1 // SPDX-License-Identifier: GPL-2.0
3 * linux/arch/parisc/traps.c
5 * Copyright (C) 1991, 1992 Linus Torvalds
6 * Copyright (C) 1999, 2000 Philipp Rumpf <prumpf@tux.org>
10 * 'Traps.c' handles hardware traps and faults after we have saved some
14 #include <linux/sched.h>
15 #include <linux/sched/debug.h>
16 #include <linux/kernel.h>
17 #include <linux/string.h>
18 #include <linux/errno.h>
19 #include <linux/ptrace.h>
20 #include <linux/timer.h>
21 #include <linux/delay.h>
23 #include <linux/module.h>
24 #include <linux/smp.h>
25 #include <linux/spinlock.h>
26 #include <linux/init.h>
27 #include <linux/interrupt.h>
28 #include <linux/console.h>
29 #include <linux/bug.h>
30 #include <linux/ratelimit.h>
31 #include <linux/uaccess.h>
33 #include <asm/assembly.h>
36 #include <asm/traps.h>
37 #include <asm/unaligned.h>
38 #include <linux/atomic.h>
41 #include <asm/pdc_chassis.h>
42 #include <asm/unwind.h>
43 #include <asm/tlbflush.h>
44 #include <asm/cacheflush.h>
46 #include "../math-emu/math-emu.h" /* for handle_fpe() */
48 static void parisc_show_stack(struct task_struct *task,
49 struct pt_regs *regs);
51 static int printbinary(char *buf, unsigned long x, int nbits)
53 unsigned long mask = 1UL << (nbits - 1);
55 *buf++ = (mask & x ? '1' : '0');
68 #define FFMT "%016llx" /* fpregs are 64-bit always */
70 #define PRINTREGS(lvl,r,f,fmt,x) \
71 printk("%s%s%02d-%02d " fmt " " fmt " " fmt " " fmt "\n", \
72 lvl, f, (x), (x+3), (r)[(x)+0], (r)[(x)+1], \
73 (r)[(x)+2], (r)[(x)+3])
75 static void print_gr(char *level, struct pt_regs *regs)
80 printk("%s\n", level);
81 printk("%s YZrvWESTHLNXBCVMcbcbcbcbOGFRQPDI\n", level);
82 printbinary(buf, regs->gr[0], 32);
83 printk("%sPSW: %s %s\n", level, buf, print_tainted());
85 for (i = 0; i < 32; i += 4)
86 PRINTREGS(level, regs->gr, "r", RFMT, i);
89 static void print_fr(char *level, struct pt_regs *regs)
93 struct { u32 sw[2]; } s;
95 /* FR are 64bit everywhere. Need to use asm to get the content
96 * of fpsr/fper1, and we assume that we won't have a FP Identify
97 * in our way, otherwise we're screwed.
98 * The fldd is used to restore the T-bit if there was one, as the
99 * store clears it anyway.
