2 * Copyright (C) 1995-1996 Gary Thomas (gdt@linuxppc.org)
3 * Copyright 2007-2010 Freescale Semiconductor, Inc.
5 * This program is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU General Public License
7 * as published by the Free Software Foundation; either version
8 * 2 of the License, or (at your option) any later version.
10 * Modified by Cort Dougan (cort@cs.nmt.edu)
11 * and Paul Mackerras (paulus@samba.org)
15 * This file handles the architecture-dependent parts of hardware exceptions
18 #include <linux/errno.h>
19 #include <linux/sched.h>
20 #include <linux/sched/debug.h>
21 #include <linux/kernel.h>
23 #include <linux/pkeys.h>
24 #include <linux/stddef.h>
25 #include <linux/unistd.h>
26 #include <linux/ptrace.h>
27 #include <linux/user.h>
28 #include <linux/interrupt.h>
29 #include <linux/init.h>
30 #include <linux/extable.h>
31 #include <linux/module.h> /* print_modules */
32 #include <linux/prctl.h>
33 #include <linux/delay.h>
34 #include <linux/kprobes.h>
35 #include <linux/kexec.h>
36 #include <linux/backlight.h>
37 #include <linux/bug.h>
38 #include <linux/kdebug.h>
39 #include <linux/ratelimit.h>
40 #include <linux/context_tracking.h>
41 #include <linux/smp.h>
42 #include <linux/console.h>
43 #include <linux/kmsg_dump.h>
45 #include <asm/emulated_ops.h>
46 #include <asm/pgtable.h>
47 #include <linux/uaccess.h>
48 #include <asm/debugfs.h>
50 #include <asm/machdep.h>
54 #ifdef CONFIG_PMAC_BACKLIGHT
55 #include <asm/backlight.h>
58 #include <asm/firmware.h>
59 #include <asm/processor.h>
62 #include <asm/kexec.h>
63 #include <asm/ppc-opcode.h>
65 #include <asm/fadump.h>
66 #include <asm/switch_to.h>
68 #include <asm/debug.h>
69 #include <asm/asm-prototypes.h>
71 #include <sysdev/fsl_pci.h>
72 #include <asm/kprobes.h>
73 #include <asm/stacktrace.h>
75 #if defined(CONFIG_DEBUGGER) || defined(CONFIG_KEXEC_CORE)
76 int (*__debugger)(struct pt_regs *regs) __read_mostly;
77 int (*__debugger_ipi)(struct pt_regs *regs) __read_mostly;
78 int (*__debugger_bpt)(struct pt_regs *regs) __read_mostly;
79 int (*__debugger_sstep)(struct pt_regs *regs) __read_mostly;
80 int (*__debugger_iabr_match)(struct pt_regs *regs) __read_mostly;
81 int (*__debugger_break_match)(struct pt_regs *regs) __read_mostly;
82 int (*__debugger_fault_handler)(struct pt_regs *regs) __read_mostly;
84 EXPORT_SYMBOL(__debugger);
85 EXPORT_SYMBOL(__debugger_ipi);
86 EXPORT_SYMBOL(__debugger_bpt);
87 EXPORT_SYMBOL(__debugger_sstep);
88 EXPORT_SYMBOL(__debugger_iabr_match);
89 EXPORT_SYMBOL(__debugger_break_match);
90 EXPORT_SYMBOL(__debugger_fault_handler);
93 /* Transactional Memory trap debug */
95 #define TM_DEBUG(x...) printk(KERN_INFO x)
97 #define TM_DEBUG(x...) do { } while(0)
100 static const char *signame(int signr)
103 case SIGBUS: return "bus error";
104 case SIGFPE: return "floating point exception";
105 case SIGILL: return "illegal instruction";
106 case SIGSEGV: return "segfault";
107 case SIGTRAP: return "unhandled trap";
110 return "unknown signal";
114 * Trap & Exception support
117 #ifdef CONFIG_PMAC_BACKLIGHT
118 static void pmac_backlight_unblank(void)
120 mutex_lock(&pmac_backlight_mutex);
121 if (pmac_backlight) {
122 struct backlight_properties *props;
124 props = &pmac_backlight->props;
125 props->brightness = props->max_brightness;
126 props->power = FB_BLANK_UNBLANK;
127 backlight_update_status(pmac_backlight);
129 mutex_unlock(&pmac_backlight_mutex);
132 static inline void pmac_backlight_unblank(void) { }
136 * If oops/die is expected to crash the machine, return true here.
138 * This should not be expected to be 100% accurate, there may be
139 * notifiers registered or other unexpected conditions that may bring
140 * down the kernel. Or if the current process in the kernel is holding
141 * locks or has other critical state, the kernel may become effectively
144 bool die_will_crash(void)
146 if (should_fadump_crash())
148 if (kexec_should_crash(current))
150 if (in_interrupt() || panic_on_oops ||
151 !current->pid || is_global_init(current))
157 static arch_spinlock_t die_lock = __ARCH_SPIN_LOCK_UNLOCKED;
158 static int die_owner = -1;
159 static unsigned int die_nest_count;
160 static int die_counter;
162 extern void panic_flush_kmsg_start(void)
165 * These are mostly taken from kernel/panic.c, but tries to do
166 * relatively minimal work. Don't use delay functions (TB may
167 * be broken), don't crash dump (need to set a firmware log),
168 * don't run notifiers. We do want to get some information to
175 extern void panic_flush_kmsg_end(void)
177 printk_safe_flush_on_panic();
178 kmsg_dump(KMSG_DUMP_PANIC);
181 console_flush_on_panic();
184 static unsigned long oops_begin(struct pt_regs *regs)
191 /* racy, but better than risking deadlock. */
192 raw_local_irq_save(flags);
193 cpu = smp_processor_id();
194 if (!arch_spin_trylock(&die_lock)) {
195 if (cpu == die_owner)
196 /* nested oops. should stop eventually */;
198 arch_spin_lock(&die_lock);
204 if (machine_is(powermac))
205 pmac_backlight_unblank();
208 NOKPROBE_SYMBOL(oops_begin);
210 static void oops_end(unsigned long flags, struct pt_regs *regs,
214 add_taint(TAINT_DIE, LOCKDEP_NOW_UNRELIABLE);
218 if (!die_nest_count) {
219 /* Nest count reaches zero, release the lock. */
221 arch_spin_unlock(&die_lock);
223 raw_local_irq_restore(flags);
226 * system_reset_excption handles debugger, crash dump, panic, for 0x100
228 if (TRAP(regs) == 0x100)
231 crash_fadump(regs, "die oops");
233 if (kexec_should_crash(current))
240 * While our oops output is serialised by a spinlock, output
241 * from panic() called below can race and corrupt it. If we
242 * know we are going to panic, delay for 1 second so we have a
243 * chance to get clean backtraces from all CPUs that are oopsing.
245 if (in_interrupt() || panic_on_oops || !current->pid ||
246 is_global_init(current)) {
247 mdelay(MSEC_PER_SEC);
251 panic("Fatal exception in interrupt");
253 panic("Fatal exception");
254 make_task_dead(signr);
256 NOKPROBE_SYMBOL(oops_end);
258 static int __die(const char *str, struct pt_regs *regs, long err)
260 printk("Oops: %s, sig: %ld [#%d]\n", str, err, ++die_counter);
262 if (IS_ENABLED(CONFIG_CPU_LITTLE_ENDIAN))
267 if (IS_ENABLED(CONFIG_PREEMPT))
270 if (IS_ENABLED(CONFIG_SMP))
271 pr_cont("SMP NR_CPUS=%d ", NR_CPUS);
273 if (debug_pagealloc_enabled())
274 pr_cont("DEBUG_PAGEALLOC ");
276 if (IS_ENABLED(CONFIG_NUMA))
279 pr_cont("%s\n", ppc_md.name ? ppc_md.name : "");
281 if (notify_die(DIE_OOPS, str, regs, err, 255, SIGSEGV) == NOTIFY_STOP)
289 NOKPROBE_SYMBOL(__die);
291 void die(const char *str, struct pt_regs *regs, long err)
296 * system_reset_excption handles debugger, crash dump, panic, for 0x100
298 if (TRAP(regs) != 0x100) {
303 flags = oops_begin(regs);
304 if (__die(str, regs, err))
306 oops_end(flags, regs, err);
308 NOKPROBE_SYMBOL(die);
310 void user_single_step_siginfo(struct task_struct *tsk,
311 struct pt_regs *regs, siginfo_t *info)
313 info->si_signo = SIGTRAP;
314 info->si_code = TRAP_TRACE;
315 info->si_addr = (void __user *)regs->nip;
318 static void show_signal_msg(int signr, struct pt_regs *regs, int code,
321 static DEFINE_RATELIMIT_STATE(rs, DEFAULT_RATELIMIT_INTERVAL,
322 DEFAULT_RATELIMIT_BURST);
324 if (!show_unhandled_signals)
327 if (!unhandled_signal(current, signr))
330 if (!__ratelimit(&rs))
333 pr_info("%s[%d]: %s (%d) at %lx nip %lx lr %lx code %x",
334 current->comm, current->pid, signame(signr), signr,
335 addr, regs->nip, regs->link, code);
337 print_vma_addr(KERN_CONT " in ", regs->nip);
341 show_user_instructions(regs);
344 void _exception_pkey(int signr, struct pt_regs *regs, int code,
345 unsigned long addr, int key)
349 if (!user_mode(regs)) {
350 die("Exception in kernel mode", regs, signr);
354 show_signal_msg(signr, regs, code, addr);
356 if (arch_irqs_disabled() && !arch_irq_disabled_regs(regs))
359 current->thread.trap_nr = code;
362 * Save all the pkey registers AMR/IAMR/UAMOR. Eg: Core dumps need
363 * to capture the content, if the task gets killed.
