2 * Copyright (C) 1995-1996 Gary Thomas (gdt@linuxppc.org)
3 * Copyright 2007-2010 Freescale Semiconductor, Inc.
5 * This program is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU General Public License
7 * as published by the Free Software Foundation; either version
8 * 2 of the License, or (at your option) any later version.
10 * Modified by Cort Dougan (cort@cs.nmt.edu)
11 * and Paul Mackerras (paulus@samba.org)
15 * This file handles the architecture-dependent parts of hardware exceptions
18 #include <linux/errno.h>
19 #include <linux/sched.h>
20 #include <linux/sched/debug.h>
21 #include <linux/kernel.h>
23 #include <linux/pkeys.h>
24 #include <linux/stddef.h>
25 #include <linux/unistd.h>
26 #include <linux/ptrace.h>
27 #include <linux/user.h>
28 #include <linux/interrupt.h>
29 #include <linux/init.h>
30 #include <linux/extable.h>
31 #include <linux/module.h> /* print_modules */
32 #include <linux/prctl.h>
33 #include <linux/delay.h>
34 #include <linux/kprobes.h>
35 #include <linux/kexec.h>
36 #include <linux/backlight.h>
37 #include <linux/bug.h>
38 #include <linux/kdebug.h>
39 #include <linux/ratelimit.h>
40 #include <linux/context_tracking.h>
41 #include <linux/smp.h>
42 #include <linux/console.h>
43 #include <linux/kmsg_dump.h>
45 #include <asm/emulated_ops.h>
46 #include <asm/pgtable.h>
47 #include <linux/uaccess.h>
48 #include <asm/debugfs.h>
50 #include <asm/machdep.h>
54 #ifdef CONFIG_PMAC_BACKLIGHT
55 #include <asm/backlight.h>
58 #include <asm/firmware.h>
59 #include <asm/processor.h>
62 #include <asm/kexec.h>
63 #include <asm/ppc-opcode.h>
65 #include <asm/fadump.h>
66 #include <asm/switch_to.h>
68 #include <asm/debug.h>
69 #include <asm/asm-prototypes.h>
71 #include <sysdev/fsl_pci.h>
72 #include <asm/kprobes.h>
73 #include <asm/stacktrace.h>
75 #if defined(CONFIG_DEBUGGER) || defined(CONFIG_KEXEC_CORE)
76 int (*__debugger)(struct pt_regs *regs) __read_mostly;
77 int (*__debugger_ipi)(struct pt_regs *regs) __read_mostly;
78 int (*__debugger_bpt)(struct pt_regs *regs) __read_mostly;
79 int (*__debugger_sstep)(struct pt_regs *regs) __read_mostly;
80 int (*__debugger_iabr_match)(struct pt_regs *regs) __read_mostly;
81 int (*__debugger_break_match)(struct pt_regs *regs) __read_mostly;
82 int (*__debugger_fault_handler)(struct pt_regs *regs) __read_mostly;
84 EXPORT_SYMBOL(__debugger);
85 EXPORT_SYMBOL(__debugger_ipi);
86 EXPORT_SYMBOL(__debugger_bpt);
87 EXPORT_SYMBOL(__debugger_sstep);
88 EXPORT_SYMBOL(__debugger_iabr_match);
89 EXPORT_SYMBOL(__debugger_break_match);
90 EXPORT_SYMBOL(__debugger_fault_handler);
93 /* Transactional Memory trap debug */
95 #define TM_DEBUG(x...) printk(KERN_INFO x)
97 #define TM_DEBUG(x...) do { } while(0)
100 static const char *signame(int signr)
103 case SIGBUS: return "bus error";
104 case SIGFPE: return "floating point exception";
105 case SIGILL: return "illegal instruction";
106 case SIGSEGV: return "segfault";
107 case SIGTRAP: return "unhandled trap";
110 return "unknown signal";
114 * Trap & Exception support
117 #ifdef CONFIG_PMAC_BACKLIGHT
118 static void pmac_backlight_unblank(void)
120 mutex_lock(&pmac_backlight_mutex);
121 if (pmac_backlight) {
122 struct backlight_properties *props;
124 props = &pmac_backlight->props;
125 props->brightness = props->max_brightness;
126 props->power = FB_BLANK_UNBLANK;
127 backlight_update_status(pmac_backlight);
129 mutex_unlock(&pmac_backlight_mutex);
132 static inline void pmac_backlight_unblank(void) { }
136 * If oops/die is expected to crash the machine, return true here.
138 * This should not be expected to be 100% accurate, there may be
139 * notifiers registered or other unexpected conditions that may bring
140 * down the kernel. Or if the current process in the kernel is holding
141 * locks or has other critical state, the kernel may become effectively
144 bool die_will_crash(void)
146 if (should_fadump_crash())
148 if (kexec_should_crash(current))
150 if (in_interrupt() || panic_on_oops ||
151 !current->pid || is_global_init(current))
157 static arch_spinlock_t die_lock = __ARCH_SPIN_LOCK_UNLOCKED;
158 static int die_owner = -1;
159 static unsigned int die_nest_count;
160 static int die_counter;
162 extern void panic_flush_kmsg_start(void)
165 * These are mostly taken from kernel/panic.c, but tries to do
166 * relatively minimal work. Don't use delay functions (TB may
167 * be broken), don't crash dump (need to set a firmware log),
168 * don't run notifiers. We do want to get some information to
175 extern void panic_flush_kmsg_end(void)
177 printk_safe_flush_on_panic();
178 kmsg_dump(KMSG_DUMP_PANIC);
181 console_flush_on_panic();
184 static unsigned long oops_begin(struct pt_regs *regs)
191 /* racy, but better than risking deadlock. */
192 raw_local_irq_save(flags);
193 cpu = smp_processor_id();
194 if (!arch_spin_trylock(&die_lock)) {
195 if (cpu == die_owner)
196 /* nested oops. should stop eventually */;
198 arch_spin_lock(&die_lock);
204 if (machine_is(powermac))
205 pmac_backlight_unblank();
208 NOKPROBE_SYMBOL(oops_begin);
210 static void oops_end(unsigned long flags, struct pt_regs *regs,
214 add_taint(TAINT_DIE, LOCKDEP_NOW_UNRELIABLE);
218 if (!die_nest_count) {
219 /* Nest count reaches zero, release the lock. */
221 arch_spin_unlock(&die_lock);
223 raw_local_irq_restore(flags);
226 * system_reset_excption handles debugger, crash dump, panic, for 0x100
228 if (TRAP(regs) == 0x100)
231 crash_fadump(regs, "die oops");
233 if (kexec_should_crash(current))
240 * While our oops output is serialised by a spinlock, output
241 * from panic() called below can race and corrupt it. If we
242 * know we are going to panic, delay for 1 second so we have a
243 * chance to get clean backtraces from all CPUs that are oopsing.