100 * PA2.0 book says "thou shall not use fstw on FPSR/FPERs" - T-Bone */
101 asm volatile ("fstd %%fr0,0(%1) \n\t"
102 "fldd 0(%1),%%fr0 \n\t"
103 : "=m" (s) : "r" (&s) : "r0");
105 printk("%s\n", level);
106 printk("%s VZOUICununcqcqcqcqcqcrmunTDVZOUI\n", level);
107 printbinary(buf, s.sw[0], 32);
108 printk("%sFPSR: %s\n", level, buf);
109 printk("%sFPER1: %08x\n", level, s.sw[1]);
111 /* here we'll print fr0 again, tho it'll be meaningless */
112 for (i = 0; i < 32; i += 4)
113 PRINTREGS(level, regs->fr, "fr", FFMT, i);
116 void show_regs(struct pt_regs *regs)
120 unsigned long cr30, cr31;
122 user = user_mode(regs);
123 level = user ? KERN_DEBUG : KERN_CRIT;
125 show_regs_print_info(level);
127 print_gr(level, regs);
129 for (i = 0; i < 8; i += 4)
130 PRINTREGS(level, regs->sr, "sr", RFMT, i);
133 print_fr(level, regs);
137 printk("%s\n", level);
138 printk("%sIASQ: " RFMT " " RFMT " IAOQ: " RFMT " " RFMT "\n",
139 level, regs->iasq[0], regs->iasq[1], regs->iaoq[0], regs->iaoq[1]);
140 printk("%s IIR: %08lx ISR: " RFMT " IOR: " RFMT "\n",
141 level, regs->iir, regs->isr, regs->ior);
142 printk("%s CPU: %8d CR30: " RFMT " CR31: " RFMT "\n",
143 level, current_thread_info()->cpu, cr30, cr31);
144 printk("%s ORIG_R28: " RFMT "\n", level, regs->orig_r28);
147 printk("%s IAOQ[0]: " RFMT "\n", level, regs->iaoq[0]);
148 printk("%s IAOQ[1]: " RFMT "\n", level, regs->iaoq[1]);
149 printk("%s RP(r2): " RFMT "\n", level, regs->gr[2]);
151 printk("%s IAOQ[0]: %pS\n", level, (void *) regs->iaoq[0]);
152 printk("%s IAOQ[1]: %pS\n", level, (void *) regs->iaoq[1]);
153 printk("%s RP(r2): %pS\n", level, (void *) regs->gr[2]);
155 parisc_show_stack(current, regs);
159 static DEFINE_RATELIMIT_STATE(_hppa_rs,
160 DEFAULT_RATELIMIT_INTERVAL, DEFAULT_RATELIMIT_BURST);
162 #define parisc_printk_ratelimited(critical, regs, fmt, ...) { \
163 if ((critical || show_unhandled_signals) && __ratelimit(&_hppa_rs)) { \
164 printk(fmt, ##__VA_ARGS__); \
170 static void do_show_stack(struct unwind_frame_info *info)
174 printk(KERN_CRIT "Backtrace:\n");
175 while (i <= MAX_UNWIND_ENTRIES) {
176 if (unwind_once(info) < 0 || info->ip == 0)
179 if (__kernel_text_address(info->ip)) {
180 printk(KERN_CRIT " [<" RFMT ">] %pS\n",
181 info->ip, (void *) info->ip);
185 printk(KERN_CRIT "\n");
188 static void parisc_show_stack(struct task_struct *task,
189 struct pt_regs *regs)
191 struct unwind_frame_info info;
193 unwind_frame_init_task(&info, task, regs);
195 do_show_stack(&info);
198 void show_stack(struct task_struct *t, unsigned long *sp)
200 parisc_show_stack(t, NULL);
203 int is_valid_bugaddr(unsigned long iaoq)
208 void die_if_kernel(char *str, struct pt_regs *regs, long err)
210 if (user_mode(regs)) {
214 parisc_printk_ratelimited(1, regs,
215 KERN_CRIT "%s (pid %d): %s (code %ld) at " RFMT "\n",
216 current->comm, task_pid_nr(current), str, err, regs->iaoq[0]);
221 oops_in_progress = 1;
225 /* Amuse the user in a SPARC fashion */
226 if (err) printk(KERN_CRIT
227 " _______________________________ \n"
228 " < Your System ate a SPARC! Gah! >\n"
229 " ------------------------------- \n"
235 /* unlock the pdc lock if necessary */
236 pdc_emergency_unlock();
238 /* maybe the kernel hasn't booted very far yet and hasn't been able
239 * to initialize the serial or STI console. In that case we should
240 * re-enable the pdc console, so that the user will be able to
