1 /* $Id: fault.c,v 1.59 2002/02/09 19:49:31 davem Exp $
2 * arch/sparc64/mm/fault.c: Page fault handlers for the 64-bit Sparc.
4 * Copyright (C) 1996 David S. Miller (davem@caip.rutgers.edu)
5 * Copyright (C) 1997, 1999 Jakub Jelinek (jj@ultra.linux.cz)
10 #include <linux/string.h>
11 #include <linux/types.h>
12 #include <linux/sched.h>
13 #include <linux/ptrace.h>
14 #include <linux/mman.h>
15 #include <linux/signal.h>
17 #include <linux/module.h>
18 #include <linux/smp_lock.h>
19 #include <linux/init.h>
20 #include <linux/interrupt.h>
21 #include <linux/kprobes.h>
22 #include <linux/kallsyms.h>
25 #include <asm/pgtable.h>
26 #include <asm/openprom.h>
27 #include <asm/oplib.h>
28 #include <asm/uaccess.h>
31 #include <asm/sections.h>
32 #include <asm/kdebug.h>
33 #include <asm/mmu_context.h>
36 ATOMIC_NOTIFIER_HEAD(notify_page_fault_chain);
38 /* Hook to register for page fault notifications */
39 int register_page_fault_notifier(struct notifier_block *nb)
41 return atomic_notifier_chain_register(¬ify_page_fault_chain, nb);
44 int unregister_page_fault_notifier(struct notifier_block *nb)
46 return atomic_notifier_chain_unregister(¬ify_page_fault_chain, nb);
49 static inline int notify_page_fault(enum die_val val, const char *str,
50 struct pt_regs *regs, long err, int trap, int sig)
52 struct die_args args = {
59 return atomic_notifier_call_chain(¬ify_page_fault_chain, val, &args);
62 static inline int notify_page_fault(enum die_val val, const char *str,
63 struct pt_regs *regs, long err, int trap, int sig)
70 * To debug kernel to catch accesses to certain virtual/physical addresses.
71 * Mode = 0 selects physical watchpoints, mode = 1 selects virtual watchpoints.
72 * flags = VM_READ watches memread accesses, flags = VM_WRITE watches memwrite accesses.
73 * Caller passes in a 64bit aligned addr, with mask set to the bytes that need to be
74 * watched. This is only useful on a single cpu machine for now. After the watchpoint
75 * is detected, the process causing it will be killed, thus preventing an infinite loop.
77 void set_brkpt(unsigned long addr, unsigned char mask, int flags, int mode)
79 unsigned long lsubits;
81 __asm__ __volatile__("ldxa [%%g0] %1, %0"
83 : "i" (ASI_LSU_CONTROL));
84 lsubits &= ~(LSU_CONTROL_PM | LSU_CONTROL_VM |
85 LSU_CONTROL_PR | LSU_CONTROL_VR |
86 LSU_CONTROL_PW | LSU_CONTROL_VW);
88 __asm__ __volatile__("stxa %0, [%1] %2\n\t"
91 : "r" (addr), "r" (mode ? VIRT_WATCHPOINT : PHYS_WATCHPOINT),
94 lsubits |= ((unsigned long)mask << (mode ? 25 : 33));
96 lsubits |= (mode ? LSU_CONTROL_VR : LSU_CONTROL_PR);
98 lsubits |= (mode ? LSU_CONTROL_VW : LSU_CONTROL_PW);
99 __asm__ __volatile__("stxa %0, [%%g0] %1\n\t"
102 : "r" (lsubits), "i" (ASI_LSU_CONTROL)
106 static void __kprobes unhandled_fault(unsigned long address,
107 struct task_struct *tsk,
108 struct pt_regs *regs)
110 if ((unsigned long) address < PAGE_SIZE) {
111 printk(KERN_ALERT "Unable to handle kernel NULL "
112 "pointer dereference\n");
114 printk(KERN_ALERT "Unable to handle kernel paging request "
