2 * linux/arch/i386/traps.c
4 * Copyright (C) 1991, 1992 Linus Torvalds
6 * Pentium III FXSR, SSE support
7 * Gareth Hughes <gareth@valinux.com>, May 2000
11 * 'Traps.c' handles hardware traps and faults after we have saved some
14 #include <linux/sched.h>
15 #include <linux/kernel.h>
16 #include <linux/string.h>
17 #include <linux/errno.h>
18 #include <linux/timer.h>
20 #include <linux/init.h>
21 #include <linux/delay.h>
22 #include <linux/spinlock.h>
23 #include <linux/interrupt.h>
24 #include <linux/highmem.h>
25 #include <linux/kallsyms.h>
26 #include <linux/ptrace.h>
27 #include <linux/utsname.h>
28 #include <linux/kprobes.h>
29 #include <linux/kexec.h>
30 #include <linux/unwind.h>
33 #include <linux/ioport.h>
34 #include <linux/eisa.h>
38 #include <linux/mca.h>
41 #include <asm/processor.h>
42 #include <asm/system.h>
43 #include <asm/uaccess.h>
45 #include <asm/atomic.h>
46 #include <asm/debugreg.h>
50 #include <asm/unwind.h>
52 #include <asm/arch_hooks.h>
53 #include <asm/kdebug.h>
54 #include <asm/stacktrace.h>
56 #include <linux/module.h>
57 #include <linux/vserver/debug.h>
59 #include "mach_traps.h"
61 asmlinkage int system_call(void);
63 struct desc_struct default_ldt[] = { { 0, 0 }, { 0, 0 }, { 0, 0 },
66 /* Do we ignore FPU interrupts ? */
67 char ignore_fpu_irq = 0;
70 * The IDT has to be page-aligned to simplify the Pentium
71 * F0 0F bug workaround.. We have a special link segment
74 struct desc_struct idt_table[256] __attribute__((__section__(".data.idt"))) = { {0, 0}, };
76 asmlinkage void divide_error(void);
77 asmlinkage void debug(void);
78 asmlinkage void nmi(void);
79 asmlinkage void int3(void);
80 asmlinkage void overflow(void);
81 asmlinkage void bounds(void);
82 asmlinkage void invalid_op(void);
83 asmlinkage void device_not_available(void);
84 asmlinkage void coprocessor_segment_overrun(void);
85 asmlinkage void invalid_TSS(void);
86 asmlinkage void segment_not_present(void);
87 asmlinkage void stack_segment(void);
88 asmlinkage void general_protection(void);
89 asmlinkage void page_fault(void);
90 asmlinkage void coprocessor_error(void);
91 asmlinkage void simd_coprocessor_error(void);
92 asmlinkage void alignment_check(void);
93 asmlinkage void spurious_interrupt_bug(void);
94 asmlinkage void machine_check(void);
96 static int kstack_depth_to_print = 24;
97 #ifdef CONFIG_STACK_UNWIND
98 static int call_trace = 1;
100 #define call_trace (-1)
102 ATOMIC_NOTIFIER_HEAD(i386die_chain);
104 extern char last_sysfs_file[];
106 int register_die_notifier(struct notifier_block *nb)
109 return atomic_notifier_chain_register(&i386die_chain, nb);
111 EXPORT_SYMBOL(register_die_notifier); /* used modular by kdb */
113 int unregister_die_notifier(struct notifier_block *nb)
115 return atomic_notifier_chain_unregister(&i386die_chain, nb);
117 EXPORT_SYMBOL(unregister_die_notifier); /* used modular by kdb */
119 static inline int valid_stack_ptr(struct thread_info *tinfo, void *p)
121 return p > (void *)tinfo &&
122 p < (void *)tinfo + THREAD_SIZE - 3;
125 static inline unsigned long print_context_stack(struct thread_info *tinfo,
126 unsigned long *stack, unsigned long ebp,
127 struct stacktrace_ops *ops, void *data)
131 #ifdef CONFIG_FRAME_POINTER
132 while (valid_stack_ptr(tinfo, (void *)ebp)) {
133 addr = *(unsigned long *)(ebp + 4);
134 ops->address(data, addr);
136 * break out of recursive entries (such as
137 * end_of_stack_stop_unwind_function):
139 if (ebp == *(unsigned long *)ebp)
141 ebp = *(unsigned long *)ebp;
144 while (valid_stack_ptr(tinfo, stack)) {
146 if (__kernel_text_address(addr))
147 ops->address(data, addr);
153 struct ops_and_data {
154 struct stacktrace_ops *ops;
158 static asmlinkage int
159 dump_trace_unwind(struct unwind_frame_info *info, void *data)
161 struct ops_and_data *oad = (struct ops_and_data *)data;
164 while (unwind(info) == 0 && UNW_PC(info)) {
166 oad->ops->address(oad->data, UNW_PC(info));
167 if (arch_unw_user_mode(info))
173 void dump_trace(struct task_struct *task, struct pt_regs *regs,
174 unsigned long *stack,
175 struct stacktrace_ops *ops, void *data)
177 unsigned long ebp = 0;
182 if (call_trace >= 0) {
184 struct unwind_frame_info info;
185 struct ops_and_data oad = { .ops = ops, .data = data };
188 if (unwind_init_frame_info(&info, task, regs) == 0)
189 unw_ret = dump_trace_unwind(&info, &oad);