241 * identify the problem. */
242 if (!console_drivers)
243 pdc_console_restart();
246 printk(KERN_CRIT "%s (pid %d): %s (code %ld)\n",
247 current->comm, task_pid_nr(current), str, err);
249 /* Wot's wrong wif bein' racy? */
250 if (current->thread.flags & PARISC_KERNEL_DEATH) {
251 printk(KERN_CRIT "%s() recursion detected.\n", __func__);
255 current->thread.flags |= PARISC_KERNEL_DEATH;
259 add_taint(TAINT_DIE, LOCKDEP_NOW_UNRELIABLE);
262 panic("Fatal exception in interrupt");
265 panic("Fatal exception");
271 /* gdb uses break 4,8 */
272 #define GDB_BREAK_INSN 0x10004
273 static void handle_gdb_break(struct pt_regs *regs, int wot)
275 force_sig_fault(SIGTRAP, wot,
276 (void __user *) (regs->iaoq[0] & ~3), current);
279 static void handle_break(struct pt_regs *regs)
281 unsigned iir = regs->iir;
283 if (unlikely(iir == PARISC_BUG_BREAK_INSN && !user_mode(regs))) {
284 /* check if a BUG() or WARN() trapped here. */
285 enum bug_trap_type tt;
286 tt = report_bug(regs->iaoq[0] & ~3, regs);
287 if (tt == BUG_TRAP_TYPE_WARN) {
290 return; /* return to next instruction when WARN_ON(). */
292 die_if_kernel("Unknown kernel breakpoint", regs,
293 (tt == BUG_TRAP_TYPE_NONE) ? 9 : 0);
296 if (unlikely(iir != GDB_BREAK_INSN))
297 parisc_printk_ratelimited(0, regs,
298 KERN_DEBUG "break %d,%d: pid=%d command='%s'\n",
299 iir & 31, (iir>>13) & ((1<<13)-1),
300 task_pid_nr(current), current->comm);
302 /* send standard GDB signal */
303 handle_gdb_break(regs, TRAP_BRKPT);
306 static void default_trap(int code, struct pt_regs *regs)
308 printk(KERN_ERR "Trap %d on CPU %d\n", code, smp_processor_id());
312 void (*cpu_lpmc) (int code, struct pt_regs *regs) __read_mostly = default_trap;
315 void transfer_pim_to_trap_frame(struct pt_regs *regs)
318 extern unsigned int hpmc_pim_data[];
319 struct pdc_hpmc_pim_11 *pim_narrow;
320 struct pdc_hpmc_pim_20 *pim_wide;
322 if (boot_cpu_data.cpu_type >= pcxu) {
324 pim_wide = (struct pdc_hpmc_pim_20 *)hpmc_pim_data;
327 * Note: The following code will probably generate a
328 * bunch of truncation error warnings from the compiler.
329 * Could be handled with an ifdef, but perhaps there
333 regs->gr[0] = pim_wide->cr[22];
335 for (i = 1; i < 32; i++)
336 regs->gr[i] = pim_wide->gr[i];
338 for (i = 0; i < 32; i++)
339 regs->fr[i] = pim_wide->fr[i];
341 for (i = 0; i < 8; i++)
342 regs->sr[i] = pim_wide->sr[i];
344 regs->iasq[0] = pim_wide->cr[17];
345 regs->iasq[1] = pim_wide->iasq_back;
346 regs->iaoq[0] = pim_wide->cr[18];
347 regs->iaoq[1] = pim_wide->iaoq_back;
349 regs->sar = pim_wide->cr[11];
350 regs->iir = pim_wide->cr[19];
351 regs->isr = pim_wide->cr[20];
352 regs->ior = pim_wide->cr[21];
355 pim_narrow = (struct pdc_hpmc_pim_11 *)hpmc_pim_data;
357 regs->gr[0] = pim_narrow->cr[22];
359 for (i = 1; i < 32; i++)
360 regs->gr[i] = pim_narrow->gr[i];
362 for (i = 0; i < 32; i++)
363 regs->fr[i] = pim_narrow->fr[i];
365 for (i = 0; i < 8; i++)
366 regs->sr[i] = pim_narrow->sr[i];
368 regs->iasq[0] = pim_narrow->cr[17];
369 regs->iasq[1] = pim_narrow->iasq_back;
370 regs->iaoq[0] = pim_narrow->cr[18];
371 regs->iaoq[1] = pim_narrow->iaoq_back;
373 regs->sar = pim_narrow->cr[11];
374 regs->iir = pim_narrow->cr[19];
375 regs->isr = pim_narrow->cr[20];
376 regs->ior = pim_narrow->cr[21];
380 * The following fields only have meaning if we came through
381 * another path. So just zero them here.