115 "at virtual address %016lx\n", (unsigned long)address);
117 printk(KERN_ALERT "tsk->{mm,active_mm}->context = %016lx\n",
119 CTX_HWBITS(tsk->mm->context) :
120 CTX_HWBITS(tsk->active_mm->context)));
121 printk(KERN_ALERT "tsk->{mm,active_mm}->pgd = %016lx\n",
122 (tsk->mm ? (unsigned long) tsk->mm->pgd :
123 (unsigned long) tsk->active_mm->pgd));
124 if (notify_die(DIE_GPF, "general protection fault", regs,
125 0, 0, SIGSEGV) == NOTIFY_STOP)
127 die_if_kernel("Oops", regs);
130 static void bad_kernel_pc(struct pt_regs *regs, unsigned long vaddr)
134 printk(KERN_CRIT "OOPS: Bogus kernel PC [%016lx] in fault handler\n",
136 printk(KERN_CRIT "OOPS: RPC [%016lx]\n", regs->u_regs[15]);
137 print_symbol("RPC: <%s>\n", regs->u_regs[15]);
138 printk(KERN_CRIT "OOPS: Fault was to vaddr[%lx]\n", vaddr);
139 __asm__("mov %%sp, %0" : "=r" (ksp));
140 show_stack(current, ksp);
141 unhandled_fault(regs->tpc, current, regs);
145 * We now make sure that mmap_sem is held in all paths that call
146 * this. Additionally, to prevent kswapd from ripping ptes from
147 * under us, raise interrupts around the time that we look at the
148 * pte, kswapd will have to wait to get his smp ipi response from
149 * us. vmtruncate likewise. This saves us having to get pte lock.
151 static unsigned int get_user_insn(unsigned long tpc)
153 pgd_t *pgdp = pgd_offset(current->mm, tpc);
159 unsigned long pstate;
163 pudp = pud_offset(pgdp, tpc);
166 pmdp = pmd_offset(pudp, tpc);
170 /* This disables preemption for us as well. */
171 __asm__ __volatile__("rdpr %%pstate, %0" : "=r" (pstate));
172 __asm__ __volatile__("wrpr %0, %1, %%pstate"
173 : : "r" (pstate), "i" (PSTATE_IE));
174 ptep = pte_offset_map(pmdp, tpc);
176 if (!pte_present(pte))
179 pa = (pte_pfn(pte) << PAGE_SHIFT);
180 pa += (tpc & ~PAGE_MASK);
182 /* Use phys bypass so we don't pollute dtlb/dcache. */
183 __asm__ __volatile__("lduwa [%1] %2, %0"
185 : "r" (pa), "i" (ASI_PHYS_USE_EC));
189 __asm__ __volatile__("wrpr %0, 0x0, %%pstate" : : "r" (pstate));
194 extern unsigned long compute_effective_address(struct pt_regs *, unsigned int, unsigned int);
196 static void do_fault_siginfo(int code, int sig, struct pt_regs *regs,
197 unsigned int insn, int fault_code)
204 if (fault_code & FAULT_CODE_ITLB)
205 info.si_addr = (void __user *) regs->tpc;
207 info.si_addr = (void __user *)
208 compute_effective_address(regs, insn, 0);
210 force_sig_info(sig, &info, current);
213 extern int handle_ldf_stq(u32, struct pt_regs *);
214 extern int handle_ld_nf(u32, struct pt_regs *);
216 static unsigned int get_fault_insn(struct pt_regs *regs, unsigned int insn)
219 if (!regs->tpc || (regs->tpc & 0x3))
221 if (regs->tstate & TSTATE_PRIV) {
222 insn = *(unsigned int *) regs->tpc;
224 insn = get_user_insn(regs->tpc);
230 static void do_kernel_fault(struct pt_regs *regs, int si_code, int fault_code,
231 unsigned int insn, unsigned long address)
233 unsigned char asi = ASI_P;
235 if ((!insn) && (regs->tstate & TSTATE_PRIV))
238 /* If user insn could be read (thus insn is zero), that
