1 // SPDX-License-Identifier: GPL-2.0
3 * linux/arch/parisc/traps.c
5 * Copyright (C) 1991, 1992 Linus Torvalds
6 * Copyright (C) 1999, 2000 Philipp Rumpf <prumpf@tux.org>
10 * 'Traps.c' handles hardware traps and faults after we have saved some
14 #include <linux/sched.h>
15 #include <linux/sched/debug.h>
16 #include <linux/kernel.h>
17 #include <linux/string.h>
18 #include <linux/errno.h>
19 #include <linux/ptrace.h>
20 #include <linux/timer.h>
21 #include <linux/delay.h>
23 #include <linux/module.h>
24 #include <linux/smp.h>
25 #include <linux/spinlock.h>
26 #include <linux/init.h>
27 #include <linux/interrupt.h>
28 #include <linux/console.h>
29 #include <linux/bug.h>
30 #include <linux/ratelimit.h>
31 #include <linux/uaccess.h>
32 #include <linux/kdebug.h>
33 #include <linux/kfence.h>
35 #include <asm/assembly.h>
38 #include <asm/traps.h>
39 #include <asm/unaligned.h>
40 #include <linux/atomic.h>
43 #include <asm/pdc_chassis.h>
44 #include <asm/unwind.h>
45 #include <asm/tlbflush.h>
46 #include <asm/cacheflush.h>
47 #include <linux/kgdb.h>
48 #include <linux/kprobes.h>
50 #include "../math-emu/math-emu.h" /* for handle_fpe() */
52 static void parisc_show_stack(struct task_struct *task,
53 struct pt_regs *regs, const char *loglvl);
55 static int printbinary(char *buf, unsigned long x, int nbits)
57 unsigned long mask = 1UL << (nbits - 1);
59 *buf++ = (mask & x ? '1' : '0');
72 #define FFMT "%016llx" /* fpregs are 64-bit always */
74 #define PRINTREGS(lvl,r,f,fmt,x) \
75 printk("%s%s%02d-%02d " fmt " " fmt " " fmt " " fmt "\n", \
76 lvl, f, (x), (x+3), (r)[(x)+0], (r)[(x)+1], \
77 (r)[(x)+2], (r)[(x)+3])
79 static void print_gr(const char *level, struct pt_regs *regs)
84 printk("%s\n", level);
85 printk("%s YZrvWESTHLNXBCVMcbcbcbcbOGFRQPDI\n", level);
86 printbinary(buf, regs->gr[0], 32);
87 printk("%sPSW: %s %s\n", level, buf, print_tainted());
89 for (i = 0; i < 32; i += 4)
90 PRINTREGS(level, regs->gr, "r", RFMT, i);
93 static void print_fr(const char *level, struct pt_regs *regs)
97 struct { u32 sw[2]; } s;
99 /* FR are 64bit everywhere. Need to use asm to get the content
100 * of fpsr/fper1, and we assume that we won't have a FP Identify
101 * in our way, otherwise we're screwed.
102 * The fldd is used to restore the T-bit if there was one, as the
103 * store clears it anyway.
