Linux 2.6.17.7
[linux/fpc-iii.git] / arch / ppc / mm / fault.c
blob8e08ca32531a878d4b450910ab437c4125cdf6dc
1 /*
2 * PowerPC version
3 * Copyright (C) 1995-1996 Gary Thomas (gdt@linuxppc.org)
5 * Derived from "arch/i386/mm/fault.c"
6 * Copyright (C) 1991, 1992, 1993, 1994 Linus Torvalds
8 * Modified by Cort Dougan and Paul Mackerras.
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version
13 * 2 of the License, or (at your option) any later version.
16 #include <linux/config.h>
17 #include <linux/signal.h>
18 #include <linux/sched.h>
19 #include <linux/kernel.h>
20 #include <linux/errno.h>
21 #include <linux/string.h>
22 #include <linux/types.h>
23 #include <linux/ptrace.h>
24 #include <linux/mman.h>
25 #include <linux/mm.h>
26 #include <linux/interrupt.h>
27 #include <linux/highmem.h>
28 #include <linux/module.h>
30 #include <asm/page.h>
31 #include <asm/pgtable.h>
32 #include <asm/mmu.h>
33 #include <asm/mmu_context.h>
34 #include <asm/system.h>
35 #include <asm/uaccess.h>
36 #include <asm/tlbflush.h>
38 #if defined(CONFIG_XMON) || defined(CONFIG_KGDB)
39 extern void (*debugger)(struct pt_regs *);
40 extern void (*debugger_fault_handler)(struct pt_regs *);
41 extern int (*debugger_dabr_match)(struct pt_regs *);
42 int debugger_kernel_faults = 1;
43 #endif
45 unsigned long htab_reloads; /* updated by hashtable.S:hash_page() */
46 unsigned long htab_evicts; /* updated by hashtable.S:hash_page() */
47 unsigned long htab_preloads; /* updated by hashtable.S:add_hash_page() */
48 unsigned long pte_misses; /* updated by do_page_fault() */
49 unsigned long pte_errors; /* updated by do_page_fault() */
50 unsigned int probingmem;
53 * Check whether the instruction at regs->nip is a store using
54 * an update addressing form which will update r1.
56 static int store_updates_sp(struct pt_regs *regs)
58 unsigned int inst;
60 if (get_user(inst, (unsigned int __user *)regs->nip))
61 return 0;
62 /* check for 1 in the rA field */
63 if (((inst >> 16) & 0x1f) != 1)
64 return 0;
65 /* check major opcode */
66 switch (inst >> 26) {
67 case 37: /* stwu */
68 case 39: /* stbu */
69 case 45: /* sthu */
70 case 53: /* stfsu */
71 case 55: /* stfdu */
72 return 1;
73 case 31:
74 /* check minor opcode */
75 switch ((inst >> 1) & 0x3ff) {
76 case 183: /* stwux */
77 case 247: /* stbux */
78 case 439: /* sthux */
79 case 695: /* stfsux */
80 case 759: /* stfdux */
81 return 1;
84 return 0;
88 * For 600- and 800-family processors, the error_code parameter is DSISR
89 * for a data fault, SRR1 for an instruction fault. For 400-family processors
90 * the error_code parameter is ESR for a data fault, 0 for an instruction
91 * fault.
93 int do_page_fault(struct pt_regs *regs, unsigned long address,
94 unsigned long error_code)
96 struct vm_area_struct * vma;
97 struct mm_struct *mm = current->mm;
98 siginfo_t info;
99 int code = SEGV_MAPERR;
100 #if defined(CONFIG_4xx) || defined (CONFIG_BOOKE)
101 int is_write = error_code & ESR_DST;
102 #else
103 int is_write = 0;
106 * Fortunately the bit assignments in SRR1 for an instruction
107 * fault and DSISR for a data fault are mostly the same for the
108 * bits we are interested in. But there are some bits which
109 * indicate errors in DSISR but can validly be set in SRR1.
111 if (TRAP(regs) == 0x400)
112 error_code &= 0x48200000;
113 else
114 is_write = error_code & 0x02000000;
115 #endif /* CONFIG_4xx || CONFIG_BOOKE */
117 #if defined(CONFIG_XMON) || defined(CONFIG_KGDB)
118 if (debugger_fault_handler && TRAP(regs) == 0x300) {
119 debugger_fault_handler(regs);
120 return 0;
122 #if !(defined(CONFIG_4xx) || defined(CONFIG_BOOKE))
123 if (error_code & 0x00400000) {
124 /* DABR match */
125 if (debugger_dabr_match(regs))
126 return 0;
128 #endif /* !(CONFIG_4xx || CONFIG_BOOKE)*/
129 #endif /* CONFIG_XMON || CONFIG_KGDB */
131 if (in_atomic() || mm == NULL)
132 return SIGSEGV;
134 down_read(&mm->mmap_sem);
135 vma = find_vma(mm, address);
136 if (!vma)
137 goto bad_area;
138 if (vma->vm_start <= address)
139 goto good_area;
140 if (!(vma->vm_flags & VM_GROWSDOWN))
141 goto bad_area;
142 if (!is_write)
143 goto bad_area;
146 * N.B. The rs6000/xcoff ABI allows programs to access up to
147 * a few hundred bytes below the stack pointer.