365 thread_pkey_regs_save(¤t->thread);
367 clear_siginfo(&info);
368 info.si_signo = signr;
370 info.si_addr = (void __user *) addr;
373 force_sig_info(signr, &info, current);
376 void _exception(int signr, struct pt_regs *regs, int code, unsigned long addr)
378 _exception_pkey(signr, regs, code, addr, 0);
381 void system_reset_exception(struct pt_regs *regs)
384 * Avoid crashes in case of nested NMI exceptions. Recoverability
385 * is determined by RI and in_nmi
387 bool nested = in_nmi();
391 __this_cpu_inc(irq_stat.sreset_irqs);
393 /* See if any machine dependent calls */
394 if (ppc_md.system_reset_exception) {
395 if (ppc_md.system_reset_exception(regs))
402 kmsg_dump(KMSG_DUMP_OOPS);
404 * A system reset is a request to dump, so we always send
405 * it through the crashdump code (if fadump or kdump are
408 crash_fadump(regs, "System Reset");
413 * We aren't the primary crash CPU. We need to send it
414 * to a holding pattern to avoid it ending up in the panic
417 crash_kexec_secondary(regs);
420 * No debugger or crash dump registered, print logs then
423 die("System Reset", regs, SIGABRT);
425 mdelay(2*MSEC_PER_SEC); /* Wait a little while for others to print */
426 add_taint(TAINT_DIE, LOCKDEP_NOW_UNRELIABLE);
427 nmi_panic(regs, "System Reset");
430 #ifdef CONFIG_PPC_BOOK3S_64
431 BUG_ON(get_paca()->in_nmi == 0);
432 if (get_paca()->in_nmi > 1)
433 die("Unrecoverable nested System Reset", regs, SIGABRT);
435 /* Must die if the interrupt is not recoverable */
436 if (!(regs->msr & MSR_RI)) {
437 /* For the reason explained in die_mce, nmi_exit before die */
439 die("Unrecoverable System Reset", regs, SIGABRT);
445 /* What should we do here? We could issue a shutdown or hard reset. */
449 * I/O accesses can cause machine checks on powermacs.
450 * Check if the NIP corresponds to the address of a sync
451 * instruction for which there is an entry in the exception
453 * Note that the 601 only takes a machine check on TEA
454 * (transfer error ack) signal assertion, and does not
455 * set any of the top 16 bits of SRR1.
458 static inline int check_io_access(struct pt_regs *regs)
461 unsigned long msr = regs->msr;
462 const struct exception_table_entry *entry;
463 unsigned int *nip = (unsigned int *)regs->nip;
465 if (((msr & 0xffff0000) == 0 || (msr & (0x80000 | 0x40000)))
466 && (entry = search_exception_tables(regs->nip)) != NULL) {
468 * Check that it's a sync instruction, or somewhere
469 * in the twi; isync; nop sequence that inb/inw/inl uses.
470 * As the address is in the exception table
471 * we should be able to read the instr there.
472 * For the debug message, we look at the preceding
475 if (*nip == PPC_INST_NOP)
477 else if (*nip == PPC_INST_ISYNC)
479 if (*nip == PPC_INST_SYNC || (*nip >> 26) == OP_TRAP) {
483 rb = (*nip >> 11) & 0x1f;
484 printk(KERN_DEBUG "%s bad port %lx at %p\n",
485 (*nip & 0x100)? "OUT to": "IN from",
486 regs->gpr[rb] - _IO_BASE, nip);
488 regs->nip = extable_fixup(entry);
492 #endif /* CONFIG_PPC32 */
496 #ifdef CONFIG_PPC_ADV_DEBUG_REGS
497 /* On 4xx, the reason for the machine check or program exception
499 #define get_reason(regs) ((regs)->dsisr)
500 #define REASON_FP ESR_FP
501 #define REASON_ILLEGAL (ESR_PIL | ESR_PUO)
502 #define REASON_PRIVILEGED ESR_PPR
503 #define REASON_TRAP ESR_PTR
505 /* single-step stuff */
506 #define single_stepping(regs) (current->thread.debug.dbcr0 & DBCR0_IC)
507 #define clear_single_step(regs) (current->thread.debug.dbcr0 &= ~DBCR0_IC)
508 #define clear_br_trace(regs) do {} while(0)
510 /* On non-4xx, the reason for the machine check or program
511 exception is in the MSR. */
512 #define get_reason(regs) ((regs)->msr)
513 #define REASON_TM SRR1_PROGTM
514 #define REASON_FP SRR1_PROGFPE
515 #define REASON_ILLEGAL SRR1_PROGILL
516 #define REASON_PRIVILEGED SRR1_PROGPRIV
517 #define REASON_TRAP SRR1_PROGTRAP
519 #define single_stepping(regs) ((regs)->msr & MSR_SE)
520 #define clear_single_step(regs) ((regs)->msr &= ~MSR_SE)
521 #define clear_br_trace(regs) ((regs)->msr &= ~MSR_BE)
524 #if defined(CONFIG_E500)
525 int machine_check_e500mc(struct pt_regs *regs)
527 unsigned long mcsr = mfspr(SPRN_MCSR);
528 unsigned long pvr = mfspr(SPRN_PVR);
529 unsigned long reason = mcsr;
532 if (reason & MCSR_LD) {
533 recoverable = fsl_rio_mcheck_exception(regs);
534 if (recoverable == 1)
538 printk("Machine check in kernel mode.\n");
539 printk("Caused by (from MCSR=%lx): ", reason);
541 if (reason & MCSR_MCP)
542 printk("Machine Check Signal\n");
544 if (reason & MCSR_ICPERR) {
545 printk("Instruction Cache Parity Error\n");
548 * This is recoverable by invalidating the i-cache.
550 mtspr(SPRN_L1CSR1, mfspr(SPRN_L1CSR1) | L1CSR1_ICFI);
551 while (mfspr(SPRN_L1CSR1) & L1CSR1_ICFI)
555 * This will generally be accompanied by an instruction
556 * fetch error report -- only treat MCSR_IF as fatal
557 * if it wasn't due to an L1 parity error.
562 if (reason & MCSR_DCPERR_MC) {
563 printk("Data Cache Parity Error\n");
566 * In write shadow mode we auto-recover from the error, but it
567 * may still get logged and cause a machine check. We should
568 * only treat the non-write shadow case as non-recoverable.
570 /* On e6500 core, L1 DCWS (Data cache write shadow mode) bit
571 * is not implemented but L1 data cache always runs in write
572 * shadow mode. Hence on data cache parity errors HW will
573 * automatically invalidate the L1 Data Cache.