391 * This routine is called as a last resort when everything else
392 * has gone clearly wrong. We get called for faults in kernel space,
395 void parisc_terminate(char *msg, struct pt_regs *regs, int code, unsigned long offset)
397 static DEFINE_SPINLOCK(terminate_lock);
399 oops_in_progress = 1;
403 spin_lock(&terminate_lock);
405 /* unlock the pdc lock if necessary */
406 pdc_emergency_unlock();
408 /* restart pdc console if necessary */
409 if (!console_drivers)
410 pdc_console_restart();
412 /* Not all paths will gutter the processor... */
416 transfer_pim_to_trap_frame(regs);
426 /* show_stack(NULL, (unsigned long *)regs->gr[30]); */
427 struct unwind_frame_info info;
428 unwind_frame_init(&info, current, regs);
429 do_show_stack(&info);
433 pr_crit("%s: Code=%d (%s) regs=%p (Addr=" RFMT ")\n",
434 msg, code, trap_name(code), regs, offset);
437 spin_unlock(&terminate_lock);
439 /* put soft power button back under hardware control;
440 * if the user had pressed it once at any time, the
441 * system will shut down immediately right here. */
442 pdc_soft_power_button(0);
444 /* Call kernel panic() so reboot timeouts work properly
445 * FIXME: This function should be on the list of
446 * panic notifiers, and we should call panic
447 * directly from the location that we wish.
448 * e.g. We should not call panic from
449 * parisc_terminate, but rather the oter way around.
450 * This hack works, prints the panic message twice,
451 * and it enables reboot timers!
456 void notrace handle_interruption(int code, struct pt_regs *regs)
458 unsigned long fault_address = 0;
459 unsigned long fault_space = 0;
463 pdc_console_restart(); /* switch back to pdc if HPMC */
468 * If the priority level is still user, and the
469 * faulting space is not equal to the active space
470 * then the user is attempting something in a space
471 * that does not belong to them. Kill the process.
473 * This is normally the situation when the user
474 * attempts to jump into the kernel space at the
475 * wrong offset, be it at the gateway page or a
478 * We cannot normally signal the process because it
479 * could *be* on the gateway page, and processes
480 * executing on the gateway page can't have signals
483 * We merely readjust the address into the users
484 * space, at a destination address of zero, and
485 * allow processing to continue.
487 if (((unsigned long)regs->iaoq[0] & 3) &&
488 ((unsigned long)regs->iasq[0] != (unsigned long)regs->sr[7])) {
489 /* Kill the user process later */
490 regs->iaoq[0] = 0 | 3;
491 regs->iaoq[1] = regs->iaoq[0] + 4;
492 regs->iasq[0] = regs->iasq[1] = regs->sr[7];
493 regs->gr[0] &= ~PSW_B;
498 printk(KERN_CRIT "Interruption # %d\n", code);
504 /* High-priority machine check (HPMC) */
506 /* set up a new led state on systems shipped with a LED State panel */
507 pdc_chassis_send_status(PDC_CHASSIS_DIRECT_HPMC);
509 parisc_terminate("High Priority Machine Check (HPMC)",
514 /* Power failure interrupt */
515 printk(KERN_CRIT "Power failure interrupt !\n");
519 /* Recovery counter trap */
520 regs->gr[0] &= ~PSW_R;
521 if (user_space(regs))
522 handle_gdb_break(regs, TRAP_TRACE);
523 /* else this must be the start of a syscall - just let it run */
527 /* Low-priority machine check */
528 pdc_chassis_send_status(PDC_CHASSIS_DIRECT_LPMC);
535 case PARISC_ITLB_TRAP:
536 /* Instruction TLB miss fault/Instruction page fault */
537 fault_address = regs->iaoq[0];
538 fault_space = regs->iasq[0];
542 /* Illegal instruction trap */
543 die_if_kernel("Illegal instruction", regs, code);
544 si_code = ILL_ILLOPC;
548 /* Break instruction trap */
553 /* Privileged operation trap */
554 die_if_kernel("Privileged operation", regs, code);
555 si_code = ILL_PRVOPC;
559 /* Privileged register trap */
560 if ((regs->iir & 0xffdfffe0) == 0x034008a0) {
562 /* This is a MFCTL cr26/cr27 to gr instruction.