190 } else if (task == current)
191 unw_ret = unwind_init_running(&info, dump_trace_unwind, &oad);
193 if (unwind_init_blocked(&info, task) == 0)
194 unw_ret = dump_trace_unwind(&info, &oad);
197 if (call_trace == 1 && !arch_unw_user_mode(&info)) {
198 ops->warning_symbol(data, "DWARF2 unwinder stuck at %s",
200 if (UNW_SP(&info) >= PAGE_OFFSET) {
201 ops->warning(data, "Leftover inexact backtrace:");
202 stack = (void *)UNW_SP(&info);
207 ops->warning(data, "Full inexact backtrace again:");
208 } else if (call_trace >= 1)
211 ops->warning(data, "Full inexact backtrace again:");
213 ops->warning(data, "Inexact backtrace:");
218 if (task && task != current)
219 stack = (unsigned long *)task->thread.esp;
222 #ifdef CONFIG_FRAME_POINTER
224 if (task == current) {
225 /* Grab ebp right from our regs */
226 asm ("movl %%ebp, %0" : "=r" (ebp) : );
228 /* ebp is the last reg pushed by switch_to */
229 ebp = *(unsigned long *) task->thread.esp;
235 struct thread_info *context;
236 context = (struct thread_info *)
237 ((unsigned long)stack & (~(THREAD_SIZE - 1)));
238 ebp = print_context_stack(context, stack, ebp, ops, data);
239 /* Should be after the line below, but somewhere
240 in early boot context comes out corrupted and we
241 can't reference it -AK */
242 if (ops->stack(data, "IRQ") < 0)
244 stack = (unsigned long*)context->previous_esp;
249 EXPORT_SYMBOL(dump_trace);
252 print_trace_warning_symbol(void *data, char *msg, unsigned long symbol)
255 print_symbol(msg, symbol);
259 static void print_trace_warning(void *data, char *msg)
261 printk("%s%s\n", (char *)data, msg);
264 static int print_trace_stack(void *data, char *name)
270 * Print one address/symbol entries per line.
272 static void print_trace_address(void *data, unsigned long addr)
274 printk("%s [<%08lx>] ", (char *)data, addr);
275 print_symbol("%s\n", addr);
278 static struct stacktrace_ops print_trace_ops = {
279 .warning = print_trace_warning,
280 .warning_symbol = print_trace_warning_symbol,
281 .stack = print_trace_stack,
282 .address = print_trace_address,
286 show_trace_log_lvl(struct task_struct *task, struct pt_regs *regs,
287 unsigned long * stack, char *log_lvl)
289 dump_trace(task, regs, stack, &print_trace_ops, log_lvl);
290 printk("%s =======================\n", log_lvl);
293 void show_trace(struct task_struct *task, struct pt_regs *regs,
294 unsigned long * stack)
296 show_trace_log_lvl(task, regs, stack, "");
299 static void show_stack_log_lvl(struct task_struct *task, struct pt_regs *regs,
300 unsigned long *esp, char *log_lvl)
302 unsigned long *stack;
307 esp = (unsigned long*)task->thread.esp;
309 esp = (unsigned long *)&esp;
313 for(i = 0; i < kstack_depth_to_print; i++) {
314 if (kstack_end(stack))
316 if (i && ((i % 8) == 0))
317 printk("\n%s ", log_lvl);
318 printk("%08lx ", *stack++);
320 printk("\n%sCall Trace:\n", log_lvl);
321 show_trace_log_lvl(task, regs, esp, log_lvl);
324 void show_stack(struct task_struct *task, unsigned long *esp)
327 show_stack_log_lvl(task, NULL, esp, "");
331 * The architecture-independent dump_stack generator
333 void dump_stack(void)
337 show_trace(current, NULL, &stack);
340 EXPORT_SYMBOL(dump_stack);
342 void show_registers(struct pt_regs *regs)
349 esp = (unsigned long) (®s->esp);
351 if (user_mode_vm(regs)) {
354 ss = regs->xss & 0xffff;
357 printk(KERN_EMERG "CPU: %d\nEIP: %04x:[<%08lx>] %s VLI\n"
358 "EFLAGS: %08lx (%s %.*s) \n",
359 smp_processor_id(), 0xffff & regs->xcs, regs->eip,
360 print_tainted(), regs->eflags, system_utsname.release,
361 (int)strcspn(system_utsname.version, " "),
362 system_utsname.version);
363 print_symbol(KERN_EMERG "EIP is at %s\n", regs->eip);
364 printk(KERN_EMERG "eax: %08lx ebx: %08lx ecx: %08lx edx: %08lx\n",
365 regs->eax, regs->ebx, regs->ecx, regs->edx);
366 printk(KERN_EMERG "esi: %08lx edi: %08lx ebp: %08lx esp: %08lx\n",
367 regs->esi, regs->edi, regs->ebp, esp);
368 printk(KERN_EMERG "ds: %04x es: %04x ss: %04x\n",
369 regs->xds & 0xffff, regs->xes & 0xffff, ss);
370 printk(KERN_EMERG "Process %.*s (pid: %d[#%u], ti=%p task=%p task.ti=%p)",
371 TASK_COMM_LEN, current->comm, current->pid, current->xid,
372 current_thread_info(), current, current->thread_info);
374 * When in-kernel, we also print out the stack and code at the
375 * time of the fault..