575 if (PVR_VER(pvr) != PVR_VER_E6500) {
576 if (!(mfspr(SPRN_L1CSR2) & L1CSR2_DCWS))
581 if (reason & MCSR_L2MMU_MHIT) {
582 printk("Hit on multiple TLB entries\n");
586 if (reason & MCSR_NMI)
587 printk("Non-maskable interrupt\n");
589 if (reason & MCSR_IF) {
590 printk("Instruction Fetch Error Report\n");
594 if (reason & MCSR_LD) {
595 printk("Load Error Report\n");
599 if (reason & MCSR_ST) {
600 printk("Store Error Report\n");
604 if (reason & MCSR_LDG) {
605 printk("Guarded Load Error Report\n");
609 if (reason & MCSR_TLBSYNC)
610 printk("Simultaneous tlbsync operations\n");
612 if (reason & MCSR_BSL2_ERR) {
613 printk("Level 2 Cache Error\n");
617 if (reason & MCSR_MAV) {
620 addr = mfspr(SPRN_MCAR);
621 addr |= (u64)mfspr(SPRN_MCARU) << 32;
623 printk("Machine Check %s Address: %#llx\n",
624 reason & MCSR_MEA ? "Effective" : "Physical", addr);
628 mtspr(SPRN_MCSR, mcsr);
629 return mfspr(SPRN_MCSR) == 0 && recoverable;
632 int machine_check_e500(struct pt_regs *regs)
634 unsigned long reason = mfspr(SPRN_MCSR);
636 if (reason & MCSR_BUS_RBERR) {
637 if (fsl_rio_mcheck_exception(regs))
639 if (fsl_pci_mcheck_exception(regs))
643 printk("Machine check in kernel mode.\n");
644 printk("Caused by (from MCSR=%lx): ", reason);
646 if (reason & MCSR_MCP)
647 printk("Machine Check Signal\n");
648 if (reason & MCSR_ICPERR)
649 printk("Instruction Cache Parity Error\n");
650 if (reason & MCSR_DCP_PERR)
651 printk("Data Cache Push Parity Error\n");
652 if (reason & MCSR_DCPERR)
653 printk("Data Cache Parity Error\n");
654 if (reason & MCSR_BUS_IAERR)
655 printk("Bus - Instruction Address Error\n");
656 if (reason & MCSR_BUS_RAERR)
657 printk("Bus - Read Address Error\n");
658 if (reason & MCSR_BUS_WAERR)
659 printk("Bus - Write Address Error\n");
660 if (reason & MCSR_BUS_IBERR)
661 printk("Bus - Instruction Data Error\n");
662 if (reason & MCSR_BUS_RBERR)
663 printk("Bus - Read Data Bus Error\n");
664 if (reason & MCSR_BUS_WBERR)
665 printk("Bus - Write Data Bus Error\n");
666 if (reason & MCSR_BUS_IPERR)
667 printk("Bus - Instruction Parity Error\n");
668 if (reason & MCSR_BUS_RPERR)
669 printk("Bus - Read Parity Error\n");
674 int machine_check_generic(struct pt_regs *regs)
678 #elif defined(CONFIG_E200)
679 int machine_check_e200(struct pt_regs *regs)
681 unsigned long reason = mfspr(SPRN_MCSR);
683 printk("Machine check in kernel mode.\n");
684 printk("Caused by (from MCSR=%lx): ", reason);
686 if (reason & MCSR_MCP)
687 printk("Machine Check Signal\n");
688 if (reason & MCSR_CP_PERR)
689 printk("Cache Push Parity Error\n");
690 if (reason & MCSR_CPERR)
691 printk("Cache Parity Error\n");
692 if (reason & MCSR_EXCP_ERR)
693 printk("ISI, ITLB, or Bus Error on first instruction fetch for an exception handler\n");
694 if (reason & MCSR_BUS_IRERR)
695 printk("Bus - Read Bus Error on instruction fetch\n");
696 if (reason & MCSR_BUS_DRERR)
697 printk("Bus - Read Bus Error on data load\n");
698 if (reason & MCSR_BUS_WRERR)
699 printk("Bus - Write Bus Error on buffered store or cache line push\n");
703 #elif defined(CONFIG_PPC32)
704 int machine_check_generic(struct pt_regs *regs)
706 unsigned long reason = regs->msr;
708 printk("Machine check in kernel mode.\n");
709 printk("Caused by (from SRR1=%lx): ", reason);
710 switch (reason & 0x601F0000) {
712 printk("Machine check signal\n");
714 case 0: /* for 601 */
716 case 0x140000: /* 7450 MSS error and TEA */
717 printk("Transfer error ack signal\n");
720 printk("Data parity error signal\n");
723 printk("Address parity error signal\n");
726 printk("L1 Data Cache error\n");
729 printk("L1 Instruction Cache error\n");
732 printk("L2 data cache parity error\n");
735 printk("Unknown values in msr\n");
739 #endif /* everything else */
741 void machine_check_exception(struct pt_regs *regs)
744 bool nested = in_nmi();
748 /* 64s accounts the mce in machine_check_early when in HVMODE */
749 if (!IS_ENABLED(CONFIG_PPC_BOOK3S_64) || !cpu_has_feature(CPU_FTR_HVMODE))
750 __this_cpu_inc(irq_stat.mce_exceptions);
752 add_taint(TAINT_MACHINE_CHECK, LOCKDEP_NOW_UNRELIABLE);
754 /* See if any machine dependent calls. In theory, we would want
755 * to call the CPU first, and call the ppc_md. one if the CPU
756 * one returns a positive number. However there is existing code
757 * that assumes the board gets a first chance, so let's keep it
758 * that way for now and fix things later. --BenH.
760 if (ppc_md.machine_check_exception)
761 recover = ppc_md.machine_check_exception(regs);
762 else if (cur_cpu_spec->machine_check)
763 recover = cur_cpu_spec->machine_check(regs);
768 if (debugger_fault_handler(regs))
771 if (check_io_access(regs))
777 die("Machine check", regs, SIGBUS);
779 /* Must die if the interrupt is not recoverable */
780 if (!(regs->msr & MSR_RI))
781 die("Unrecoverable Machine check", regs, SIGBUS);
790 void SMIException(struct pt_regs *regs)
792 die("System Management Interrupt", regs, SIGABRT);
796 static void p9_hmi_special_emu(struct pt_regs *regs)
798 unsigned int ra, rb, t, i, sel, instr, rc;
799 const void __user *addr;
800 u8 vbuf[16] __aligned(16), *vdst;
801 unsigned long ea, msr, msr_mask;
804 if (__get_user_inatomic(instr, (unsigned int __user *)regs->nip))
808 * lxvb16x opcode: 0x7c0006d8
809 * lxvd2x opcode: 0x7c000698
810 * lxvh8x opcode: 0x7c000658
811 * lxvw4x opcode: 0x7c000618
813 if ((instr & 0xfc00073e) != 0x7c000618) {
814 pr_devel("HMI vec emu: not vector CI %i:%s[%d] nip=%016lx"
816 smp_processor_id(), current->comm, current->pid,
821 /* Grab vector registers into the task struct */
822 msr = regs->msr; /* Grab msr before we flush the bits */
823 flush_vsx_to_thread(current);
824 enable_kernel_altivec();
827 * Is userspace running with a different endian (this is rare but
830 swap = (msr & MSR_LE) != (MSR_KERNEL & MSR_LE);
832 /* Decode the instruction */
833 ra = (instr >> 16) & 0x1f;
834 rb = (instr >> 11) & 0x1f;
835 t = (instr >> 21) & 0x1f;
837 vdst = (u8 *)¤t->thread.vr_state.vr[t];
839 vdst = (u8 *)¤t->thread.fp_state.fpr[t][0];
841 /* Grab the vector address */
842 ea = regs->gpr[rb] + (ra ? regs->gpr[ra] : 0);
845 addr = (__force const void __user *)ea;
848 if (!access_ok(VERIFY_READ, addr, 16)) {
849 pr_devel("HMI vec emu: bad access %i:%s[%d] nip=%016lx"
850 " instr=%08x addr=%016lx\n",
851 smp_processor_id(), current->comm, current->pid,
852 regs->nip, instr, (unsigned long)addr);
856 /* Read the vector */
858 if ((unsigned long)addr & 0xfUL)
860 rc = __copy_from_user_inatomic(vbuf, addr, 16);
862 __get_user_atomic_128_aligned(vbuf, addr, rc);
864 pr_devel("HMI vec emu: page fault %i:%s[%d] nip=%016lx"
865 " instr=%08x addr=%016lx\n",
866 smp_processor_id(), current->comm, current->pid,
867 regs->nip, instr, (unsigned long)addr);
871 pr_devel("HMI vec emu: emulated vector CI %i:%s[%d] nip=%016lx"
872 " instr=%08x addr=%016lx\n",
873 smp_processor_id(), current->comm, current->pid, regs->nip,
874 instr, (unsigned long) addr);
876 /* Grab instruction "selector" */
877 sel = (instr >> 6) & 3;
880 * Check to make sure the facility is actually enabled. This
881 * could happen if we get a false positive hit.
