5 * Copyright (C) 1995-1996 Gary Thomas (gdt@linuxppc.org)
7 * Derived from "arch/i386/mm/fault.c"
8 * Copyright (C) 1991, 1992, 1993, 1994 Linus Torvalds
10 * Modified by Cort Dougan and Paul Mackerras.
12 * Modified for PPC64 by Dave Engebretsen (engebret@ibm.com)
14 * This program is free software; you can redistribute it and/or
15 * modify it under the terms of the GNU General Public License
16 * as published by the Free Software Foundation; either version
17 * 2 of the License, or (at your option) any later version.
20 #include <linux/config.h>
21 #include <linux/signal.h>
22 #include <linux/sched.h>
23 #include <linux/kernel.h>
24 #include <linux/errno.h>
25 #include <linux/string.h>
26 #include <linux/types.h>
27 #include <linux/mman.h>
29 #include <linux/interrupt.h>
30 #include <linux/smp_lock.h>
31 #include <linux/module.h>
34 #include <asm/pgtable.h>
36 #include <asm/mmu_context.h>
37 #include <asm/system.h>
38 #include <asm/uaccess.h>
41 * Check whether the instruction at regs->nip is a store using
42 * an update addressing form which will update r1.
44 static int store_updates_sp(struct pt_regs *regs)
48 if (get_user(inst, (unsigned int __user *)regs->nip))
50 /* check for 1 in the rA field */
51 if (((inst >> 16) & 0x1f) != 1)
53 /* check major opcode */
61 case 62: /* std or stdu */
62 return (inst & 3) == 1;
64 /* check minor opcode */
65 switch ((inst >> 1) & 0x3ff) {
70 case 695: /* stfsux */
71 case 759: /* stfdux */
79 * The error_code parameter is
80 * - DSISR for a non-SLB data access fault,
81 * - SRR1 & 0x08000000 for a non-SLB instruction access fault
84 void do_page_fault(struct pt_regs *regs, unsigned long address,
85 unsigned long error_code)
87 struct vm_area_struct * vma;
88 struct mm_struct *mm = current->mm;
90 unsigned long code = SEGV_MAPERR;
91 unsigned long is_write = error_code & 0x02000000;
93 if (regs->trap == 0x300 || regs->trap == 0x380) {
94 if (debugger_fault_handler(regs))
98 /* On a kernel SLB miss we can only check for a valid exception entry */
99 if (!user_mode(regs) && (regs->trap == 0x380)) {
100 bad_page_fault(regs, address, SIGSEGV);
104 if (error_code & 0x00400000) {
105 if (debugger_dabr_match(regs))
109 if (in_atomic() || mm == NULL) {
110 bad_page_fault(regs, address, SIGSEGV);
113 down_read(&mm->mmap_sem);
114 vma = find_vma(mm, address);
118 if (vma->vm_start <= address) {
121 if (!(vma->vm_flags & VM_GROWSDOWN))
125 * N.B. The POWER/Open ABI allows programs to access up to
126 * 288 bytes below the stack pointer.
127 * The kernel signal delivery code writes up to about 1.5kB
128 * below the stack pointer (r1) before decrementing it.
129 * The exec code can write slightly over 640kB to the stack
130 * before setting the user r1. Thus we allow the stack to
131 * expand to 1MB without further checks.
133 if (address + 0x100000 < vma->vm_end) {
134 /* get user regs even if this fault is in kernel mode */
135 struct pt_regs *uregs = current->thread.regs;
140 * A user-mode access to an address a long way below
141 * the stack pointer is only valid if the instruction
142 * is one which would update the stack pointer to the
143 * address accessed if the instruction completed,
144 * i.e. either stwu rs,n(r1) or stwux rs,r1,rb
145 * (or the byte, halfword, float or double forms).
147 * If we don't check this then any write to the area
148 * between the last mapped region and the stack will
149 * expand the stack rather than segfaulting.
151 if (address + 2048 < uregs->gpr[1]
152 && (!user_mode(regs) || !store_updates_sp(regs)))
156 if (expand_stack(vma, address))
164 if (!(vma->vm_flags & VM_WRITE))
168 /* protection fault */
169 if (error_code & 0x08000000)
171 if (!(vma->vm_flags & (VM_READ | VM_EXEC)))
177 * If for any reason at all we couldn't handle the fault,
178 * make sure we exit gracefully rather than endlessly redo
181 switch (handle_mm_fault(mm, vma, address, is_write)) {
189 case VM_FAULT_SIGBUS:
197 up_read(&mm->mmap_sem);
201 up_read(&mm->mmap_sem);
203 /* User mode accesses cause a SIGSEGV */
204 if (user_mode(regs)) {
205 info.si_signo = SIGSEGV;
208 info.si_addr = (void *) address;
209 force_sig_info(SIGSEGV, &info, current);
213 bad_page_fault(regs, address, SIGSEGV);
217 * We ran out of memory, or some other thing happened to us that made
218 * us unable to handle the page fault gracefully.
221 up_read(&mm->mmap_sem);
222 if (current->pid == 1) {
224 down_read(&mm->mmap_sem);
227 printk("VM: killing process %s\n", current->comm);
230 bad_page_fault(regs, address, SIGKILL);
234 up_read(&mm->mmap_sem);
235 info.si_signo = SIGBUS;
237 info.si_code = BUS_ADRERR;
238 info.si_addr = (void *)address;
239 force_sig_info (SIGBUS, &info, current);
240 if (!user_mode(regs))
241 bad_page_fault(regs, address, SIGBUS);
245 * bad_page_fault is called when we have a bad access from the kernel.
246 * It is called from do_page_fault above and from some of the procedures
249 void bad_page_fault(struct pt_regs *regs, unsigned long address, int sig)
251 const struct exception_table_entry *entry;
253 /* Are we prepared to handle this fault? */
254 if ((entry = search_exception_tables(regs->nip)) != NULL) {
255 regs->nip = entry->fixup;
259 /* kernel has accessed a bad area */
260 die("Kernel access of bad area", regs, sig);