380 printk("\n" KERN_EMERG "Stack: ");
381 show_stack_log_lvl(NULL, regs, (unsigned long *)esp, KERN_EMERG);
383 printk(KERN_EMERG "Code: ");
385 eip = (u8 __user *)regs->eip - 43;
386 for (i = 0; i < 64; i++, eip++) {
389 if (eip < (u8 __user *)PAGE_OFFSET || __get_user(c, eip)) {
390 printk(" Bad EIP value.");
393 if (eip == (u8 __user *)regs->eip)
394 printk("<%02x> ", c);
402 static void handle_BUG(struct pt_regs *regs)
404 unsigned long eip = regs->eip;
407 if (eip < PAGE_OFFSET)
409 if (__get_user(ud2, (unsigned short __user *)eip))
414 printk(KERN_EMERG "------------[ cut here ]------------\n");
416 #ifdef CONFIG_DEBUG_BUGVERBOSE
422 if (__get_user(line, (unsigned short __user *)(eip + 2)))
424 if (__get_user(file, (char * __user *)(eip + 4)) ||
425 (unsigned long)file < PAGE_OFFSET || __get_user(c, file))
426 file = "<bad filename>";
428 printk(KERN_EMERG "kernel BUG at %s:%d!\n", file, line);
432 printk(KERN_EMERG "Kernel BUG at [verbose debug info unavailable]\n");
435 /* This is gone through when something in the kernel
436 * has done something bad and is about to be terminated.
438 void die(const char * str, struct pt_regs * regs, long err)
443 int lock_owner_depth;
445 .lock = SPIN_LOCK_UNLOCKED,
447 .lock_owner_depth = 0
449 static int die_counter;
456 if (die.lock_owner != raw_smp_processor_id()) {
458 spin_lock_irqsave(&die.lock, flags);
459 die.lock_owner = smp_processor_id();
460 die.lock_owner_depth = 0;
464 local_save_flags(flags);
466 if (++die.lock_owner_depth < 3) {
472 printk(KERN_EMERG "%s: %04lx [#%d]\n", str, err & 0xffff, ++die_counter);
473 #ifdef CONFIG_PREEMPT
474 printk(KERN_EMERG "PREEMPT ");
483 #ifdef CONFIG_DEBUG_PAGEALLOC
486 printk("DEBUG_PAGEALLOC");
492 printk(KERN_ALERT "last sysfs file: %s\n", last_sysfs_file);
494 if (notify_die(DIE_OOPS, str, regs, err,
495 current->thread.trap_no, SIGSEGV) != NOTIFY_STOP) {
496 show_registers(regs);
498 /* Executive summary in case the oops scrolled away */
499 esp = (unsigned long) (®s->esp);
501 if (user_mode(regs)) {
503 ss = regs->xss & 0xffff;
505 printk(KERN_EMERG "EIP: [<%08lx>] ", regs->eip);
506 print_symbol("%s", regs->eip);
507 printk(" SS:ESP %04x:%08lx\n", ss, esp);
512 printk(KERN_EMERG "Recursive die() failure, output suppressed\n");
516 spin_unlock_irqrestore(&die.lock, flags);
521 if (kexec_should_crash(current))
525 panic("Fatal exception in interrupt");
528 panic("Fatal exception");
534 static inline void die_if_kernel(const char * str, struct pt_regs * regs, long err)
536 if (!user_mode_vm(regs))
540 static void __kprobes do_trap(int trapnr, int signr, char *str, int vm86,
541 struct pt_regs * regs, long error_code,
544 struct task_struct *tsk = current;
545 tsk->thread.error_code = error_code;
546 tsk->thread.trap_no = trapnr;
548 if (regs->eflags & VM_MASK) {
554 if (!user_mode(regs))
559 force_sig_info(signr, info, tsk);
561 force_sig(signr, tsk);
566 if (!fixup_exception(regs))
567 die(str, regs, error_code);
572 int ret = handle_vm86_trap((struct kernel_vm86_regs *) regs, error_code, trapnr);
573 if (ret) goto trap_signal;
578 #define DO_ERROR(trapnr, signr, str, name) \
579 fastcall void do_##name(struct pt_regs * regs, long error_code) \
581 if (notify_die(DIE_TRAP, str, regs, error_code, trapnr, signr) \
584 do_trap(trapnr, signr, str, 0, regs, error_code, NULL); \
587 #define DO_ERROR_INFO(trapnr, signr, str, name, sicode, siaddr) \
588 fastcall void do_##name(struct pt_regs * regs, long error_code) \
591 info.si_signo = signr; \
593 info.si_code = sicode; \
594 info.si_addr = (void __user *)siaddr; \
595 if (notify_die(DIE_TRAP, str, regs, error_code, trapnr, signr) \
598 do_trap(trapnr, signr, str, 0, regs, error_code, &info); \
601 #define DO_VM86_ERROR(trapnr, signr, str, name) \
602 fastcall void do_##name(struct pt_regs * regs, long error_code) \
604 if (notify_die(DIE_TRAP, str, regs, error_code, trapnr, signr) \
607 do_trap(trapnr, signr, str, 1, regs, error_code, NULL); \