883 * lxvd2x/lxvw4x always check MSR VSX sel = 0,2
884 * lxvh8x/lxvb16x check MSR VSX or VEC depending on VSR used sel = 1,3
887 if ((sel & 1) && (instr & 1)) /* lxvh8x & lxvb16x + VSR >= 32 */
889 if (!(msr & msr_mask)) {
890 pr_devel("HMI vec emu: MSR fac clear %i:%s[%d] nip=%016lx"
891 " instr=%08x msr:%016lx\n",
892 smp_processor_id(), current->comm, current->pid,
893 regs->nip, instr, msr);
897 /* Do logging here before we modify sel based on endian */
900 PPC_WARN_EMULATED(lxvw4x, regs);
903 PPC_WARN_EMULATED(lxvh8x, regs);
906 PPC_WARN_EMULATED(lxvd2x, regs);
908 case 3: /* lxvb16x */
909 PPC_WARN_EMULATED(lxvb16x, regs);
913 #ifdef __LITTLE_ENDIAN__
915 * An LE kernel stores the vector in the task struct as an LE
916 * byte array (effectively swapping both the components and
917 * the content of the components). Those instructions expect
918 * the components to remain in ascending address order, so we
921 * If we are running a BE user space, the expectation is that
922 * of a simple memcpy, so forcing the emulation to look like
923 * a lxvb16x should do the trick.
930 for (i = 0; i < 4; i++)
931 ((u32 *)vdst)[i] = ((u32 *)vbuf)[3-i];
934 for (i = 0; i < 8; i++)
935 ((u16 *)vdst)[i] = ((u16 *)vbuf)[7-i];
938 for (i = 0; i < 2; i++)
939 ((u64 *)vdst)[i] = ((u64 *)vbuf)[1-i];
941 case 3: /* lxvb16x */
942 for (i = 0; i < 16; i++)
943 vdst[i] = vbuf[15-i];
946 #else /* __LITTLE_ENDIAN__ */
947 /* On a big endian kernel, a BE userspace only needs a memcpy */
951 /* Otherwise, we need to swap the content of the components */
954 for (i = 0; i < 4; i++)
955 ((u32 *)vdst)[i] = cpu_to_le32(((u32 *)vbuf)[i]);
958 for (i = 0; i < 8; i++)
959 ((u16 *)vdst)[i] = cpu_to_le16(((u16 *)vbuf)[i]);
962 for (i = 0; i < 2; i++)
963 ((u64 *)vdst)[i] = cpu_to_le64(((u64 *)vbuf)[i]);
965 case 3: /* lxvb16x */
966 memcpy(vdst, vbuf, 16);
969 #endif /* !__LITTLE_ENDIAN__ */
971 /* Go to next instruction */
974 #endif /* CONFIG_VSX */
976 void handle_hmi_exception(struct pt_regs *regs)
978 struct pt_regs *old_regs;
980 old_regs = set_irq_regs(regs);
984 /* Real mode flagged P9 special emu is needed */
985 if (local_paca->hmi_p9_special_emu) {
986 local_paca->hmi_p9_special_emu = 0;
989 * We don't want to take page faults while doing the
990 * emulation, we just replay the instruction if necessary.
993 p9_hmi_special_emu(regs);
996 #endif /* CONFIG_VSX */
998 if (ppc_md.handle_hmi_exception)
999 ppc_md.handle_hmi_exception(regs);
1002 set_irq_regs(old_regs);
1005 void unknown_exception(struct pt_regs *regs)
1007 enum ctx_state prev_state = exception_enter();
1009 printk("Bad trap at PC: %lx, SR: %lx, vector=%lx\n",
1010 regs->nip, regs->msr, regs->trap);
1012 _exception(SIGTRAP, regs, TRAP_UNK, 0);
1014 exception_exit(prev_state);
1017 void instruction_breakpoint_exception(struct pt_regs *regs)
1019 enum ctx_state prev_state = exception_enter();
1021 if (notify_die(DIE_IABR_MATCH, "iabr_match", regs, 5,
1022 5, SIGTRAP) == NOTIFY_STOP)
1024 if (debugger_iabr_match(regs))
1026 _exception(SIGTRAP, regs, TRAP_BRKPT, regs->nip);
1029 exception_exit(prev_state);
1032 void RunModeException(struct pt_regs *regs)
1034 _exception(SIGTRAP, regs, TRAP_UNK, 0);
1037 void single_step_exception(struct pt_regs *regs)
1039 enum ctx_state prev_state = exception_enter();
1041 clear_single_step(regs);
1042 clear_br_trace(regs);
1044 if (kprobe_post_handler(regs))
1047 if (notify_die(DIE_SSTEP, "single_step", regs, 5,
1048 5, SIGTRAP) == NOTIFY_STOP)
1050 if (debugger_sstep(regs))
1053 _exception(SIGTRAP, regs, TRAP_TRACE, regs->nip);
1056 exception_exit(prev_state);
1058 NOKPROBE_SYMBOL(single_step_exception);
1061 * After we have successfully emulated an instruction, we have to
1062 * check if the instruction was being single-stepped, and if so,
1063 * pretend we got a single-step exception. This was pointed out
1064 * by Kumar Gala. -- paulus
1066 static void emulate_single_step(struct pt_regs *regs)
1068 if (single_stepping(regs))
1069 single_step_exception(regs);
1072 static inline int __parse_fpscr(unsigned long fpscr)
1074 int ret = FPE_FLTUNK;
1076 /* Invalid operation */
1077 if ((fpscr & FPSCR_VE) && (fpscr & FPSCR_VX))
1081 else if ((fpscr & FPSCR_OE) && (fpscr & FPSCR_OX))
1085 else if ((fpscr & FPSCR_UE) && (fpscr & FPSCR_UX))
1088 /* Divide by zero */
1089 else if ((fpscr & FPSCR_ZE) && (fpscr & FPSCR_ZX))
1092 /* Inexact result */
1093 else if ((fpscr & FPSCR_XE) && (fpscr & FPSCR_XX))
1099 static void parse_fpe(struct pt_regs *regs)
1103 flush_fp_to_thread(current);
1105 code = __parse_fpscr(current->thread.fp_state.fpscr);
1107 _exception(SIGFPE, regs, code, regs->nip);
1111 * Illegal instruction emulation support. Originally written to
1112 * provide the PVR to user applications using the mfspr rd, PVR.
1113 * Return non-zero if we can't emulate, or -EFAULT if the associated
1114 * memory access caused an access fault. Return zero on success.
1116 * There are a couple of ways to do this, either "decode" the instruction
1117 * or directly match lots of bits. In this case, matching lots of
1118 * bits is faster and easier.
1121 static int emulate_string_inst(struct pt_regs *regs, u32 instword)
1123 u8 rT = (instword >> 21) & 0x1f;
1124 u8 rA = (instword >> 16) & 0x1f;
1125 u8 NB_RB = (instword >> 11) & 0x1f;
1130 /* Early out if we are an invalid form of lswx */
1131 if ((instword & PPC_INST_STRING_MASK) == PPC_INST_LSWX)
1132 if ((rT == rA) || (rT == NB_RB))
1135 EA = (rA == 0) ? 0 : regs->gpr[rA];
1137 switch (instword & PPC_INST_STRING_MASK) {
1139 case PPC_INST_STSWX:
1141 num_bytes = regs->xer & 0x7f;
1144 case PPC_INST_STSWI:
1145 num_bytes = (NB_RB == 0) ? 32 : NB_RB;
1151 while (num_bytes != 0)
1154 u32 shift = 8 * (3 - (pos & 0x3));
1156 /* if process is 32-bit, clear upper 32 bits of EA */
1157 if ((regs->msr & MSR_64BIT) == 0)
1160 switch ((instword & PPC_INST_STRING_MASK)) {
1163 if (get_user(val, (u8 __user *)EA))
1165 /* first time updating this reg,
1169 regs->gpr[rT] |= val << shift;
1171 case PPC_INST_STSWI:
1172 case PPC_INST_STSWX:
1173 val = regs->gpr[rT] >> shift;
1174 if (put_user(val, (u8 __user *)EA))
1178 /* move EA to next address */
1182 /* manage our position within the register */
1193 static int emulate_popcntb_inst(struct pt_regs *regs, u32 instword)
1198 ra = (instword >> 16) & 0x1f;
1199 rs = (instword >> 21) & 0x1f;
1201 tmp = regs->gpr[rs];
1202 tmp = tmp - ((tmp >> 1) & 0x5555555555555555ULL);
1203 tmp = (tmp & 0x3333333333333333ULL) + ((tmp >> 2) & 0x3333333333333333ULL);
1204 tmp = (tmp + (tmp >> 4)) & 0x0f0f0f0f0f0f0f0fULL;
1205 regs->gpr[ra] = tmp;
1210 static int emulate_isel(struct pt_regs *regs, u32 instword)
1212 u8 rT = (instword >> 21) & 0x1f;
1213 u8 rA = (instword >> 16) & 0x1f;
1214 u8 rB = (instword >> 11) & 0x1f;
1215 u8 BC = (instword >> 6) & 0x1f;
1219 tmp = (rA == 0) ? 0 : regs->gpr[rA];
1220 bit = (regs->ccr >> (31 - BC)) & 0x1;
1222 regs->gpr[rT] = bit ? tmp : regs->gpr[rB];
1227 #ifdef CONFIG_PPC_TRANSACTIONAL_MEM
1228 static inline bool tm_abort_check(struct pt_regs *regs, int cause)
1230 /* If we're emulating a load/store in an active transaction, we cannot
1231 * emulate it as the kernel operates in transaction suspended context.