245 if (in_interrupt() || panic_on_oops || !current->pid ||
246 is_global_init(current)) {
247 mdelay(MSEC_PER_SEC);
251 panic("Fatal exception in interrupt");
253 panic("Fatal exception");
256 NOKPROBE_SYMBOL(oops_end);
258 static int __die(const char *str, struct pt_regs *regs, long err)
260 printk("Oops: %s, sig: %ld [#%d]\n", str, err, ++die_counter);
262 if (IS_ENABLED(CONFIG_CPU_LITTLE_ENDIAN))
267 if (IS_ENABLED(CONFIG_PREEMPT))
270 if (IS_ENABLED(CONFIG_SMP))
271 pr_cont("SMP NR_CPUS=%d ", NR_CPUS);
273 if (debug_pagealloc_enabled())
274 pr_cont("DEBUG_PAGEALLOC ");
276 if (IS_ENABLED(CONFIG_NUMA))
279 pr_cont("%s\n", ppc_md.name ? ppc_md.name : "");
281 if (notify_die(DIE_OOPS, str, regs, err, 255, SIGSEGV) == NOTIFY_STOP)
289 NOKPROBE_SYMBOL(__die);
291 void die(const char *str, struct pt_regs *regs, long err)
296 * system_reset_excption handles debugger, crash dump, panic, for 0x100
298 if (TRAP(regs) != 0x100) {
303 flags = oops_begin(regs);
304 if (__die(str, regs, err))
306 oops_end(flags, regs, err);
308 NOKPROBE_SYMBOL(die);
310 void user_single_step_siginfo(struct task_struct *tsk,
311 struct pt_regs *regs, siginfo_t *info)
313 info->si_signo = SIGTRAP;
314 info->si_code = TRAP_TRACE;
315 info->si_addr = (void __user *)regs->nip;
318 static void show_signal_msg(int signr, struct pt_regs *regs, int code,
321 static DEFINE_RATELIMIT_STATE(rs, DEFAULT_RATELIMIT_INTERVAL,
322 DEFAULT_RATELIMIT_BURST);
324 if (!show_unhandled_signals)
327 if (!unhandled_signal(current, signr))
330 if (!__ratelimit(&rs))
333 pr_info("%s[%d]: %s (%d) at %lx nip %lx lr %lx code %x",
334 current->comm, current->pid, signame(signr), signr,
335 addr, regs->nip, regs->link, code);
337 print_vma_addr(KERN_CONT " in ", regs->nip);
341 show_user_instructions(regs);
344 void _exception_pkey(int signr, struct pt_regs *regs, int code,
345 unsigned long addr, int key)
349 if (!user_mode(regs)) {
350 die("Exception in kernel mode", regs, signr);
354 show_signal_msg(signr, regs, code, addr);
356 if (arch_irqs_disabled() && !arch_irq_disabled_regs(regs))
359 current->thread.trap_nr = code;
362 * Save all the pkey registers AMR/IAMR/UAMOR. Eg: Core dumps need
363 * to capture the content, if the task gets killed.
365 thread_pkey_regs_save(¤t->thread);
367 clear_siginfo(&info);
368 info.si_signo = signr;
370 info.si_addr = (void __user *) addr;
373 force_sig_info(signr, &info, current);
376 void _exception(int signr, struct pt_regs *regs, int code, unsigned long addr)
378 _exception_pkey(signr, regs, code, addr, 0);
381 void system_reset_exception(struct pt_regs *regs)
384 * Avoid crashes in case of nested NMI exceptions. Recoverability
385 * is determined by RI and in_nmi
387 bool nested = in_nmi();
391 __this_cpu_inc(irq_stat.sreset_irqs);
393 /* See if any machine dependent calls */
394 if (ppc_md.system_reset_exception) {
395 if (ppc_md.system_reset_exception(regs))
403 * A system reset is a request to dump, so we always send
404 * it through the crashdump code (if fadump or kdump are
407 crash_fadump(regs, "System Reset");
412 * We aren't the primary crash CPU. We need to send it
413 * to a holding pattern to avoid it ending up in the panic
416 crash_kexec_secondary(regs);
419 * No debugger or crash dump registered, print logs then
422 die("System Reset", regs, SIGABRT);
424 mdelay(2*MSEC_PER_SEC); /* Wait a little while for others to print */
425 add_taint(TAINT_DIE, LOCKDEP_NOW_UNRELIABLE);
426 nmi_panic(regs, "System Reset");
429 #ifdef CONFIG_PPC_BOOK3S_64
430 BUG_ON(get_paca()->in_nmi == 0);
431 if (get_paca()->in_nmi > 1)
432 nmi_panic(regs, "Unrecoverable nested System Reset");
434 /* Must die if the interrupt is not recoverable */
435 if (!(regs->msr & MSR_RI))
436 nmi_panic(regs, "Unrecoverable System Reset");
441 /* What should we do here? We could issue a shutdown or hard reset. */
445 * I/O accesses can cause machine checks on powermacs.
446 * Check if the NIP corresponds to the address of a sync
447 * instruction for which there is an entry in the exception
449 * Note that the 601 only takes a machine check on TEA
450 * (transfer error ack) signal assertion, and does not
451 * set any of the top 16 bits of SRR1.
454 static inline int check_io_access(struct pt_regs *regs)
457 unsigned long msr = regs->msr;
458 const struct exception_table_entry *entry;
459 unsigned int *nip = (unsigned int *)regs->nip;
461 if (((msr & 0xffff0000) == 0 || (msr & (0x80000 | 0x40000)))
462 && (entry = search_exception_tables(regs->nip)) != NULL) {
464 * Check that it's a sync instruction, or somewhere
465 * in the twi; isync; nop sequence that inb/inw/inl uses.
466 * As the address is in the exception table
467 * we should be able to read the instr there.
