Re: [PATCH] s390/mm: Fix in_atomic() handling in do_secure_storage_access()

public inbox for linux-s390@vger.kernel.org
 help / color / mirror / Atom feed

From: Claudio Imbrenda <imbrenda@linux.ibm.com>
To: Heiko Carstens <hca@linux.ibm.com>
Cc: Janosch Frank <frankja@linux.ibm.com>,
	Christian Borntraeger <borntraeger@linux.ibm.com>,
	David Hildenbrand <david@redhat.com>,
	Alexander Gordeev <agordeev@linux.ibm.com>,
	Sven Schnelle <svens@linux.ibm.com>,
	Vasily Gorbik <gor@linux.ibm.com>,
	kvm@vger.kernel.org, linux-s390@vger.kernel.org,
	linux-kernel@vger.kernel.org
Subject: Re: [PATCH] s390/mm: Fix in_atomic() handling in do_secure_storage_access()
Date: Wed, 4 Jun 2025 14:16:43 +0200	[thread overview]
Message-ID: <20250604141643.3c04ae4e@p-imbrenda> (raw)
In-Reply-To: <20250603134936.1314139-1-hca@linux.ibm.com>

On Tue,  3 Jun 2025 15:49:36 +0200
Heiko Carstens <hca@linux.ibm.com> wrote:

> Kernel user spaces accesses to not exported pages in atomic context
> incorrectly try to resolve the page fault.
> With debug options enabled call traces like this can be seen:
> 
> BUG: sleeping function called from invalid context at kernel/locking/rwsem.c:1523
> in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 419074, name: qemu-system-s39
> preempt_count: 1, expected: 0
> RCU nest depth: 0, expected: 0
> INFO: lockdep is turned off.
> Preemption disabled at:
> [<00000383ea47cfa2>] copy_page_from_iter_atomic+0xa2/0x8a0
> CPU: 12 UID: 0 PID: 419074 Comm: qemu-system-s39
> Tainted: G        W           6.16.0-20250531.rc0.git0.69b3a602feac.63.fc42.s390x+debug #1 PREEMPT
> Tainted: [W]=WARN
> Hardware name: IBM 3931 A01 703 (LPAR)
> Call Trace:
>  [<00000383e990d282>] dump_stack_lvl+0xa2/0xe8
>  [<00000383e99bf152>] __might_resched+0x292/0x2d0
>  [<00000383eaa7c374>] down_read+0x34/0x2d0
>  [<00000383e99432f8>] do_secure_storage_access+0x108/0x360
>  [<00000383eaa724b0>] __do_pgm_check+0x130/0x220
>  [<00000383eaa842e4>] pgm_check_handler+0x114/0x160
>  [<00000383ea47d028>] copy_page_from_iter_atomic+0x128/0x8a0
> ([<00000383ea47d016>] copy_page_from_iter_atomic+0x116/0x8a0)
>  [<00000383e9c45eae>] generic_perform_write+0x16e/0x310
>  [<00000383e9eb87f4>] ext4_buffered_write_iter+0x84/0x160
>  [<00000383e9da0de4>] vfs_write+0x1c4/0x460
>  [<00000383e9da123c>] ksys_write+0x7c/0x100
>  [<00000383eaa7284e>] __do_syscall+0x15e/0x280
>  [<00000383eaa8417e>] system_call+0x6e/0x90
> INFO: lockdep is turned off.
> 
> It is not allowed to take the mmap_lock while in atomic context. Therefore
> handle such a secure storage access fault as if the accessed page is not
> mapped: the uaccess function will return -EFAULT, and the caller has to
> deal with this. Usually this means that the access is retried in process
> context, which allows to resolve the page fault (or in this case export the
> page).
> 
> Signed-off-by: Heiko Carstens <hca@linux.ibm.com>

Reviewed-by: Claudio Imbrenda <imbrenda@linux.ibm.com>

> ---
>  arch/s390/mm/fault.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/arch/s390/mm/fault.c b/arch/s390/mm/fault.c
> index 3829521450dd..e1ad05bfd28a 100644
> --- a/arch/s390/mm/fault.c
> +++ b/arch/s390/mm/fault.c
> @@ -441,6 +441,8 @@ void do_secure_storage_access(struct pt_regs *regs)
>  		if (rc)
>  			BUG();
>  	} else {
> +		if (faulthandler_disabled())
> +			return handle_fault_error_nolock(regs, 0);
>  		mm = current->mm;
>  		mmap_read_lock(mm);
>  		vma = find_vma(mm, addr);

next prev parent reply	other threads:[~2025-06-04 12:17 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-06-03 13:49 [PATCH] s390/mm: Fix in_atomic() handling in do_secure_storage_access() Heiko Carstens
2025-06-04 12:16 ` Claudio Imbrenda [this message]
2025-06-04 16:27 ` Alexander Gordeev
2025-06-04 16:48   ` Claudio Imbrenda
2025-06-04 17:29     ` Alexander Gordeev
2025-06-04 17:40       ` Claudio Imbrenda
2025-06-05  9:04         ` Alexander Gordeev
2025-06-05  9:06           ` Christian Borntraeger
2025-06-05 10:07             ` Heiko Carstens
2025-06-05 10:21               ` Christian Borntraeger

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20250604141643.3c04ae4e@p-imbrenda \
    --to=imbrenda@linux.ibm.com \
    --cc=agordeev@linux.ibm.com \
    --cc=borntraeger@linux.ibm.com \
    --cc=david@redhat.com \
    --cc=frankja@linux.ibm.com \
    --cc=gor@linux.ibm.com \
    --cc=hca@linux.ibm.com \
    --cc=kvm@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-s390@vger.kernel.org \
    --cc=svens@linux.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox