1. 29 Aug, 2024 16 commits
    • Sven Schnelle's avatar
      s390/entry: Unify save_area_sync and save_area_async · ee3daf7c
      Sven Schnelle authored
      In the past two save areas existed because interrupt handlers
      and system call / program check handlers where entered with
      interrupts enabled. To prevent a handler from overwriting the
      save areas from the previous handler, interrupts used the async
      save area, while system call and program check handler used the
      sync save area.
      
      Since the removal of critical section cleanup from entry.S, handlers are
      entered with interrupts disabled. When the interrupts are re-enabled,
      the save area is no longer need. Therefore merge both save areas into one.
      Reviewed-by: default avatarHeiko Carstens <hca@linux.ibm.com>
      Reviewed-by: default avatarAlexander Gordeev <agordeev@linux.ibm.com>
      Signed-off-by: default avatarSven Schnelle <svens@linux.ibm.com>
      Signed-off-by: default avatarVasily Gorbik <gor@linux.ibm.com>
      ee3daf7c
    • Harald Freudenberger's avatar
      s390/ap: Fix deadlock caused by recursive lock of the AP bus scan mutex · 56199bb9
      Harald Freudenberger authored
      There is a possibility to deadlock with an recursive
      lock of the AP bus scan mutex ap_scan_bus_mutex:
      
        ... kernel: ============================================
        ... kernel: WARNING: possible recursive locking detected
        ... kernel: 5.14.0-496.el9.s390x #3 Not tainted
        ... kernel: --------------------------------------------
        ... kernel: kworker/12:1/130 is trying to acquire lock:
        ... kernel: 0000000358bc1510 (ap_scan_bus_mutex){+.+.}-{3:3}, at: ap_bus_force_rescan+0x92/0x108
        ... kernel:
      	      but task is already holding lock:
        ... kernel: 0000000358bc1510 (ap_scan_bus_mutex){+.+.}-{3:3}, at: ap_scan_bus_wq_callback+0x28/0x60
        ... kernel:
      	      other info that might help us debug this:
        ... kernel:  Possible unsafe locking scenario:
        ... kernel:        CPU0
        ... kernel:        ----
        ... kernel:   lock(ap_scan_bus_mutex);
        ... kernel:   lock(ap_scan_bus_mutex);
        ... kernel:
      	      *** DEADLOCK ***
      
      Here is how the callstack looks like:
      
        ... [<00000003576fe9ce>] process_one_work+0x2a6/0x748
        ... [<0000000358150c00>] ap_scan_bus_wq_callback+0x40/0x60   <- mutex locked
        ... [<00000003581506e2>] ap_scan_bus+0x5a/0x3b0
        ... [<000000035815037c>] ap_scan_adapter+0x5b4/0x8c0
        ... [<000000035814fa34>] ap_scan_domains+0x2d4/0x668
        ... [<0000000357d989b4>] device_add+0x4a4/0x6b8
        ... [<0000000357d9bb54>] bus_probe_device+0xb4/0xc8
        ... [<0000000357d9daa8>] __device_attach+0x120/0x1b0
        ... [<0000000357d9a632>] bus_for_each_drv+0x8a/0xd0
        ... [<0000000357d9d548>] __device_attach_driver+0xc0/0x140
        ... [<0000000357d9d3d8>] driver_probe_device+0x40/0xf0
        ... [<0000000357d9cec2>] really_probe+0xd2/0x460
        ... [<000000035814d7b0>] ap_device_probe+0x150/0x208
        ... [<000003ff802a5c46>] zcrypt_cex4_queue_probe+0xb6/0x1c0 [zcrypt_cex4]
        ... [<000003ff7fb2d36e>] zcrypt_queue_register+0xe6/0x1b0 [zcrypt]
        ... [<000003ff7fb2c8ac>] zcrypt_rng_device_add+0x94/0xd8 [zcrypt]
        ... [<0000000357d7bc52>] hwrng_register+0x212/0x228
        ... [<0000000357d7b8c2>] add_early_randomness+0x102/0x110
        ... [<000003ff7fb29c94>] zcrypt_rng_data_read+0x94/0xb8 [zcrypt]
        ... [<0000000358150aca>] ap_bus_force_rescan+0x92/0x108
        ... [<0000000358177572>] mutex_lock_interruptible_nested+0x32/0x40  <- lock again
      
      Note this only happens when the very first random data providing
      crypto card appears via hot plug in the system AND is in disabled
      state ("deconfig"). Then the initial pull of random data fails and
      a re-scan of the AP bus is triggered while already in the middle
      of an AP bus scan caused by the appearing new hardware.
      