610 #define DO_VM86_ERROR_INFO(trapnr, signr, str, name, sicode, siaddr) \
611 fastcall void do_##name(struct pt_regs * regs, long error_code) \
614 info.si_signo = signr; \
616 info.si_code = sicode; \
617 info.si_addr = (void __user *)siaddr; \
618 if (notify_die(DIE_TRAP, str, regs, error_code, trapnr, signr) \
621 do_trap(trapnr, signr, str, 1, regs, error_code, &info); \
624 DO_VM86_ERROR_INFO( 0, SIGFPE, "divide error", divide_error, FPE_INTDIV, regs->eip)
625 #ifndef CONFIG_KPROBES
626 DO_VM86_ERROR( 3, SIGTRAP, "int3", int3)
628 DO_VM86_ERROR( 4, SIGSEGV, "overflow", overflow)
629 DO_VM86_ERROR( 5, SIGSEGV, "bounds", bounds)
630 DO_ERROR_INFO( 6, SIGILL, "invalid opcode", invalid_op, ILL_ILLOPN, regs->eip)
631 DO_ERROR( 9, SIGFPE, "coprocessor segment overrun", coprocessor_segment_overrun)
632 DO_ERROR(10, SIGSEGV, "invalid TSS", invalid_TSS)
633 DO_ERROR(11, SIGBUS, "segment not present", segment_not_present)
634 DO_ERROR(12, SIGBUS, "stack segment", stack_segment)
635 DO_ERROR_INFO(17, SIGBUS, "alignment check", alignment_check, BUS_ADRALN, 0)
639 * lazy-check for CS validity on exec-shield binaries:
641 * the original non-exec stack patch was written by
642 * Solar Designer <solar at openwall.com>. Thanks!
645 check_lazy_exec_limit(int cpu, struct pt_regs *regs, long error_code)
647 struct desc_struct *desc1, *desc2;
648 struct vm_area_struct *vma;
651 if (current->mm == NULL)
655 if (current->mm->context.exec_limit != -1UL) {
657 spin_lock(¤t->mm->page_table_lock);
658 for (vma = current->mm->mmap; vma; vma = vma->vm_next)
659 if ((vma->vm_flags & VM_EXEC) && (vma->vm_end > limit))
661 spin_unlock(¤t->mm->page_table_lock);
662 if (limit >= TASK_SIZE)
664 current->mm->context.exec_limit = limit;
666 set_user_cs(¤t->mm->context.user_cs, limit);
668 desc1 = ¤t->mm->context.user_cs;
669 desc2 = get_cpu_gdt_table(cpu) + GDT_ENTRY_DEFAULT_USER_CS;
671 if (desc1->a != desc2->a || desc1->b != desc2->b) {
673 * The CS was not in sync - reload it and retry the
674 * instruction. If the instruction still faults then
675 * we won't hit this branch next time around.
677 if (print_fatal_signals >= 2) {
678 printk("#GPF fixup (%ld[seg:%lx]) at %08lx, CPU#%d.\n", error_code, error_code/8, regs->eip, smp_processor_id());
679 printk(" exec_limit: %08lx, user_cs: %08lx/%08lx, CPU_cs: %08lx/%08lx.\n", current->mm->context.exec_limit, desc1->a, desc1->b, desc2->a, desc2->b);
681 load_user_cs_desc(cpu, current->mm);
689 * The fixup code for errors in iret jumps to here (iret_exc). It loses
690 * the original trap number and error code. The bogus trap 32 and error
691 * code 0 are what the vanilla kernel delivers via:
692 * DO_ERROR_INFO(32, SIGSEGV, "iret exception", iret_error, ILL_BADSTK, 0)
694 * In case of a general protection fault in the iret instruction, we
695 * need to check for a lazy CS update for exec-shield.
697 fastcall void do_iret_error(struct pt_regs *regs, long error_code)
699 int ok = check_lazy_exec_limit(get_cpu(), regs, error_code);
701 if (!ok && notify_die(DIE_TRAP, "iret exception", regs,
702 error_code, 32, SIGSEGV) != NOTIFY_STOP) {
704 info.si_signo = SIGSEGV;
706 info.si_code = ILL_BADSTK;
708 do_trap(32, SIGSEGV, "iret exception", 0, regs, error_code,
713 fastcall void __kprobes do_general_protection(struct pt_regs * regs,
717 struct tss_struct *tss = &per_cpu(init_tss, cpu);
718 struct thread_struct *thread = ¤t->thread;
722 * Perform the lazy TSS's I/O bitmap copy. If the TSS has an
723 * invalid offset set (the LAZY one) and the faulting thread has
724 * a valid I/O bitmap pointer, we copy the I/O bitmap in the TSS
725 * and we set the offset field correctly. Then we let the CPU to
726 * restart the faulting instruction.
728 if (tss->io_bitmap_base == INVALID_IO_BITMAP_OFFSET_LAZY &&
729 thread->io_bitmap_ptr) {
730 memcpy(tss->io_bitmap, thread->io_bitmap_ptr,
731 thread->io_bitmap_max);
733 * If the previously set map was extending to higher ports
734 * than the current one, pad extra space with 0xff (no access).
