5 * Copyright (C) 1995-1996 Gary Thomas (gdt@linuxppc.org)
7 * Derived from "arch/i386/mm/fault.c"
8 * Copyright (C) 1991, 1992, 1993, 1994 Linus Torvalds
10 * Modified by Cort Dougan and Paul Mackerras.
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version
15 * 2 of the License, or (at your option) any later version.
18 #include <linux/config.h>
19 #include <linux/signal.h>
20 #include <linux/sched.h>
21 #include <linux/kernel.h>
22 #include <linux/errno.h>
23 #include <linux/string.h>
24 #include <linux/types.h>
25 #include <linux/ptrace.h>
26 #include <linux/mman.h>
28 #include <linux/interrupt.h>
29 #include <linux/highmem.h>
30 #include <linux/module.h>
33 #include <asm/pgtable.h>
35 #include <asm/mmu_context.h>
36 #include <asm/system.h>
37 #include <asm/uaccess.h>
38 #include <asm/tlbflush.h>
40 #if defined(CONFIG_XMON) || defined(CONFIG_KGDB)
41 extern void (*debugger)(struct pt_regs *);
42 extern void (*debugger_fault_handler)(struct pt_regs *);
43 extern int (*debugger_dabr_match)(struct pt_regs *);
44 int debugger_kernel_faults = 1;
47 unsigned long htab_reloads; /* updated by hashtable.S:hash_page() */
48 unsigned long htab_evicts; /* updated by hashtable.S:hash_page() */
49 unsigned long htab_preloads; /* updated by hashtable.S:add_hash_page() */
50 unsigned long pte_misses; /* updated by do_page_fault() */
51 unsigned long pte_errors; /* updated by do_page_fault() */
52 unsigned int probingmem;
54 extern void die_if_kernel(char *, struct pt_regs *, long);
55 void bad_page_fault(struct pt_regs *, unsigned long, int sig);
56 void do_page_fault(struct pt_regs *, unsigned long, unsigned long);
57 extern int get_pteptr(struct mm_struct *mm, unsigned long addr, pte_t **ptep);
60 * Check whether the instruction at regs->nip is a store using
61 * an update addressing form which will update r1.
63 static int store_updates_sp(struct pt_regs *regs)
67 if (get_user(inst, (unsigned int *)regs->nip))
69 /* check for 1 in the rA field */
70 if (((inst >> 16) & 0x1f) != 1)
72 /* check major opcode */
81 /* check minor opcode */
82 switch ((inst >> 1) & 0x3ff) {
86 case 695: /* stfsux */
87 case 759: /* stfdux */
95 * For 600- and 800-family processors, the error_code parameter is DSISR
96 * for a data fault, SRR1 for an instruction fault. For 400-family processors
97 * the error_code parameter is ESR for a data fault, 0 for an instruction
100 void do_page_fault(struct pt_regs *regs, unsigned long address,
101 unsigned long error_code)
103 struct vm_area_struct * vma;
104 struct mm_struct *mm = current->mm;
106 int code = SEGV_MAPERR;
107 #if defined(CONFIG_4xx)
108 int is_write = error_code & ESR_DST;
113 * Fortunately the bit assignments in SRR1 for an instruction
114 * fault and DSISR for a data fault are mostly the same for the
115 * bits we are interested in. But there are some bits which
116 * indicate errors in DSISR but can validly be set in SRR1.
118 if (TRAP(regs) == 0x400)
119 error_code &= 0x48200000;
121 is_write = error_code & 0x02000000;
122 #endif /* CONFIG_4xx */
124 #if defined(CONFIG_XMON) || defined(CONFIG_KGDB)
125 if (debugger_fault_handler && TRAP(regs) == 0x300) {
126 debugger_fault_handler(regs);
129 #if !defined(CONFIG_4xx)
130 if (error_code & 0x00400000) {
132 if (debugger_dabr_match(regs))
135 #endif /* !CONFIG_4xx */
136 #endif /* CONFIG_XMON || CONFIG_KGDB */
138 if (in_atomic() || mm == NULL) {
139 bad_page_fault(regs, address, SIGSEGV);
142 down_read(&mm->mmap_sem);
143 vma = find_vma(mm, address);
146 if (vma->vm_start <= address)
148 if (!(vma->vm_flags & VM_GROWSDOWN))
154 * N.B. The rs6000/xcoff ABI allows programs to access up to
155 * a few hundred bytes below the stack pointer.
156 * The kernel signal delivery code writes up to about 1.5kB
157 * below the stack pointer (r1) before decrementing it.
158 * The exec code can write slightly over 640kB to the stack
159 * before setting the user r1. Thus we allow the stack to
160 * expand to 1MB without further checks.
162 if (address + 0x100000 < vma->vm_end) {
163 /* get user regs even if this fault is in kernel mode */
164 struct pt_regs *uregs = current->thread.regs;
169 * A user-mode access to an address a long way below
170 * the stack pointer is only valid if the instruction
171 * is one which would update the stack pointer to the
172 * address accessed if the instruction completed,
173 * i.e. either stwu rs,n(r1) or stwux rs,r1,rb
174 * (or the byte, halfword, float or double forms).
176 * If we don't check this then any write to the area
177 * between the last mapped region and the stack will
178 * expand the stack rather than segfaulting.
180 if (address + 2048 < uregs->gpr[1]
181 && (!user_mode(regs) || !store_updates_sp(regs)))
184 if (expand_stack(vma, address))
189 #if defined(CONFIG_6xx)
190 if (error_code & 0x95700000)
191 /* an error such as lwarx to I/O controller space,
192 address matching DABR, eciwx, etc. */
194 #endif /* CONFIG_6xx */
195 #if defined(CONFIG_8xx)
196 /* The MPC8xx seems to always set 0x80000000, which is
197 * "undefined". Of those that can be set, this is the only
198 * one which seems bad.
