1/* 2 * Architecture-specific unaligned trap handling. 3 * 4 * Copyright (C) 1999-2002, 2004 Hewlett-Packard Co 5 * Stephane Eranian <eranian@hpl.hp.com> 6 * David Mosberger-Tang <davidm@hpl.hp.com> 7 * 8 * 2002/12/09 Fix rotating register handling (off-by-1 error, missing fr-rotation). Fix 9 * get_rse_reg() to not leak kernel bits to user-level (reading an out-of-frame 10 * stacked register returns an undefined value; it does NOT trigger a 11 * "rsvd register fault"). 12 * 2001/10/11 Fix unaligned access to rotating registers in s/w pipelined loops. 13 * 2001/08/13 Correct size of extended floats (float_fsz) from 16 to 10 bytes. 14 * 2001/01/17 Add support emulation of unaligned kernel accesses. 15 */ 16#include <linux/kernel.h> 17#include <linux/sched.h> 18#include <linux/tty.h> 19 20#include <asm/intrinsics.h> 21#include <asm/processor.h> 22#include <asm/rse.h> 23#include <asm/uaccess.h> 24#include <asm/unaligned.h> 25 26extern void die_if_kernel(char *str, struct pt_regs *regs, long err); 27 28#undef DEBUG_UNALIGNED_TRAP 29 30#ifdef DEBUG_UNALIGNED_TRAP 31# define DPRINT(a...) do { printk("%s %u: ", __FUNCTION__, __LINE__); printk (a); } while (0) 32# define DDUMP(str,vp,len) dump(str, vp, len) 33 34static void 35dump (const char *str, void *vp, size_t len) 36{ 37 unsigned char *cp = vp; 38 int i; 39 40 printk("%s", str); 41 for (i = 0; i < len; ++i) 42 printk (" %02x", *cp++); 43 printk("\n"); 44} 45#else 46# define DPRINT(a...) 47# define DDUMP(str,vp,len) 48#endif 49 50#define IA64_FIRST_STACKED_GR 32 51#define IA64_FIRST_ROTATING_FR 32 52#define SIGN_EXT9 0xffffffffffffff00ul 53 54/* 55 * sysctl settable hook which tells the kernel whether to honor the 56 * IA64_THREAD_UAC_NOPRINT prctl. Because this is user settable, we want 57 * to allow the super user to enable/disable this for security reasons 58 * (i.e. don't allow attacker to fill up logs with unaligned accesses). 59 */ 60int no_unaligned_warning; 61static int noprint_warning; 62 63/* 64 * For M-unit: 65 * 66 * opcode | m | x6 | 67 * --------|------|---------| 68 * [40-37] | [36] | [35:30] | 69 * --------|------|---------| 70 * 4 | 1 | 6 | = 11 bits 71 * -------------------------- 72 * However bits [31:30] are not directly useful to distinguish between 73 * load/store so we can use [35:32] instead, which gives the following 74 * mask ([40:32]) using 9 bits. The 'e' comes from the fact that we defer 75 * checking the m-bit until later in the load/store emulation. 76 */ 77#define IA64_OPCODE_MASK 0x1ef 78#define IA64_OPCODE_SHIFT 32 79 80/* 81 * Table C-28 Integer Load/Store 82 * 83 * We ignore [35:32]= 0x6, 0x7, 0xE, 0xF 84 * 85 * ld8.fill, st8.fill MUST be aligned because the RNATs are based on 86 * the address (bits [8:3]), so we must failed. 87 */ 88#define LD_OP 0x080 89#define LDS_OP 0x081 90#define LDA_OP 0x082 91#define LDSA_OP 0x083 92#define LDBIAS_OP 0x084 93#define LDACQ_OP 0x085 94/* 0x086, 0x087 are not relevant */ 95#define LDCCLR_OP 0x088 96#define LDCNC_OP 0x089 97#define LDCCLRACQ_OP 0x08a 98#define ST_OP 0x08c 99#define STREL_OP 0x08d 100/* 0x08e,0x8f are not relevant */ 101 102/* 103 * Table C-29 Integer Load +Reg 104 * 105 * we use the ld->m (bit [36:36]) field to determine whether or not we have 106 * a load/store of this form. 107 */ 108 109/* 110 * Table C-30 Integer Load/Store +Imm 111 * 112 * We ignore [35:32]= 0x6, 0x7, 0xE, 0xF 113 * 114 * ld8.fill, st8.fill must be aligned because the Nat register are based on 115 * the address, so we must fail and the program must be fixed. 116 */ 117#define LD_IMM_OP 0x0a0 118#define LDS_IMM_OP 0x0a1 119#define LDA_IMM_OP 0x0a2 120#define LDSA_IMM_OP 0x0a3 121#define LDBIAS_IMM_OP 0x0a4 122#define LDACQ_IMM_OP 0x0a5 123/* 0x0a6, 0xa7 are not relevant */ 124#define LDCCLR_IMM_OP 0x0a8 125#define LDCNC_IMM_OP 0x0a9 126#define LDCCLRACQ_IMM_OP 0x0aa 127#define ST_IMM_OP 0x0ac 128#define STREL_IMM_OP 0x0ad 129/* 0x0ae,0xaf are not relevant */ 130 131/* 132 * Table C-32 Floating-point Load/Store 133 */ 134#define LDF_OP 0x0c0 135#define LDFS_OP 0x0c1 136#define LDFA_OP 0x0c2 137#define LDFSA_OP 0x0c3 138/* 0x0c6 is irrelevant */ 139#define LDFCCLR_OP 0x0c8 140#define LDFCNC_OP 0x0c9 141/* 0x0cb is irrelevant */ 142#define STF_OP 0x0cc 143 144/* 145 * Table C-33 Floating-point Load +Reg 146 * 147 * we use the ld->m (bit [36:36]) field to determine whether or not we have 148 * a load/store of this form. 149 */ 150 151/* 152 * Table C-34 Floating-point Load/Store +Imm 153 */ 154#define LDF_IMM_OP 0x0e0 155#define LDFS_IMM_OP 0x0e1 156#define LDFA_IMM_OP 0x0e2 157#define LDFSA_IMM_OP 0x0e3 158/* 0x0e6 is irrelevant */ 159#define LDFCCLR_IMM_OP 0x0e8 160#define LDFCNC_IMM_OP 0x0e9 161#define STF_IMM_OP 0x0ec 162 163typedef struct { 164 unsigned long qp:6; /* [0:5] */ 165 unsigned long r1:7; /* [6:12] */ 166 unsigned long imm:7; /* [13:19] */ 167 unsigned long r3:7; /* [20:26] */ 168 unsigned long x:1; /* [27:27] */ 169 unsigned long hint:2; /* [28:29] */ 170 unsigned long x6_sz:2; /* [30:31] */ 171 unsigned long x6_op:4; /* [32:35], x6 = x6_sz|x6_op */ 172 unsigned long m:1; /* [36:36] */ 173 unsigned long op:4; /* [37:40] */ 174 unsigned long pad:23; /* [41:63] */ 175} load_store_t; 176 177 178typedef enum { 179 UPD_IMMEDIATE, /* ldXZ r1=[r3],imm(9) */ 180 UPD_REG /* ldXZ r1=[r3],r2 */ 181} update_t; 182 183/* 184 * We use tables to keep track of the offsets of registers in the saved state. 185 * This way we save having big switch/case statements. 