      The fix is relatively simple once the scenario us understood:
      The AP bus force rescan function will immediately return if there
      is currently an AP bus scan running with the very same thread id.
      
      Fixes: eacf5b36 ("s390/ap: introduce mutex to lock the AP bus scan")
      Signed-off-by: default avatarHarald Freudenberger <freude@linux.ibm.com>
      Signed-off-by: default avatarHeiko Carstens <hca@linux.ibm.com>
      Signed-off-by: default avatarVasily Gorbik <gor@linux.ibm.com>
      56199bb9
    • Joerg Schmidbauer's avatar
      s390/sha3: Support sha3 performance enhancements · 88c02b3f
      Joerg Schmidbauer authored
      On newer machines the SHA3 performance of CPACF instructions KIMD and
      KLMD can be enhanced by using additional modifier bits. This allows the
      application to omit initializing the ICV, but also affects the internal
      processing of the instructions. Performance is mostly gained when
      processing short messages.
      
      The new CPACF feature is backwards compatible with older machines, i.e.
      the new modifier bits are ignored on older machines. However, to save the
      ICV initialization, the application must detect the MSA level and omit
      the ICV initialization only if this feature is supported.
      Reviewed-by: default avatarHolger Dengler <dengler@linux.ibm.com>
      Signed-off-by: default avatarJoerg Schmidbauer <jschmidb@de.ibm.com>
      Signed-off-by: default avatarHeiko Carstens <hca@linux.ibm.com>
      Signed-off-by: default avatarVasily Gorbik <gor@linux.ibm.com>
      88c02b3f
    • Harald Freudenberger's avatar
      s390/pkey: Add function to enforce pkey handler modules load · 177b621b
      Harald Freudenberger authored
      There is a use case during early boot with an secure key encrypted
      root file system where the paes cipher may try to derive a protected
      key from secure key while the AP bus is still in the process of
      scanning the bus and building up the zcrypt device drivers. As the
      detection of CEX cards also triggers the modprobe of the pkey handler
      modules, these modules may come into existence too late.
      
      Yet another use case happening during early boot is for use of an
      protected key encrypted swap file(system). There is an ephemeral
      protected key read via sysfs to set up the swap file. But this only
      works when the pkey_pckmo module is already in - which may happen at a
      later time as the load is triggered via CPU feature.
      
      This patch introduces a new function pkey_handler_request_modules()
      and invokes it which unconditional tries to load in the pkey handler
      modules. This function is called for the in-kernel API to derive a
      protected key from whatever and in the sysfs API when the first
      attempt to simple invoke the handler function failed.
      Signed-off-by: default avatarHarald Freudenberger <freude@linux.ibm.com>
      Reviewed-by: default avatarHolger Dengler <dengler@linux.ibm.com>
      Signed-off-by: default avatarVasily Gorbik <gor@linux.ibm.com>
      177b621b
    • Harald Freudenberger's avatar
      s390/pkey: Add slowpath function to CCA and EP11 handler · 2fc401b9
      Harald Freudenberger authored
      For some keys there exists an alternative but usually slower
      path to convert the key material into a protected key.
      This patch introduces a new handler function
        slowpath_key_to_protkey()
      which provides this alternate path for the CCA and EP11
      handler code. With that even the knowledge about how
      and when this can be used within the pkey API code can
      be removed. So now the pkey API just tries the primary
      way and if that fails simple tries the alternative way.
      Signed-off-by: default avatarHarald Freudenberger <freude@linux.ibm.com>
      Reviewed-by: default avatarHolger Dengler <dengler@linux.ibm.com>
      Signed-off-by: default avatarVasily Gorbik <gor@linux.ibm.com>
      2fc401b9
    • Harald Freudenberger's avatar
      s390/pkey: Introduce pkey base with handler registry and handler modules · 8fcc231c
      Harald Freudenberger authored
      Introduce pkey base kernel code with a simple pkey handler registry.
      Regroup the pkey code into these kernel modules:
      - pkey is the pkey api supporting the ioctls, sysfs and in-kernel api.
        Also the pkey base code which offers the handler registry and
        handler wrapping invocation functions is integrated there. This
        module is automatically loaded in via CPU feature if the MSA feature
        is available.
      - pkey-cca is the CCA related handler code kernel module a offering
        CCA specific implementation for pkey. This module is loaded in
        via MODULE_DEVICE_TABLE when a CEX[4-8] card becomes available.
      - pkey-ep11 is the EP11 related handler code kernel module offering an
        EP11 specific implementation for pkey. This module is loaded in via
        MODULE_DEVICE_TABLE when a CEX[4-8] card becomes available.
      - pkey-pckmo is the PCKMO related handler code kernel module. This
        module is loaded in via CPU feature if the MSA feature is available,
        but on init a check for availability of the pckmo instruction is
        performed.
      