1232 * We need to abort the transaction. This creates a persistent TM
1233 * abort so tell the user what caused it with a new code.
1235 if (MSR_TM_TRANSACTIONAL(regs->msr)) {
1243 static inline bool tm_abort_check(struct pt_regs *regs, int reason)
1249 static int emulate_instruction(struct pt_regs *regs)
1254 if (!user_mode(regs))
1256 CHECK_FULL_REGS(regs);
1258 if (get_user(instword, (u32 __user *)(regs->nip)))
1261 /* Emulate the mfspr rD, PVR. */
1262 if ((instword & PPC_INST_MFSPR_PVR_MASK) == PPC_INST_MFSPR_PVR) {
1263 PPC_WARN_EMULATED(mfpvr, regs);
1264 rd = (instword >> 21) & 0x1f;
1265 regs->gpr[rd] = mfspr(SPRN_PVR);
1269 /* Emulating the dcba insn is just a no-op. */
1270 if ((instword & PPC_INST_DCBA_MASK) == PPC_INST_DCBA) {
1271 PPC_WARN_EMULATED(dcba, regs);
1275 /* Emulate the mcrxr insn. */
1276 if ((instword & PPC_INST_MCRXR_MASK) == PPC_INST_MCRXR) {
1277 int shift = (instword >> 21) & 0x1c;
1278 unsigned long msk = 0xf0000000UL >> shift;
1280 PPC_WARN_EMULATED(mcrxr, regs);
1281 regs->ccr = (regs->ccr & ~msk) | ((regs->xer >> shift) & msk);
1282 regs->xer &= ~0xf0000000UL;
1286 /* Emulate load/store string insn. */
1287 if ((instword & PPC_INST_STRING_GEN_MASK) == PPC_INST_STRING) {
1288 if (tm_abort_check(regs,
1289 TM_CAUSE_EMULATE | TM_CAUSE_PERSISTENT))
1291 PPC_WARN_EMULATED(string, regs);
1292 return emulate_string_inst(regs, instword);
1295 /* Emulate the popcntb (Population Count Bytes) instruction. */
1296 if ((instword & PPC_INST_POPCNTB_MASK) == PPC_INST_POPCNTB) {
1297 PPC_WARN_EMULATED(popcntb, regs);
1298 return emulate_popcntb_inst(regs, instword);
1301 /* Emulate isel (Integer Select) instruction */
1302 if ((instword & PPC_INST_ISEL_MASK) == PPC_INST_ISEL) {
1303 PPC_WARN_EMULATED(isel, regs);
1304 return emulate_isel(regs, instword);
1307 /* Emulate sync instruction variants */
1308 if ((instword & PPC_INST_SYNC_MASK) == PPC_INST_SYNC) {
1309 PPC_WARN_EMULATED(sync, regs);
1310 asm volatile("sync");
1315 /* Emulate the mfspr rD, DSCR. */
1316 if ((((instword & PPC_INST_MFSPR_DSCR_USER_MASK) ==
1317 PPC_INST_MFSPR_DSCR_USER) ||
1318 ((instword & PPC_INST_MFSPR_DSCR_MASK) ==
1319 PPC_INST_MFSPR_DSCR)) &&
1320 cpu_has_feature(CPU_FTR_DSCR)) {
1321 PPC_WARN_EMULATED(mfdscr, regs);
1322 rd = (instword >> 21) & 0x1f;
1323 regs->gpr[rd] = mfspr(SPRN_DSCR);
1326 /* Emulate the mtspr DSCR, rD. */
1327 if ((((instword & PPC_INST_MTSPR_DSCR_USER_MASK) ==
1328 PPC_INST_MTSPR_DSCR_USER) ||
1329 ((instword & PPC_INST_MTSPR_DSCR_MASK) ==
1330 PPC_INST_MTSPR_DSCR)) &&
1331 cpu_has_feature(CPU_FTR_DSCR)) {
1332 PPC_WARN_EMULATED(mtdscr, regs);
1333 rd = (instword >> 21) & 0x1f;
1334 current->thread.dscr = regs->gpr[rd];
1335 current->thread.dscr_inherit = 1;
1336 mtspr(SPRN_DSCR, current->thread.dscr);
1344 int is_valid_bugaddr(unsigned long addr)
1346 return is_kernel_addr(addr);
1349 #ifdef CONFIG_MATH_EMULATION
1350 static int emulate_math(struct pt_regs *regs)
1353 extern int do_mathemu(struct pt_regs *regs);
1355 ret = do_mathemu(regs);
1357 PPC_WARN_EMULATED(math, regs);
1361 emulate_single_step(regs);
1365 code = __parse_fpscr(current->thread.fp_state.fpscr);
1366 _exception(SIGFPE, regs, code, regs->nip);
1370 _exception(SIGSEGV, regs, SEGV_MAPERR, regs->nip);
1377 static inline int emulate_math(struct pt_regs *regs) { return -1; }
1380 void program_check_exception(struct pt_regs *regs)
1382 enum ctx_state prev_state = exception_enter();
1383 unsigned int reason = get_reason(regs);
1385 /* We can now get here via a FP Unavailable exception if the core
1386 * has no FPU, in that case the reason flags will be 0 */
1388 if (reason & REASON_FP) {
1389 /* IEEE FP exception */
1393 if (reason & REASON_TRAP) {
1394 unsigned long bugaddr;
1395 /* Debugger is first in line to stop recursive faults in
1396 * rcu_lock, notify_die, or atomic_notifier_call_chain */
1397 if (debugger_bpt(regs))
1400 if (kprobe_handler(regs))
1403 /* trap exception */
1404 if (notify_die(DIE_BPT, "breakpoint", regs, 5, 5, SIGTRAP)
1408 bugaddr = regs->nip;
1410 * Fixup bugaddr for BUG_ON() in real mode
1412 if (!is_kernel_addr(bugaddr) && !(regs->msr & MSR_IR))
1413 bugaddr += PAGE_OFFSET;
1415 if (!(regs->msr & MSR_PR) && /* not user-mode */
1416 report_bug(bugaddr, regs) == BUG_TRAP_TYPE_WARN) {
1420 _exception(SIGTRAP, regs, TRAP_BRKPT, regs->nip);
1423 #ifdef CONFIG_PPC_TRANSACTIONAL_MEM
1424 if (reason & REASON_TM) {
1425 /* This is a TM "Bad Thing Exception" program check.
1427 * - An rfid/hrfid/mtmsrd attempts to cause an illegal
1428 * transition in TM states.
1429 * - A trechkpt is attempted when transactional.
1430 * - A treclaim is attempted when non transactional.
1431 * - A tend is illegally attempted.
1432 * - writing a TM SPR when transactional.
1434 * If usermode caused this, it's done something illegal and
1435 * gets a SIGILL slap on the wrist. We call it an illegal
1436 * operand to distinguish from the instruction just being bad
1437 * (e.g. executing a 'tend' on a CPU without TM!); it's an
1438 * illegal /placement/ of a valid instruction.
1440 if (user_mode(regs)) {
1441 _exception(SIGILL, regs, ILL_ILLOPN, regs->nip);
1444 printk(KERN_EMERG "Unexpected TM Bad Thing exception "
1445 "at %lx (msr 0x%x)\n", regs->nip, reason);
1446 die("Unrecoverable exception", regs, SIGABRT);
1452 * If we took the program check in the kernel skip down to sending a
1453 * SIGILL. The subsequent cases all relate to emulating instructions
1454 * which we should only do for userspace. We also do not want to enable
1455 * interrupts for kernel faults because that might lead to further
1456 * faults, and loose the context of the original exception.