468 * For the debug message, we look at the preceding
471 if (*nip == PPC_INST_NOP)
473 else if (*nip == PPC_INST_ISYNC)
475 if (*nip == PPC_INST_SYNC || (*nip >> 26) == OP_TRAP) {
479 rb = (*nip >> 11) & 0x1f;
480 printk(KERN_DEBUG "%s bad port %lx at %p\n",
481 (*nip & 0x100)? "OUT to": "IN from",
482 regs->gpr[rb] - _IO_BASE, nip);
484 regs->nip = extable_fixup(entry);
488 #endif /* CONFIG_PPC32 */
492 #ifdef CONFIG_PPC_ADV_DEBUG_REGS
493 /* On 4xx, the reason for the machine check or program exception
495 #define get_reason(regs) ((regs)->dsisr)
496 #define REASON_FP ESR_FP
497 #define REASON_ILLEGAL (ESR_PIL | ESR_PUO)
498 #define REASON_PRIVILEGED ESR_PPR
499 #define REASON_TRAP ESR_PTR
501 /* single-step stuff */
502 #define single_stepping(regs) (current->thread.debug.dbcr0 & DBCR0_IC)
503 #define clear_single_step(regs) (current->thread.debug.dbcr0 &= ~DBCR0_IC)
504 #define clear_br_trace(regs) do {} while(0)
506 /* On non-4xx, the reason for the machine check or program
507 exception is in the MSR. */
508 #define get_reason(regs) ((regs)->msr)
509 #define REASON_TM SRR1_PROGTM
510 #define REASON_FP SRR1_PROGFPE
511 #define REASON_ILLEGAL SRR1_PROGILL
512 #define REASON_PRIVILEGED SRR1_PROGPRIV
513 #define REASON_TRAP SRR1_PROGTRAP
515 #define single_stepping(regs) ((regs)->msr & MSR_SE)
516 #define clear_single_step(regs) ((regs)->msr &= ~MSR_SE)
517 #define clear_br_trace(regs) ((regs)->msr &= ~MSR_BE)
520 #if defined(CONFIG_E500)
521 int machine_check_e500mc(struct pt_regs *regs)
523 unsigned long mcsr = mfspr(SPRN_MCSR);
524 unsigned long pvr = mfspr(SPRN_PVR);
525 unsigned long reason = mcsr;
528 if (reason & MCSR_LD) {
529 recoverable = fsl_rio_mcheck_exception(regs);
530 if (recoverable == 1)
534 printk("Machine check in kernel mode.\n");
535 printk("Caused by (from MCSR=%lx): ", reason);
537 if (reason & MCSR_MCP)
538 printk("Machine Check Signal\n");
540 if (reason & MCSR_ICPERR) {
541 printk("Instruction Cache Parity Error\n");
544 * This is recoverable by invalidating the i-cache.
546 mtspr(SPRN_L1CSR1, mfspr(SPRN_L1CSR1) | L1CSR1_ICFI);
547 while (mfspr(SPRN_L1CSR1) & L1CSR1_ICFI)
551 * This will generally be accompanied by an instruction
552 * fetch error report -- only treat MCSR_IF as fatal
553 * if it wasn't due to an L1 parity error.
558 if (reason & MCSR_DCPERR_MC) {
559 printk("Data Cache Parity Error\n");
562 * In write shadow mode we auto-recover from the error, but it
563 * may still get logged and cause a machine check. We should
564 * only treat the non-write shadow case as non-recoverable.
566 /* On e6500 core, L1 DCWS (Data cache write shadow mode) bit
567 * is not implemented but L1 data cache always runs in write
568 * shadow mode. Hence on data cache parity errors HW will
569 * automatically invalidate the L1 Data Cache.
571 if (PVR_VER(pvr) != PVR_VER_E6500) {
572 if (!(mfspr(SPRN_L1CSR2) & L1CSR2_DCWS))
577 if (reason & MCSR_L2MMU_MHIT) {
578 printk("Hit on multiple TLB entries\n");
582 if (reason & MCSR_NMI)
583 printk("Non-maskable interrupt\n");
585 if (reason & MCSR_IF) {
586 printk("Instruction Fetch Error Report\n");
590 if (reason & MCSR_LD) {
591 printk("Load Error Report\n");
595 if (reason & MCSR_ST) {
596 printk("Store Error Report\n");
600 if (reason & MCSR_LDG) {
601 printk("Guarded Load Error Report\n");
605 if (reason & MCSR_TLBSYNC)
606 printk("Simultaneous tlbsync operations\n");
608 if (reason & MCSR_BSL2_ERR) {
609 printk("Level 2 Cache Error\n");
613 if (reason & MCSR_MAV) {
616 addr = mfspr(SPRN_MCAR);
617 addr |= (u64)mfspr(SPRN_MCARU) << 32;
619 printk("Machine Check %s Address: %#llx\n",
620 reason & MCSR_MEA ? "Effective" : "Physical", addr);
624 mtspr(SPRN_MCSR, mcsr);
625 return mfspr(SPRN_MCSR) == 0 && recoverable;
628 int machine_check_e500(struct pt_regs *regs)
630 unsigned long reason = mfspr(SPRN_MCSR);
632 if (reason & MCSR_BUS_RBERR) {
633 if (fsl_rio_mcheck_exception(regs))
635 if (fsl_pci_mcheck_exception(regs))
639 printk("Machine check in kernel mode.\n");
640 printk("Caused by (from MCSR=%lx): ", reason);
642 if (reason & MCSR_MCP)
643 printk("Machine Check Signal\n");
644 if (reason & MCSR_ICPERR)
645 printk("Instruction Cache Parity Error\n");
646 if (reason & MCSR_DCP_PERR)
647 printk("Data Cache Push Parity Error\n");
648 if (reason & MCSR_DCPERR)
649 printk("Data Cache Parity Error\n");
650 if (reason & MCSR_BUS_IAERR)
651 printk("Bus - Instruction Address Error\n");
652 if (reason & MCSR_BUS_RAERR)
653 printk("Bus - Read Address Error\n");
654 if (reason & MCSR_BUS_WAERR)
655 printk("Bus - Write Address Error\n");
656 if (reason & MCSR_BUS_IBERR)
657 printk("Bus - Instruction Data Error\n");
658 if (reason & MCSR_BUS_RBERR)
659 printk("Bus - Read Data Bus Error\n");
660 if (reason & MCSR_BUS_WBERR)
661 printk("Bus - Write Data Bus Error\n");
662 if (reason & MCSR_BUS_IPERR)
663 printk("Bus - Instruction Parity Error\n");
664 if (reason & MCSR_BUS_RPERR)
