instrumentation_end();
|
2019-12-28 00:36:11 +08:00
|
|
|
|
2020-07-23 06:00:08 +08:00
|
|
|
irqentry_exit(regs, state);
|
2013-10-31 04:37:00 +08:00
|
|
|
}
|