200 if (error_code & 0x10000000)
201 /* Guarded storage error. */
203 #endif /* CONFIG_8xx */
207 if (!(vma->vm_flags & VM_WRITE))
209 #if defined(CONFIG_4xx)
210 /* an exec - 4xx allows for per-page execute permission */
211 } else if (TRAP(regs) == 0x400) {
215 /* It would be nice to actually enforce the VM execute
216 permission on CPUs which can do so, but far too
217 much stuff in userspace doesn't get the permissions
218 right, so we let any page be executed for now. */
219 if (! (vma->vm_flags & VM_EXEC))
223 /* Since 4xx supports per-page execute permission,
224 * we lazily flush dcache to icache. */
226 if (get_pteptr(mm, address, &ptep) && pte_present(*ptep)) {
227 struct page *page = pte_page(*ptep);
229 if (! test_bit(PG_arch_1, &page->flags)) {
230 unsigned long phys = page_to_pfn(page) << PAGE_SHIFT;
231 __flush_dcache_icache_phys(phys);
232 set_bit(PG_arch_1, &page->flags);
234 pte_update(ptep, 0, _PAGE_HWEXEC);
237 up_read(&mm->mmap_sem);
245 /* protection fault */
246 if (error_code & 0x08000000)
248 if (!(vma->vm_flags & (VM_READ | VM_EXEC)))
253 * If for any reason at all we couldn't handle the fault,
254 * make sure we exit gracefully rather than endlessly redo
258 switch (handle_mm_fault(mm, vma, address, is_write)) {
265 case VM_FAULT_SIGBUS:
273 up_read(&mm->mmap_sem);
275 * keep track of tlb+htab misses that are good addrs but
276 * just need pte's created via handle_mm_fault()
283 up_read(&mm->mmap_sem);
286 /* User mode accesses cause a SIGSEGV */
287 if (user_mode(regs)) {
288 info.si_signo = SIGSEGV;
291 info.si_addr = (void *) address;
292 force_sig_info(SIGSEGV, &info, current);
296 bad_page_fault(regs, address, SIGSEGV);
300 * We ran out of memory, or some other thing happened to us that made
301 * us unable to handle the page fault gracefully.
304 up_read(&mm->mmap_sem);
305 if (current->pid == 1) {
307 down_read(&mm->mmap_sem);
310 printk("VM: killing process %s\n", current->comm);
313 bad_page_fault(regs, address, SIGKILL);
317 up_read(&mm->mmap_sem);
318 info.si_signo = SIGBUS;
320 info.si_code = BUS_ADRERR;
321 info.si_addr = (void *)address;
322 force_sig_info (SIGBUS, &info, current);
323 if (!user_mode(regs))
324 bad_page_fault(regs, address, SIGBUS);
328 * bad_page_fault is called when we have a bad access from the kernel.
329 * It is called from do_page_fault above and from some of the procedures
333 bad_page_fault(struct pt_regs *regs, unsigned long address, int sig)
335 extern void die(const char *,struct pt_regs *,long);
336 const struct exception_table_entry *entry;
338 /* Are we prepared to handle this fault? */
339 if ((entry = search_exception_tables(regs->nip)) != NULL) {
340 regs->nip = entry->fixup;
344 /* kernel has accessed a bad area */
345 #if defined(CONFIG_XMON) || defined(CONFIG_KGDB)
346 if (debugger_kernel_faults)
349 die("kernel access of bad area", regs, sig);
354 /* The pgtable.h claims some functions generically exist, but I
355 * can't find them......
357 pte_t *va_to_pte(unsigned long address)
362 struct mm_struct *mm;
364 if (address < TASK_SIZE)
367 dir = pgd_offset(&init_mm, address);
369 pmd = pmd_offset(dir, address & PAGE_MASK);
370 if (pmd && pmd_present(*pmd)) {
371 pte = pte_offset_kernel(pmd, address & PAGE_MASK);
372 if (pte && pte_present(*pte))
379 unsigned long va_to_phys(unsigned long address)
383 pte = va_to_pte(address);
385 return(((unsigned long)(pte_val(*pte)) & PAGE_MASK) | (address & ~(PAGE_MASK)));
390 print_8xx_pte(struct mm_struct *mm, unsigned long addr)
396 printk(" pte @ 0x%8lx: ", addr);
397 pgd = pgd_offset(mm, addr & PAGE_MASK);
399 pmd = pmd_offset(pgd, addr & PAGE_MASK);
400 if (pmd && pmd_present(*pmd)) {
401 pte = pte_offset_kernel(pmd, addr & PAGE_MASK);
403 printk(" (0x%08lx)->(0x%08lx)->0x%08lx\n",
404 (long)pgd, (long)pte, (long)pte_val(*pte));
405 #define pp ((long)pte_val(*pte))
406 printk(" RPN: %05lx PP: %lx SPS: %lx SH: %lx "
410 (pp>>3)&1, /* small */
411 (pp>>2)&1, /* shared */
412 (pp>>1)&1, /* cache inhibit */
431 get_8xx_pte(struct mm_struct *mm, unsigned long addr)
438 pgd = pgd_offset(mm, addr & PAGE_MASK);
440 pmd = pmd_offset(pgd, addr & PAGE_MASK);
441 if (pmd && pmd_present(*pmd)) {
442 pte = pte_offset_kernel(pmd, addr & PAGE_MASK);
444 retval = (int)pte_val(*pte);
450 #endif /* CONFIG_8xx */