104 * PA2.0 book says "thou shall not use fstw on FPSR/FPERs" - T-Bone */
105 asm volatile ("fstd %%fr0,0(%1) \n\t"
106 "fldd 0(%1),%%fr0 \n\t"
107 : "=m" (s) : "r" (&s) : "r0");
109 printk("%s\n", level);
110 printk("%s VZOUICununcqcqcqcqcqcrmunTDVZOUI\n", level);
111 printbinary(buf, s.sw[0], 32);
112 printk("%sFPSR: %s\n", level, buf);
113 printk("%sFPER1: %08x\n", level, s.sw[1]);
115 /* here we'll print fr0 again, tho it'll be meaningless */
116 for (i = 0; i < 32; i += 4)
117 PRINTREGS(level, regs->fr, "fr", FFMT, i);
120 void show_regs(struct pt_regs *regs)
124 unsigned long cr30, cr31;
126 user = user_mode(regs);
127 level = user ? KERN_DEBUG : KERN_CRIT;
129 show_regs_print_info(level);
131 print_gr(level, regs);
133 for (i = 0; i < 8; i += 4)
134 PRINTREGS(level, regs->sr, "sr", RFMT, i);
137 print_fr(level, regs);
141 printk("%s\n", level);
142 printk("%sIASQ: " RFMT " " RFMT " IAOQ: " RFMT " " RFMT "\n",
143 level, regs->iasq[0], regs->iasq[1], regs->iaoq[0], regs->iaoq[1]);
144 printk("%s IIR: %08lx ISR: " RFMT " IOR: " RFMT "\n",
145 level, regs->iir, regs->isr, regs->ior);
146 printk("%s CPU: %8d CR30: " RFMT " CR31: " RFMT "\n",
147 level, task_cpu(current), cr30, cr31);
148 printk("%s ORIG_R28: " RFMT "\n", level, regs->orig_r28);
151 printk("%s IAOQ[0]: " RFMT "\n", level, regs->iaoq[0]);
152 printk("%s IAOQ[1]: " RFMT "\n", level, regs->iaoq[1]);
153 printk("%s RP(r2): " RFMT "\n", level, regs->gr[2]);
155 printk("%s IAOQ[0]: %pS\n", level, (void *) regs->iaoq[0]);
156 printk("%s IAOQ[1]: %pS\n", level, (void *) regs->iaoq[1]);
157 printk("%s RP(r2): %pS\n", level, (void *) regs->gr[2]);
159 parisc_show_stack(current, regs, KERN_DEFAULT);
163 static DEFINE_RATELIMIT_STATE(_hppa_rs,
164 DEFAULT_RATELIMIT_INTERVAL, DEFAULT_RATELIMIT_BURST);
166 #define parisc_printk_ratelimited(critical, regs, fmt, ...) { \
167 if ((critical || show_unhandled_signals) && __ratelimit(&_hppa_rs)) { \
168 printk(fmt, ##__VA_ARGS__); \
174 static void do_show_stack(struct unwind_frame_info *info, const char *loglvl)
178 printk("%sBacktrace:\n", loglvl);
179 while (i <= MAX_UNWIND_ENTRIES) {
180 if (unwind_once(info) < 0 || info->ip == 0)
183 if (__kernel_text_address(info->ip)) {
184 printk("%s [<" RFMT ">] %pS\n",
185 loglvl, info->ip, (void *) info->ip);
189 printk("%s\n", loglvl);
192 static void parisc_show_stack(struct task_struct *task,
193 struct pt_regs *regs, const char *loglvl)
195 struct unwind_frame_info info;
197 unwind_frame_init_task(&info, task, regs);
199 do_show_stack(&info, loglvl);
202 void show_stack(struct task_struct *t, unsigned long *sp, const char *loglvl)
204 parisc_show_stack(t, NULL, loglvl);
207 int is_valid_bugaddr(unsigned long iaoq)
212 void die_if_kernel(char *str, struct pt_regs *regs, long err)
214 if (user_mode(regs)) {
218 parisc_printk_ratelimited(1, regs,
219 KERN_CRIT "%s (pid %d): %s (code %ld) at " RFMT "\n",
220 current->comm, task_pid_nr(current), str, err, regs->iaoq[0]);
229 /* Amuse the user in a SPARC fashion */
230 if (err) printk(KERN_CRIT
231 " _______________________________ \n"
232 " < Your System ate a SPARC! Gah! >\n"
233 " ------------------------------- \n"
239 /* unlock the pdc lock if necessary */
240 pdc_emergency_unlock();
243 printk(KERN_CRIT "%s (pid %d): %s (code %ld)\n",
244 current->comm, task_pid_nr(current), str, err);
246 /* Wot's wrong wif bein' racy? */
247 if (current->thread.flags & PARISC_KERNEL_DEATH) {
248 printk(KERN_CRIT "%s() recursion detected.\n", __func__);