186 * 187 * We use bit 0 to indicate switch_stack or pt_regs. 188 * The offset is simply shifted by 1 bit. 189 * A 2-byte value should be enough to hold any kind of offset 190 * 191 * In case the calling convention changes (and thus pt_regs/switch_stack) 192 * simply use RSW instead of RPT or vice-versa. 193 */ 194 195#define RPO(x) ((size_t) &((struct pt_regs *)0)->x) 196#define RSO(x) ((size_t) &((struct switch_stack *)0)->x) 197 198#define RPT(x) (RPO(x) << 1) 199#define RSW(x) (1| RSO(x)<<1) 200 201#define GR_OFFS(x) (gr_info[x]>>1) 202#define GR_IN_SW(x) (gr_info[x] & 0x1) 203 204#define FR_OFFS(x) (fr_info[x]>>1) 205#define FR_IN_SW(x) (fr_info[x] & 0x1) 206 207static u16 gr_info[32]={ 208 0, /* r0 is read-only : WE SHOULD NEVER GET THIS */ 209 210 RPT(r1), RPT(r2), RPT(r3), 211 212 RSW(r4), RSW(r5), RSW(r6), RSW(r7), 213 214 RPT(r8), RPT(r9), RPT(r10), RPT(r11), 215 RPT(r12), RPT(r13), RPT(r14), RPT(r15), 216 217 RPT(r16), RPT(r17), RPT(r18), RPT(r19), 218 RPT(r20), RPT(r21), RPT(r22), RPT(r23), 219 RPT(r24), RPT(r25), RPT(r26), RPT(r27), 220 RPT(r28), RPT(r29), RPT(r30), RPT(r31) 221}; 222 223static u16 fr_info[32]={ 224 0, /* constant : WE SHOULD NEVER GET THIS */ 225 0, /* constant : WE SHOULD NEVER GET THIS */ 226 227 RSW(f2), RSW(f3), RSW(f4), RSW(f5), 228 229 RPT(f6), RPT(f7), RPT(f8), RPT(f9), 230 RPT(f10), RPT(f11), 231 232 RSW(f12), RSW(f13), RSW(f14), 233 RSW(f15), RSW(f16), RSW(f17), RSW(f18), RSW(f19), 234 RSW(f20), RSW(f21), RSW(f22), RSW(f23), RSW(f24), 235 RSW(f25), RSW(f26), RSW(f27), RSW(f28), RSW(f29), 236 RSW(f30), RSW(f31) 237}; 238 239/* Invalidate ALAT entry for integer register REGNO. */ 240static void 241invala_gr (int regno) 242{ 243# define F(reg) case reg: ia64_invala_gr(reg); break 244 245 switch (regno) { 246 F( 0); F( 1); F( 2); F( 3); F( 4); F( 5); F( 6); F( 7); 247 F( 8); F( 9); F( 10); F( 11); F( 12); F( 13); F( 14); F( 15); 248 F( 16); F( 17); F( 18); F( 19); F( 20); F( 21); F( 22); F( 23); 249 F( 24); F( 25); F( 26); F( 27); F( 28); F( 29); F( 30); F( 31); 250 F( 32); F( 33); F( 34); F( 35); F( 36); F( 37); F( 38); F( 39); 251 F( 40); F( 41); F( 42); F( 43); F( 44); F( 45); F( 46); F( 47); 252 F( 48); F( 49); F( 50); F( 51); F( 52); F( 53); F( 54); F( 55); 253 F( 56); F( 57); F( 58); F( 59); F( 60); F( 61); F( 62); F( 63); 254 F( 64); F( 65); F( 66); F( 67); F( 68); F( 69); F( 70); F( 71); 255 F( 72); F( 73); F( 74); F( 75); F( 76); F( 77); F( 78); F( 79); 256 F( 80); F( 81); F( 82); F( 83); F( 84); F( 85); F( 86); F( 87); 257 F( 88); F( 89); F( 90); F( 91); F( 92); F( 93); F( 94); F( 95); 258 F( 96); F( 97); F( 98); F( 99); F(100); F(101); F(102); F(103); 259 F(104); F(105); F(106); F(107); F(108); F(109); F(110); F(111); 260 F(112); F(113); F(114); F(115); F(116); F(117); F(118); F(119); 261 F(120); F(121); F(122); F(123); F(124); F(125); F(126); F(127); 262 } 263# undef F 264} 265 266/* Invalidate ALAT entry for floating-point register REGNO. */ 267static void 268invala_fr (int regno) 269{ 270# define F(reg) case reg: ia64_invala_fr(reg); break 271 272 switch (regno) { 273 F( 0); F( 1); F( 2); F( 3); F( 4); F( 5); F( 6); F( 7); 274 F( 8); F( 9); F( 10); F( 11); F( 12); F( 13); F( 14); F( 15); 275 F( 16); F( 17); F( 18); F( 19); F( 20); F( 21); F( 22); F( 23); 276 F( 24); F( 25); F( 26); F( 27); F( 28); F( 29); F( 30); F( 31); 277 F( 32); F( 33); F( 34); F( 35); F( 36); F( 37); F( 38); F( 39); 278 F( 40); F( 41); F( 42); F( 43); F( 44); F( 45); F( 46); F( 47); 279 F( 48); F( 49); F( 50); F( 51); F( 52); F( 53); F( 54); F( 55); 280 F( 56); F( 57); F( 58); F( 59); F( 60); F( 61); F( 62); F( 63); 281 F( 64); F( 65); F( 66); F( 67); F( 68); F( 69); F( 70); F( 71); 282 F( 72); F( 73); F( 74); F( 75); F( 76); F( 77); F( 78); F( 79); 283 F( 80); F( 81); F( 82); F( 83); F( 84); F( 85); F( 86); F( 87); 284 F( 88); F( 89); F( 90); F( 91); F( 92); F( 93); F( 94); F( 95); 285 F( 96); F( 97); F( 98); F( 99); F(100); F(101); F(102); F(103); 286 F(104); F(105); F(106); F(107); F(108); F(109); F(110); F(111); 287 F(112); F(113); F(114); F(115); F(116); F(117); F(118); F(119); 288 F(120); F(121); F(122); F(123); F(124); F(125); F(126); F(127); 289 } 290# undef F 291} 292 293static inline unsigned long 294rotate_reg (unsigned long sor, unsigned long rrb, unsigned long reg) 295{ 296 reg += rrb; 297 if (reg >= sor) 298 reg -= sor; 299 return reg; 300} 301 302static void 303set_rse_reg (struct pt_regs *regs, unsigned long r1, unsigned long val, int nat) 304{ 305 struct switch_stack *sw = (struct switch_stack *) regs - 1; 306 unsigned long *bsp, *bspstore, *addr, *rnat_addr, *ubs_end; 307 unsigned long *kbs = (void *) current + IA64_RBS_OFFSET; 308 unsigned long rnats, nat_mask; 309 unsigned long on_kbs; 310 long sof = (regs->cr_ifs) & 0x7f; 311 long sor = 8 * ((regs->cr_ifs >> 14) & 0xf); 312 long rrb_gr = (regs->cr_ifs >> 18) & 0x7f; 313 long ridx = r1 - 32; 314 315 if (ridx >= sof) { 316 /* this should never happen, as the "rsvd register fault" has higher priority */ 317 DPRINT("ignoring write to r%lu; only %lu registers are allocated!