1458 if (!user_mode(regs))
1461 /* We restore the interrupt state now */
1462 if (!arch_irq_disabled_regs(regs))
1465 /* (reason & REASON_ILLEGAL) would be the obvious thing here,
1466 * but there seems to be a hardware bug on the 405GP (RevD)
1467 * that means ESR is sometimes set incorrectly - either to
1468 * ESR_DST (!?) or 0. In the process of chasing this with the
1469 * hardware people - not sure if it can happen on any illegal
1470 * instruction or only on FP instructions, whether there is a
1471 * pattern to occurrences etc. -dgibson 31/Mar/2003
1473 if (!emulate_math(regs))
1476 /* Try to emulate it if we should. */
1477 if (reason & (REASON_ILLEGAL | REASON_PRIVILEGED)) {
1478 switch (emulate_instruction(regs)) {
1481 emulate_single_step(regs);
1484 _exception(SIGSEGV, regs, SEGV_MAPERR, regs->nip);
1490 if (reason & REASON_PRIVILEGED)
1491 _exception(SIGILL, regs, ILL_PRVOPC, regs->nip);
1493 _exception(SIGILL, regs, ILL_ILLOPC, regs->nip);
1496 exception_exit(prev_state);
1498 NOKPROBE_SYMBOL(program_check_exception);
1501 * This occurs when running in hypervisor mode on POWER6 or later
1502 * and an illegal instruction is encountered.
1504 void emulation_assist_interrupt(struct pt_regs *regs)
1506 regs->msr |= REASON_ILLEGAL;
1507 program_check_exception(regs);
1509 NOKPROBE_SYMBOL(emulation_assist_interrupt);
1511 void alignment_exception(struct pt_regs *regs)
1513 enum ctx_state prev_state = exception_enter();
1514 int sig, code, fixed = 0;
1516 /* We restore the interrupt state now */
1517 if (!arch_irq_disabled_regs(regs))
1520 if (tm_abort_check(regs, TM_CAUSE_ALIGNMENT | TM_CAUSE_PERSISTENT))
1523 /* we don't implement logging of alignment exceptions */
1524 if (!(current->thread.align_ctl & PR_UNALIGN_SIGBUS))
1525 fixed = fix_alignment(regs);
1528 regs->nip += 4; /* skip over emulated instruction */
1529 emulate_single_step(regs);
1533 /* Operand address was bad */
1534 if (fixed == -EFAULT) {
1541 if (user_mode(regs))
1542 _exception(sig, regs, code, regs->dar);
1544 bad_page_fault(regs, regs->dar, sig);
1547 exception_exit(prev_state);
1550 void StackOverflow(struct pt_regs *regs)
1552 pr_crit("Kernel stack overflow in process %s[%d], r1=%lx\n",
1553 current->comm, task_pid_nr(current), regs->gpr[1]);
1556 panic("kernel stack overflow");
1559 void nonrecoverable_exception(struct pt_regs *regs)
1561 printk(KERN_ERR "Non-recoverable exception at PC=%lx MSR=%lx\n",
1562 regs->nip, regs->msr);
1564 die("nonrecoverable exception", regs, SIGKILL);
1567 void kernel_fp_unavailable_exception(struct pt_regs *regs)
1569 enum ctx_state prev_state = exception_enter();
1571 printk(KERN_EMERG "Unrecoverable FP Unavailable Exception "
1572 "%lx at %lx\n", regs->trap, regs->nip);
1573 die("Unrecoverable FP Unavailable Exception", regs, SIGABRT);
1575 exception_exit(prev_state);
1578 void altivec_unavailable_exception(struct pt_regs *regs)
1580 enum ctx_state prev_state = exception_enter();
1582 if (user_mode(regs)) {
1583 /* A user program has executed an altivec instruction,
1584 but this kernel doesn't support altivec. */
1585 _exception(SIGILL, regs, ILL_ILLOPC, regs->nip);
1589 printk(KERN_EMERG "Unrecoverable VMX/Altivec Unavailable Exception "
1590 "%lx at %lx\n", regs->trap, regs->nip);
1591 die("Unrecoverable VMX/Altivec Unavailable Exception", regs, SIGABRT);
1594 exception_exit(prev_state);
1597 void vsx_unavailable_exception(struct pt_regs *regs)
1599 if (user_mode(regs)) {
1600 /* A user program has executed an vsx instruction,
1601 but this kernel doesn't support vsx. */
1602 _exception(SIGILL, regs, ILL_ILLOPC, regs->nip);
1606 printk(KERN_EMERG "Unrecoverable VSX Unavailable Exception "
1607 "%lx at %lx\n", regs->trap, regs->nip);
1608 die("Unrecoverable VSX Unavailable Exception", regs, SIGABRT);
1612 static void tm_unavailable(struct pt_regs *regs)
1614 #ifdef CONFIG_PPC_TRANSACTIONAL_MEM
1615 if (user_mode(regs)) {
1616 current->thread.load_tm++;
1617 regs->msr |= MSR_TM;
1619 tm_restore_sprs(¤t->thread);
1623 pr_emerg("Unrecoverable TM Unavailable Exception "
1624 "%lx at %lx\n", regs->trap, regs->nip);
1625 die("Unrecoverable TM Unavailable Exception", regs, SIGABRT);
1628 void facility_unavailable_exception(struct pt_regs *regs)
1630 static char *facility_strings[] = {
1631 [FSCR_FP_LG] = "FPU",
1632 [FSCR_VECVSX_LG] = "VMX/VSX",
1633 [FSCR_DSCR_LG] = "DSCR",
1634 [FSCR_PM_LG] = "PMU SPRs",
1635 [FSCR_BHRB_LG] = "BHRB",
1636 [FSCR_TM_LG] = "TM",
1637 [FSCR_EBB_LG] = "EBB",
1638 [FSCR_TAR_LG] = "TAR",
1639 [FSCR_MSGP_LG] = "MSGP",
1640 [FSCR_SCV_LG] = "SCV",
1642 char *facility = "unknown";
1648 hv = (TRAP(regs) == 0xf80);
1650 value = mfspr(SPRN_HFSCR);
1652 value = mfspr(SPRN_FSCR);
1654 status = value >> 56;
1655 if ((hv || status >= 2) &&
1656 (status < ARRAY_SIZE(facility_strings)) &&
1657 facility_strings[status])
1658 facility = facility_strings[status];
1660 /* We should not have taken this interrupt in kernel */
1661 if (!user_mode(regs)) {
1662 pr_emerg("Facility '%s' unavailable (%d) exception in kernel mode at %lx\n",
1663 facility, status, regs->nip);
1664 die("Unexpected facility unavailable exception", regs, SIGABRT);
1667 /* We restore the interrupt state now */
1668 if (!arch_irq_disabled_regs(regs))
1671 if (status == FSCR_DSCR_LG) {
1673 * User is accessing the DSCR register using the problem
1674 * state only SPR number (0x03) either through a mfspr or
1675 * a mtspr instruction. If it is a write attempt through
1676 * a mtspr, then we set the inherit bit. This also allows
1677 * the user to write or read the register directly in the
1678 * future by setting via the FSCR DSCR bit. But in case it
1679 * is a read DSCR attempt through a mfspr instruction, we
1680 * just emulate the instruction instead. This code path will
1681 * always emulate all the mfspr instructions till the user
1682 * has attempted at least one mtspr instruction. This way it
1683 * preserves the same behaviour when the user is accessing
1684 * the DSCR through privilege level only SPR number (0x11)
1685 * which is emulated through illegal instruction exception.
1686 * We always leave HFSCR DSCR set.
1688 if (get_user(instword, (u32 __user *)(regs->nip))) {
1689 pr_err("Failed to fetch the user instruction\n");
1693 /* Write into DSCR (mtspr 0x03, RS) */
1694 if ((instword & PPC_INST_MTSPR_DSCR_USER_MASK)
1695 == PPC_INST_MTSPR_DSCR_USER) {
1696 rd = (instword >> 21) & 0x1f;
1697 current->thread.dscr = regs->gpr[rd];
1698 current->thread.dscr_inherit = 1;
1699 current->thread.fscr |= FSCR_DSCR;
1700 mtspr(SPRN_FSCR, current->thread.fscr);
1703 /* Read from DSCR (mfspr RT, 0x03) */
1704 if ((instword & PPC_INST_MFSPR_DSCR_USER_MASK)
1705 == PPC_INST_MFSPR_DSCR_USER) {
1706 if (emulate_instruction(regs)) {
1707 pr_err("DSCR based mfspr emulation failed\n");
1711 emulate_single_step(regs);
1716 if (status == FSCR_TM_LG) {
1718 * If we're here then the hardware is TM aware because it
1719 * generated an exception with FSRM_TM set.
1721 * If cpu_has_feature(CPU_FTR_TM) is false, then either firmware
1722 * told us not to do TM, or the kernel is not built with TM
1725 * If both of those things are true, then userspace can spam the
1726 * console by triggering the printk() below just by continually
1727 * doing tbegin (or any TM instruction). So in that case just
1728 * send the process a SIGILL immediately.
