powerpc/kernel/syscall.c

0001 // SPDX-License-Identifier: GPL-2.0-or-later
0002
0003 #include <linux/compat.h>
0004 #include <linux/context_tracking.h>
0005 #include <linux/randomize_kstack.h>
0006
0007 #include <asm/interrupt.h>
0008 #include <asm/kup.h>
0009 #include <asm/syscall.h>
0010 #include <asm/time.h>
0011 #include <asm/tm.h>
0012 #include <asm/unistd.h>
0013
0014
0015 typedef long (*syscall_fn)(long, long, long, long, long, long);
0016
0017 /* Has to run notrace because it is entered not completely "reconciled" */
0018 notrace long system_call_exception(long r3, long r4, long r5,
0019                    long r6, long r7, long r8,
0020                    unsigned long r0, struct pt_regs *regs)
0021 {
0022     long ret;
0023     syscall_fn f;
0024
0025     kuap_lock();
0026
0027     add_random_kstack_offset();
0028     regs->orig_gpr3 = r3;
0029
0030     if (IS_ENABLED(CONFIG_PPC_IRQ_SOFT_MASK_DEBUG))
0031         BUG_ON(irq_soft_mask_return() != IRQS_ALL_DISABLED);
0032
0033     trace_hardirqs_off(); /* finish reconciling */
0034
0035     CT_WARN_ON(ct_state() == CONTEXT_KERNEL);
0036     user_exit_irqoff();
0037
0038     BUG_ON(regs_is_unrecoverable(regs));
0039     BUG_ON(!(regs->msr & MSR_PR));
0040     BUG_ON(arch_irq_disabled_regs(regs));
0041
0042 #ifdef CONFIG_PPC_PKEY
0043     if (mmu_has_feature(MMU_FTR_PKEY)) {
0044         unsigned long amr, iamr;
0045         bool flush_needed = false;
0046         /*
0047          * When entering from userspace we mostly have the AMR/IAMR
0048          * different from kernel default values. Hence don't compare.
0049          */
0050         amr = mfspr(SPRN_AMR);
0051         iamr = mfspr(SPRN_IAMR);
0052         regs->amr  = amr;
0053         regs->iamr = iamr;
0054         if (mmu_has_feature(MMU_FTR_BOOK3S_KUAP)) {
0055             mtspr(SPRN_AMR, AMR_KUAP_BLOCKED);
0056             flush_needed = true;
0057         }
0058         if (mmu_has_feature(MMU_FTR_BOOK3S_KUEP)) {
0059             mtspr(SPRN_IAMR, AMR_KUEP_BLOCKED);
0060             flush_needed = true;
0061         }
0062         if (flush_needed)
0063             isync();
0064     } else
0065 #endif
0066         kuap_assert_locked();
0067
0068     booke_restore_dbcr0();
0069
0070     account_cpu_user_entry();
0071
0072     account_stolen_time();
0073
0074     /*
0075      * This is not required for the syscall exit path, but makes the
0076      * stack frame look nicer. If this was initialised in the first stack
0077      * frame, or if the unwinder was taught the first stack frame always
0078      * returns to user with IRQS_ENABLED, this store could be avoided!
0079      */
0080     irq_soft_mask_regs_set_state(regs, IRQS_ENABLED);
0081
0082     /*
0083      * If system call is called with TM active, set _TIF_RESTOREALL to
0084      * prevent RFSCV being used to return to userspace, because POWER9
0085      * TM implementation has problems with this instruction returning to
0086      * transactional state. Final register values are not relevant because
0087      * the transaction will be aborted upon return anyway. Or in the case
0088      * of unsupported_scv SIGILL fault, the return state does not much
0089      * matter because it's an edge case.
0090      */
0091     if (IS_ENABLED(CONFIG_PPC_TRANSACTIONAL_MEM) &&
0092             unlikely(MSR_TM_TRANSACTIONAL(regs->msr)))
0093         set_bits(_TIF_RESTOREALL, &current_thread_info()->flags);
0094
0095     /*
0096      * If the system call was made with a transaction active, doom it and
0097      * return without performing the system call. Unless it was an
0098      * unsupported scv vector, in which case it's treated like an illegal
0099      * instruction.