665 printk("Bus - Read Parity Error\n");
670 int machine_check_generic(struct pt_regs *regs)
674 #elif defined(CONFIG_E200)
675 int machine_check_e200(struct pt_regs *regs)
677 unsigned long reason = mfspr(SPRN_MCSR);
679 printk("Machine check in kernel mode.\n");
680 printk("Caused by (from MCSR=%lx): ", reason);
682 if (reason & MCSR_MCP)
683 printk("Machine Check Signal\n");
684 if (reason & MCSR_CP_PERR)
685 printk("Cache Push Parity Error\n");
686 if (reason & MCSR_CPERR)
687 printk("Cache Parity Error\n");
688 if (reason & MCSR_EXCP_ERR)
689 printk("ISI, ITLB, or Bus Error on first instruction fetch for an exception handler\n");
690 if (reason & MCSR_BUS_IRERR)
691 printk("Bus - Read Bus Error on instruction fetch\n");
692 if (reason & MCSR_BUS_DRERR)
693 printk("Bus - Read Bus Error on data load\n");
694 if (reason & MCSR_BUS_WRERR)
695 printk("Bus - Write Bus Error on buffered store or cache line push\n");
699 #elif defined(CONFIG_PPC32)
700 int machine_check_generic(struct pt_regs *regs)
702 unsigned long reason = regs->msr;
704 printk("Machine check in kernel mode.\n");
705 printk("Caused by (from SRR1=%lx): ", reason);
706 switch (reason & 0x601F0000) {
708 printk("Machine check signal\n");
710 case 0: /* for 601 */
712 case 0x140000: /* 7450 MSS error and TEA */
713 printk("Transfer error ack signal\n");
716 printk("Data parity error signal\n");
719 printk("Address parity error signal\n");
722 printk("L1 Data Cache error\n");
725 printk("L1 Instruction Cache error\n");
728 printk("L2 data cache parity error\n");
731 printk("Unknown values in msr\n");
735 #endif /* everything else */
737 void machine_check_exception(struct pt_regs *regs)
740 bool nested = in_nmi();
744 /* 64s accounts the mce in machine_check_early when in HVMODE */
745 if (!IS_ENABLED(CONFIG_PPC_BOOK3S_64) || !cpu_has_feature(CPU_FTR_HVMODE))
746 __this_cpu_inc(irq_stat.mce_exceptions);
748 add_taint(TAINT_MACHINE_CHECK, LOCKDEP_NOW_UNRELIABLE);
750 /* See if any machine dependent calls. In theory, we would want
751 * to call the CPU first, and call the ppc_md. one if the CPU
752 * one returns a positive number. However there is existing code
753 * that assumes the board gets a first chance, so let's keep it
754 * that way for now and fix things later. --BenH.
756 if (ppc_md.machine_check_exception)
757 recover = ppc_md.machine_check_exception(regs);
758 else if (cur_cpu_spec->machine_check)
759 recover = cur_cpu_spec->machine_check(regs);
764 if (debugger_fault_handler(regs))
767 if (check_io_access(regs))
770 die("Machine check", regs, SIGBUS);
772 /* Must die if the interrupt is not recoverable */
773 if (!(regs->msr & MSR_RI))
774 nmi_panic(regs, "Unrecoverable Machine check");
781 void SMIException(struct pt_regs *regs)
783 die("System Management Interrupt", regs, SIGABRT);
787 static void p9_hmi_special_emu(struct pt_regs *regs)
789 unsigned int ra, rb, t, i, sel, instr, rc;
790 const void __user *addr;
792 unsigned long ea, msr, msr_mask;
795 if (__get_user_inatomic(instr, (unsigned int __user *)regs->nip))
799 * lxvb16x opcode: 0x7c0006d8
800 * lxvd2x opcode: 0x7c000698
801 * lxvh8x opcode: 0x7c000658
802 * lxvw4x opcode: 0x7c000618
804 if ((instr & 0xfc00073e) != 0x7c000618) {
805 pr_devel("HMI vec emu: not vector CI %i:%s[%d] nip=%016lx"
807 smp_processor_id(), current->comm, current->pid,
812 /* Grab vector registers into the task struct */
813 msr = regs->msr; /* Grab msr before we flush the bits */
814 flush_vsx_to_thread(current);
815 enable_kernel_altivec();
818 * Is userspace running with a different endian (this is rare but
821 swap = (msr & MSR_LE) != (MSR_KERNEL & MSR_LE);
823 /* Decode the instruction */
824 ra = (instr >> 16) & 0x1f;
825 rb = (instr >> 11) & 0x1f;
826 t = (instr >> 21) & 0x1f;
828 vdst = (u8 *)¤t->thread.vr_state.vr[t];
830 vdst = (u8 *)¤t->thread.fp_state.fpr[t][0];
832 /* Grab the vector address */
833 ea = regs->gpr[rb] + (ra ? regs->gpr[ra] : 0);
836 addr = (__force const void __user *)ea;
839 if (!access_ok(VERIFY_READ, addr, 16)) {
840 pr_devel("HMI vec emu: bad access %i:%s[%d] nip=%016lx"
841 " instr=%08x addr=%016lx\n",
842 smp_processor_id(), current->comm, current->pid,
843 regs->nip, instr, (unsigned long)addr);
847 /* Read the vector */
849 if ((unsigned long)addr & 0xfUL)
851 rc = __copy_from_user_inatomic(vbuf, addr, 16);
853 __get_user_atomic_128_aligned(vbuf, addr, rc);
855 pr_devel("HMI vec emu: page fault %i:%s[%d] nip=%016lx"
856 " instr=%08x addr=%016lx\n",
857 smp_processor_id(), current->comm, current->pid,
858 regs->nip, instr, (unsigned long)addr);
862 pr_devel("HMI vec emu: emulated vector CI %i:%s[%d] nip=%016lx"
863 " instr=%08x addr=%016lx\n",
864 smp_processor_id(), current->comm, current->pid, regs->nip,
865 instr, (unsigned long) addr);
867 /* Grab instruction "selector" */
868 sel = (instr >> 6) & 3;
871 * Check to make sure the facility is actually enabled. This
872 * could happen if we get a false positive hit.