563 * PCXS traps on this, so we need to emulate it.
566 if (regs->iir & 0x00200000)
567 regs->gr[regs->iir & 0x1f] = mfctl(27);
569 regs->gr[regs->iir & 0x1f] = mfctl(26);
571 regs->iaoq[0] = regs->iaoq[1];
573 regs->iasq[0] = regs->iasq[1];
577 die_if_kernel("Privileged register usage", regs, code);
578 si_code = ILL_PRVREG;
580 force_sig_fault(SIGILL, si_code,
581 (void __user *) regs->iaoq[0], current);
585 /* Overflow Trap, let the userland signal handler do the cleanup */
586 force_sig_fault(SIGFPE, FPE_INTOVF,
587 (void __user *) regs->iaoq[0], current);
592 The condition succeeds in an instruction which traps
595 /* Let userspace app figure it out from the insn pointed
598 force_sig_fault(SIGFPE, FPE_CONDTRAP,
599 (void __user *) regs->iaoq[0], current);
602 /* The kernel doesn't want to handle condition codes */
606 /* Assist Exception Trap, i.e. floating point exception. */
607 die_if_kernel("Floating point exception", regs, 0); /* quiet */
608 __inc_irq_stat(irq_fpassist_count);
613 /* Data TLB miss fault/Data page fault */
616 /* Non-access instruction TLB miss fault */
617 /* The instruction TLB entry needed for the target address of the FIC
618 is absent, and hardware can't find it, so we get to cleanup */
621 /* Non-access data TLB miss fault/Non-access data page fault */
623 Still need to add slow path emulation code here!
624 If the insn used a non-shadow register, then the tlb
625 handlers could not have their side-effect (e.g. probe
626 writing to a target register) emulated since rfir would
627 erase the changes to said register. Instead we have to
628 setup everything, call this function we are in, and emulate
629 by hand. Technically we need to emulate:
630 fdc,fdce,pdc,"fic,4f",prober,probeir,probew, probeiw
632 fault_address = regs->ior;
633 fault_space = regs->isr;
637 /* PCXS only -- later cpu's split this into types 26,27 & 28 */
638 /* Check for unaligned access */
639 if (check_unaligned(regs)) {
640 handle_unaligned(regs);
645 /* PCXL: Data memory access rights trap */
646 fault_address = regs->ior;
647 fault_space = regs->isr;
651 /* Data memory break trap */
652 regs->gr[0] |= PSW_X; /* So we can single-step over the trap */
655 /* Page reference trap */
656 handle_gdb_break(regs, TRAP_HWBKPT);
660 /* Taken branch trap */
661 regs->gr[0] &= ~PSW_T;
662 if (user_space(regs))
663 handle_gdb_break(regs, TRAP_BRANCH);
664 /* else this must be the start of a syscall - just let it
670 /* Instruction access rights */
671 /* PCXL: Instruction memory protection trap */
674 * This could be caused by either: 1) a process attempting
675 * to execute within a vma that does not have execute
676 * permission, or 2) an access rights violation caused by a
677 * flush only translation set up by ptep_get_and_clear().
678 * So we check the vma permissions to differentiate the two.
679 * If the vma indicates we have execute permission, then
680 * the cause is the latter one. In this case, we need to
681 * call do_page_fault() to fix the problem.