736 if (thread->io_bitmap_max < tss->io_bitmap_max)
737 memset((char *) tss->io_bitmap +
738 thread->io_bitmap_max, 0xff,
739 tss->io_bitmap_max - thread->io_bitmap_max);
740 tss->io_bitmap_max = thread->io_bitmap_max;
741 tss->io_bitmap_base = IO_BITMAP_OFFSET;
742 tss->io_bitmap_owner = thread;
747 current->thread.error_code = error_code;
748 current->thread.trap_no = 13;
750 if (regs->eflags & VM_MASK)
753 if (!user_mode(regs))
756 ok = check_lazy_exec_limit(cpu, regs, error_code);
763 if (print_fatal_signals) {
764 printk("#GPF(%ld[seg:%lx]) at %08lx, CPU#%d.\n", error_code, error_code/8, regs->eip, smp_processor_id());
765 printk(" exec_limit: %08lx, user_cs: %08lx/%08lx.\n", current->mm->context.exec_limit, current->mm->context.user_cs.a, current->mm->context.user_cs.b);
768 current->thread.error_code = error_code;
769 current->thread.trap_no = 13;
770 force_sig(SIGSEGV, current);
776 handle_vm86_fault((struct kernel_vm86_regs *) regs, error_code);
781 if (!fixup_exception(regs)) {
782 if (notify_die(DIE_GPF, "general protection fault", regs,
783 error_code, 13, SIGSEGV) == NOTIFY_STOP)
785 die("general protection fault", regs, error_code);
789 static void mem_parity_error(unsigned char reason, struct pt_regs * regs)
791 printk(KERN_EMERG "Uhhuh. NMI received. Dazed and confused, but trying "
793 printk(KERN_EMERG "You probably have a hardware problem with your RAM "
796 /* Clear and disable the memory parity error line. */
797 clear_mem_error(reason);
800 static void io_check_error(unsigned char reason, struct pt_regs * regs)
802 printk(KERN_EMERG "NMI: IOCK error (debug interrupt?)\n");
803 show_registers(regs);
805 /* Re-enable the IOCK line, wait for a few seconds */
806 clear_io_check_error(reason);
809 static void unknown_nmi_error(unsigned char reason, struct pt_regs * regs)
812 /* Might actually be able to figure out what the guilty party
819 printk("Uhhuh. NMI received for unknown reason %02x on CPU %d.\n",
820 reason, smp_processor_id());
821 printk("Dazed and confused, but trying to continue\n");
822 printk("Do you have a strange power saving mode enabled?\n");
825 static DEFINE_SPINLOCK(nmi_print_lock);
827 void die_nmi (struct pt_regs *regs, const char *msg)
829 if (notify_die(DIE_NMIWATCHDOG, msg, regs, 0, 2, SIGINT) ==
833 spin_lock(&nmi_print_lock);
835 * We are in trouble anyway, lets at least try
836 * to get a message out.
839 printk(KERN_EMERG "%s", msg);
840 printk(" on CPU%d, eip %08lx, registers:\n",
841 smp_processor_id(), regs->eip);
842 show_registers(regs);
844 spin_unlock(&nmi_print_lock);
847 /* If we are in kernel we are probably nested up pretty bad
848 * and might aswell get out now while we still can.
850 if (!user_mode_vm(regs)) {
851 current->thread.trap_no = 2;
858 static void default_do_nmi(struct pt_regs * regs)
860 unsigned char reason = 0;
862 /* Only the BSP gets external NMIs from the system. */
863 if (!smp_processor_id())
864 reason = get_nmi_reason();
866 if (!(reason & 0xc0)) {
867 if (notify_die(DIE_NMI_IPI, "nmi_ipi", regs, reason, 2, SIGINT)
870 #ifdef CONFIG_X86_LOCAL_APIC
872 * Ok, so this is none of the documented NMI sources,
873 * so it must be the NMI watchdog.
876 nmi_watchdog_tick(regs);
880 unknown_nmi_error(reason, regs);
883 if (notify_die(DIE_NMI, "nmi", regs, reason, 2, SIGINT) == NOTIFY_STOP)
886 mem_parity_error(reason, regs);
888 io_check_error(reason, regs);
890 * Reassert NMI in case it became active meanwhile
891 * as it's edge-triggered.
896 static int dummy_nmi_callback(struct pt_regs * regs, int cpu)
901 static nmi_callback_t nmi_callback = dummy_nmi_callback;
903 fastcall void do_nmi(struct pt_regs * regs, long error_code)
909 cpu = smp_processor_id();
913 if (!rcu_dereference(nmi_callback)(regs, cpu))
914 default_do_nmi(regs);
919 void set_nmi_callback(nmi_callback_t callback)
922 rcu_assign_pointer(nmi_callback, callback);
924 EXPORT_SYMBOL_GPL(set_nmi_callback);
926 void unset_nmi_callback(void)
928 nmi_callback = dummy_nmi_callback;
930 EXPORT_SYMBOL_GPL(unset_nmi_callback);
932 #ifdef CONFIG_KPROBES
933 fastcall void __kprobes do_int3(struct pt_regs *regs, long error_code)
935 if (notify_die(DIE_INT3, "int3", regs, error_code, 3, SIGTRAP)
938 /* This is an interrupt gate, because kprobes wants interrupts
939 disabled. Normal trap handlers don't. */
940 restore_interrupts(regs);
941 do_trap(3, SIGTRAP, "int3", 1, regs, error_code, NULL);
946 * Our handling of the processor debug registers is non-trivial.