252 current->thread.flags |= PARISC_KERNEL_DEATH;
256 add_taint(TAINT_DIE, LOCKDEP_NOW_UNRELIABLE);
259 panic("Fatal exception in interrupt");
262 panic("Fatal exception");
265 make_task_dead(SIGSEGV);
268 /* gdb uses break 4,8 */
269 #define GDB_BREAK_INSN 0x10004
270 static void handle_gdb_break(struct pt_regs *regs, int wot)
272 force_sig_fault(SIGTRAP, wot,
273 (void __user *) (regs->iaoq[0] & ~3));
276 static void handle_break(struct pt_regs *regs)
278 unsigned iir = regs->iir;
280 if (unlikely(iir == PARISC_BUG_BREAK_INSN && !user_mode(regs))) {
281 /* check if a BUG() or WARN() trapped here. */
282 enum bug_trap_type tt;
283 tt = report_bug(regs->iaoq[0] & ~3, regs);
284 if (tt == BUG_TRAP_TYPE_WARN) {
287 return; /* return to next instruction when WARN_ON(). */
289 die_if_kernel("Unknown kernel breakpoint", regs,
290 (tt == BUG_TRAP_TYPE_NONE) ? 9 : 0);
293 #ifdef CONFIG_KPROBES
294 if (unlikely(iir == PARISC_KPROBES_BREAK_INSN && !user_mode(regs))) {
295 parisc_kprobe_break_handler(regs);
298 if (unlikely(iir == PARISC_KPROBES_BREAK_INSN2 && !user_mode(regs))) {
299 parisc_kprobe_ss_handler(regs);
305 if (unlikely((iir == PARISC_KGDB_COMPILED_BREAK_INSN ||
306 iir == PARISC_KGDB_BREAK_INSN)) && !user_mode(regs)) {
307 kgdb_handle_exception(9, SIGTRAP, 0, regs);
312 if (unlikely(iir != GDB_BREAK_INSN))
313 parisc_printk_ratelimited(0, regs,
314 KERN_DEBUG "break %d,%d: pid=%d command='%s'\n",
315 iir & 31, (iir>>13) & ((1<<13)-1),
316 task_pid_nr(current), current->comm);
318 /* send standard GDB signal */
319 handle_gdb_break(regs, TRAP_BRKPT);
322 static void default_trap(int code, struct pt_regs *regs)
324 printk(KERN_ERR "Trap %d on CPU %d\n", code, smp_processor_id());
328 void (*cpu_lpmc) (int code, struct pt_regs *regs) __read_mostly = default_trap;
331 void transfer_pim_to_trap_frame(struct pt_regs *regs)
334 extern unsigned int hpmc_pim_data[];
335 struct pdc_hpmc_pim_11 *pim_narrow;
336 struct pdc_hpmc_pim_20 *pim_wide;
338 if (boot_cpu_data.cpu_type >= pcxu) {
340 pim_wide = (struct pdc_hpmc_pim_20 *)hpmc_pim_data;
343 * Note: The following code will probably generate a
344 * bunch of truncation error warnings from the compiler.
345 * Could be handled with an ifdef, but perhaps there
349 regs->gr[0] = pim_wide->cr[22];
351 for (i = 1; i < 32; i++)
352 regs->gr[i] = pim_wide->gr[i];
354 for (i = 0; i < 32; i++)
355 regs->fr[i] = pim_wide->fr[i];
357 for (i = 0; i < 8; i++)
358 regs->sr[i] = pim_wide->sr[i];
360 regs->iasq[0] = pim_wide->cr[17];
361 regs->iasq[1] = pim_wide->iasq_back;
362 regs->iaoq[0] = pim_wide->cr[18];
363 regs->iaoq[1] = pim_wide->iaoq_back;
365 regs->sar = pim_wide->cr[11];
366 regs->iir = pim_wide->cr[19];
367 regs->isr = pim_wide->cr[20];
368 regs->ior = pim_wide->cr[21];
371 pim_narrow = (struct pdc_hpmc_pim_11 *)hpmc_pim_data;
373 regs->gr[0] = pim_narrow->cr[22];
375 for (i = 1; i < 32; i++)
376 regs->gr[i] = pim_narrow->gr[i];
378 for (i = 0; i < 32; i++)
379 regs->fr[i] = pim_narrow->fr[i];
381 for (i = 0; i < 8; i++)
382 regs->sr[i] = pim_narrow->sr[i];
384 regs->iasq[0] = pim_narrow->cr[17];
385 regs->iasq[1] = pim_narrow->iasq_back;
386 regs->iaoq[0] = pim_narrow->cr[18];
387 regs->iaoq[1] = pim_narrow->iaoq_back;
389 regs->sar = pim_narrow->cr[11];
390 regs->iir = pim_narrow->cr[19];
391 regs->isr = pim_narrow->cr[20];
392 regs->ior = pim_narrow->cr[21];
396 * The following fields only have meaning if we came through
397 * another path. So just zero them here.