      The handler modules register via a pkey_handler struct at the pkey
      base code and the pkey customer (that is currently the pkey api code
      fetches a handler via pkey handler registry functions and calls the
      unified handler functions via the pkey base handler functions.
      
      As a result the pkey-cca, pkey-ep11 and pkey-pckmo modules get
      independent from each other and it becomes possible to write new
      handlers which offer another kind of implementation without implicit
      dependencies to other handler implementations and/or kernel device
      drivers.
      
      For each of these 4 kernel modules there is an individual Kconfig
      entry: CONFIG_PKEY for the base and api, CONFIG_PKEY_CCA for the PKEY
      CCA support handler, CONFIG_PKEY_EP11 for the EP11 support handler and
      CONFIG_PKEY_PCKMO for the pckmo support. The both CEX related handler
      modules (PKEY CCA and PKEY EP11) have a dependency to the zcrypt api
      of the zcrypt device driver.
      Signed-off-by: default avatarHarald Freudenberger <freude@linux.ibm.com>
      Reviewed-by: default avatarHolger Dengler <dengler@linux.ibm.com>
      Signed-off-by: default avatarVasily Gorbik <gor@linux.ibm.com>
      8fcc231c
    • Harald Freudenberger's avatar
      s390/pkey: Unify pkey cca, ep11 and pckmo functions signatures · ea88e171
      Harald Freudenberger authored
      As a preparation step for introducing a common function API
      between the pkey API module and the handlers (that is the
      cca, ep11 and pckmo code) this patch unifies the functions
      signatures exposed by the handlers and reworks all the
      invocation code of these functions.
      Signed-off-by: default avatarHarald Freudenberger <freude@linux.ibm.com>
      Reviewed-by: default avatarHolger Dengler <dengler@linux.ibm.com>
      Signed-off-by: default avatarVasily Gorbik <gor@linux.ibm.com>
      ea88e171
    • Harald Freudenberger's avatar
      s390/pkey: Rework and split PKEY kernel module code · 86fbf5e2
      Harald Freudenberger authored
      This is a huge rework of all the pkey kernel module code.
      The goal is to split the code into individual parts with
      a dedicated calling interface:
      - move all the sysfs related code into pkey_sysfs.c
      - all the CCA related code goes to pkey_cca.c
      - the EP11 stuff has been moved to pkey_ep11.c
      - the PCKMO related code is now in pkey_pckmo.c
      
      The CCA, EP11 and PCKMO code may be seen as "handlers" with
      a similar calling interface. The new header file pkey_base.h
      declares this calling interface. The remaining code in
      pkey_api.c handles the ioctl, the pkey module things and the
      "handler" independent code on top of the calling interface
      invoking the handlers.
      