947 * We do not clear them on entry and exit from the kernel. Therefore
948 * it is possible to get a watchpoint trap here from inside the kernel.
949 * However, the code in ./ptrace.c has ensured that the user can
950 * only set watchpoints on userspace addresses. Therefore the in-kernel
951 * watchpoint trap can only occur in code which is reading/writing
952 * from user space. Such code must not hold kernel locks (since it
953 * can equally take a page fault), therefore it is safe to call
954 * force_sig_info even though that claims and releases locks.
956 * Code in ./signal.c ensures that the debug control register
957 * is restored before we deliver any signal, and therefore that
958 * user code runs with the correct debug control register even though
961 * Being careful here means that we don't have to be as careful in a
962 * lot of more complicated places (task switching can be a bit lazy
963 * about restoring all the debug state, and ptrace doesn't have to
964 * find every occurrence of the TF bit that could be saved away even
967 fastcall void __kprobes do_debug(struct pt_regs * regs, long error_code)
969 unsigned int condition;
970 struct task_struct *tsk = current;
972 get_debugreg(condition, 6);
974 if (notify_die(DIE_DEBUG, "debug", regs, condition, error_code,
975 SIGTRAP) == NOTIFY_STOP)
977 /* It's safe to allow irq's after DR6 has been saved */
978 if (regs->eflags & X86_EFLAGS_IF)
981 /* Mask out spurious debug traps due to lazy DR7 setting */
982 if (condition & (DR_TRAP0|DR_TRAP1|DR_TRAP2|DR_TRAP3)) {
983 if (!tsk->thread.debugreg[7])
987 if (regs->eflags & VM_MASK)
990 /* Save debug status register where ptrace can see it */
991 tsk->thread.debugreg[6] = condition;
994 * Single-stepping through TF: make sure we ignore any events in
995 * kernel space (but re-enable TF when returning to user mode).
997 if (condition & DR_STEP) {
999 * We already checked v86 mode above, so we can
1000 * check for kernel mode by just checking the CPL
1003 if (!user_mode(regs))
1004 goto clear_TF_reenable;
1007 /* Ok, finally something we can handle */
1008 send_sigtrap(tsk, regs, error_code);
1010 /* Disable additional traps. They'll be re-enabled when
1011 * the signal is delivered.
1018 handle_vm86_trap((struct kernel_vm86_regs *) regs, error_code, 1);
1022 set_tsk_thread_flag(tsk, TIF_SINGLESTEP);
1023 regs->eflags &= ~TF_MASK;
1028 * Note that we play around with the 'TS' bit in an attempt to get
1029 * the correct behaviour even in the presence of the asynchronous
1032 void math_error(void __user *eip)
1034 struct task_struct * task;
1036 unsigned short cwd, swd;
1039 * Save the info for the exception handler and clear the error.
1042 save_init_fpu(task);
1043 task->thread.trap_no = 16;
1044 task->thread.error_code = 0;
1045 info.si_signo = SIGFPE;
1047 info.si_code = __SI_FAULT;
1050 * (~cwd & swd) will mask out exceptions that are not set to unmasked
1051 * status. 0x3f is the exception bits in these regs, 0x200 is the
1052 * C1 reg you need in case of a stack fault, 0x040 is the stack
1053 * fault bit. We should only be taking one exception at a time,
1054 * so if this combination doesn't produce any single exception,
1055 * then we have a bad program that isn't syncronizing its FPU usage
1056 * and it will suffer the consequences since we won't be able to
1057 * fully reproduce the context of the exception
1059 cwd = get_fpu_cwd(task);
1060 swd = get_fpu_swd(task);
1061 switch (swd & ~cwd & 0x3f) {
1062 case 0x000: /* No unmasked exception */
1064 default: /* Multiple exceptions */
1066 case 0x001: /* Invalid Op */
1068 * swd & 0x240 == 0x040: Stack Underflow
1069 * swd & 0x240 == 0x240: Stack Overflow
1070 * User must clear the SF bit (0x40) if set
1072 info.si_code = FPE_FLTINV;
1074 case 0x002: /* Denormalize */
1075 case 0x010: /* Underflow */
1076 info.si_code = FPE_FLTUND;
1078 case 0x004: /* Zero Divide */
1079 info.si_code = FPE_FLTDIV;
1081 case 0x008: /* Overflow */
1082 info.si_code = FPE_FLTOVF;
1084 case 0x020: /* Precision */
1085 info.si_code = FPE_FLTRES;
1088 force_sig_info(SIGFPE, &info, task);
1091 fastcall void do_coprocessor_error(struct pt_regs * regs, long error_code)
1094 math_error((void __user *)regs->eip);
1097 static void simd_math_error(void __user *eip)
1099 struct task_struct * task;
1101 unsigned short mxcsr;
1104 * Save the info for the exception handler and clear the error.
1107 save_init_fpu(task);
1108 task->thread.trap_no = 19;
1109 task->thread.error_code = 0;
1110 info.si_signo = SIGFPE;
1112 info.si_code = __SI_FAULT;
1115 * The SIMD FPU exceptions are handled a little differently, as there
1116 * is only a single status/control register. Thus, to determine which
1117 * unmasked exception was caught we must mask the exception mask bits
1118 * at 0x1f80, and then use these to mask the exception bits at 0x3f.