407 * This routine is called as a last resort when everything else
408 * has gone clearly wrong. We get called for faults in kernel space,
411 void parisc_terminate(char *msg, struct pt_regs *regs, int code, unsigned long offset)
413 static DEFINE_SPINLOCK(terminate_lock);
415 (void)notify_die(DIE_OOPS, msg, regs, 0, code, SIGTRAP);
420 spin_lock(&terminate_lock);
422 /* unlock the pdc lock if necessary */
423 pdc_emergency_unlock();
425 /* Not all paths will gutter the processor... */
429 transfer_pim_to_trap_frame(regs);
438 /* show_stack(NULL, (unsigned long *)regs->gr[30]); */
439 struct unwind_frame_info info;
440 unwind_frame_init(&info, current, regs);
441 do_show_stack(&info, KERN_CRIT);
445 pr_crit("%s: Code=%d (%s) at addr " RFMT "\n",
446 msg, code, trap_name(code), offset);
449 spin_unlock(&terminate_lock);
451 /* put soft power button back under hardware control;
452 * if the user had pressed it once at any time, the
453 * system will shut down immediately right here. */
454 pdc_soft_power_button(0);
456 /* Call kernel panic() so reboot timeouts work properly
457 * FIXME: This function should be on the list of
458 * panic notifiers, and we should call panic
459 * directly from the location that we wish.
460 * e.g. We should not call panic from
461 * parisc_terminate, but rather the other way around.
462 * This hack works, prints the panic message twice,
463 * and it enables reboot timers!
468 void notrace handle_interruption(int code, struct pt_regs *regs)
470 unsigned long fault_address = 0;
471 unsigned long fault_space = 0;
474 if (!irqs_disabled_flags(regs->gr[0]))
478 * If the priority level is still user, and the
479 * faulting space is not equal to the active space
480 * then the user is attempting something in a space
481 * that does not belong to them. Kill the process.
483 * This is normally the situation when the user
484 * attempts to jump into the kernel space at the
485 * wrong offset, be it at the gateway page or a
488 * We cannot normally signal the process because it
489 * could *be* on the gateway page, and processes
490 * executing on the gateway page can't have signals
493 * We merely readjust the address into the users
494 * space, at a destination address of zero, and
495 * allow processing to continue.
497 if (((unsigned long)regs->iaoq[0] & 3) &&
498 ((unsigned long)regs->iasq[0] != (unsigned long)regs->sr[7])) {
499 /* Kill the user process later */
500 regs->iaoq[0] = 0 | 3;
501 regs->iaoq[1] = regs->iaoq[0] + 4;
502 regs->iasq[0] = regs->iasq[1] = regs->sr[7];
503 regs->gr[0] &= ~PSW_B;
508 printk(KERN_CRIT "Interruption # %d\n", code);
514 /* High-priority machine check (HPMC) */
516 /* set up a new led state on systems shipped with a LED State panel */
517 pdc_chassis_send_status(PDC_CHASSIS_DIRECT_HPMC);
519 parisc_terminate("High Priority Machine Check (HPMC)",
524 /* Power failure interrupt */
525 printk(KERN_CRIT "Power failure interrupt !\n");
529 /* Recovery counter trap */
530 regs->gr[0] &= ~PSW_R;
533 if (kgdb_single_step) {
534 kgdb_handle_exception(0, SIGTRAP, 0, regs);
539 if (user_space(regs))
540 handle_gdb_break(regs, TRAP_TRACE);
541 /* else this must be the start of a syscall - just let it run */
545 /* Low-priority machine check */
546 pdc_chassis_send_status(PDC_CHASSIS_DIRECT_LPMC);
553 case PARISC_ITLB_TRAP:
554 /* Instruction TLB miss fault/Instruction page fault */
555 fault_address = regs->iaoq[0];
556 fault_space = regs->iasq[0];
560 /* Illegal instruction trap */
561 die_if_kernel("Illegal instruction", regs, code);
562 si_code = ILL_ILLOPC;
566 /* Break instruction trap */
571 /* Privileged operation trap */
572 die_if_kernel("Privileged operation", regs, code);
573 si_code = ILL_PRVOPC;
577 /* Privileged register trap */
578 if ((regs->iir & 0xffdfffe0) == 0x034008a0) {
580 /* This is a MFCTL cr26/cr27 to gr instruction.