      This regrouping of the code will be the base for a real
      pkey kernel module split into a pkey base module which acts
      as a dispatcher and handler modules providing their service.
      Signed-off-by: default avatarHarald Freudenberger <freude@linux.ibm.com>
      Reviewed-by: default avatarHolger Dengler <dengler@linux.ibm.com>
      Signed-off-by: default avatarVasily Gorbik <gor@linux.ibm.com>
      86fbf5e2
    • Harald Freudenberger's avatar
      s390/pkey: Split pkey_unlocked_ioctl function · 7344eea1
      Harald Freudenberger authored
      Split the very huge ioctl handling function pkey_unlocked_ioctl()
      into individual functions per each IOCTL command.
      
      There is no change in functional code coming with this patch.
      The work is a simple copy-and-paste with the goal to have
      the functionality absolutely untouched.
      Signed-off-by: default avatarHarald Freudenberger <freude@linux.ibm.com>
      Reviewed-by: default avatarHolger Dengler <dengler@linux.ibm.com>
      Signed-off-by: default avatarVasily Gorbik <gor@linux.ibm.com>
      7344eea1
    • Holger Dengler's avatar
      s390/crypto: Add hardware acceleration for HMAC modes · c3dcb058
      Holger Dengler authored
      Add new shash exploiting the HMAC hardware accelerations for SHA224,
      SHA256, SHA384 and SHA512 introduced with message-security assist
      extension 11.
      Reviewed-by: default avatarHarald Freudenberger <freude@linux.ibm.com>
      Signed-off-by: default avatarHolger Dengler <dengler@linux.ibm.com>
      Signed-off-by: default avatarVasily Gorbik <gor@linux.ibm.com>
      c3dcb058
    • Holger Dengler's avatar
      s390/crypto: Add hardware acceleration for full AES-XTS mode · 80625b67
      Holger Dengler authored
      Add new cipher exploiting the full AES-XTS hardware acceleration
      introduced with message-security assist extension 10.
      
      The full AES-XTS cipher is registered as preferred cipher in addition
      to the discrete AES-XTS variant.
      Reviewed-by: default avatarHarald Freudenberger <freude@linux.ibm.com>
      Signed-off-by: default avatarHolger Dengler <dengler@linux.ibm.com>
      Signed-off-by: default avatarVasily Gorbik <gor@linux.ibm.com>
      80625b67
    • Mete Durlu's avatar
      s390/hypfs_diag: Remove unused dentry variable · 4f7a31a7
      Mete Durlu authored
      Remove leftover dentry variable after hypfs refactoring.
      
      Before 2fcb3686, hypfs_diag.c and other hypfs files were using
      debugfs_create_file() explicitly for creating debugfs files and
      were storing the returned pointer.
      
      After the refactor, common debugfs file operations and also the
      related dentry pointers have been moved into hypfs_dbfs.c and
      redefined as new common mechanisms.
      Therefore the dentry variable and the debugfs_remove() function
      calls in hypfs_diag.c are now redundant.
      
      Current code is not effected since the dentry pointer in
      hypfs_diag is implicitly assigned to NULL and debugfs_remove()
      returns without an error if the passed pointer is NULL.
      Acked-by: default avatarAlexander Gordeev <agordeev@linux.ibm.com>
      Signed-off-by: default avatarMete Durlu <meted@linux.ibm.com>
      Signed-off-by: default avatarVasily Gorbik <gor@linux.ibm.com>
      4f7a31a7
    • Vasily Gorbik's avatar
      s390/disassembler: Add instructions · acb684d3
      Vasily Gorbik authored
      Add more instructions to the kernel disassembler.
      Reviewed-by: default avatarJens Remus <jremus@linux.ibm.com>
      Reviewed-by: default avatarHeiko Carstens <hca@linux.ibm.com>
      Signed-off-by: default avatarVasily Gorbik <gor@linux.ibm.com>
      acb684d3
    • Vasily Gorbik's avatar
      s390: Always enable EXPOLINE_EXTERN if supported · 4eac37ff
      Vasily Gorbik authored
      Since commit ba05b39d ("s390/expoline: Make modules use kernel
      expolines"), there is no longer any reason not to use
      CONFIG_EXPOLINE_EXTERN when supported by the compiler.
      
      On the positive side:
      - there is only a single set of expolines generated and used by both the
        kernel code and modules,
      - it eliminates expolines "comdat" sections, which can confuse tools
        like kpatch.
      