1730 if (!cpu_has_feature(CPU_FTR_TM))
1733 tm_unavailable(regs);
1737 pr_err_ratelimited("%sFacility '%s' unavailable (%d), exception at 0x%lx, MSR=%lx\n",
1738 hv ? "Hypervisor " : "", facility, status, regs->nip, regs->msr);
1741 _exception(SIGILL, regs, ILL_ILLOPC, regs->nip);
1745 #ifdef CONFIG_PPC_TRANSACTIONAL_MEM
1747 void fp_unavailable_tm(struct pt_regs *regs)
1749 /* Note: This does not handle any kind of FP laziness. */
1751 TM_DEBUG("FP Unavailable trap whilst transactional at 0x%lx, MSR=%lx\n",
1752 regs->nip, regs->msr);
1754 /* We can only have got here if the task started using FP after
1755 * beginning the transaction. So, the transactional regs are just a
1756 * copy of the checkpointed ones. But, we still need to recheckpoint
1757 * as we're enabling FP for the process; it will return, abort the
1758 * transaction, and probably retry but now with FP enabled. So the
1759 * checkpointed FP registers need to be loaded.
1761 tm_reclaim_current(TM_CAUSE_FAC_UNAV);
1762 /* Reclaim didn't save out any FPRs to transact_fprs. */
1764 /* Enable FP for the task: */
1765 current->thread.load_fp = 1;
1767 /* This loads and recheckpoints the FP registers from
1768 * thread.fpr[]. They will remain in registers after the
1769 * checkpoint so we don't need to reload them after.
1770 * If VMX is in use, the VRs now hold checkpointed values,
1771 * so we don't want to load the VRs from the thread_struct.
1773 tm_recheckpoint(¤t->thread);
1776 void altivec_unavailable_tm(struct pt_regs *regs)
1778 /* See the comments in fp_unavailable_tm(). This function operates
1782 TM_DEBUG("Vector Unavailable trap whilst transactional at 0x%lx,"
1784 regs->nip, regs->msr);
1785 tm_reclaim_current(TM_CAUSE_FAC_UNAV);
1786 current->thread.load_vec = 1;
1787 tm_recheckpoint(¤t->thread);
1788 current->thread.used_vr = 1;
1791 void vsx_unavailable_tm(struct pt_regs *regs)
1793 /* See the comments in fp_unavailable_tm(). This works similarly,
1794 * though we're loading both FP and VEC registers in here.
1796 * If FP isn't in use, load FP regs. If VEC isn't in use, load VEC
1797 * regs. Either way, set MSR_VSX.
1800 TM_DEBUG("VSX Unavailable trap whilst transactional at 0x%lx,"
1802 regs->nip, regs->msr);
1804 current->thread.used_vsr = 1;
1806 /* This reclaims FP and/or VR regs if they're already enabled */
1807 tm_reclaim_current(TM_CAUSE_FAC_UNAV);
1809 current->thread.load_vec = 1;
1810 current->thread.load_fp = 1;
1812 tm_recheckpoint(¤t->thread);
1814 #endif /* CONFIG_PPC_TRANSACTIONAL_MEM */
1816 void performance_monitor_exception(struct pt_regs *regs)
1818 __this_cpu_inc(irq_stat.pmu_irqs);
1823 #ifdef CONFIG_PPC_ADV_DEBUG_REGS
1824 static void handle_debug(struct pt_regs *regs, unsigned long debug_status)
1828 * Determine the cause of the debug event, clear the
1829 * event flags and send a trap to the handler. Torez
1831 if (debug_status & (DBSR_DAC1R | DBSR_DAC1W)) {
1832 dbcr_dac(current) &= ~(DBCR_DAC1R | DBCR_DAC1W);
1833 #ifdef CONFIG_PPC_ADV_DEBUG_DAC_RANGE
1834 current->thread.debug.dbcr2 &= ~DBCR2_DAC12MODE;
1836 do_send_trap(regs, mfspr(SPRN_DAC1), debug_status,
1839 } else if (debug_status & (DBSR_DAC2R | DBSR_DAC2W)) {
1840 dbcr_dac(current) &= ~(DBCR_DAC2R | DBCR_DAC2W);
1841 do_send_trap(regs, mfspr(SPRN_DAC2), debug_status,
1844 } else if (debug_status & DBSR_IAC1) {
1845 current->thread.debug.dbcr0 &= ~DBCR0_IAC1;
1846 dbcr_iac_range(current) &= ~DBCR_IAC12MODE;
1847 do_send_trap(regs, mfspr(SPRN_IAC1), debug_status,
1850 } else if (debug_status & DBSR_IAC2) {
1851 current->thread.debug.dbcr0 &= ~DBCR0_IAC2;
1852 do_send_trap(regs, mfspr(SPRN_IAC2), debug_status,
1855 } else if (debug_status & DBSR_IAC3) {
1856 current->thread.debug.dbcr0 &= ~DBCR0_IAC3;
1857 dbcr_iac_range(current) &= ~DBCR_IAC34MODE;
1858 do_send_trap(regs, mfspr(SPRN_IAC3), debug_status,
1861 } else if (debug_status & DBSR_IAC4) {
1862 current->thread.debug.dbcr0 &= ~DBCR0_IAC4;
1863 do_send_trap(regs, mfspr(SPRN_IAC4), debug_status,
1868 * At the point this routine was called, the MSR(DE) was turned off.
1869 * Check all other debug flags and see if that bit needs to be turned
1872 if (DBCR_ACTIVE_EVENTS(current->thread.debug.dbcr0,
1873 current->thread.debug.dbcr1))
1874 regs->msr |= MSR_DE;
1876 /* Make sure the IDM flag is off */
1877 current->thread.debug.dbcr0 &= ~DBCR0_IDM;
1880 mtspr(SPRN_DBCR0, current->thread.debug.dbcr0);
1883 void DebugException(struct pt_regs *regs, unsigned long debug_status)
1885 current->thread.debug.dbsr = debug_status;
1887 /* Hack alert: On BookE, Branch Taken stops on the branch itself, while
1888 * on server, it stops on the target of the branch. In order to simulate
1889 * the server behaviour, we thus restart right away with a single step
1890 * instead of stopping here when hitting a BT
1892 if (debug_status & DBSR_BT) {
1893 regs->msr &= ~MSR_DE;
1896 mtspr(SPRN_DBCR0, mfspr(SPRN_DBCR0) & ~DBCR0_BT);
1897 /* Clear the BT event */
1898 mtspr(SPRN_DBSR, DBSR_BT);
1900 /* Do the single step trick only when coming from userspace */
1901 if (user_mode(regs)) {
1902 current->thread.debug.dbcr0 &= ~DBCR0_BT;
1903 current->thread.debug.dbcr0 |= DBCR0_IDM | DBCR0_IC;
1904 regs->msr |= MSR_DE;
1908 if (kprobe_post_handler(regs))
1911 if (notify_die(DIE_SSTEP, "block_step", regs, 5,
1912 5, SIGTRAP) == NOTIFY_STOP) {
1915 if (debugger_sstep(regs))
1917 } else if (debug_status & DBSR_IC) { /* Instruction complete */
1918 regs->msr &= ~MSR_DE;
1920 /* Disable instruction completion */
1921 mtspr(SPRN_DBCR0, mfspr(SPRN_DBCR0) & ~DBCR0_IC);
1922 /* Clear the instruction completion event */
1923 mtspr(SPRN_DBSR, DBSR_IC);
1925 if (kprobe_post_handler(regs))
1928 if (notify_die(DIE_SSTEP, "single_step", regs, 5,
1929 5, SIGTRAP) == NOTIFY_STOP) {
1933 if (debugger_sstep(regs))
1936 if (user_mode(regs)) {
1937 current->thread.debug.dbcr0 &= ~DBCR0_IC;
1938 if (DBCR_ACTIVE_EVENTS(current->thread.debug.dbcr0,
1939 current->thread.debug.dbcr1))
1940 regs->msr |= MSR_DE;
1942 /* Make sure the IDM bit is off */
1943 current->thread.debug.dbcr0 &= ~DBCR0_IDM;
1946 _exception(SIGTRAP, regs, TRAP_TRACE, regs->nip);
1948 handle_debug(regs, debug_status);
1950 NOKPROBE_SYMBOL(DebugException);
1951 #endif /* CONFIG_PPC_ADV_DEBUG_REGS */
1953 #if !defined(CONFIG_TAU_INT)
1954 void TAUException(struct pt_regs *regs)
1956 printk("TAU trap at PC: %lx, MSR: %lx, vector=%lx %s\n",
