1/*
2 *  arch/ppc/mm/fault.c
3 *
4 *  PowerPC version
5 *    Copyright (C) 1995-1996 Gary Thomas (gdt@linuxppc.org)
6 *
7 *  Derived from "arch/i386/mm/fault.c"
8 *    Copyright (C) 1991, 1992, 1993, 1994  Linus Torvalds
9 *
10 *  Modified by Cort Dougan and Paul Mackerras.
11 *
12 *  Modified for PPC64 by Dave Engebretsen (engebret@ibm.com)
13 *
14 *  This program is free software; you can redistribute it and/or
15 *  modify it under the terms of the GNU General Public License
16 *  as published by the Free Software Foundation; either version
17 *  2 of the License, or (at your option) any later version.
18 */
19
20#include <linux/config.h>
21#include <linux/signal.h>
22#include <linux/sched.h>
23#include <linux/kernel.h>
24#include <linux/errno.h>
25#include <linux/string.h>
26#include <linux/types.h>
27#include <linux/ptrace.h>
28#include <linux/mman.h>
29#include <linux/mm.h>
30#include <linux/interrupt.h>
31
32#include <asm/page.h>
33#include <asm/pgtable.h>
34#include <asm/mmu.h>
35#include <asm/mmu_context.h>
36#include <asm/system.h>
37#include <asm/uaccess.h>
38
39#include <asm/ppcdebug.h>
40
41#if defined(CONFIG_KDB)
42#include <linux/kdb.h>
43#endif
44
45#if defined(CONFIG_XMON) || defined(CONFIG_KGDB) || defined(CONFIG_KDB)
46extern void (*debugger)(struct pt_regs *);
47extern void (*debugger_fault_handler)(struct pt_regs *);
48extern int (*debugger_dabr_match)(struct pt_regs *);
49int debugger_kernel_faults = 1;
50#endif
51
52extern void die_if_kernel(char *, struct pt_regs *, long);
53void bad_page_fault(struct pt_regs *, unsigned long);
54void do_page_fault(struct pt_regs *, unsigned long, unsigned long);
55
56#ifdef CONFIG_PPCDBG
57extern unsigned long get_srr0(void);
58extern unsigned long get_srr1(void);
59#endif
60
61/*
62 * For 600- and 800-family processors, the error_code parameter is DSISR
63 * for a data fault, SRR1 for an instruction fault.
64 */
65void do_page_fault(struct pt_regs *regs, unsigned long address,
66		   unsigned long error_code)
67{
68	struct vm_area_struct * vma;
69	struct mm_struct *mm = current->mm;
70	siginfo_t info;
71	unsigned long code = SEGV_MAPERR;
72	unsigned long is_write = error_code & 0x02000000;
73	unsigned long mm_fault_return;
74
75	PPCDBG(PPCDBG_MM, "Entering do_page_fault: addr = 0x%16.16lx, error_code = %lx\n\tregs_trap = %lx, srr0 = %lx, srr1 = %lx\n", address, error_code, regs->trap, get_srr0(), get_srr1());
76	/*
77	 * Fortunately the bit assignments in SRR1 for an instruction
78	 * fault and DSISR for a data fault are mostly the same for the
79	 * bits we are interested in.  But there are some bits which
80	 * indicate errors in DSISR but can validly be set in SRR1.