0100      */
0101 #ifdef CONFIG_PPC_TRANSACTIONAL_MEM
0102     if (unlikely(MSR_TM_TRANSACTIONAL(regs->msr)) &&
0103         !trap_is_unsupported_scv(regs)) {
0104         /* Enable TM in the kernel, and disable EE (for scv) */
0105         hard_irq_disable();
0106         mtmsr(mfmsr() | MSR_TM);
0107
0108         /* tabort, this dooms the transaction, nothing else */
0109         asm volatile(".long 0x7c00071d | ((%0) << 16)"
0110                 :: "r"(TM_CAUSE_SYSCALL|TM_CAUSE_PERSISTENT));
0111
0112         /*
0113          * Userspace will never see the return value. Execution will
0114          * resume after the tbegin. of the aborted transaction with the
0115          * checkpointed register state. A context switch could occur
0116          * or signal delivered to the process before resuming the
0117          * doomed transaction context, but that should all be handled
0118          * as expected.
0119          */
0120         return -ENOSYS;
0121     }
0122 #endif // CONFIG_PPC_TRANSACTIONAL_MEM
0123
0124     local_irq_enable();
0125
0126     if (unlikely(read_thread_flags() & _TIF_SYSCALL_DOTRACE)) {
0127         if (unlikely(trap_is_unsupported_scv(regs))) {
0128             /* Unsupported scv vector */
0129             _exception(SIGILL, regs, ILL_ILLOPC, regs->nip);
0130             return regs->gpr[3];
0131         }
0132         /*
0133          * We use the return value of do_syscall_trace_enter() as the
0134          * syscall number. If the syscall was rejected for any reason
0135          * do_syscall_trace_enter() returns an invalid syscall number
0136          * and the test against NR_syscalls will fail and the return
0137          * value to be used is in regs->gpr[3].
0138          */
0139         r0 = do_syscall_trace_enter(regs);
0140         if (unlikely(r0 >= NR_syscalls))
0141             return regs->gpr[3];
0142         r3 = regs->gpr[3];
0143         r4 = regs->gpr[4];
0144         r5 = regs->gpr[5];
0145         r6 = regs->gpr[6];
0146         r7 = regs->gpr[7];
0147         r8 = regs->gpr[8];
0148
0149     } else if (unlikely(r0 >= NR_syscalls)) {
0150         if (unlikely(trap_is_unsupported_scv(regs))) {
0151             /* Unsupported scv vector */
0152             _exception(SIGILL, regs, ILL_ILLOPC, regs->nip);
0153             return regs->gpr[3];
0154         }
0155         return -ENOSYS;
0156     }
0157
0158     /* May be faster to do array_index_nospec? */
0159     barrier_nospec();
0160
0161     if (unlikely(is_compat_task())) {
0162         f = (void *)compat_sys_call_table[r0];
0163
0164         r3 &= 0x00000000ffffffffULL;
0165         r4 &= 0x00000000ffffffffULL;
0166         r5 &= 0x00000000ffffffffULL;
0167         r6 &= 0x00000000ffffffffULL;
0168         r7 &= 0x00000000ffffffffULL;
0169         r8 &= 0x00000000ffffffffULL;
0170
0171     } else {
0172         f = (void *)sys_call_table[r0];
0173     }
0174
0175     ret = f(r3, r4, r5, r6, r7, r8);
0176
0177     /*
0178      * Ultimately, this value will get limited by KSTACK_OFFSET_MAX(),
0179      * so the maximum stack offset is 1k bytes (10 bits).
0180      *
0181      * The actual entropy will be further reduced by the compiler when
0182      * applying stack alignment constraints: the powerpc architecture
0183      * may have two kinds of stack alignment (16-bytes and 8-bytes).
0184      *
0185      * So the resulting 6 or 7 bits of entropy is seen in SP[9:4] or SP[9:3].
0186      */
0187     choose_random_kstack_offset(mftb());
0188
0189     return ret;
0190 }