blob: 36c0e7529edbc89f1e7c7dc8d3c000024a2f433d [file] [log] [blame]
Linus Torvalds1da177e2005-04-16 15:20:36 -07001/*
Linus Torvalds1da177e2005-04-16 15:20:36 -07002 * PowerPC version
3 * Copyright (C) 1995-1996 Gary Thomas (gdt@linuxppc.org)
4 *
5 * Derived from "arch/i386/mm/fault.c"
6 * Copyright (C) 1991, 1992, 1993, 1994 Linus Torvalds
7 *
8 * Modified by Cort Dougan and Paul Mackerras.
9 *
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version
13 * 2 of the License, or (at your option) any later version.
14 */
15
Linus Torvalds1da177e2005-04-16 15:20:36 -070016#include <linux/signal.h>
17#include <linux/sched.h>
18#include <linux/kernel.h>
19#include <linux/errno.h>
20#include <linux/string.h>
21#include <linux/types.h>
22#include <linux/ptrace.h>
23#include <linux/mman.h>
24#include <linux/mm.h>
25#include <linux/interrupt.h>
26#include <linux/highmem.h>
27#include <linux/module.h>
28
29#include <asm/page.h>
30#include <asm/pgtable.h>
31#include <asm/mmu.h>
32#include <asm/mmu_context.h>
33#include <asm/system.h>
34#include <asm/uaccess.h>
35#include <asm/tlbflush.h>
36
37#if defined(CONFIG_XMON) || defined(CONFIG_KGDB)
38extern void (*debugger)(struct pt_regs *);
39extern void (*debugger_fault_handler)(struct pt_regs *);
40extern int (*debugger_dabr_match)(struct pt_regs *);
41int debugger_kernel_faults = 1;
42#endif
43
44unsigned long htab_reloads; /* updated by hashtable.S:hash_page() */
45unsigned long htab_evicts; /* updated by hashtable.S:hash_page() */
46unsigned long htab_preloads; /* updated by hashtable.S:add_hash_page() */
47unsigned long pte_misses; /* updated by do_page_fault() */
48unsigned long pte_errors; /* updated by do_page_fault() */
49unsigned int probingmem;
50
51/*
52 * Check whether the instruction at regs->nip is a store using
53 * an update addressing form which will update r1.
54 */
55static int store_updates_sp(struct pt_regs *regs)
56{
57 unsigned int inst;
58
59 if (get_user(inst, (unsigned int __user *)regs->nip))
60 return 0;
61 /* check for 1 in the rA field */
62 if (((inst >> 16) & 0x1f) != 1)
63 return 0;
64 /* check major opcode */
65 switch (inst >> 26) {
66 case 37: /* stwu */
67 case 39: /* stbu */
68 case 45: /* sthu */
69 case 53: /* stfsu */
70 case 55: /* stfdu */
71 return 1;
72 case 31:
73 /* check minor opcode */
74 switch ((inst >> 1) & 0x3ff) {
75 case 183: /* stwux */
76 case 247: /* stbux */
77 case 439: /* sthux */
78 case 695: /* stfsux */
79 case 759: /* stfdux */
80 return 1;
81 }
82 }
83 return 0;
84}
85
86/*
87 * For 600- and 800-family processors, the error_code parameter is DSISR
88 * for a data fault, SRR1 for an instruction fault. For 400-family processors
89 * the error_code parameter is ESR for a data fault, 0 for an instruction
90 * fault.
91 */
92int do_page_fault(struct pt_regs *regs, unsigned long address,
93 unsigned long error_code)
94{
95 struct vm_area_struct * vma;
96 struct mm_struct *mm = current->mm;
97 siginfo_t info;
98 int code = SEGV_MAPERR;
Nick Piggin83c54072007-07-19 01:47:05 -070099 int fault;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700100#if defined(CONFIG_4xx) || defined (CONFIG_BOOKE)
101 int is_write = error_code & ESR_DST;
102#else
103 int is_write = 0;
104
105 /*
106 * Fortunately the bit assignments in SRR1 for an instruction
107 * fault and DSISR for a data fault are mostly the same for the
108 * bits we are interested in. But there are some bits which
109 * indicate errors in DSISR but can validly be set in SRR1.