      Always enable EXPOLINE_EXTERN if supported by the compiler.
      Suggested-by: default avatarHeiko Carstens <hca@linux.ibm.com>
      Reviewed-by: default avatarSumanth Korikkar <sumanthk@linux.ibm.com>
      Reviewed-by: default avatarHeiko Carstens <hca@linux.ibm.com>
      Signed-off-by: default avatarVasily Gorbik <gor@linux.ibm.com>
      4eac37ff
    • Jens Remus's avatar
      s390/disassembler: Update instruction mnemonics to latest spec · 7f4f1f47
      Jens Remus authored
      Over the course of CPU generations a few instructions got extended,
      changing their base mnemonic, while keeping the former as an extended
      mnemonic. Update the instruction mnemonics in the disassembler to their
      latest base mnemonic as documented in the latest IBM z/Architecture
      Principles of Operation specification [1].
      
      With the IBM z14 the base mnemonics of the following vector instructions
      have been changed:
      - Vector FP Load Lengthened (VFLL)
      - Vector FP Load Rounded (VFLR)
      
      With Message-Security-Assist Extension 5 Perform Pseudorandom Number
      Operation (PPNO) has been renamed to Perform Random Number Operation
      (PRNO).
      
      With Vector Enhancements Facility 2 the base mnemonics of the following
      vector instructions have been changed:
      - Vector FP Convert from Fixed (VCFPS)
      - Vector FP Convert from Logical (VCFPL)
      - Vector FP Convert to Fixed (VCSFP)
      - Vector FP Convert to Logical (VCLFP)
      
      [1] IBM z/Architecture Principles of Operation, SA22-7832-13, IBM z16,
          https://publibfp.dhe.ibm.com/epubs/pdf/a227832d.pdfAcked-by: default avatarVasily Gorbik <gor@linux.ibm.com>
      Signed-off-by: default avatarJens Remus <jremus@linux.ibm.com>
      Signed-off-by: default avatarVasily Gorbik <gor@linux.ibm.com>
      7f4f1f47
    • Jens Remus's avatar
      s390/disassembler: Use proper format specifiers for operand values · 73c81973
      Jens Remus authored
      Treat register numbers as unsigned. Treat signed operand values as
      signed.
      
      This resolves multiple instances of the Cppcheck warning:
      
      warning: %i in format string (no. 1) requires 'int' but the argument
        type is 'unsigned int'. [invalidPrintfArgType_sint]
      Acked-by: default avatarVasily Gorbik <gor@linux.ibm.com>
      Signed-off-by: default avatarJens Remus <jremus@linux.ibm.com>
      Signed-off-by: default avatarVasily Gorbik <gor@linux.ibm.com>
      73c81973
  2. 27 Aug, 2024 4 commits
    • Vasily Gorbik's avatar
      s390/ftrace: Avoid calling unwinder in ftrace_return_address() · a84dd0d8
      Vasily Gorbik authored
      ftrace_return_address() is called extremely often from
      performance-critical code paths when debugging features like
      CONFIG_TRACE_IRQFLAGS are enabled. For example, with debug_defconfig,
      ftrace selftests on my LPAR currently execute ftrace_return_address()
      as follows:
      
      ftrace_return_address(0) - 0 times (common code uses __builtin_return_address(0) instead)
      ftrace_return_address(1) - 2,986,805,401 times (with this patch applied)
      ftrace_return_address(2) - 140 times
      ftrace_return_address(>2) - 0 times
      
      The use of __builtin_return_address(n) was replaced by return_address()
      with an unwinder call by commit cae74ba8 ("s390/ftrace:
      Use unwinder instead of __builtin_return_address()") because
      __builtin_return_address(n) simply walks the stack backchain and doesn't
      check for reaching the stack top. For shallow stacks with fewer than
      "n" frames, this results in reads at low addresses and random
      memory accesses.
      
      While calling the fully functional unwinder "works", it is very slow
      for this purpose. Moreover, potentially following stack switches and
      walking past IRQ context is simply wrong thing to do for
      ftrace_return_address().
      