148 * The kernel signal delivery code writes up to about 1.5kB
149 * below the stack pointer (r1) before decrementing it.
150 * The exec code can write slightly over 640kB to the stack
151 * before setting the user r1. Thus we allow the stack to
152 * expand to 1MB without further checks.
154 if (address + 0x100000 < vma->vm_end) {
155 /* get user regs even if this fault is in kernel mode */
156 struct pt_regs *uregs = current->thread.regs;
157 if (uregs == NULL)
158 goto bad_area;
161 * A user-mode access to an address a long way below
162 * the stack pointer is only valid if the instruction
163 * is one which would update the stack pointer to the
164 * address accessed if the instruction completed,
165 * i.e. either stwu rs,n(r1) or stwux rs,r1,rb
166 * (or the byte, halfword, float or double forms).
168 * If we don't check this then any write to the area
169 * between the last mapped region and the stack will
170 * expand the stack rather than segfaulting.
172 if (address + 2048 < uregs->gpr[1]
173 && (!user_mode(regs) || !store_updates_sp(regs)))
174 goto bad_area;
176 if (expand_stack(vma, address))
177 goto bad_area;
179 good_area:
180 code = SEGV_ACCERR;
181 #if defined(CONFIG_6xx)
182 if (error_code & 0x95700000)
183 /* an error such as lwarx to I/O controller space,
184 address matching DABR, eciwx, etc. */
185 goto bad_area;
186 #endif /* CONFIG_6xx */
187 #if defined(CONFIG_8xx)
188 /* The MPC8xx seems to always set 0x80000000, which is
189 * "undefined". Of those that can be set, this is the only
190 * one which seems bad.
192 if (error_code & 0x10000000)
193 /* Guarded storage error. */
194 goto bad_area;
195 #endif /* CONFIG_8xx */
197 /* a write */
198 if (is_write) {
199 if (!(vma->vm_flags & VM_WRITE))
200 goto bad_area;
201 #if defined(CONFIG_4xx) || defined(CONFIG_BOOKE)
202 /* an exec - 4xx/Book-E allows for per-page execute permission */
203 } else if (TRAP(regs) == 0x400) {
204 pte_t *ptep;
205 pmd_t *pmdp;
207 #if 0
208 /* It would be nice to actually enforce the VM execute
209 permission on CPUs which can do so, but far too
210 much stuff in userspace doesn't get the permissions
211 right, so we let any page be executed for now. */
212 if (! (vma->vm_flags & VM_EXEC))
213 goto bad_area;
214 #endif
216 /* Since 4xx/Book-E supports per-page execute permission,
217 * we lazily flush dcache to icache. */
218 ptep = NULL;
219 if (get_pteptr(mm, address, &ptep, &pmdp)) {
220 spinlock_t *ptl = pte_lockptr(mm, pmdp);
221 spin_lock(ptl);
222 if (pte_present(*ptep)) {
223 struct page *page = pte_page(*ptep);
225 if (!test_bit(PG_arch_1, &page->flags)) {
226 flush_dcache_icache_page(page);
227 set_bit(PG_arch_1, &page->flags);
229 pte_update(ptep, 0, _PAGE_HWEXEC);
230 _tlbie(address);
231 pte_unmap_unlock(ptep, ptl);
232 up_read(&mm->mmap_sem);
233 return 0;
235 pte_unmap_unlock(ptep, ptl);
237 #endif
238 /* a read */
239 } else {
240 /* protection fault */
241 if (error_code & 0x08000000)
242 goto bad_area;
243 if (!(vma->vm_flags & (VM_READ | VM_EXEC)))
244 goto bad_area;
248 * If for any reason at all we couldn't handle the fault,
249 * make sure we exit gracefully rather than endlessly redo
250 * the fault.
252 survive:
253 switch (handle_mm_fault(mm, vma, address, is_write)) {
254 case VM_FAULT_MINOR:
255 current->min_flt++;
256 break;
257 case VM_FAULT_MAJOR:
258 current->maj_flt++;
259 break;
260 case VM_FAULT_SIGBUS:
261 goto do_sigbus;
262 case VM_FAULT_OOM:
263 goto out_of_memory;
264 default:
265 BUG();
268 up_read(&mm->mmap_sem);
270 * keep track of tlb+htab misses that are good addrs but
271 * just need pte's created via handle_mm_fault()
272 * -- Cort
274 pte_misses++;
275 return 0;
277 bad_area:
278 up_read(&mm->mmap_sem);
279 pte_errors++;
281 /* User mode accesses cause a SIGSEGV */
282 if (user_mode(regs)) {
283 _exception(SIGSEGV, regs, code, address);
284 return 0;
287 return SIGSEGV;
290 * We ran out of memory, or some other thing happened to us that made
291 * us unable to handle the page fault gracefully.