110 */
111 if (TRAP(regs) == 0x400)
112 error_code &= 0x48200000;
113 else
114 is_write = error_code & 0x02000000;
115#endif /* CONFIG_4xx || CONFIG_BOOKE */
116
117#if defined(CONFIG_XMON) || defined(CONFIG_KGDB)
118 if (debugger_fault_handler && TRAP(regs) == 0x300) {
119 debugger_fault_handler(regs);
120 return 0;
121 }
122#if !(defined(CONFIG_4xx) || defined(CONFIG_BOOKE))
123 if (error_code & 0x00400000) {
124 /* DABR match */
125 if (debugger_dabr_match(regs))
126 return 0;
127 }
128#endif /* !(CONFIG_4xx || CONFIG_BOOKE)*/
129#endif /* CONFIG_XMON || CONFIG_KGDB */
130
131 if (in_atomic() || mm == NULL)
132 return SIGSEGV;
133
134 down_read(&mm->mmap_sem);
135 vma = find_vma(mm, address);
136 if (!vma)
137 goto bad_area;
138 if (vma->vm_start <= address)
139 goto good_area;
140 if (!(vma->vm_flags & VM_GROWSDOWN))
141 goto bad_area;
142 if (!is_write)
143 goto bad_area;
144
145 /*
146 * N.B. The rs6000/xcoff ABI allows programs to access up to
147 * a few hundred bytes below the stack pointer.
148 * The kernel signal delivery code writes up to about 1.5kB
149 * below the stack pointer (r1) before decrementing it.
150 * The exec code can write slightly over 640kB to the stack
151 * before setting the user r1. Thus we allow the stack to
152 * expand to 1MB without further checks.
153 */
154 if (address + 0x100000 < vma->vm_end) {
155 /* get user regs even if this fault is in kernel mode */
156 struct pt_regs *uregs = current->thread.regs;
157 if (uregs == NULL)
158 goto bad_area;
159
160 /*
161 * A user-mode access to an address a long way below
162 * the stack pointer is only valid if the instruction
163 * is one which would update the stack pointer to the
164 * address accessed if the instruction completed,
165 * i.e. either stwu rs,n(r1) or stwux rs,r1,rb
166 * (or the byte, halfword, float or double forms).
167 *
168 * If we don't check this then any write to the area
169 * between the last mapped region and the stack will
170 * expand the stack rather than segfaulting.
171 */
172 if (address + 2048 < uregs->gpr[1]
173 && (!user_mode(regs) || !store_updates_sp(regs)))
174 goto bad_area;
175 }
176 if (expand_stack(vma, address))
177 goto bad_area;
178
179good_area:
180 code = SEGV_ACCERR;
181#if defined(CONFIG_6xx)
182 if (error_code & 0x95700000)
183 /* an error such as lwarx to I/O controller space,
184 address matching DABR, eciwx, etc. */
185 goto bad_area;
186#endif /* CONFIG_6xx */
187#if defined(CONFIG_8xx)
188 /* The MPC8xx seems to always set 0x80000000, which is
189 * "undefined". Of those that can be set, this is the only
190 * one which seems bad.