\n", r1, sof); 318 return; 319 } 320 321 if (ridx < sor) 322 ridx = rotate_reg(sor, rrb_gr, ridx); 323 324 DPRINT("r%lu, sw.bspstore=%lx pt.bspstore=%lx sof=%ld sol=%ld ridx=%ld\n", 325 r1, sw->ar_bspstore, regs->ar_bspstore, sof, (regs->cr_ifs >> 7) & 0x7f, ridx); 326 327 on_kbs = ia64_rse_num_regs(kbs, (unsigned long *) sw->ar_bspstore); 328 addr = ia64_rse_skip_regs((unsigned long *) sw->ar_bspstore, -sof + ridx); 329 if (addr >= kbs) { 330 /* the register is on the kernel backing store: easy... */ 331 rnat_addr = ia64_rse_rnat_addr(addr); 332 if ((unsigned long) rnat_addr >= sw->ar_bspstore) 333 rnat_addr = &sw->ar_rnat; 334 nat_mask = 1UL << ia64_rse_slot_num(addr); 335 336 *addr = val; 337 if (nat) 338 *rnat_addr |= nat_mask; 339 else 340 *rnat_addr &= ~nat_mask; 341 return; 342 } 343 344 if (!user_stack(current, regs)) { 345 DPRINT("ignoring kernel write to r%lu; register isn't on the kernel RBS!", r1); 346 return; 347 } 348 349 bspstore = (unsigned long *)regs->ar_bspstore; 350 ubs_end = ia64_rse_skip_regs(bspstore, on_kbs); 351 bsp = ia64_rse_skip_regs(ubs_end, -sof); 352 addr = ia64_rse_skip_regs(bsp, ridx); 353 354 DPRINT("ubs_end=%p bsp=%p addr=%p\n", (void *) ubs_end, (void *) bsp, (void *) addr); 355 356 ia64_poke(current, sw, (unsigned long) ubs_end, (unsigned long) addr, val); 357 358 rnat_addr = ia64_rse_rnat_addr(addr); 359 360 ia64_peek(current, sw, (unsigned long) ubs_end, (unsigned long) rnat_addr, &rnats); 361 DPRINT("rnat @%p = 0x%lx nat=%d old nat=%ld\n", 362 (void *) rnat_addr, rnats, nat, (rnats >> ia64_rse_slot_num(addr)) & 1); 363 364 nat_mask = 1UL << ia64_rse_slot_num(addr); 365 if (nat) 366 rnats |= nat_mask; 367 else 368 rnats &= ~nat_mask; 369 ia64_poke(current, sw, (unsigned long) ubs_end, (unsigned long) rnat_addr, rnats); 370 371 DPRINT("rnat changed to @%p = 0x%lx\n", (void *) rnat_addr, rnats); 372} 373 374 375static void 376get_rse_reg (struct pt_regs *regs, unsigned long r1, unsigned long *val, int *nat) 377{ 378 struct switch_stack *sw = (struct switch_stack *) regs - 1; 379 unsigned long *bsp, *addr, *rnat_addr, *ubs_end, *bspstore; 380 unsigned long *kbs = (void *) current + IA64_RBS_OFFSET; 381 unsigned long rnats, nat_mask; 382 unsigned long on_kbs; 383 long sof = (regs->cr_ifs) & 0x7f; 384 long sor = 8 * ((regs->cr_ifs >> 14) & 0xf); 385 long rrb_gr = (regs->cr_ifs >> 18) & 0x7f; 386 long ridx = r1 - 32; 387 388 if (ridx >= sof) { 389 /* read of out-of-frame register returns an undefined value; 0 in our case. */ 390 DPRINT("ignoring read from r%lu; only %lu registers are allocated!\n", r1, sof); 391 goto fail; 392 } 393 394 if (ridx < sor) 395 ridx = rotate_reg(sor, rrb_gr, ridx); 396 397 DPRINT("r%lu, sw.bspstore=%lx pt.bspstore=%lx sof=%ld sol=%ld ridx=%ld\n", 398 r1, sw->ar_bspstore, regs->ar_bspstore, sof, (regs->cr_ifs >> 7) & 0x7f, ridx); 399 400 on_kbs = ia64_rse_num_regs(kbs, (unsigned long *) sw->ar_bspstore); 401 addr = ia64_rse_skip_regs((unsigned long *) sw->ar_bspstore, -sof + ridx); 402 if (addr >= kbs) { 403 /* the register is on the kernel backing store: easy... */ 404 *val = *addr; 405 if (nat) { 406 rnat_addr = ia64_rse_rnat_addr(addr); 407 if ((unsigned long) rnat_addr >= sw->ar_bspstore) 408 rnat_addr = &sw->ar_rnat; 409 nat_mask = 1UL << ia64_rse_slot_num(addr); 410 *nat = (*rnat_addr & nat_mask) != 0; 411 } 412 return; 413 } 414 415 if (!user_stack(current, regs)) { 416 DPRINT("ignoring kernel read of r%lu; register isn't on the RBS!", r1); 417 goto fail; 418 } 419 420 bspstore = (unsigned long *)regs->ar_bspstore; 421 ubs_end = ia64_rse_skip_regs(bspstore, on_kbs); 422 bsp = ia64_rse_skip_regs(ubs_end, -sof); 423 addr = ia64_rse_skip_regs(bsp, ridx); 424 425 DPRINT("ubs_end=%p bsp=%p addr=%p\n", (void *) ubs_end, (void *) bsp, (void *) addr); 426 427 ia64_peek(current, sw, (unsigned long) ubs_end, (unsigned long) addr, val); 428 429 if (nat) { 430 rnat_addr = ia64_rse_rnat_addr(addr); 431 nat_mask = 1UL << ia64_rse_slot_num(addr); 432 433 DPRINT("rnat @%p = 0x%lx\n", (void *) rnat_addr, rnats); 434 435 ia64_peek(current, sw, (unsigned long) ubs_end, (unsigned long) rnat_addr, &rnats); 436 *nat = (rnats & nat_mask) != 0; 437 } 438 return; 439 440 fail: 441 *val = 0; 442 if (nat) 443 *nat = 0; 444 return; 445} 446 447 448static void 449setreg (unsigned long regnum, unsigned long val, int nat, struct pt_regs *regs) 450{ 451 struct switch_stack *sw = (struct switch_stack *) regs - 1; 452 unsigned long addr; 453 unsigned long bitmask; 454 unsigned long *unat; 455 456 /* 457 * First takes care of stacked registers 458 */ 459 if (regnum >= IA64_FIRST_STACKED_GR) { 460 set_rse_reg(regs, regnum, val, nat); 461 return; 462 } 463 464 /* 465 * Using r0 as a target raises a General Exception fault which has higher priority 466 * than the Unaligned Reference fault. 467 */ 468 469 /* 470 * Now look at registers in [0-31] range and init correct UNAT 471 */ 472 if (GR_IN_SW(regnum)) { 473 addr = (unsigned long)sw; 474 unat = &sw->ar_unat; 475 } else { 476 addr = (unsigned long)regs; 477 unat = &sw->caller_unat; 478 } 479 DPRINT("tmp_base=%lx switch_stack=%s offset=%d\n", 480 addr, unat==&sw->ar_unat ? "yes":"no", GR_OFFS(regnum)); 481 /* 482 * add offset from base of struct 483 * and do it ! 484 */ 485 addr += GR_OFFS(regnum); 486 487 *(unsigned long *)addr = val; 488 489 /* 490 * We need to clear the corresponding UNAT bit to fully emulate the load 491 * UNAT bit_pos = GR[r3]{8:3} form EAS-2.4 492 */ 493 bitmask = 1UL << (addr >> 3 & 0x3f); 494 DPRINT("*0x%lx=0x%lx NaT=%d prev_unat @%p=%lx\n", addr, val, nat, (void *) unat, *unat); 495 if (nat) { 496 *unat |= bitmask; 497 } else { 498 *unat &= ~bitmask; 499 } 500 DPRINT("*0x%lx=0x%lx NaT=%d new unat: %p=%lx\n", addr, val, nat, (void *) unat,*unat); 501} 502 503/* 504 * Return the (rotated) index for floating point register REGNUM (REGNUM must be in the 505 * range from 32-127, result is in the range from 0-95. 