293 out_of_memory:
294 up_read(&mm->mmap_sem);
295 if (current->pid == 1) {
296 yield();
297 down_read(&mm->mmap_sem);
298 goto survive;
300 printk("VM: killing process %s\n", current->comm);
301 if (user_mode(regs))
302 do_exit(SIGKILL);
303 return SIGKILL;
305 do_sigbus:
306 up_read(&mm->mmap_sem);
307 info.si_signo = SIGBUS;
308 info.si_errno = 0;
309 info.si_code = BUS_ADRERR;
310 info.si_addr = (void __user *)address;
311 force_sig_info (SIGBUS, &info, current);
312 if (!user_mode(regs))
313 return SIGBUS;
314 return 0;
318 * bad_page_fault is called when we have a bad access from the kernel.
319 * It is called from the DSI and ISI handlers in head.S and from some
320 * of the procedures in traps.c.
322 void
323 bad_page_fault(struct pt_regs *regs, unsigned long address, int sig)
325 const struct exception_table_entry *entry;
327 /* Are we prepared to handle this fault? */
328 if ((entry = search_exception_tables(regs->nip)) != NULL) {
329 regs->nip = entry->fixup;
330 return;
333 /* kernel has accessed a bad area */
334 #if defined(CONFIG_XMON) || defined(CONFIG_KGDB)
335 if (debugger_kernel_faults)
336 debugger(regs);
337 #endif
338 die("kernel access of bad area", regs, sig);
341 #ifdef CONFIG_8xx
343 /* The pgtable.h claims some functions generically exist, but I
344 * can't find them......
346 pte_t *va_to_pte(unsigned long address)
348 pgd_t *dir;
349 pmd_t *pmd;
350 pte_t *pte;
352 if (address < TASK_SIZE)
353 return NULL;
355 dir = pgd_offset(&init_mm, address);
356 if (dir) {
357 pmd = pmd_offset(dir, address & PAGE_MASK);
358 if (pmd && pmd_present(*pmd)) {
359 pte = pte_offset_kernel(pmd, address & PAGE_MASK);
360 if (pte && pte_present(*pte))
361 return(pte);
364 return NULL;
367 unsigned long va_to_phys(unsigned long address)
369 pte_t *pte;
371 pte = va_to_pte(address);
372 if (pte)
373 return(((unsigned long)(pte_val(*pte)) & PAGE_MASK) | (address & ~(PAGE_MASK)));
374 return (0);
377 void
378 print_8xx_pte(struct mm_struct *mm, unsigned long addr)
380 pgd_t * pgd;
381 pmd_t * pmd;
382 pte_t * pte;
384 printk(" pte @ 0x%8lx: ", addr);
385 pgd = pgd_offset(mm, addr & PAGE_MASK);
386 if (pgd) {
387 pmd = pmd_offset(pgd, addr & PAGE_MASK);
388 if (pmd && pmd_present(*pmd)) {
389 pte = pte_offset_kernel(pmd, addr & PAGE_MASK);
390 if (pte) {
391 printk(" (0x%08lx)->(0x%08lx)->0x%08lx\n",
392 (long)pgd, (long)pte, (long)pte_val(*pte));
393 #define pp ((long)pte_val(*pte))
394 printk(" RPN: %05lx PP: %lx SPS: %lx SH: %lx "
395 "CI: %lx v: %lx\n",
396 pp>>12, /* rpn */
397 (pp>>10)&3, /* pp */
398 (pp>>3)&1, /* small */
399 (pp>>2)&1, /* shared */
400 (pp>>1)&1, /* cache inhibit */
401 pp&1 /* valid */
403 #undef pp
405 else {
406 printk("no pte\n");
409 else {
410 printk("no pmd\n");
413 else {
414 printk("no pgd\n");
419 get_8xx_pte(struct mm_struct *mm, unsigned long addr)
421 pgd_t * pgd;
422 pmd_t * pmd;
423 pte_t * pte;
424 int retval = 0;
426 pgd = pgd_offset(mm, addr & PAGE_MASK);
427 if (pgd) {
428 pmd = pmd_offset(pgd, addr & PAGE_MASK);
429 if (pmd && pmd_present(*pmd)) {
430 pte = pte_offset_kernel(pmd, addr & PAGE_MASK);
431 if (pte) {
432 retval = (int)pte_val(*pte);
436 return(retval);
438 #endif /* CONFIG_8xx */