191 */
192 if (error_code & 0x10000000)
193 /* Guarded storage error. */
194 goto bad_area;
195#endif /* CONFIG_8xx */
196
197 /* a write */
198 if (is_write) {
199 if (!(vma->vm_flags & VM_WRITE))
200 goto bad_area;
201#if defined(CONFIG_4xx) || defined(CONFIG_BOOKE)
202 /* an exec - 4xx/Book-E allows for per-page execute permission */
203 } else if (TRAP(regs) == 0x400) {
204 pte_t *ptep;
Eugene Suroveginbab70a42006-03-28 10:13:12 -0800205 pmd_t *pmdp;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700206
207#if 0
208 /* It would be nice to actually enforce the VM execute
209 permission on CPUs which can do so, but far too
210 much stuff in userspace doesn't get the permissions
211 right, so we let any page be executed for now. */
212 if (! (vma->vm_flags & VM_EXEC))
213 goto bad_area;
214#endif
215
216 /* Since 4xx/Book-E supports per-page execute permission,
217 * we lazily flush dcache to icache. */
218 ptep = NULL;
Eugene Suroveginbab70a42006-03-28 10:13:12 -0800219 if (get_pteptr(mm, address, &ptep, &pmdp)) {
220 spinlock_t *ptl = pte_lockptr(mm, pmdp);
221 spin_lock(ptl);
222 if (pte_present(*ptep)) {
223 struct page *page = pte_page(*ptep);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700224
Eugene Suroveginbab70a42006-03-28 10:13:12 -0800225 if (!test_bit(PG_arch_1, &page->flags)) {
226 flush_dcache_icache_page(page);
227 set_bit(PG_arch_1, &page->flags);
228 }
229 pte_update(ptep, 0, _PAGE_HWEXEC);
Benjamin Herrenschmidte701d262007-10-30 09:46:06 +1100230 _tlbie(address, mm->context.id);
Eugene Suroveginbab70a42006-03-28 10:13:12 -0800231 pte_unmap_unlock(ptep, ptl);
232 up_read(&mm->mmap_sem);
233 return 0;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700234 }
Eugene Suroveginbab70a42006-03-28 10:13:12 -0800235 pte_unmap_unlock(ptep, ptl);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700236 }
Linus Torvalds1da177e2005-04-16 15:20:36 -0700237#endif
238 /* a read */
239 } else {
240 /* protection fault */
241 if (error_code & 0x08000000)
242 goto bad_area;
Jason Barondf67b3d2006-09-29 01:58:58 -0700243 if (!(vma->vm_flags & (VM_READ | VM_EXEC | VM_WRITE)))
Linus Torvalds1da177e2005-04-16 15:20:36 -0700244 goto bad_area;
245 }
246
247 /*
248 * If for any reason at all we couldn't handle the fault,
249 * make sure we exit gracefully rather than endlessly redo
250 * the fault.
251 */
252 survive:
Nick Piggin83c54072007-07-19 01:47:05 -0700253 fault = handle_mm_fault(mm, vma, address, is_write);
254 if (unlikely(fault & VM_FAULT_ERROR)) {
255 if (fault & VM_FAULT_OOM)
256 goto out_of_memory;
257 else if (fault & VM_FAULT_SIGBUS)
258 goto do_sigbus;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700259 BUG();
260 }
Nick Piggin83c54072007-07-19 01:47:05 -0700261 if (fault & VM_FAULT_MAJOR)
262 current->maj_flt++;
263 else
264 current->min_flt++;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700265
266 up_read(&mm->mmap_sem);
267 /*
268 * keep track of tlb+htab misses that are good addrs but
269 * just need pte's created via handle_mm_fault()
270 * -- Cort
271 */
272 pte_misses++;
273 return 0;
274
275bad_area:
276 up_read(&mm->mmap_sem);
277 pte_errors++;
278
279 /* User mode accesses cause a SIGSEGV */
280 if (user_mode(regs)) {
Paul Mackerrasbb0bb3b2005-09-10 21:13:11 +1000281 _exception(SIGSEGV, regs, code, address);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700282 return 0;
283 }
284
285 return SIGSEGV;
286
287/*
288 * We ran out of memory, or some other thing happened to us that made
289 * us unable to handle the page fault gracefully.
290 */
291out_of_memory:
292 up_read(&mm->mmap_sem);
Serge E. Hallynb460cbc2007-10-18 23:39:52 -0700293 if (is_global_init(current)) {
Linus Torvalds1da177e2005-04-16 15:20:36 -0700294 yield();
295 down_read(&mm->mmap_sem);
296 goto survive;
297 }
298 printk("VM: killing process %s\n", current->comm);
299 if (user_mode(regs))
Will Schmidtdcca2bd2007-10-16 01:24:18 -0700300 do_group_exit(SIGKILL);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700301 return SIGKILL;
302
303do_sigbus:
304 up_read(&mm->mmap_sem);
305 info.si_signo = SIGBUS;
306 info.si_errno = 0;
307 info.si_code = BUS_ADRERR;
308 info.si_addr = (void __user *)address;
309 force_sig_info (SIGBUS, &info, current);
310 if (!user_mode(regs))
311 return SIGBUS;
312 return 0;
313}
314
315/*
316 * bad_page_fault is called when we have a bad access from the kernel.