684 if (user_mode(regs)) {
685 struct vm_area_struct *vma;
687 down_read(¤t->mm->mmap_sem);
688 vma = find_vma(current->mm,regs->iaoq[0]);
689 if (vma && (regs->iaoq[0] >= vma->vm_start)
690 && (vma->vm_flags & VM_EXEC)) {
692 fault_address = regs->iaoq[0];
693 fault_space = regs->iasq[0];
695 up_read(¤t->mm->mmap_sem);
696 break; /* call do_page_fault() */
698 up_read(¤t->mm->mmap_sem);
702 /* Data memory protection ID trap */
703 if (code == 27 && !user_mode(regs) &&
704 fixup_exception(regs))
707 die_if_kernel("Protection id trap", regs, code);
708 force_sig_fault(SIGSEGV, SEGV_MAPERR,
710 ((void __user *) regs->iaoq[0]) :
711 ((void __user *) regs->ior), current);
715 /* Unaligned data reference trap */
716 handle_unaligned(regs);
720 if (user_mode(regs)) {
721 parisc_printk_ratelimited(0, regs, KERN_DEBUG
722 "handle_interruption() pid=%d command='%s'\n",
723 task_pid_nr(current), current->comm);
724 /* SIGBUS, for lack of a better one. */
725 force_sig_fault(SIGBUS, BUS_OBJERR,
726 (void __user *)regs->ior, current);
729 pdc_chassis_send_status(PDC_CHASSIS_DIRECT_PANIC);
731 parisc_terminate("Unexpected interruption", regs, code, 0);
735 if (user_mode(regs)) {
736 if ((fault_space >> SPACEID_SHIFT) != (regs->sr[7] >> SPACEID_SHIFT)) {
737 parisc_printk_ratelimited(0, regs, KERN_DEBUG
738 "User fault %d on space 0x%08lx, pid=%d command='%s'\n",
740 task_pid_nr(current), current->comm);
741 force_sig_fault(SIGSEGV, SEGV_MAPERR,
742 (void __user *)regs->ior, current);
749 * The kernel should never fault on its own address space,
750 * unless pagefault_disable() was called before.
753 if (faulthandler_disabled() || fault_space == 0)
755 /* Clean up and return if in exception table. */
756 if (fixup_exception(regs))
758 pdc_chassis_send_status(PDC_CHASSIS_DIRECT_PANIC);
759 parisc_terminate("Kernel Fault", regs, code, fault_address);
763 do_page_fault(regs, code, fault_address);
767 void __init initialize_ivt(const void *iva)
769 extern u32 os_hpmc_size;
770 extern const u32 os_hpmc[];
778 if (strcmp((const char *)iva, "cows can fly"))
779 panic("IVT invalid");
783 for (i = 0; i < 8; i++)
787 * Use PDC_INSTR firmware function to get instruction that invokes
788 * PDCE_CHECK in HPMC handler. See programming note at page 1-31 of
789 * the PA 1.1 Firmware Architecture document.
791 if (pdc_instr(&instr) == PDC_OK)
795 * Rules for the checksum of the HPMC handler:
796 * 1. The IVA does not point to PDC/PDH space (ie: the OS has installed
798 * 2. The word at IVA + 32 is nonzero.
799 * 3. If Length (IVA + 60) is not zero, then Length (IVA + 60) and
800 * Address (IVA + 56) are word-aligned.
801 * 4. The checksum of the 8 words starting at IVA + 32 plus the sum of
802 * the Length/4 words starting at Address is zero.
805 /* Setup IVA and compute checksum for HPMC handler */
806 ivap[6] = (u32)__pa(os_hpmc);
807 length = os_hpmc_size;
810 hpmcp = (u32 *)os_hpmc;
812 for (i=0; i<length/4; i++)
822 /* early_trap_init() is called before we set up kernel mappings and
823 * write-protect the kernel */
824 void __init early_trap_init(void)
826 extern const void fault_vector_20;
829 extern const void fault_vector_11;
830 initialize_ivt(&fault_vector_11);
833 initialize_ivt(&fault_vector_20);
836 void __init trap_init(void)