874 * lxvd2x/lxvw4x always check MSR VSX sel = 0,2
875 * lxvh8x/lxvb16x check MSR VSX or VEC depending on VSR used sel = 1,3
878 if ((sel & 1) && (instr & 1)) /* lxvh8x & lxvb16x + VSR >= 32 */
880 if (!(msr & msr_mask)) {
881 pr_devel("HMI vec emu: MSR fac clear %i:%s[%d] nip=%016lx"
882 " instr=%08x msr:%016lx\n",
883 smp_processor_id(), current->comm, current->pid,
884 regs->nip, instr, msr);
888 /* Do logging here before we modify sel based on endian */
891 PPC_WARN_EMULATED(lxvw4x, regs);
894 PPC_WARN_EMULATED(lxvh8x, regs);
897 PPC_WARN_EMULATED(lxvd2x, regs);
899 case 3: /* lxvb16x */
900 PPC_WARN_EMULATED(lxvb16x, regs);
904 #ifdef __LITTLE_ENDIAN__
906 * An LE kernel stores the vector in the task struct as an LE
907 * byte array (effectively swapping both the components and
908 * the content of the components). Those instructions expect
909 * the components to remain in ascending address order, so we
912 * If we are running a BE user space, the expectation is that
913 * of a simple memcpy, so forcing the emulation to look like
914 * a lxvb16x should do the trick.
921 for (i = 0; i < 4; i++)
922 ((u32 *)vdst)[i] = ((u32 *)vbuf)[3-i];
925 for (i = 0; i < 8; i++)
926 ((u16 *)vdst)[i] = ((u16 *)vbuf)[7-i];
929 for (i = 0; i < 2; i++)
930 ((u64 *)vdst)[i] = ((u64 *)vbuf)[1-i];
932 case 3: /* lxvb16x */
933 for (i = 0; i < 16; i++)
934 vdst[i] = vbuf[15-i];
937 #else /* __LITTLE_ENDIAN__ */
938 /* On a big endian kernel, a BE userspace only needs a memcpy */
942 /* Otherwise, we need to swap the content of the components */
945 for (i = 0; i < 4; i++)
946 ((u32 *)vdst)[i] = cpu_to_le32(((u32 *)vbuf)[i]);
949 for (i = 0; i < 8; i++)
950 ((u16 *)vdst)[i] = cpu_to_le16(((u16 *)vbuf)[i]);
953 for (i = 0; i < 2; i++)
954 ((u64 *)vdst)[i] = cpu_to_le64(((u64 *)vbuf)[i]);
956 case 3: /* lxvb16x */
957 memcpy(vdst, vbuf, 16);
960 #endif /* !__LITTLE_ENDIAN__ */
962 /* Go to next instruction */
965 #endif /* CONFIG_VSX */
967 void handle_hmi_exception(struct pt_regs *regs)
969 struct pt_regs *old_regs;
971 old_regs = set_irq_regs(regs);
975 /* Real mode flagged P9 special emu is needed */
976 if (local_paca->hmi_p9_special_emu) {
977 local_paca->hmi_p9_special_emu = 0;
980 * We don't want to take page faults while doing the
981 * emulation, we just replay the instruction if necessary.
984 p9_hmi_special_emu(regs);
987 #endif /* CONFIG_VSX */
989 if (ppc_md.handle_hmi_exception)
990 ppc_md.handle_hmi_exception(regs);
993 set_irq_regs(old_regs);
996 void unknown_exception(struct pt_regs *regs)
998 enum ctx_state prev_state = exception_enter();
1000 printk("Bad trap at PC: %lx, SR: %lx, vector=%lx\n",
1001 regs->nip, regs->msr, regs->trap);
1003 _exception(SIGTRAP, regs, TRAP_UNK, 0);
1005 exception_exit(prev_state);
1008 void instruction_breakpoint_exception(struct pt_regs *regs)
1010 enum ctx_state prev_state = exception_enter();
1012 if (notify_die(DIE_IABR_MATCH, "iabr_match", regs, 5,
1013 5, SIGTRAP) == NOTIFY_STOP)
1015 if (debugger_iabr_match(regs))
1017 _exception(SIGTRAP, regs, TRAP_BRKPT, regs->nip);
1020 exception_exit(prev_state);
1023 void RunModeException(struct pt_regs *regs)
1025 _exception(SIGTRAP, regs, TRAP_UNK, 0);
1028 void single_step_exception(struct pt_regs *regs)
1030 enum ctx_state prev_state = exception_enter();
1032 clear_single_step(regs);
1033 clear_br_trace(regs);
1035 if (kprobe_post_handler(regs))
1038 if (notify_die(DIE_SSTEP, "single_step", regs, 5,
1039 5, SIGTRAP) == NOTIFY_STOP)
1041 if (debugger_sstep(regs))
1044 _exception(SIGTRAP, regs, TRAP_TRACE, regs->nip);
1047 exception_exit(prev_state);
1049 NOKPROBE_SYMBOL(single_step_exception);
1052 * After we have successfully emulated an instruction, we have to
1053 * check if the instruction was being single-stepped, and if so,
1054 * pretend we got a single-step exception. This was pointed out
1055 * by Kumar Gala. -- paulus
1057 static void emulate_single_step(struct pt_regs *regs)
1059 if (single_stepping(regs))
1060 single_step_exception(regs);
1063 static inline int __parse_fpscr(unsigned long fpscr)
1065 int ret = FPE_FLTUNK;
1067 /* Invalid operation */
1068 if ((fpscr & FPSCR_VE) && (fpscr & FPSCR_VX))
1072 else if ((fpscr & FPSCR_OE) && (fpscr & FPSCR_OX))
1076 else if ((fpscr & FPSCR_UE) && (fpscr & FPSCR_UX))
1079 /* Divide by zero */
1080 else if ((fpscr & FPSCR_ZE) && (fpscr & FPSCR_ZX))
1083 /* Inexact result */
1084 else if ((fpscr & FPSCR_XE) && (fpscr & FPSCR_XX))
1090 static void parse_fpe(struct pt_regs *regs)
1094 flush_fp_to_thread(current);
1096 code = __parse_fpscr(current->thread.fp_state.fpscr);
1098 _exception(SIGFPE, regs, code, regs->nip);
1102 * Illegal instruction emulation support. Originally written to
1103 * provide the PVR to user applications using the mfspr rd, PVR.
1104 * Return non-zero if we can't emulate, or -EFAULT if the associated
1105 * memory access caused an access fault. Return zero on success.
1107 * There are a couple of ways to do this, either "decode" the instruction
1108 * or directly match lots of bits. In this case, matching lots of
1109 * bits is faster and easier.