581 * PCXS traps on this, so we need to emulate it.
584 if (regs->iir & 0x00200000)
585 regs->gr[regs->iir & 0x1f] = mfctl(27);
587 regs->gr[regs->iir & 0x1f] = mfctl(26);
589 regs->iaoq[0] = regs->iaoq[1];
591 regs->iasq[0] = regs->iasq[1];
595 die_if_kernel("Privileged register usage", regs, code);
596 si_code = ILL_PRVREG;
598 force_sig_fault(SIGILL, si_code,
599 (void __user *) regs->iaoq[0]);
603 /* Overflow Trap, let the userland signal handler do the cleanup */
604 force_sig_fault(SIGFPE, FPE_INTOVF,
605 (void __user *) regs->iaoq[0]);
610 The condition succeeds in an instruction which traps
613 /* Let userspace app figure it out from the insn pointed
616 force_sig_fault(SIGFPE, FPE_CONDTRAP,
617 (void __user *) regs->iaoq[0]);
620 /* The kernel doesn't want to handle condition codes */
624 /* Assist Exception Trap, i.e. floating point exception. */
625 die_if_kernel("Floating point exception", regs, 0); /* quiet */
626 __inc_irq_stat(irq_fpassist_count);
631 /* Data TLB miss fault/Data page fault */
634 /* Non-access instruction TLB miss fault */
635 /* The instruction TLB entry needed for the target address of the FIC
636 is absent, and hardware can't find it, so we get to cleanup */
639 /* Non-access data TLB miss fault/Non-access data page fault */
641 Still need to add slow path emulation code here!
642 If the insn used a non-shadow register, then the tlb
643 handlers could not have their side-effect (e.g. probe
644 writing to a target register) emulated since rfir would
645 erase the changes to said register. Instead we have to
646 setup everything, call this function we are in, and emulate
647 by hand. Technically we need to emulate:
648 fdc,fdce,pdc,"fic,4f",prober,probeir,probew, probeiw
650 if (code == 17 && handle_nadtlb_fault(regs))
652 fault_address = regs->ior;
653 fault_space = regs->isr;
657 /* PCXS only -- later cpu's split this into types 26,27 & 28 */
658 /* Check for unaligned access */
659 if (check_unaligned(regs)) {
660 handle_unaligned(regs);
665 /* PCXL: Data memory access rights trap */
666 fault_address = regs->ior;
667 fault_space = regs->isr;
671 /* Data memory break trap */
672 regs->gr[0] |= PSW_X; /* So we can single-step over the trap */
675 /* Page reference trap */
676 handle_gdb_break(regs, TRAP_HWBKPT);
680 /* Taken branch trap */
681 regs->gr[0] &= ~PSW_T;
682 if (user_space(regs))
683 handle_gdb_break(regs, TRAP_BRANCH);
684 /* else this must be the start of a syscall - just let it
690 /* Instruction access rights */
691 /* PCXL: Instruction memory protection trap */
694 * This could be caused by either: 1) a process attempting
695 * to execute within a vma that does not have execute
696 * permission, or 2) an access rights violation caused by a
697 * flush only translation set up by ptep_get_and_clear().
698 * So we check the vma permissions to differentiate the two.
699 * If the vma indicates we have execute permission, then
700 * the cause is the latter one. In this case, we need to
701 * call do_page_fault() to fix the problem.