      Reimplement return_address() to essentially be __builtin_return_address(n)
      with checks for reaching the stack top. Since the ftrace_return_address(n)
      argument is always a constant, keep the implementation in the header,
      allowing both GCC and Clang to unroll the loop and optimize it to the
      bare minimum.
      
      Fixes: cae74ba8 ("s390/ftrace: Use unwinder instead of __builtin_return_address()")
      Cc: stable@vger.kernel.org
      Reported-by: default avatarSumanth Korikkar <sumanthk@linux.ibm.com>
      Reviewed-by: default avatarHeiko Carstens <hca@linux.ibm.com>
      Acked-by: default avatarSumanth Korikkar <sumanthk@linux.ibm.com>
      Signed-off-by: default avatarVasily Gorbik <gor@linux.ibm.com>
      a84dd0d8
    • Jens Remus's avatar
      s390/build: Avoid relocation information in final vmlinux · 57216cc9
      Jens Remus authored
      Since commit 778666df ("s390: compile relocatable kernel without
      -fPIE") the kernel vmlinux ELF file is linked with --emit-relocs to
      preserve all relocations, so that all absolute relocations can be
      extracted using the 'relocs' tool to adjust them during boot.
      
      Port and adapt Petr Pavlu's x86 commit 9d9173e9 ("x86/build: Avoid
      relocation information in final vmlinux") to s390 to strip all
      relocations from the final vmlinux ELF file to optimize its size.
      Following is his original commit message with minor adaptions for s390:
      
      The Linux build process on s390 roughly consists of compiling all input
      files, statically linking them into a vmlinux ELF file, and then taking
      and turning this file into an actual bzImage bootable file.
      
      vmlinux has in this process two main purposes:
      1) It is an intermediate build target on the way to produce the final
         bootable image.
      2) It is a file that is expected to be used by debuggers and standard
         ELF tooling to work with the built kernel.
      
      For the second purpose, a vmlinux file is typically collected by various
      package build recipes, such as distribution spec files, including the
      kernel's own tar-pkg target.
      
      When building the kernel vmlinux contains also relocation information
      produced by using the --emit-relocs linker option. This is utilized by
      subsequent build steps to create relocs.S and produce a relocatable
      image. However, the information is not needed by debuggers and other
      standard ELF tooling.
      
      The issue is then that the collected vmlinux file and hence distribution
      packages end up unnecessarily large because of this extra data. The
      following is a size comparison of vmlinux v6.10 with and without the
      relocation information:
      
        | Configuration      | With relocs | Stripped relocs |
        | defconfig          |      696 MB |          320 MB |
        | -CONFIG_DEBUG_INFO |       48 MB |           32 MB |
      
      Optimize a resulting vmlinux by adding a postlink step that splits the
      relocation information into relocs.S and then strips it from the vmlinux
      binary.
      Reviewed-by: default avatarVasily Gorbik <gor@linux.ibm.com>
      Signed-off-by: default avatarJens Remus <jremus@linux.ibm.com>
      Signed-off-by: default avatarVasily Gorbik <gor@linux.ibm.com>
      57216cc9
    • Vasily Gorbik's avatar
      s390/ftrace: Use kernel ftrace trampoline for modules · d759be28
      Vasily Gorbik authored
      Now that both the kernel modules area and the kernel image itself are
      located within 4 GB, there is no longer a need to maintain a separate
      ftrace_plt trampoline. Use the existing trampoline in the kernel.
      Reviewed-by: default avatarIlya Leoshkevich <iii@linux.ibm.com>
      Reviewed-by: default avatarHeiko Carstens <hca@linux.ibm.com>
      Signed-off-by: default avatarVasily Gorbik <gor@linux.ibm.com>
      d759be28
    • Vasily Gorbik's avatar
      s390/ftrace: Remove unused ftrace_plt_template* · 017f1f0d
      Vasily Gorbik authored
      Unused since commit b860b934 ("s390/ftrace: remove dead code").
      Reviewed-by: default avatarIlya Leoshkevich <iii@linux.ibm.com>
      Signed-off-by: default avatarVasily Gorbik <gor@linux.ibm.com>
      017f1f0d
  3. 22 Aug, 2024 4 commits
  4. 21 Aug, 2024 7 commits
  5. 07 Aug, 2024 9 commits