1112 static int emulate_string_inst(struct pt_regs *regs, u32 instword)
1114 u8 rT = (instword >> 21) & 0x1f;
1115 u8 rA = (instword >> 16) & 0x1f;
1116 u8 NB_RB = (instword >> 11) & 0x1f;
1121 /* Early out if we are an invalid form of lswx */
1122 if ((instword & PPC_INST_STRING_MASK) == PPC_INST_LSWX)
1123 if ((rT == rA) || (rT == NB_RB))
1126 EA = (rA == 0) ? 0 : regs->gpr[rA];
1128 switch (instword & PPC_INST_STRING_MASK) {
1130 case PPC_INST_STSWX:
1132 num_bytes = regs->xer & 0x7f;
1135 case PPC_INST_STSWI:
1136 num_bytes = (NB_RB == 0) ? 32 : NB_RB;
1142 while (num_bytes != 0)
1145 u32 shift = 8 * (3 - (pos & 0x3));
1147 /* if process is 32-bit, clear upper 32 bits of EA */
1148 if ((regs->msr & MSR_64BIT) == 0)
1151 switch ((instword & PPC_INST_STRING_MASK)) {
1154 if (get_user(val, (u8 __user *)EA))
1156 /* first time updating this reg,
1160 regs->gpr[rT] |= val << shift;
1162 case PPC_INST_STSWI:
1163 case PPC_INST_STSWX:
1164 val = regs->gpr[rT] >> shift;
1165 if (put_user(val, (u8 __user *)EA))
1169 /* move EA to next address */
1173 /* manage our position within the register */
1184 static int emulate_popcntb_inst(struct pt_regs *regs, u32 instword)
1189 ra = (instword >> 16) & 0x1f;
1190 rs = (instword >> 21) & 0x1f;
1192 tmp = regs->gpr[rs];
1193 tmp = tmp - ((tmp >> 1) & 0x5555555555555555ULL);
1194 tmp = (tmp & 0x3333333333333333ULL) + ((tmp >> 2) & 0x3333333333333333ULL);
1195 tmp = (tmp + (tmp >> 4)) & 0x0f0f0f0f0f0f0f0fULL;
1196 regs->gpr[ra] = tmp;
1201 static int emulate_isel(struct pt_regs *regs, u32 instword)
1203 u8 rT = (instword >> 21) & 0x1f;
1204 u8 rA = (instword >> 16) & 0x1f;
1205 u8 rB = (instword >> 11) & 0x1f;
1206 u8 BC = (instword >> 6) & 0x1f;
1210 tmp = (rA == 0) ? 0 : regs->gpr[rA];
1211 bit = (regs->ccr >> (31 - BC)) & 0x1;
1213 regs->gpr[rT] = bit ? tmp : regs->gpr[rB];
1218 #ifdef CONFIG_PPC_TRANSACTIONAL_MEM
1219 static inline bool tm_abort_check(struct pt_regs *regs, int cause)
1221 /* If we're emulating a load/store in an active transaction, we cannot
1222 * emulate it as the kernel operates in transaction suspended context.
1223 * We need to abort the transaction. This creates a persistent TM
1224 * abort so tell the user what caused it with a new code.
1226 if (MSR_TM_TRANSACTIONAL(regs->msr)) {
1234 static inline bool tm_abort_check(struct pt_regs *regs, int reason)
1240 static int emulate_instruction(struct pt_regs *regs)
1245 if (!user_mode(regs))
1247 CHECK_FULL_REGS(regs);
1249 if (get_user(instword, (u32 __user *)(regs->nip)))
1252 /* Emulate the mfspr rD, PVR. */
1253 if ((instword & PPC_INST_MFSPR_PVR_MASK) == PPC_INST_MFSPR_PVR) {
1254 PPC_WARN_EMULATED(mfpvr, regs);
1255 rd = (instword >> 21) & 0x1f;
1256 regs->gpr[rd] = mfspr(SPRN_PVR);
1260 /* Emulating the dcba insn is just a no-op. */
1261 if ((instword & PPC_INST_DCBA_MASK) == PPC_INST_DCBA) {
1262 PPC_WARN_EMULATED(dcba, regs);
1266 /* Emulate the mcrxr insn. */
1267 if ((instword & PPC_INST_MCRXR_MASK) == PPC_INST_MCRXR) {
1268 int shift = (instword >> 21) & 0x1c;
1269 unsigned long msk = 0xf0000000UL >> shift;
1271 PPC_WARN_EMULATED(mcrxr, regs);
1272 regs->ccr = (regs->ccr & ~msk) | ((regs->xer >> shift) & msk);
1273 regs->xer &= ~0xf0000000UL;
1277 /* Emulate load/store string insn. */
1278 if ((instword & PPC_INST_STRING_GEN_MASK) == PPC_INST_STRING) {
1279 if (tm_abort_check(regs,
1280 TM_CAUSE_EMULATE | TM_CAUSE_PERSISTENT))
1282 PPC_WARN_EMULATED(string, regs);
1283 return emulate_string_inst(regs, instword);
1286 /* Emulate the popcntb (Population Count Bytes) instruction. */
1287 if ((instword & PPC_INST_POPCNTB_MASK) == PPC_INST_POPCNTB) {
1288 PPC_WARN_EMULATED(popcntb, regs);
1289 return emulate_popcntb_inst(regs, instword);
1292 /* Emulate isel (Integer Select) instruction */
1293 if ((instword & PPC_INST_ISEL_MASK) == PPC_INST_ISEL) {
1294 PPC_WARN_EMULATED(isel, regs);
1295 return emulate_isel(regs, instword);
1298 /* Emulate sync instruction variants */
1299 if ((instword & PPC_INST_SYNC_MASK) == PPC_INST_SYNC) {
1300 PPC_WARN_EMULATED(sync, regs);
1301 asm volatile("sync");
1306 /* Emulate the mfspr rD, DSCR. */
1307 if ((((instword & PPC_INST_MFSPR_DSCR_USER_MASK) ==
1308 PPC_INST_MFSPR_DSCR_USER) ||
1309 ((instword & PPC_INST_MFSPR_DSCR_MASK) ==
1310 PPC_INST_MFSPR_DSCR)) &&
1311 cpu_has_feature(CPU_FTR_DSCR)) {
1312 PPC_WARN_EMULATED(mfdscr, regs);
1313 rd = (instword >> 21) & 0x1f;
1314 regs->gpr[rd] = mfspr(SPRN_DSCR);
1317 /* Emulate the mtspr DSCR, rD. */