704 if (user_mode(regs)) {
705 struct vm_area_struct *vma;
707 mmap_read_lock(current->mm);
708 vma = find_vma(current->mm,regs->iaoq[0]);
709 if (vma && (regs->iaoq[0] >= vma->vm_start)
710 && (vma->vm_flags & VM_EXEC)) {
712 fault_address = regs->iaoq[0];
713 fault_space = regs->iasq[0];
715 mmap_read_unlock(current->mm);
716 break; /* call do_page_fault() */
718 mmap_read_unlock(current->mm);
720 /* CPU could not fetch instruction, so clear stale IIR value. */
721 regs->iir = 0xbaadf00d;
724 /* Data memory protection ID trap */
725 if (code == 27 && !user_mode(regs) &&
726 fixup_exception(regs))
729 die_if_kernel("Protection id trap", regs, code);
730 force_sig_fault(SIGSEGV, SEGV_MAPERR,
732 ((void __user *) regs->iaoq[0]) :
733 ((void __user *) regs->ior));
737 /* Unaligned data reference trap */
738 handle_unaligned(regs);
742 if (user_mode(regs)) {
743 parisc_printk_ratelimited(0, regs, KERN_DEBUG
744 "handle_interruption() pid=%d command='%s'\n",
745 task_pid_nr(current), current->comm);
746 /* SIGBUS, for lack of a better one. */
747 force_sig_fault(SIGBUS, BUS_OBJERR,
748 (void __user *)regs->ior);
751 pdc_chassis_send_status(PDC_CHASSIS_DIRECT_PANIC);
753 parisc_terminate("Unexpected interruption", regs, code, 0);
757 if (user_mode(regs)) {
758 if ((fault_space >> SPACEID_SHIFT) != (regs->sr[7] >> SPACEID_SHIFT)) {
759 parisc_printk_ratelimited(0, regs, KERN_DEBUG
760 "User fault %d on space 0x%08lx, pid=%d command='%s'\n",
762 task_pid_nr(current), current->comm);
763 force_sig_fault(SIGSEGV, SEGV_MAPERR,
764 (void __user *)regs->ior);
771 * The kernel should never fault on its own address space,
772 * unless pagefault_disable() was called before.
775 if (faulthandler_disabled() || fault_space == 0)
777 /* Clean up and return if in exception table. */
778 if (fixup_exception(regs))
780 /* Clean up and return if handled by kfence. */
781 if (kfence_handle_page_fault(fault_address,
782 parisc_acctyp(code, regs->iir) == VM_WRITE, regs))
784 pdc_chassis_send_status(PDC_CHASSIS_DIRECT_PANIC);
785 parisc_terminate("Kernel Fault", regs, code, fault_address);
789 do_page_fault(regs, code, fault_address);
793 void __init initialize_ivt(const void *iva)
795 extern const u32 os_hpmc[];
803 if (strcmp((const char *)iva, "cows can fly"))
804 panic("IVT invalid");
808 for (i = 0; i < 8; i++)
812 * Use PDC_INSTR firmware function to get instruction that invokes
813 * PDCE_CHECK in HPMC handler. See programming note at page 1-31 of
814 * the PA 1.1 Firmware Architecture document.
816 if (pdc_instr(&instr) == PDC_OK)
820 * Rules for the checksum of the HPMC handler:
821 * 1. The IVA does not point to PDC/PDH space (ie: the OS has installed
823 * 2. The word at IVA + 32 is nonzero.
824 * 3. If Length (IVA + 60) is not zero, then Length (IVA + 60) and
825 * Address (IVA + 56) are word-aligned.
826 * 4. The checksum of the 8 words starting at IVA + 32 plus the sum of
827 * the Length/4 words starting at Address is zero.
830 /* Setup IVA and compute checksum for HPMC handler */
831 ivap[6] = (u32)__pa(os_hpmc);
833 hpmcp = (u32 *)os_hpmc;
839 pr_debug("initialize_ivt: IVA[6] = 0x%08x\n", ivap[6]);
843 /* early_trap_init() is called before we set up kernel mappings and
844 * write-protect the kernel */
845 void __init early_trap_init(void)
847 extern const void fault_vector_20;
850 extern const void fault_vector_11;
851 initialize_ivt(&fault_vector_11);
854 initialize_ivt(&fault_vector_20);
projects / releases.git / blob