506 */ 507static inline unsigned long 508fph_index (struct pt_regs *regs, long regnum) 509{ 510 unsigned long rrb_fr = (regs->cr_ifs >> 25) & 0x7f; 511 return rotate_reg(96, rrb_fr, (regnum - IA64_FIRST_ROTATING_FR)); 512} 513 514static void 515setfpreg (unsigned long regnum, struct ia64_fpreg *fpval, struct pt_regs *regs) 516{ 517 struct switch_stack *sw = (struct switch_stack *)regs - 1; 518 unsigned long addr; 519 520 /* 521 * From EAS-2.5: FPDisableFault has higher priority than Unaligned 522 * Fault. Thus, when we get here, we know the partition is enabled. 523 * To update f32-f127, there are three choices: 524 * 525 * (1) save f32-f127 to thread.fph and update the values there 526 * (2) use a gigantic switch statement to directly access the registers 527 * (3) generate code on the fly to update the desired register 528 * 529 * For now, we are using approach (1). 530 */ 531 if (regnum >= IA64_FIRST_ROTATING_FR) { 532 ia64_sync_fph(current); 533 current->thread.fph[fph_index(regs, regnum)] = *fpval; 534 } else { 535 /* 536 * pt_regs or switch_stack ? 537 */ 538 if (FR_IN_SW(regnum)) { 539 addr = (unsigned long)sw; 540 } else { 541 addr = (unsigned long)regs; 542 } 543 544 DPRINT("tmp_base=%lx offset=%d\n", addr, FR_OFFS(regnum)); 545 546 addr += FR_OFFS(regnum); 547 *(struct ia64_fpreg *)addr = *fpval; 548 549 /* 550 * mark the low partition as being used now 551 * 552 * It is highly unlikely that this bit is not already set, but 553 * let's do it for safety. 554 */ 555 regs->cr_ipsr |= IA64_PSR_MFL; 556 } 557} 558 559/* 560 * Those 2 inline functions generate the spilled versions of the constant floating point 561 * registers which can be used with stfX 562 */ 563static inline void 564float_spill_f0 (struct ia64_fpreg *final) 565{ 566 ia64_stf_spill(final, 0); 567} 568 569static inline void 570float_spill_f1 (struct ia64_fpreg *final) 571{ 572 ia64_stf_spill(final, 1); 573} 574 575static void 576getfpreg (unsigned long regnum, struct ia64_fpreg *fpval, struct pt_regs *regs) 577{ 578 struct switch_stack *sw = (struct switch_stack *) regs - 1; 579 unsigned long addr; 580 581 /* 582 * From EAS-2.5: FPDisableFault has higher priority than 583 * Unaligned Fault. Thus, when we get here, we know the partition is 584 * enabled. 585 * 586 * When regnum > 31, the register is still live and we need to force a save 587 * to current->thread.fph to get access to it. See discussion in setfpreg() 588 * for reasons and other ways of doing this. 589 */ 590 if (regnum >= IA64_FIRST_ROTATING_FR) { 591 ia64_flush_fph(current); 592 *fpval = current->thread.fph[fph_index(regs, regnum)]; 593 } else { 594 /* 595 * f0 = 0.0, f1= 1.0. Those registers are constant and are thus 596 * not saved, we must generate their spilled form on the fly 597 */ 598 switch(regnum) { 599 case 0: 600 float_spill_f0(fpval); 601 break; 602 case 1: 603 float_spill_f1(fpval); 604 break; 605 default: 606 /* 607 * pt_regs or switch_stack ? 608 */ 609 addr = FR_IN_SW(regnum) ? (unsigned long)sw 610 : (unsigned long)regs; 611 612 DPRINT("is_sw=%d tmp_base=%lx offset=0x%x\n", 613 FR_IN_SW(regnum), addr, FR_OFFS(regnum)); 614 615 addr += FR_OFFS(regnum); 616 *fpval = *(struct ia64_fpreg *)addr; 617 } 618 } 619} 620 621 622static void 623getreg (unsigned long regnum, unsigned long *val, int *nat, struct pt_regs *regs) 624{ 625 struct switch_stack *sw = (struct switch_stack *) regs - 1; 626 unsigned long addr, *unat; 627 628 if (regnum >= IA64_FIRST_STACKED_GR) { 629 get_rse_reg(regs, regnum, val, nat); 630 return; 631 } 632 633 /* 634 * take care of r0 (read-only always evaluate to 0) 635 */ 636 if (regnum == 0) { 637 *val = 0; 638 if (nat) 639 *nat = 0; 640 return; 641 } 642 643 /* 644 * Now look at registers in [0-31] range and init correct UNAT 645 */ 646 if (GR_IN_SW(regnum)) { 647 addr = (unsigned long)sw; 648 unat = &sw->ar_unat; 649 } else { 650 addr = (unsigned long)regs; 651 unat = &sw->caller_unat; 652 } 653 654 DPRINT("addr_base=%lx offset=0x%x\n", addr, GR_OFFS(regnum)); 655 656 addr += GR_OFFS(regnum); 657 658 *val = *(unsigned long *)addr; 659 660 /* 661 * do it only when requested 662 */ 663 if (nat) 664 *nat = (*unat >> (addr >> 3 & 0x3f)) & 0x1UL; 665} 666 667static void 668emulate_load_updates (update_t type, load_store_t ld, struct pt_regs *regs, unsigned long ifa) 669{ 670 /* 671 * IMPORTANT: 672 * Given the way we handle unaligned speculative loads, we should 673 * not get to this point in the code but we keep this sanity check, 674 * just in case. 675 */ 676 if (ld.x6_op == 1 || ld.x6_op == 3) { 677 printk(KERN_ERR "%s: register update on speculative load, error\n", __FUNCTION__); 678 die_if_kernel("unaligned reference on speculative load with register update\n", 679 regs, 30); 680 } 681 682 683 /* 684 * at this point, we know that the base register to update is valid i.e., 685 * it's not r0 686 */ 687 if (type == UPD_IMMEDIATE) { 688 unsigned long imm; 689 690 /* 691 * Load +Imm: ldXZ r1=[r3],imm(9) 692 * 693 * 694 * form imm9: [13:19] contain the first 7 bits 695 */ 696 imm = ld.x << 7 | ld.imm; 697 698 /* 699 * sign extend (1+8bits) if m set 700 */ 701 if (ld.m) imm |= SIGN_EXT9; 702 703 /* 704 * ifa == r3 and we know that the NaT bit on r3 was clear so 705 * we can directly use ifa. 706 */ 707 ifa += imm; 708 709 setreg(ld.r3, ifa, 0, regs); 710 711 DPRINT("ld.x=%d ld.m=%d imm=%ld r3=0x%lx\n", ld.x, ld.m, imm, ifa); 712 713 } else if (ld.m) { 714 unsigned long r2; 715 int nat_r2; 716 717 /* 718 * Load +Reg Opcode: ldXZ r1=[r3],r2 719 * 720 * Note: that we update r3 even in the case of ldfX.a 721 * (where the load does not happen) 722 * 723 * The way the load algorithm works, we know that r3 does not 724 * have its NaT bit set (would have gotten NaT consumption 725 * before getting the unaligned fault). So we can use ifa 726 * which equals r3 at this point. 