1120 mxcsr = get_fpu_mxcsr(task);
1121 switch (~((mxcsr & 0x1f80) >> 7) & (mxcsr & 0x3f)) {
1125 case 0x001: /* Invalid Op */
1126 info.si_code = FPE_FLTINV;
1128 case 0x002: /* Denormalize */
1129 case 0x010: /* Underflow */
1130 info.si_code = FPE_FLTUND;
1132 case 0x004: /* Zero Divide */
1133 info.si_code = FPE_FLTDIV;
1135 case 0x008: /* Overflow */
1136 info.si_code = FPE_FLTOVF;
1138 case 0x020: /* Precision */
1139 info.si_code = FPE_FLTRES;
1142 force_sig_info(SIGFPE, &info, task);
1145 fastcall void do_simd_coprocessor_error(struct pt_regs * regs,
1149 /* Handle SIMD FPU exceptions on PIII+ processors. */
1151 simd_math_error((void __user *)regs->eip);
1154 * Handle strange cache flush from user space exception
1155 * in all other cases. This is undocumented behaviour.
1157 if (regs->eflags & VM_MASK) {
1158 handle_vm86_fault((struct kernel_vm86_regs *)regs,
1162 current->thread.trap_no = 19;
1163 current->thread.error_code = error_code;
1164 die_if_kernel("cache flush denied", regs, error_code);
1165 force_sig(SIGSEGV, current);
1169 fastcall void do_spurious_interrupt_bug(struct pt_regs * regs,
1173 /* No need to warn about this any longer. */
1174 printk("Ignoring P6 Local APIC Spurious Interrupt Bug...\n");
1178 fastcall void setup_x86_bogus_stack(unsigned char * stk)
1180 unsigned long *switch16_ptr, *switch32_ptr;
1181 struct pt_regs *regs;
1182 unsigned long stack_top, stack_bot;
1183 unsigned short iret_frame16_off;
1184 int cpu = smp_processor_id();
1185 /* reserve the space on 32bit stack for the magic switch16 pointer */
1186 memmove(stk, stk + 8, sizeof(struct pt_regs));
1187 switch16_ptr = (unsigned long *)(stk + sizeof(struct pt_regs));
1188 regs = (struct pt_regs *)stk;
1189 /* now the switch32 on 16bit stack */
1190 stack_bot = (unsigned long)&per_cpu(cpu_16bit_stack, cpu);
1191 stack_top = stack_bot + CPU_16BIT_STACK_SIZE;
1192 switch32_ptr = (unsigned long *)(stack_top - 8);
1193 iret_frame16_off = CPU_16BIT_STACK_SIZE - 8 - 20;
1194 /* copy iret frame on 16bit stack */
1195 memcpy((void *)(stack_bot + iret_frame16_off), ®s->eip, 20);
1196 /* fill in the switch pointers */
1197 switch16_ptr[0] = (regs->esp & 0xffff0000) | iret_frame16_off;
1198 switch16_ptr[1] = __ESPFIX_SS;
1199 switch32_ptr[0] = (unsigned long)stk + sizeof(struct pt_regs) +
1200 8 - CPU_16BIT_STACK_SIZE;
1201 switch32_ptr[1] = __KERNEL_DS;
1204 fastcall unsigned char * fixup_x86_bogus_stack(unsigned short sp)
1206 unsigned long *switch32_ptr;
1207 unsigned char *stack16, *stack32;
1208 unsigned long stack_top, stack_bot;
1210 int cpu = smp_processor_id();
1211 stack_bot = (unsigned long)&per_cpu(cpu_16bit_stack, cpu);
1212 stack_top = stack_bot + CPU_16BIT_STACK_SIZE;
1213 switch32_ptr = (unsigned long *)(stack_top - 8);
1214 /* copy the data from 16bit stack to 32bit stack */
1215 len = CPU_16BIT_STACK_SIZE - 8 - sp;
1216 stack16 = (unsigned char *)(stack_bot + sp);
1217 stack32 = (unsigned char *)
1218 (switch32_ptr[0] + CPU_16BIT_STACK_SIZE - 8 - len);
1219 memcpy(stack32, stack16, len);
1224 * 'math_state_restore()' saves the current math information in the
1225 * old math state array, and gets the new ones from the current task
1227 * Careful.. There are problems with IBM-designed IRQ13 behaviour.
1228 * Don't touch unless you *really* know how it works.
1230 * Must be called with kernel preemption disabled (in this case,
1231 * local interrupts are disabled at the call-site in entry.S).