239 * is fine. We will just gun down the process with a signal
243 if (!(fault_code & (FAULT_CODE_WRITE|FAULT_CODE_ITLB)) &&
244 (insn & 0xc0800000) == 0xc0800000) {
246 asi = (regs->tstate >> 24);
249 if ((asi & 0xf2) == 0x82) {
250 if (insn & 0x1000000) {
251 handle_ldf_stq(insn, regs);
253 /* This was a non-faulting load. Just clear the
254 * destination register(s) and continue with the next
257 handle_ld_nf(insn, regs);
263 /* Is this in ex_table? */
264 if (regs->tstate & TSTATE_PRIV) {
265 const struct exception_table_entry *entry;
267 if (asi == ASI_P && (insn & 0xc0800000) == 0xc0800000) {
269 asi = (regs->tstate >> 24);
274 /* Look in asi.h: All _S asis have LS bit set */
276 (entry = search_exception_tables(regs->tpc))) {
277 regs->tpc = entry->fixup;
278 regs->tnpc = regs->tpc + 4;
282 /* The si_code was set to make clear whether
283 * this was a SEGV_MAPERR or SEGV_ACCERR fault.
285 do_fault_siginfo(si_code, SIGSEGV, regs, insn, fault_code);
290 unhandled_fault (address, current, regs);
293 asmlinkage void __kprobes do_sparc64_fault(struct pt_regs *regs)
295 struct mm_struct *mm = current->mm;
296 struct vm_area_struct *vma;
297 unsigned int insn = 0;
298 int si_code, fault_code;
299 unsigned long address, mm_rss;
301 fault_code = get_thread_fault_code();
303 if (notify_page_fault(DIE_PAGE_FAULT, "page_fault", regs,
304 fault_code, 0, SIGSEGV) == NOTIFY_STOP)
307 si_code = SEGV_MAPERR;
308 address = current_thread_info()->fault_address;
310 if ((fault_code & FAULT_CODE_ITLB) &&
311 (fault_code & FAULT_CODE_DTLB))
314 if (regs->tstate & TSTATE_PRIV) {
315 unsigned long tpc = regs->tpc;
317 /* Sanity check the PC. */
318 if ((tpc >= KERNBASE && tpc < (unsigned long) _etext) ||
319 (tpc >= MODULES_VADDR && tpc < MODULES_END)) {
320 /* Valid, no problems... */
322 bad_kernel_pc(regs, address);
328 * If we're in an interrupt or have no user
329 * context, we must not take the fault..
331 if (in_atomic() || !mm)
334 if (test_thread_flag(TIF_32BIT)) {
335 if (!(regs->tstate & TSTATE_PRIV))
336 regs->tpc &= 0xffffffff;
337 address &= 0xffffffff;
340 if (!down_read_trylock(&mm->mmap_sem)) {
341 if ((regs->tstate & TSTATE_PRIV) &&
342 !search_exception_tables(regs->tpc)) {
343 insn = get_fault_insn(regs, insn);
344 goto handle_kernel_fault;
346 down_read(&mm->mmap_sem);
349 vma = find_vma(mm, address);
353 /* Pure DTLB misses do not tell us whether the fault causing
354 * load/store/atomic was a write or not, it only says that there
355 * was no match. So in such a case we (carefully) read the
356 * instruction to try and figure this out. It's an optimization
357 * so it's ok if we can't do this.
359 * Special hack, window spill/fill knows the exact fault type.
362 (FAULT_CODE_DTLB | FAULT_CODE_WRITE | FAULT_CODE_WINFIXUP)) == FAULT_CODE_DTLB) &&
363 (vma->vm_flags & VM_WRITE) != 0) {
364 insn = get_fault_insn(regs, 0);
367 /* All loads, stores and atomics have bits 30 and 31 both set
368 * in the instruction. Bit 21 is set in all stores, but we
369 * have to avoid prefetches which also have bit 21 set.