727 * 728 * IMPORTANT: 729 * The above statement holds ONLY because we know that we 730 * never reach this code when trying to do a ldX.s. 731 * If we ever make it to here on an ldfX.s then 732 */ 733 getreg(ld.imm, &r2, &nat_r2, regs); 734 735 ifa += r2; 736 737 /* 738 * propagate Nat r2 -> r3 739 */ 740 setreg(ld.r3, ifa, nat_r2, regs); 741 742 DPRINT("imm=%d r2=%ld r3=0x%lx nat_r2=%d\n",ld.imm, r2, ifa, nat_r2); 743 } 744} 745 746 747static int 748emulate_load_int (unsigned long ifa, load_store_t ld, struct pt_regs *regs) 749{ 750 unsigned int len = 1 << ld.x6_sz; 751 unsigned long val = 0; 752 753 /* 754 * r0, as target, doesn't need to be checked because Illegal Instruction 755 * faults have higher priority than unaligned faults. 756 * 757 * r0 cannot be found as the base as it would never generate an 758 * unaligned reference. 759 */ 760 761 /* 762 * ldX.a we will emulate load and also invalidate the ALAT entry. 763 * See comment below for explanation on how we handle ldX.a 764 */ 765 766 if (len != 2 && len != 4 && len != 8) { 767 DPRINT("unknown size: x6=%d\n", ld.x6_sz); 768 return -1; 769 } 770 /* this assumes little-endian byte-order: */ 771 if (copy_from_user(&val, (void __user *) ifa, len)) 772 return -1; 773 setreg(ld.r1, val, 0, regs); 774 775 /* 776 * check for updates on any kind of loads 777 */ 778 if (ld.op == 0x5 || ld.m) 779 emulate_load_updates(ld.op == 0x5 ? UPD_IMMEDIATE: UPD_REG, ld, regs, ifa); 780 781 /* 782 * handling of various loads (based on EAS2.4): 783 * 784 * ldX.acq (ordered load): 785 * - acquire semantics would have been used, so force fence instead. 786 * 787 * ldX.c.clr (check load and clear): 788 * - if we get to this handler, it's because the entry was not in the ALAT. 789 * Therefore the operation reverts to a normal load 790 * 791 * ldX.c.nc (check load no clear): 792 * - same as previous one 793 * 794 * ldX.c.clr.acq (ordered check load and clear): 795 * - same as above for c.clr part. The load needs to have acquire semantics. So 796 * we use the fence semantics which is stronger and thus ensures correctness. 797 * 798 * ldX.a (advanced load): 799 * - suppose ldX.a r1=[r3]. If we get to the unaligned trap it's because the 800 * address doesn't match requested size alignment. This means that we would 801 * possibly need more than one load to get the result. 802 * 803 * The load part can be handled just like a normal load, however the difficult 804 * part is to get the right thing into the ALAT. The critical piece of information 805 * in the base address of the load & size. To do that, a ld.a must be executed, 806 * clearly any address can be pushed into the table by using ld1.a r1=[r3]. Now 807 * if we use the same target register, we will be okay for the check.a instruction. 808 * If we look at the store, basically a stX [r3]=r1 checks the ALAT for any entry 809 * which would overlap within [r3,r3+X] (the size of the load was store in the 810 * ALAT). If such an entry is found the entry is invalidated. But this is not good 811 * enough, take the following example: 812 * r3=3 813 * ld4.a r1=[r3] 814 * 815 * Could be emulated by doing: 816 * ld1.a r1=[r3],1 817 * store to temporary; 818 * ld1.a r1=[r3],1 819 * store & shift to temporary; 820 * ld1.a r1=[r3],1 821 * store & shift to temporary; 822 * ld1.a r1=[r3] 823 * store & shift to temporary; 824 * r1=temporary 825 * 826 * So in this case, you would get the right value is r1 but the wrong info in 827 * the ALAT. Notice that you could do it in reverse to finish with address 3 828 * but you would still get the size wrong. To get the size right, one needs to 829 * execute exactly the same kind of load. You could do it from a aligned 830 * temporary location, but you would get the address wrong. 831 * 832 * So no matter what, it is not possible to emulate an advanced load 833 * correctly. But is that really critical ? 834 * 835 * We will always convert ld.a into a normal load with ALAT invalidated. This 836 * will enable compiler to do optimization where certain code path after ld.a 837 * is not required to have ld.c/chk.a, e.g., code path with no intervening stores. 838 * 839 * If there is a store after the advanced load, one must either do a ld.c.* or 840 * chk.a.* to reuse the value stored in the ALAT. Both can "fail" (meaning no 841 * entry found in ALAT), and that's perfectly ok because: 842 * 843 * - ld.c.*, if the entry is not present a normal load is executed 844 * - chk.a.*, if the entry is not present, execution jumps to recovery code 845 * 846 * In either case, the load can be potentially retried in another form. 847 * 848 * ALAT must be invalidated for the register (so that chk.a or ld.c don't pick 849 * up a stale entry later). The register base update MUST also be performed. 850 */ 851 852 /* 853 * when the load has the .acq completer then 854 * use ordering fence. 855 */ 856 if (ld.x6_op == 0x5 || ld.x6_op == 0xa) 857 mb(); 858 859 /* 860 * invalidate ALAT entry in case of advanced load 861 */ 862 if (ld.x6_op == 0x2) 863 invala_gr(ld.r1); 864 865 return 0; 866} 867 868static int 869emulate_store_int (unsigned long ifa, load_store_t ld, struct pt_regs *regs) 870{ 871 unsigned long r2; 872 unsigned int len = 1 << ld.x6_sz; 873 874 /* 875 * if we get to this handler, Nat bits on both r3 and r2 have already 876 * been checked. so we don't need to do it 877 * 878 * extract the value to be stored 879 */ 880 getreg(ld.imm, &r2, NULL, regs); 881 882 /* 883 * we rely on the macros in unaligned.h for now i.e., 884 * we let the compiler figure out how to read memory gracefully. 