1318 if ((((instword & PPC_INST_MTSPR_DSCR_USER_MASK) ==
1319 PPC_INST_MTSPR_DSCR_USER) ||
1320 ((instword & PPC_INST_MTSPR_DSCR_MASK) ==
1321 PPC_INST_MTSPR_DSCR)) &&
1322 cpu_has_feature(CPU_FTR_DSCR)) {
1323 PPC_WARN_EMULATED(mtdscr, regs);
1324 rd = (instword >> 21) & 0x1f;
1325 current->thread.dscr = regs->gpr[rd];
1326 current->thread.dscr_inherit = 1;
1327 mtspr(SPRN_DSCR, current->thread.dscr);
1335 int is_valid_bugaddr(unsigned long addr)
1337 return is_kernel_addr(addr);
1340 #ifdef CONFIG_MATH_EMULATION
1341 static int emulate_math(struct pt_regs *regs)
1344 extern int do_mathemu(struct pt_regs *regs);
1346 ret = do_mathemu(regs);
1348 PPC_WARN_EMULATED(math, regs);
1352 emulate_single_step(regs);
1356 code = __parse_fpscr(current->thread.fp_state.fpscr);
1357 _exception(SIGFPE, regs, code, regs->nip);
1361 _exception(SIGSEGV, regs, SEGV_MAPERR, regs->nip);
1368 static inline int emulate_math(struct pt_regs *regs) { return -1; }
1371 void program_check_exception(struct pt_regs *regs)
1373 enum ctx_state prev_state = exception_enter();
1374 unsigned int reason = get_reason(regs);
1376 /* We can now get here via a FP Unavailable exception if the core
1377 * has no FPU, in that case the reason flags will be 0 */
1379 if (reason & REASON_FP) {
1380 /* IEEE FP exception */
1384 if (reason & REASON_TRAP) {
1385 unsigned long bugaddr;
1386 /* Debugger is first in line to stop recursive faults in
1387 * rcu_lock, notify_die, or atomic_notifier_call_chain */
1388 if (debugger_bpt(regs))
1391 if (kprobe_handler(regs))
1394 /* trap exception */
1395 if (notify_die(DIE_BPT, "breakpoint", regs, 5, 5, SIGTRAP)
1399 bugaddr = regs->nip;
1401 * Fixup bugaddr for BUG_ON() in real mode
1403 if (!is_kernel_addr(bugaddr) && !(regs->msr & MSR_IR))
1404 bugaddr += PAGE_OFFSET;
1406 if (!(regs->msr & MSR_PR) && /* not user-mode */
1407 report_bug(bugaddr, regs) == BUG_TRAP_TYPE_WARN) {
1411 _exception(SIGTRAP, regs, TRAP_BRKPT, regs->nip);
1414 #ifdef CONFIG_PPC_TRANSACTIONAL_MEM
1415 if (reason & REASON_TM) {
1416 /* This is a TM "Bad Thing Exception" program check.
1418 * - An rfid/hrfid/mtmsrd attempts to cause an illegal
1419 * transition in TM states.
1420 * - A trechkpt is attempted when transactional.
1421 * - A treclaim is attempted when non transactional.
1422 * - A tend is illegally attempted.
1423 * - writing a TM SPR when transactional.
1425 * If usermode caused this, it's done something illegal and
1426 * gets a SIGILL slap on the wrist. We call it an illegal
1427 * operand to distinguish from the instruction just being bad
1428 * (e.g. executing a 'tend' on a CPU without TM!); it's an
1429 * illegal /placement/ of a valid instruction.
1431 if (user_mode(regs)) {
1432 _exception(SIGILL, regs, ILL_ILLOPN, regs->nip);
1435 printk(KERN_EMERG "Unexpected TM Bad Thing exception "
1436 "at %lx (msr 0x%x)\n", regs->nip, reason);
1437 die("Unrecoverable exception", regs, SIGABRT);
1443 * If we took the program check in the kernel skip down to sending a
1444 * SIGILL. The subsequent cases all relate to emulating instructions
1445 * which we should only do for userspace. We also do not want to enable
1446 * interrupts for kernel faults because that might lead to further
1447 * faults, and loose the context of the original exception.
1449 if (!user_mode(regs))
1452 /* We restore the interrupt state now */
1453 if (!arch_irq_disabled_regs(regs))
1456 /* (reason & REASON_ILLEGAL) would be the obvious thing here,
1457 * but there seems to be a hardware bug on the 405GP (RevD)
1458 * that means ESR is sometimes set incorrectly - either to
1459 * ESR_DST (!?) or 0. In the process of chasing this with the
1460 * hardware people - not sure if it can happen on any illegal
1461 * instruction or only on FP instructions, whether there is a
1462 * pattern to occurrences etc. -dgibson 31/Mar/2003
1464 if (!emulate_math(regs))
1467 /* Try to emulate it if we should. */
1468 if (reason & (REASON_ILLEGAL | REASON_PRIVILEGED)) {
1469 switch (emulate_instruction(regs)) {
1472 emulate_single_step(regs);
1475 _exception(SIGSEGV, regs, SEGV_MAPERR, regs->nip);
1481 if (reason & REASON_PRIVILEGED)
1482 _exception(SIGILL, regs, ILL_PRVOPC, regs->nip);
1484 _exception(SIGILL, regs, ILL_ILLOPC, regs->nip);
1487 exception_exit(prev_state);
1489 NOKPROBE_SYMBOL(program_check_exception);
1492 * This occurs when running in hypervisor mode on POWER6 or later
1493 * and an illegal instruction is encountered.