317 * It is called from the DSI and ISI handlers in head.S and from some
318 * of the procedures in traps.c.
319 */
320void
321bad_page_fault(struct pt_regs *regs, unsigned long address, int sig)
322{
323 const struct exception_table_entry *entry;
324
325 /* Are we prepared to handle this fault? */
326 if ((entry = search_exception_tables(regs->nip)) != NULL) {
327 regs->nip = entry->fixup;
328 return;
329 }
330
331 /* kernel has accessed a bad area */
332#if defined(CONFIG_XMON) || defined(CONFIG_KGDB)
333 if (debugger_kernel_faults)
334 debugger(regs);
335#endif
336 die("kernel access of bad area", regs, sig);
337}
338
339#ifdef CONFIG_8xx
340
341/* The pgtable.h claims some functions generically exist, but I
342 * can't find them......
343 */
344pte_t *va_to_pte(unsigned long address)
345{
346 pgd_t *dir;
347 pmd_t *pmd;
348 pte_t *pte;
349
350 if (address < TASK_SIZE)
351 return NULL;
352
353 dir = pgd_offset(&init_mm, address);
354 if (dir) {
355 pmd = pmd_offset(dir, address & PAGE_MASK);
356 if (pmd && pmd_present(*pmd)) {
357 pte = pte_offset_kernel(pmd, address & PAGE_MASK);
358 if (pte && pte_present(*pte))
359 return(pte);
360 }
361 }
362 return NULL;
363}
364
365unsigned long va_to_phys(unsigned long address)
366{
367 pte_t *pte;
368
369 pte = va_to_pte(address);
370 if (pte)
371 return(((unsigned long)(pte_val(*pte)) & PAGE_MASK) | (address & ~(PAGE_MASK)));
372 return (0);
373}
374
375void
376print_8xx_pte(struct mm_struct *mm, unsigned long addr)
377{
378 pgd_t * pgd;
379 pmd_t * pmd;
380 pte_t * pte;
381
382 printk(" pte @ 0x%8lx: ", addr);
383 pgd = pgd_offset(mm, addr & PAGE_MASK);
384 if (pgd) {
385 pmd = pmd_offset(pgd, addr & PAGE_MASK);
386 if (pmd && pmd_present(*pmd)) {
387 pte = pte_offset_kernel(pmd, addr & PAGE_MASK);
388 if (pte) {
389 printk(" (0x%08lx)->(0x%08lx)->0x%08lx\n",
390 (long)pgd, (long)pte, (long)pte_val(*pte));
391#define pp ((long)pte_val(*pte))
392 printk(" RPN: %05lx PP: %lx SPS: %lx SH: %lx "
393 "CI: %lx v: %lx\n",
394 pp>>12, /* rpn */
395 (pp>>10)&3, /* pp */
396 (pp>>3)&1, /* small */
397 (pp>>2)&1, /* shared */
398 (pp>>1)&1, /* cache inhibit */
399 pp&1 /* valid */
400 );
401#undef pp
402 }
403 else {
404 printk("no pte\n");
405 }
406 }
407 else {
408 printk("no pmd\n");
409 }
410 }
411 else {
412 printk("no pgd\n");
413 }
414}
415
416int
417get_8xx_pte(struct mm_struct *mm, unsigned long addr)
418{
419 pgd_t * pgd;
420 pmd_t * pmd;
421 pte_t * pte;
422 int retval = 0;
423
424 pgd = pgd_offset(mm, addr & PAGE_MASK);
425 if (pgd) {
426 pmd = pmd_offset(pgd, addr & PAGE_MASK);
427 if (pmd && pmd_present(*pmd)) {
428 pte = pte_offset_kernel(pmd, addr & PAGE_MASK);
429 if (pte) {
430 retval = (int)pte_val(*pte);
431 }
432 }
433 }
434 return(retval);
435}
436#endif /* CONFIG_8xx */