885 * 886 * We need this switch/case because the way the inline function 887 * works. The code is optimized by the compiler and looks like 888 * a single switch/case. 889 */ 890 DPRINT("st%d [%lx]=%lx\n", len, ifa, r2); 891 892 if (len != 2 && len != 4 && len != 8) { 893 DPRINT("unknown size: x6=%d\n", ld.x6_sz); 894 return -1; 895 } 896 897 /* this assumes little-endian byte-order: */ 898 if (copy_to_user((void __user *) ifa, &r2, len)) 899 return -1; 900 901 /* 902 * stX [r3]=r2,imm(9) 903 * 904 * NOTE: 905 * ld.r3 can never be r0, because r0 would not generate an 906 * unaligned access. 907 */ 908 if (ld.op == 0x5) { 909 unsigned long imm; 910 911 /* 912 * form imm9: [12:6] contain first 7bits 913 */ 914 imm = ld.x << 7 | ld.r1; 915 /* 916 * sign extend (8bits) if m set 917 */ 918 if (ld.m) imm |= SIGN_EXT9; 919 /* 920 * ifa == r3 (NaT is necessarily cleared) 921 */ 922 ifa += imm; 923 924 DPRINT("imm=%lx r3=%lx\n", imm, ifa); 925 926 setreg(ld.r3, ifa, 0, regs); 927 } 928 /* 929 * we don't have alat_invalidate_multiple() so we need 930 * to do the complete flush :-<< 931 */ 932 ia64_invala(); 933 934 /* 935 * stX.rel: use fence instead of release 936 */ 937 if (ld.x6_op == 0xd) 938 mb(); 939 940 return 0; 941} 942 943/* 944 * floating point operations sizes in bytes 945 */ 946static const unsigned char float_fsz[4]={ 947 10, /* extended precision (e) */ 948 8, /* integer (8) */ 949 4, /* single precision (s) */ 950 8 /* double precision (d) */ 951}; 952 953static inline void 954mem2float_extended (struct ia64_fpreg *init, struct ia64_fpreg *final) 955{ 956 ia64_ldfe(6, init); 957 ia64_stop(); 958 ia64_stf_spill(final, 6); 959} 960 961static inline void 962mem2float_integer (struct ia64_fpreg *init, struct ia64_fpreg *final) 963{ 964 ia64_ldf8(6, init); 965 ia64_stop(); 966 ia64_stf_spill(final, 6); 967} 968 969static inline void 970mem2float_single (struct ia64_fpreg *init, struct ia64_fpreg *final) 971{ 972 ia64_ldfs(6, init); 973 ia64_stop(); 974 ia64_stf_spill(final, 6); 975} 976 977static inline void 978mem2float_double (struct ia64_fpreg *init, struct ia64_fpreg *final) 979{ 980 ia64_ldfd(6, init); 981 ia64_stop(); 982 ia64_stf_spill(final, 6); 983} 984 985static inline void 986float2mem_extended (struct ia64_fpreg *init, struct ia64_fpreg *final) 987{ 988 ia64_ldf_fill(6, init); 989 ia64_stop(); 990 ia64_stfe(final, 6); 991} 992 993static inline void 994float2mem_integer (struct ia64_fpreg *init, struct ia64_fpreg *final) 995{ 996 ia64_ldf_fill(6, init); 997 ia64_stop(); 998 ia64_stf8(final, 6); 999} 1000 1001static inline void 1002float2mem_single (struct ia64_fpreg *init, struct ia64_fpreg *final) 1003{ 1004 ia64_ldf_fill(6, init); 1005 ia64_stop(); 1006 ia64_stfs(final, 6); 1007} 1008 1009static inline void 1010float2mem_double (struct ia64_fpreg *init, struct ia64_fpreg *final) 1011{ 1012 ia64_ldf_fill(6, init); 1013 ia64_stop(); 1014 ia64_stfd(final, 6); 1015} 1016 1017static int 1018emulate_load_floatpair (unsigned long ifa, load_store_t ld, struct pt_regs *regs) 1019{ 1020 struct ia64_fpreg fpr_init[2]; 1021 struct ia64_fpreg fpr_final[2]; 1022 unsigned long len = float_fsz[ld.x6_sz]; 1023 1024 /* 1025 * fr0 & fr1 don't need to be checked because Illegal Instruction faults have 1026 * higher priority than unaligned faults. 1027 * 1028 * r0 cannot be found as the base as it would never generate an unaligned 1029 * reference. 1030 */ 1031 1032 /* 1033 * make sure we get clean buffers 1034 */ 1035 memset(&fpr_init, 0, sizeof(fpr_init)); 1036 memset(&fpr_final, 0, sizeof(fpr_final)); 1037 1038 /* 1039 * ldfpX.a: we don't try to emulate anything but we must 1040 * invalidate the ALAT entry and execute updates, if any. 1041 */ 1042 if (ld.x6_op != 0x2) { 1043 /* 1044 * This assumes little-endian byte-order. Note that there is no "ldfpe" 1045 * instruction: 1046 */ 1047 if (copy_from_user(&fpr_init[0], (void __user *) ifa, len) 1048 || copy_from_user(&fpr_init[1], (void __user *) (ifa + len), len)) 1049 return -1; 1050 1051 DPRINT("ld.r1=%d ld.imm=%d x6_sz=%d\n", ld.r1, ld.imm, ld.x6_sz); 1052 DDUMP("frp_init =", &fpr_init, 2*len); 1053 switch( ld.x6_sz ) { 1054 case 0: 1055 mem2float_extended(&fpr_init[0], &fpr_final[0]); 1056 mem2float_extended(&fpr_init[1], &fpr_final[1]); 1057 break; 1058 case 1: 1059 mem2float_integer(&fpr_init[0], &fpr_final[0]); 1060 mem2float_integer(&fpr_init[1], &fpr_final[1]); 1061 break; 1062 case 2: 1063 mem2float_single(&fpr_init[0], &fpr_final[0]); 1064 mem2float_single(&fpr_init[1], &fpr_final[1]); 1065 break; 1066 case 3: 1067 mem2float_double(&fpr_init[0], &fpr_final[0]); 1068 mem2float_double(&fpr_init[1], &fpr_final[1]); 1069 break; 1070 } 1071 DDUMP("fpr_final =", &fpr_final, 2*len); 1072 setfpreg(ld.r1, &fpr_final[0], regs); 1073 setfpreg(ld.imm, &fpr_final[1], regs); 1074 } 1075 1076 /* 1077 * Check for updates: only immediate updates are available for this 1078 * instruction. 1079 */ 1080 if (ld.m) { 1081 /* 1082 * the immediate is implicit given the ldsz of the operation: 1083 * single: 8 (2x4) and for all others it's 16 (2x8) 1084 */ 1085 ifa += len<<1; 1086 1087 /* 1088 * IMPORTANT: 1089 * the fact that we force the NaT of r3 to zero is ONLY valid 1090 * as long as we don't come here with a ldfpX.s. 1091 * For this reason we keep this sanity check 1092 */ 1093 if (ld.x6_op == 1 || ld.x6_op == 3) 1094 printk(KERN_ERR "%s: register update on speculative load pair, error\n", 1095 __FUNCTION__); 1096 1097 setreg(ld.r3, ifa, 0, regs); 1098 } 1099 1100 /* 1101 * Invalidate ALAT entries, if any, for both registers. 