81	 */
82	if (regs->trap == 0x400)
83		error_code &= 0x48200000;
84
85#if defined(CONFIG_XMON) || defined(CONFIG_KGDB)
86	if (debugger_fault_handler && (regs->trap == 0x300 ||
87				regs->trap == 0x380)) {
88		debugger_fault_handler(regs);
89		return;
90	}
91
92	if (error_code & 0x00400000) {
93		/* DABR match */
94		if (debugger_dabr_match(regs))
95			return;
96	}
97#endif /* CONFIG_XMON || CONFIG_KGDB */
98
99	if (in_interrupt() || mm == NULL) {
100		bad_page_fault(regs, address);
101		return;
102	}
103	down_read(&mm->mmap_sem);
104	vma = find_vma(mm, address);
105	PPCDBG(PPCDBG_MM, "\tdo_page_fault: vma = 0x%16.16lx\n", vma);
106	if (!vma) {
107	        PPCDBG(PPCDBG_MM, "\tdo_page_fault: !vma\n");
108		goto bad_area;
109	}
110	PPCDBG(PPCDBG_MM, "\tdo_page_fault: vma->vm_start = 0x%16.16lx, vma->vm_flags = 0x%16.16lx\n", vma->vm_start, vma->vm_flags);
111	if (vma->vm_start <= address) {
112		goto good_area;
113	}
114	if (!(vma->vm_flags & VM_GROWSDOWN)) {
115		PPCDBG(PPCDBG_MM, "\tdo_page_fault: vma->vm_flags = %lx, %lx\n", vma->vm_flags, VM_GROWSDOWN);
116		goto bad_area;
117	}
118	if (expand_stack(vma, address)) {
119		PPCDBG(PPCDBG_MM, "\tdo_page_fault: expand_stack\n");
120		goto bad_area;
121	}
122
123good_area:
124	code = SEGV_ACCERR;
125
126	/* a write */
127	if (is_write) {
128		if (!(vma->vm_flags & VM_WRITE))
129			goto bad_area;
130	/* a read */
131	} else {
132		/* protection fault */
133		if (error_code & 0x08000000)
134			goto bad_area;
135		if (!(vma->vm_flags & (VM_READ | VM_EXEC)))
136			goto bad_area;
137	}
138
139	/*
140	 * If for any reason at all we couldn't handle the fault,
141	 * make sure we exit gracefully rather than endlessly redo
142	 * the fault.
143	 */
144	PPCDBG(PPCDBG_MM, "\tdo_page_fault: calling handle_mm_fault\n");
145        mm_fault_return = handle_mm_fault(mm, vma, address, is_write);
146	PPCDBG(PPCDBG_MM, "\tdo_page_fault: handle_mm_fault = 0x%lx\n",
147	       mm_fault_return);
148        switch(mm_fault_return) {
149        case 1:
150                current->min_flt++;
151                break;
152        case 2:
153                current->maj_flt++;
154                break;
155        case 0:
156                goto do_sigbus;
157        default:
158                goto out_of_memory;
159	}
160
161	up_read(&mm->mmap_sem);
162	return;
163
164bad_area:
165	up_read(&mm->mmap_sem);
166
167	/* User mode accesses cause a SIGSEGV */
168	if (user_mode(regs)) {
169		info.si_signo = SIGSEGV;
170		info.si_errno = 0;
171		info.si_code = code;
172		info.si_addr = (void *) address;
173		PPCDBG(PPCDBG_SIGNAL, "Bad addr in user: 0x%lx\n", address);
174#ifdef CONFIG_XMON
175	        ifppcdebug(PPCDBG_SIGNALXMON)
176        	    PPCDBG_ENTER_DEBUGGER_REGS(regs);
177#endif
178
179		force_sig_info(SIGSEGV, &info, current);
180		return;
181	}
182
183	bad_page_fault(regs, address);
184	return;
185
186/*
187 * We ran out of memory, or some other thing happened to us that made
188 * us unable to handle the page fault gracefully.
189 */
190out_of_memory:
191	up_read(&mm->mmap_sem);
192	printk("VM: killing process %s\n", current->comm);
193	if (user_mode(regs))
194		do_exit(SIGKILL);
195	bad_page_fault(regs, address);
196	return;
197
198do_sigbus:
199	up_read(&mm->mmap_sem);
200	info.si_signo = SIGBUS;
201	info.si_errno = 0;
202	info.si_code = BUS_ADRERR;
203	info.si_addr = (void *)address;
204	force_sig_info (SIGBUS, &info, current);
205	if (!user_mode(regs))
206		bad_page_fault(regs, address);
207}
208
209/*
210 * bad_page_fault is called when we have a bad access from the kernel.
211 * It is called from do_page_fault above and from some of the procedures
212 * in traps.c.
213 */
214void
215bad_page_fault(struct pt_regs *regs, unsigned long address)
216{
217	unsigned long fixup;
218
219	/* Are we prepared to handle this fault?  */
220	if ((fixup = search_exception_table(regs->nip)) != 0) {
221		regs->nip = fixup;
222		return;
223	}
224
225	/* kernel has accessed a bad area */
226	show_regs(regs);
227#if defined(CONFIG_XMON) || defined(CONFIG_KGDB)
228	if (debugger_kernel_faults)
229		debugger(regs);
230#endif
231#if defined(CONFIG_KDB)
232	kdb(KDB_REASON_FAULT, regs->trap, regs);
233#endif
234	print_backtrace( (unsigned long *)regs->gpr[1] );
235	panic("kernel access of bad area pc %lx lr %lx address %lX tsk %s/%d",
236	      regs->nip,regs->link,address,current->comm,current->pid);
237}
238