1957 regs->nip, regs->msr, regs->trap, print_tainted());
1959 #endif /* CONFIG_INT_TAU */
1961 #ifdef CONFIG_ALTIVEC
1962 void altivec_assist_exception(struct pt_regs *regs)
1966 if (!user_mode(regs)) {
1967 printk(KERN_EMERG "VMX/Altivec assist exception in kernel mode"
1968 " at %lx\n", regs->nip);
1969 die("Kernel VMX/Altivec assist exception", regs, SIGILL);
1972 flush_altivec_to_thread(current);
1974 PPC_WARN_EMULATED(altivec, regs);
1975 err = emulate_altivec(regs);
1977 regs->nip += 4; /* skip emulated instruction */
1978 emulate_single_step(regs);
1982 if (err == -EFAULT) {
1983 /* got an error reading the instruction */
1984 _exception(SIGSEGV, regs, SEGV_ACCERR, regs->nip);
1986 /* didn't recognize the instruction */
1987 /* XXX quick hack for now: set the non-Java bit in the VSCR */
1988 printk_ratelimited(KERN_ERR "Unrecognized altivec instruction "
1989 "in %s at %lx\n", current->comm, regs->nip);
1990 current->thread.vr_state.vscr.u[3] |= 0x10000;
1993 #endif /* CONFIG_ALTIVEC */
1995 #ifdef CONFIG_FSL_BOOKE
1996 void CacheLockingException(struct pt_regs *regs, unsigned long address,
1997 unsigned long error_code)
1999 /* We treat cache locking instructions from the user
2000 * as priv ops, in the future we could try to do
2003 if (error_code & (ESR_DLK|ESR_ILK))
2004 _exception(SIGILL, regs, ILL_PRVOPC, regs->nip);
2007 #endif /* CONFIG_FSL_BOOKE */
2010 void SPEFloatingPointException(struct pt_regs *regs)
2012 extern int do_spe_mathemu(struct pt_regs *regs);
2013 unsigned long spefscr;
2015 int code = FPE_FLTUNK;
2018 flush_spe_to_thread(current);
2020 spefscr = current->thread.spefscr;
2021 fpexc_mode = current->thread.fpexc_mode;
2023 if ((spefscr & SPEFSCR_FOVF) && (fpexc_mode & PR_FP_EXC_OVF)) {
2026 else if ((spefscr & SPEFSCR_FUNF) && (fpexc_mode & PR_FP_EXC_UND)) {
2029 else if ((spefscr & SPEFSCR_FDBZ) && (fpexc_mode & PR_FP_EXC_DIV))
2031 else if ((spefscr & SPEFSCR_FINV) && (fpexc_mode & PR_FP_EXC_INV)) {
2034 else if ((spefscr & (SPEFSCR_FG | SPEFSCR_FX)) && (fpexc_mode & PR_FP_EXC_RES))
2037 err = do_spe_mathemu(regs);
2039 regs->nip += 4; /* skip emulated instruction */
2040 emulate_single_step(regs);
2044 if (err == -EFAULT) {
2045 /* got an error reading the instruction */
2046 _exception(SIGSEGV, regs, SEGV_ACCERR, regs->nip);
2047 } else if (err == -EINVAL) {
2048 /* didn't recognize the instruction */
2049 printk(KERN_ERR "unrecognized spe instruction "
2050 "in %s at %lx\n", current->comm, regs->nip);
2052 _exception(SIGFPE, regs, code, regs->nip);
2058 void SPEFloatingPointRoundException(struct pt_regs *regs)
2060 extern int speround_handler(struct pt_regs *regs);
2064 if (regs->msr & MSR_SPE)
2065 giveup_spe(current);
2069 err = speround_handler(regs);
2071 regs->nip += 4; /* skip emulated instruction */
2072 emulate_single_step(regs);
2076 if (err == -EFAULT) {
2077 /* got an error reading the instruction */
2078 _exception(SIGSEGV, regs, SEGV_ACCERR, regs->nip);
2079 } else if (err == -EINVAL) {
2080 /* didn't recognize the instruction */
2081 printk(KERN_ERR "unrecognized spe instruction "
2082 "in %s at %lx\n", current->comm, regs->nip);
2084 _exception(SIGFPE, regs, FPE_FLTUNK, regs->nip);
2091 * We enter here if we get an unrecoverable exception, that is, one
2092 * that happened at a point where the RI (recoverable interrupt) bit
2093 * in the MSR is 0. This indicates that SRR0/1 are live, and that
2094 * we therefore lost state by taking this exception.
2096 void unrecoverable_exception(struct pt_regs *regs)
2098 printk(KERN_EMERG "Unrecoverable exception %lx at %lx\n",
2099 regs->trap, regs->nip);
2100 die("Unrecoverable exception", regs, SIGABRT);
2102 NOKPROBE_SYMBOL(unrecoverable_exception);
2104 #if defined(CONFIG_BOOKE_WDT) || defined(CONFIG_40x)
2106 * Default handler for a Watchdog exception,
2107 * spins until a reboot occurs
2109 void __attribute__ ((weak)) WatchdogHandler(struct pt_regs *regs)
2111 /* Generic WatchdogHandler, implement your own */
2112 mtspr(SPRN_TCR, mfspr(SPRN_TCR)&(~TCR_WIE));
2116 void WatchdogException(struct pt_regs *regs)
2118 printk (KERN_EMERG "PowerPC Book-E Watchdog Exception\n");
2119 WatchdogHandler(regs);
2124 * We enter here if we discover during exception entry that we are
2125 * running in supervisor mode with a userspace value in the stack pointer.
2127 void kernel_bad_stack(struct pt_regs *regs)
2129 printk(KERN_EMERG "Bad kernel stack pointer %lx at %lx\n",
2130 regs->gpr[1], regs->nip);
2131 die("Bad kernel stack pointer", regs, SIGABRT);
2133 NOKPROBE_SYMBOL(kernel_bad_stack);
2135 void __init trap_init(void)
2140 #ifdef CONFIG_PPC_EMULATED_STATS
2142 #define WARN_EMULATED_SETUP(type) .type = { .name = #type }
2144 struct ppc_emulated ppc_emulated = {
2145 #ifdef CONFIG_ALTIVEC
2146 WARN_EMULATED_SETUP(altivec),
2148 WARN_EMULATED_SETUP(dcba),
2149 WARN_EMULATED_SETUP(dcbz),
2150 WARN_EMULATED_SETUP(fp_pair),
2151 WARN_EMULATED_SETUP(isel),
2152 WARN_EMULATED_SETUP(mcrxr),
2153 WARN_EMULATED_SETUP(mfpvr),
2154 WARN_EMULATED_SETUP(multiple),
2155 WARN_EMULATED_SETUP(popcntb),
2156 WARN_EMULATED_SETUP(spe),
2157 WARN_EMULATED_SETUP(string),
2158 WARN_EMULATED_SETUP(sync),
2159 WARN_EMULATED_SETUP(unaligned),
2160 #ifdef CONFIG_MATH_EMULATION
2161 WARN_EMULATED_SETUP(math),
2164 WARN_EMULATED_SETUP(vsx),
2167 WARN_EMULATED_SETUP(mfdscr),
2168 WARN_EMULATED_SETUP(mtdscr),
2169 WARN_EMULATED_SETUP(lq_stq),
2170 WARN_EMULATED_SETUP(lxvw4x),
2171 WARN_EMULATED_SETUP(lxvh8x),
2172 WARN_EMULATED_SETUP(lxvd2x),
2173 WARN_EMULATED_SETUP(lxvb16x),
2177 u32 ppc_warn_emulated;
2179 void ppc_warn_emulated_print(const char *type)
2181 pr_warn_ratelimited("%s used emulated %s instruction\n", current->comm,
2185 static int __init ppc_warn_emulated_init(void)
2187 struct dentry *dir, *d;
2189 struct ppc_emulated_entry *entries = (void *)&ppc_emulated;
2191 if (!powerpc_debugfs_root)
2194 dir = debugfs_create_dir("emulated_instructions",
2195 powerpc_debugfs_root);
2199 d = debugfs_create_u32("do_warn", 0644, dir,
2200 &ppc_warn_emulated);
2204 for (i = 0; i < sizeof(ppc_emulated)/sizeof(*entries); i++) {
2205 d = debugfs_create_u32(entries[i].name, 0644, dir,
2206 (u32 *)&entries[i].val.counter);
2214 debugfs_remove_recursive(dir);
2218 device_initcall(ppc_warn_emulated_init);
2220 #endif /* CONFIG_PPC_EMULATED_STATS */
projects / releases.git / blob