1102 */ 1103 if (ld.x6_op == 0x2) { 1104 invala_fr(ld.r1); 1105 invala_fr(ld.imm); 1106 } 1107 return 0; 1108} 1109 1110 1111static int 1112emulate_load_float (unsigned long ifa, load_store_t ld, struct pt_regs *regs) 1113{ 1114 struct ia64_fpreg fpr_init; 1115 struct ia64_fpreg fpr_final; 1116 unsigned long len = float_fsz[ld.x6_sz]; 1117 1118 /* 1119 * fr0 & fr1 don't need to be checked because Illegal Instruction 1120 * faults have higher priority than unaligned faults. 1121 * 1122 * r0 cannot be found as the base as it would never generate an 1123 * unaligned reference. 1124 */ 1125 1126 /* 1127 * make sure we get clean buffers 1128 */ 1129 memset(&fpr_init,0, sizeof(fpr_init)); 1130 memset(&fpr_final,0, sizeof(fpr_final)); 1131 1132 /* 1133 * ldfX.a we don't try to emulate anything but we must 1134 * invalidate the ALAT entry. 1135 * See comments in ldX for descriptions on how the various loads are handled. 1136 */ 1137 if (ld.x6_op != 0x2) { 1138 if (copy_from_user(&fpr_init, (void __user *) ifa, len)) 1139 return -1; 1140 1141 DPRINT("ld.r1=%d x6_sz=%d\n", ld.r1, ld.x6_sz); 1142 DDUMP("fpr_init =", &fpr_init, len); 1143 /* 1144 * we only do something for x6_op={0,8,9} 1145 */ 1146 switch( ld.x6_sz ) { 1147 case 0: 1148 mem2float_extended(&fpr_init, &fpr_final); 1149 break; 1150 case 1: 1151 mem2float_integer(&fpr_init, &fpr_final); 1152 break; 1153 case 2: 1154 mem2float_single(&fpr_init, &fpr_final); 1155 break; 1156 case 3: 1157 mem2float_double(&fpr_init, &fpr_final); 1158 break; 1159 } 1160 DDUMP("fpr_final =", &fpr_final, len); 1161 setfpreg(ld.r1, &fpr_final, regs); 1162 } 1163 1164 /* 1165 * check for updates on any loads 1166 */ 1167 if (ld.op == 0x7 || ld.m) 1168 emulate_load_updates(ld.op == 0x7 ? UPD_IMMEDIATE: UPD_REG, ld, regs, ifa); 1169 1170 /* 1171 * invalidate ALAT entry in case of advanced floating point loads 1172 */ 1173 if (ld.x6_op == 0x2) 1174 invala_fr(ld.r1); 1175 1176 return 0; 1177} 1178 1179 1180static int 1181emulate_store_float (unsigned long ifa, load_store_t ld, struct pt_regs *regs) 1182{ 1183 struct ia64_fpreg fpr_init; 1184 struct ia64_fpreg fpr_final; 1185 unsigned long len = float_fsz[ld.x6_sz]; 1186 1187 /* 1188 * make sure we get clean buffers 1189 */ 1190 memset(&fpr_init,0, sizeof(fpr_init)); 1191 memset(&fpr_final,0, sizeof(fpr_final)); 1192 1193 /* 1194 * if we get to this handler, Nat bits on both r3 and r2 have already 1195 * been checked. so we don't need to do it 1196 * 1197 * extract the value to be stored 1198 */ 1199 getfpreg(ld.imm, &fpr_init, regs); 1200 /* 1201 * during this step, we extract the spilled registers from the saved 1202 * context i.e., we refill. Then we store (no spill) to temporary 1203 * aligned location 1204 */ 1205 switch( ld.x6_sz ) { 1206 case 0: 1207 float2mem_extended(&fpr_init, &fpr_final); 1208 break; 1209 case 1: 1210 float2mem_integer(&fpr_init, &fpr_final); 1211 break; 1212 case 2: 1213 float2mem_single(&fpr_init, &fpr_final); 1214 break; 1215 case 3: 1216 float2mem_double(&fpr_init, &fpr_final); 1217 break; 1218 } 1219 DPRINT("ld.r1=%d x6_sz=%d\n", ld.r1, ld.x6_sz); 1220 DDUMP("fpr_init =", &fpr_init, len); 1221 DDUMP("fpr_final =", &fpr_final, len); 1222 1223 if (copy_to_user((void __user *) ifa, &fpr_final, len)) 1224 return -1; 1225 1226 /* 1227 * stfX [r3]=r2,imm(9) 1228 * 1229 * NOTE: 1230 * ld.r3 can never be r0, because r0 would not generate an 1231 * unaligned access. 1232 */ 1233 if (ld.op == 0x7) { 1234 unsigned long imm; 1235 1236 /* 1237 * form imm9: [12:6] contain first 7bits 1238 */ 1239 imm = ld.x << 7 | ld.r1; 1240 /* 1241 * sign extend (8bits) if m set 1242 */ 1243 if (ld.m) 1244 imm |= SIGN_EXT9; 1245 /* 1246 * ifa == r3 (NaT is necessarily cleared) 1247 */ 1248 ifa += imm; 1249 1250 DPRINT("imm=%lx r3=%lx\n", imm, ifa); 1251 1252 setreg(ld.r3, ifa, 0, regs); 1253 } 1254 /* 1255 * we don't have alat_invalidate_multiple() so we need 1256 * to do the complete flush :-<< 1257 */ 1258 ia64_invala(); 1259 1260 return 0; 1261} 1262 1263/* 1264 * Make sure we log the unaligned access, so that user/sysadmin can notice it and 1265 * eventually fix the program. However, we don't want to do that for every access so we 1266 * pace it with jiffies. This isn't really MP-safe, but it doesn't really have to be 1267 * either... 1268 */ 1269static int 1270within_logging_rate_limit (void) 1271{ 1272 static unsigned long count, last_time; 1273 1274 if (jiffies - last_time > 5*HZ) 1275 count = 0; 1276 if (count < 5) { 1277 last_time = jiffies; 1278 count++; 1279 return 1; 1280 } 1281 return 0; 1282 1283} 1284 1285void 1286ia64_handle_unaligned (unsigned long ifa, struct pt_regs *regs) 1287{ 1288 struct ia64_psr *ipsr = ia64_psr(regs); 1289 mm_segment_t old_fs = get_fs(); 1290 unsigned long bundle[2]; 1291 unsigned long opcode; 1292 struct siginfo si; 1293 const struct exception_table_entry *eh = NULL; 1294 union { 1295 unsigned long l; 1296 load_store_t insn; 1297 } u; 1298 int ret = -1; 1299 1300 if (ia64_psr(regs)->be) { 1301 /* we don't support big-endian accesses */ 1302 die_if_kernel("big-endian unaligned accesses are not supported", regs, 0); 1303 goto force_sigbus; 1304 } 1305 1306 /* 1307 * Treat kernel accesses for which there is an exception handler entry the same as 1308 * user-level unaligned accesses. Otherwise, a clever program could trick this 1309 * handler into reading an arbitrary kernel addresses... 