1233 asmlinkage void math_state_restore(struct pt_regs regs)
1235 struct thread_info *thread = current_thread_info();
1236 struct task_struct *tsk = thread->task;
1238 clts(); /* Allow maths ops (or we recurse) */
1239 if (!tsk_used_math(tsk))
1242 thread->status |= TS_USEDFPU; /* So we fnsave on switch_to() */
1245 #ifndef CONFIG_MATH_EMULATION
1247 asmlinkage void math_emulate(long arg)
1249 printk(KERN_EMERG "math-emulation not enabled and no coprocessor found.\n");
1250 printk(KERN_EMERG "killing %s.\n",current->comm);
1251 force_sig(SIGFPE,current);
1255 #endif /* CONFIG_MATH_EMULATION */
1257 #ifdef CONFIG_X86_F00F_BUG
1258 void __init trap_init_f00f_bug(void)
1260 __set_fixmap(FIX_F00F_IDT, __pa(&idt_table), PAGE_KERNEL_RO);
1263 * Update the IDT descriptor and reload the IDT so that
1264 * it uses the read-only mapped virtual address.
1266 idt_descr.address = fix_to_virt(FIX_F00F_IDT);
1267 load_idt(&idt_descr);
1271 #define _set_gate(gate_addr,type,dpl,addr,seg) \
1274 __asm__ __volatile__ ("movw %%dx,%%ax\n\t" \
1275 "movw %4,%%dx\n\t" \
1276 "movl %%eax,%0\n\t" \
1278 :"=m" (*((long *) (gate_addr))), \
1279 "=m" (*(1+(long *) (gate_addr))), "=&a" (__d0), "=&d" (__d1) \
1280 :"i" ((short) (0x8000+(dpl<<13)+(type<<8))), \
1281 "3" ((char *) (addr)),"2" ((seg) << 16)); \
1286 * This needs to use 'idt_table' rather than 'idt', and
1287 * thus use the _nonmapped_ version of the IDT, as the
1288 * Pentium F0 0F bugfix can have resulted in the mapped
1289 * IDT being write-protected.
1291 void set_intr_gate(unsigned int n, void *addr)
1293 _set_gate(idt_table+n,14,0,addr,__KERNEL_CS);
1297 * This routine sets up an interrupt gate at directory privilege level 3.
1299 static inline void set_system_intr_gate(unsigned int n, void *addr)
1301 _set_gate(idt_table+n, 14, 3, addr, __KERNEL_CS);
1304 static void __init set_trap_gate(unsigned int n, void *addr)
1306 _set_gate(idt_table+n,15,0,addr,__KERNEL_CS);
1309 static void __init set_system_gate(unsigned int n, void *addr)
1311 _set_gate(idt_table+n,15,3,addr,__KERNEL_CS);
1314 static void __init set_task_gate(unsigned int n, unsigned int gdt_entry)
1316 _set_gate(idt_table+n,5,0,0,(gdt_entry<<3));
1320 void __init trap_init(void)
1323 void __iomem *p = ioremap(0x0FFFD9, 4);
1324 if (readl(p) == 'E'+('I'<<8)+('S'<<16)+('A'<<24)) {
1330 #ifdef CONFIG_X86_LOCAL_APIC
1331 init_apic_mappings();
1334 set_trap_gate(0,÷_error);
1335 set_intr_gate(1,&debug);
1336 set_intr_gate(2,&nmi);
1337 set_system_intr_gate(3, &int3); /* int3/4 can be called from all */
1338 set_system_gate(4,&overflow);
1339 set_trap_gate(5,&bounds);
1340 set_trap_gate(6,&invalid_op);
1341 set_trap_gate(7,&device_not_available);
1342 set_task_gate(8,GDT_ENTRY_DOUBLEFAULT_TSS);
1343 set_trap_gate(9,&coprocessor_segment_overrun);
1344 set_trap_gate(10,&invalid_TSS);
1345 set_trap_gate(11,&segment_not_present);
1346 set_trap_gate(12,&stack_segment);
1347 set_trap_gate(13,&general_protection);
1348 set_intr_gate(14,&page_fault);
1349 set_trap_gate(15,&spurious_interrupt_bug);
1350 set_trap_gate(16,&coprocessor_error);
1351 set_trap_gate(17,&alignment_check);
1352 #ifdef CONFIG_X86_MCE
1353 set_trap_gate(18,&machine_check);
1355 set_trap_gate(19,&simd_coprocessor_error);
1359 * Verify that the FXSAVE/FXRSTOR data will be 16-byte aligned.
1360 * Generates a compile-time "error: zero width for bit-field" if
1361 * the alignment is wrong.
1363 struct fxsrAlignAssert {
1364 int _:!(offsetof(struct task_struct,
1365 thread.i387.fxsave) & 15);
1368 printk(KERN_INFO "Enabling fast FPU save and restore... ");
1369 set_in_cr4(X86_CR4_OSFXSR);
1373 printk(KERN_INFO "Enabling unmasked SIMD FPU exception "
1375 set_in_cr4(X86_CR4_OSXMMEXCPT);
1379 set_system_gate(SYSCALL_VECTOR,&system_call);
1382 * Should be a barrier for any external CPU state.
1389 static int __init kstack_setup(char *s)
1391 kstack_depth_to_print = simple_strtoul(s, NULL, 0);
1394 __setup("kstack=", kstack_setup);
1396 #ifdef CONFIG_STACK_UNWIND
1397 static int __init call_trace_setup(char *s)
1399 if (strcmp(s, "old") == 0)
1401 else if (strcmp(s, "both") == 0)
1403 else if (strcmp(s, "newfallback") == 0)
1405 else if (strcmp(s, "new") == 2)
1409 __setup("call_trace=", call_trace_setup);
git://git.onelab.eu / linux-2.6.git / blob