371 if ((insn & 0xc0200000) == 0xc0200000 &&
372 (insn & 0x01780000) != 0x01680000) {
373 /* Don't bother updating thread struct value,
374 * because update_mmu_cache only cares which tlb
375 * the access came from.
377 fault_code |= FAULT_CODE_WRITE;
382 if (vma->vm_start <= address)
384 if (!(vma->vm_flags & VM_GROWSDOWN))
386 if (!(fault_code & FAULT_CODE_WRITE)) {
387 /* Non-faulting loads shouldn't expand stack. */
388 insn = get_fault_insn(regs, insn);
389 if ((insn & 0xc0800000) == 0xc0800000) {
393 asi = (regs->tstate >> 24);
396 if ((asi & 0xf2) == 0x82)
400 if (expand_stack(vma, address))
403 * Ok, we have a good vm_area for this memory access, so
407 si_code = SEGV_ACCERR;
409 /* If we took a ITLB miss on a non-executable page, catch
412 if ((fault_code & FAULT_CODE_ITLB) && !(vma->vm_flags & VM_EXEC)) {
413 BUG_ON(address != regs->tpc);
414 BUG_ON(regs->tstate & TSTATE_PRIV);
418 if (fault_code & FAULT_CODE_WRITE) {
419 if (!(vma->vm_flags & VM_WRITE))
422 /* Spitfire has an icache which does not snoop
423 * processor stores. Later processors do...
425 if (tlb_type == spitfire &&
426 (vma->vm_flags & VM_EXEC) != 0 &&
427 vma->vm_file != NULL)
428 set_thread_fault_code(fault_code |
429 FAULT_CODE_BLKCOMMIT);
431 /* Allow reads even for write-only mappings */
432 if (!(vma->vm_flags & (VM_READ | VM_EXEC)))
436 switch (handle_mm_fault(mm, vma, address, (fault_code & FAULT_CODE_WRITE))) {
443 case VM_FAULT_SIGBUS:
451 up_read(&mm->mmap_sem);
453 mm_rss = get_mm_rss(mm);
454 #ifdef CONFIG_HUGETLB_PAGE
455 mm_rss -= (mm->context.huge_pte_count * (HPAGE_SIZE / PAGE_SIZE));
457 if (unlikely(mm_rss >
458 mm->context.tsb_block[MM_TSB_BASE].tsb_rss_limit))
459 tsb_grow(mm, MM_TSB_BASE, mm_rss);
460 #ifdef CONFIG_HUGETLB_PAGE
461 mm_rss = mm->context.huge_pte_count;
462 if (unlikely(mm_rss >
463 mm->context.tsb_block[MM_TSB_HUGE].tsb_rss_limit))
464 tsb_grow(mm, MM_TSB_HUGE, mm_rss);
469 * Something tried to access memory that isn't in our memory map..
470 * Fix it, but check if it's kernel or user first..
473 insn = get_fault_insn(regs, insn);
474 up_read(&mm->mmap_sem);
477 do_kernel_fault(regs, si_code, fault_code, insn, address);
481 * We ran out of memory, or some other thing happened to us that made
482 * us unable to handle the page fault gracefully.
485 insn = get_fault_insn(regs, insn);
486 up_read(&mm->mmap_sem);
487 printk("VM: killing process %s\n", current->comm);
488 if (!(regs->tstate & TSTATE_PRIV))
490 goto handle_kernel_fault;
493 insn = get_fault_insn(regs, 0);
494 goto handle_kernel_fault;
497 insn = get_fault_insn(regs, insn);
498 up_read(&mm->mmap_sem);
501 * Send a sigbus, regardless of whether we were in kernel
504 do_fault_siginfo(BUS_ADRERR, SIGBUS, regs, insn, fault_code);
506 /* Kernel mode? Handle exceptions or die */
507 if (regs->tstate & TSTATE_PRIV)
508 goto handle_kernel_fault;
git://git.onelab.eu / linux-2.6.git / blob