1310 */ 1311 if (!user_mode(regs)) 1312 eh = search_exception_tables(regs->cr_iip + ia64_psr(regs)->ri); 1313 if (user_mode(regs) || eh) { 1314 if ((current->thread.flags & IA64_THREAD_UAC_SIGBUS) != 0) 1315 goto force_sigbus; 1316 1317 if (!no_unaligned_warning && 1318 !(current->thread.flags & IA64_THREAD_UAC_NOPRINT) && 1319 within_logging_rate_limit()) 1320 { 1321 char buf[200]; /* comm[] is at most 16 bytes... */ 1322 size_t len; 1323 1324 len = sprintf(buf, "%s(%d): unaligned access to 0x%016lx, " 1325 "ip=0x%016lx\n\r", current->comm, current->pid, 1326 ifa, regs->cr_iip + ipsr->ri); 1327 /* 1328 * Don't call tty_write_message() if we're in the kernel; we might 1329 * be holding locks... 1330 */ 1331 if (user_mode(regs)) 1332 tty_write_message(current->signal->tty, buf); 1333 buf[len-1] = '\0'; /* drop '\r' */ 1334 /* watch for command names containing %s */ 1335 printk(KERN_WARNING "%s", buf); 1336 } else { 1337 if (no_unaligned_warning && !noprint_warning) { 1338 noprint_warning = 1; 1339 printk(KERN_WARNING "%s(%d) encountered an " 1340 "unaligned exception which required\n" 1341 "kernel assistance, which degrades " 1342 "the performance of the application.\n" 1343 "Unaligned exception warnings have " 1344 "been disabled by the system " 1345 "administrator\n" 1346 "echo 0 > /proc/sys/kernel/ignore-" 1347 "unaligned-usertrap to re-enable\n", 1348 current->comm, current->pid); 1349 } 1350 } 1351 } else { 1352 if (within_logging_rate_limit()) 1353 printk(KERN_WARNING "kernel unaligned access to 0x%016lx, ip=0x%016lx\n", 1354 ifa, regs->cr_iip + ipsr->ri); 1355 set_fs(KERNEL_DS); 1356 } 1357 1358 DPRINT("iip=%lx ifa=%lx isr=%lx (ei=%d, sp=%d)\n", 1359 regs->cr_iip, ifa, regs->cr_ipsr, ipsr->ri, ipsr->it); 1360 1361 if (__copy_from_user(bundle, (void __user *) regs->cr_iip, 16)) 1362 goto failure; 1363 1364 /* 1365 * extract the instruction from the bundle given the slot number 1366 */ 1367 switch (ipsr->ri) { 1368 case 0: u.l = (bundle[0] >> 5); break; 1369 case 1: u.l = (bundle[0] >> 46) | (bundle[1] << 18); break; 1370 case 2: u.l = (bundle[1] >> 23); break; 1371 } 1372 opcode = (u.l >> IA64_OPCODE_SHIFT) & IA64_OPCODE_MASK; 1373 1374 DPRINT("opcode=%lx ld.qp=%d ld.r1=%d ld.imm=%d ld.r3=%d ld.x=%d ld.hint=%d " 1375 "ld.x6=0x%x ld.m=%d ld.op=%d\n", opcode, u.insn.qp, u.insn.r1, u.insn.imm, 1376 u.insn.r3, u.insn.x, u.insn.hint, u.insn.x6_sz, u.insn.m, u.insn.op); 1377 1378 switch (opcode) { 1379 case LDS_OP: 1380 case LDSA_OP: 1381 if (u.insn.x) 1382 /* oops, really a semaphore op (cmpxchg, etc) */ 1383 goto failure; 1384 /* no break */ 1385 case LDS_IMM_OP: 1386 case LDSA_IMM_OP: 1387 case LDFS_OP: 1388 case LDFSA_OP: 1389 case LDFS_IMM_OP: 1390 /* 1391 * The instruction will be retried with deferred exceptions turned on, and 1392 * we should get Nat bit installed 1393 * 1394 * IMPORTANT: When PSR_ED is set, the register & immediate update forms 1395 * are actually executed even though the operation failed. So we don't 1396 * need to take care of this. 1397 */ 1398 DPRINT("forcing PSR_ED\n"); 1399 regs->cr_ipsr |= IA64_PSR_ED; 1400 goto done; 1401 1402 case LD_OP: 1403 case LDA_OP: 1404 case LDBIAS_OP: 1405 case LDACQ_OP: 1406 case LDCCLR_OP: 1407 case LDCNC_OP: 1408 case LDCCLRACQ_OP: 1409 if (u.insn.x) 1410 /* oops, really a semaphore op (cmpxchg, etc) */ 1411 goto failure; 1412 /* no break */ 1413 case LD_IMM_OP: 1414 case LDA_IMM_OP: 1415 case LDBIAS_IMM_OP: 1416 case LDACQ_IMM_OP: 1417 case LDCCLR_IMM_OP: 1418 case LDCNC_IMM_OP: 1419 case LDCCLRACQ_IMM_OP: 1420 ret = emulate_load_int(ifa, u.insn, regs); 1421 break; 1422 1423 case ST_OP: 1424 case STREL_OP: 1425 if (u.insn.x) 1426 /* oops, really a semaphore op (cmpxchg, etc) */ 1427 goto failure; 1428 /* no break */ 1429 case ST_IMM_OP: 1430 case STREL_IMM_OP: 1431 ret = emulate_store_int(ifa, u.insn, regs); 1432 break; 1433 1434 case LDF_OP: 1435 case LDFA_OP: 1436 case LDFCCLR_OP: 1437 case LDFCNC_OP: 1438 case LDF_IMM_OP: 1439 case LDFA_IMM_OP: 1440 case LDFCCLR_IMM_OP: 1441 case LDFCNC_IMM_OP: 1442 if (u.insn.x) 1443 ret = emulate_load_floatpair(ifa, u.insn, regs); 1444 else 1445 ret = emulate_load_float(ifa, u.insn, regs); 1446 break; 1447 1448 case STF_OP: 1449 case STF_IMM_OP: 1450 ret = emulate_store_float(ifa, u.insn, regs); 1451 break; 1452 1453 default: 1454 goto failure; 1455 } 1456 DPRINT("ret=%d\n", ret); 1457 if (ret) 1458 goto failure; 1459 1460 if (ipsr->ri == 2) 1461 /* 1462 * given today's architecture this case is not likely to happen because a 1463 * memory access instruction (M) can never be in the last slot of a 1464 * bundle. But let's keep it for now. 1465 */ 1466 regs->cr_iip += 16; 1467 ipsr->ri = (ipsr->ri + 1) & 0x3; 1468 1469 DPRINT("ipsr->ri=%d iip=%lx\n", ipsr->ri, regs->cr_iip); 1470 done: 1471 set_fs(old_fs); /* restore original address limit */ 1472 return; 1473 1474 failure: 1475 /* something went wrong... */ 1476 if (!user_mode(regs)) { 1477 if (eh) { 1478 ia64_handle_exception(regs, eh); 1479 goto done; 1480 } 1481 die_if_kernel("error during unaligned kernel access\n", regs, ret); 1482 /* NOT_REACHED */ 1483 } 1484 force_sigbus: 1485 si.si_signo = SIGBUS; 1486 si.si_errno = 0; 1487 si.si_code = BUS_ADRALN; 1488 si.si_addr = (void __user *) ifa; 1489 si.si_flags = 0; 1490 si.si_isr = 0; 1491 si.si_imm = 0; 1492 force_sig_info(SIGBUS, &si, current); 1493 goto done; 1494} 1495