1495 void emulation_assist_interrupt(struct pt_regs *regs)
1497 regs->msr |= REASON_ILLEGAL;
1498 program_check_exception(regs);
1500 NOKPROBE_SYMBOL(emulation_assist_interrupt);
1502 void alignment_exception(struct pt_regs *regs)
1504 enum ctx_state prev_state = exception_enter();
1505 int sig, code, fixed = 0;
1507 /* We restore the interrupt state now */
1508 if (!arch_irq_disabled_regs(regs))
1511 if (tm_abort_check(regs, TM_CAUSE_ALIGNMENT | TM_CAUSE_PERSISTENT))
1514 /* we don't implement logging of alignment exceptions */
1515 if (!(current->thread.align_ctl & PR_UNALIGN_SIGBUS))
1516 fixed = fix_alignment(regs);
1519 regs->nip += 4; /* skip over emulated instruction */
1520 emulate_single_step(regs);
1524 /* Operand address was bad */
1525 if (fixed == -EFAULT) {
1532 if (user_mode(regs))
1533 _exception(sig, regs, code, regs->dar);
1535 bad_page_fault(regs, regs->dar, sig);
1538 exception_exit(prev_state);
1541 void StackOverflow(struct pt_regs *regs)
1543 printk(KERN_CRIT "Kernel stack overflow in process %p, r1=%lx\n",
1544 current, regs->gpr[1]);
1547 panic("kernel stack overflow");
1550 void nonrecoverable_exception(struct pt_regs *regs)
1552 printk(KERN_ERR "Non-recoverable exception at PC=%lx MSR=%lx\n",
1553 regs->nip, regs->msr);
1555 die("nonrecoverable exception", regs, SIGKILL);
1558 void kernel_fp_unavailable_exception(struct pt_regs *regs)
1560 enum ctx_state prev_state = exception_enter();
1562 printk(KERN_EMERG "Unrecoverable FP Unavailable Exception "
1563 "%lx at %lx\n", regs->trap, regs->nip);
1564 die("Unrecoverable FP Unavailable Exception", regs, SIGABRT);
1566 exception_exit(prev_state);
1569 void altivec_unavailable_exception(struct pt_regs *regs)
1571 enum ctx_state prev_state = exception_enter();
1573 if (user_mode(regs)) {
1574 /* A user program has executed an altivec instruction,
1575 but this kernel doesn't support altivec. */
1576 _exception(SIGILL, regs, ILL_ILLOPC, regs->nip);
1580 printk(KERN_EMERG "Unrecoverable VMX/Altivec Unavailable Exception "
1581 "%lx at %lx\n", regs->trap, regs->nip);
1582 die("Unrecoverable VMX/Altivec Unavailable Exception", regs, SIGABRT);
1585 exception_exit(prev_state);
1588 void vsx_unavailable_exception(struct pt_regs *regs)
1590 if (user_mode(regs)) {
1591 /* A user program has executed an vsx instruction,
1592 but this kernel doesn't support vsx. */
1593 _exception(SIGILL, regs, ILL_ILLOPC, regs->nip);
1597 printk(KERN_EMERG "Unrecoverable VSX Unavailable Exception "
1598 "%lx at %lx\n", regs->trap, regs->nip);
1599 die("Unrecoverable VSX Unavailable Exception", regs, SIGABRT);
1603 static void tm_unavailable(struct pt_regs *regs)
1605 #ifdef CONFIG_PPC_TRANSACTIONAL_MEM
1606 if (user_mode(regs)) {
1607 current->thread.load_tm++;
1608 regs->msr |= MSR_TM;
1610 tm_restore_sprs(¤t->thread);
1614 pr_emerg("Unrecoverable TM Unavailable Exception "
1615 "%lx at %lx\n", regs->trap, regs->nip);
1616 die("Unrecoverable TM Unavailable Exception", regs, SIGABRT);
1619 void facility_unavailable_exception(struct pt_regs *regs)
1621 static char *facility_strings[] = {
1622 [FSCR_FP_LG] = "FPU",
1623 [FSCR_VECVSX_LG] = "VMX/VSX",
1624 [FSCR_DSCR_LG] = "DSCR",
1625 [FSCR_PM_LG] = "PMU SPRs",
1626 [FSCR_BHRB_LG] = "BHRB",
1627 [FSCR_TM_LG] = "TM",
1628 [FSCR_EBB_LG] = "EBB",
1629 [FSCR_TAR_LG] = "TAR",
1630 [FSCR_MSGP_LG] = "MSGP",
1631 [FSCR_SCV_LG] = "SCV",
1633 char *facility = "unknown";
1639 hv = (TRAP(regs) == 0xf80);
1641 value = mfspr(SPRN_HFSCR);
1643 value = mfspr(SPRN_FSCR);
1645 status = value >> 56;
1646 if ((hv || status >= 2) &&
1647 (status < ARRAY_SIZE(facility_strings)) &&
1648 facility_strings[status])
1649 facility = facility_strings[status];
1651 /* We should not have taken this interrupt in kernel */
1652 if (!user_mode(regs)) {
1653 pr_emerg("Facility '%s' unavailable (%d) exception in kernel mode at %lx\n",
1654 facility, status, regs->nip);
1655 die("Unexpected facility unavailable exception", regs, SIGABRT);
1658 /* We restore the interrupt state now */
1659 if (!arch_irq_disabled_regs(regs))
1662 if (status == FSCR_DSCR_LG) {
1664 * User is accessing the DSCR register using the problem
1665 * state only SPR number (0x03) either through a mfspr or
1666 * a mtspr instruction. If it is a write attempt through
1667 * a mtspr, then we set the inherit bit. This also allows
1668 * the user to write or read the register directly in the
1669 * future by setting via the FSCR DSCR bit. But in case it
1670 * is a read DSCR attempt through a mfspr instruction, we
1671 * just emulate the instruction instead. This code path will
1672 * always emulate all the mfspr instructions till the user
1673 * has attempted at least one mtspr instruction. This way it
1674 * preserves the same behaviour when the user is accessing
1675 * the DSCR through privilege level only SPR number (0x11)
1676 * which is emulated through illegal instruction exception.
1677 * We always leave HFSCR DSCR set.
1679 if (get_user(instword, (u32 __user *)(regs->nip))) {
1680 pr_err("Failed to fetch the user instruction\n");
1684 /* Write into DSCR (mtspr 0x03, RS) */
1685 if ((instword & PPC_INST_MTSPR_DSCR_USER_MASK)
1686 == PPC_INST_MTSPR_DSCR_USER) {
1687 rd = (instword >> 21) & 0x1f;
1688 current->thread.dscr = regs->gpr[rd];
1689 current->thread.dscr_inherit = 1;
1690 current->thread.fscr |= FSCR_DSCR;
1691 mtspr(SPRN_FSCR, current->thread.fscr);
1694 /* Read from DSCR (mfspr RT, 0x03) */
1695 if ((instword & PPC_INST_MFSPR_DSCR_USER_MASK)
1696 == PPC_INST_MFSPR_DSCR_USER) {
1697 if (emulate_instruction(regs)) {
1698 pr_err("DSCR based mfspr emulation failed\n");
1702 emulate_single_step(regs);
1707 if (status == FSCR_TM_LG) {
1709 * If we're here then the hardware is TM aware because it
1710 * generated an exception with FSRM_TM set.
1712 * If cpu_has_feature(CPU_FTR_TM) is false, then either firmware
1713 * told us not to do TM, or the kernel is not built with TM
1716 * If both of those things are true, then userspace can spam the
1717 * console by triggering the printk() below just by continually
1718 * doing tbegin (or any TM instruction). So in that case just
1719 * send the process a SIGILL immediately.
1721 if (!cpu_has_feature(CPU_FTR_TM))
1724 tm_unavailable(regs);
1728 pr_err_ratelimited("%sFacility '%s' unavailable (%d), exception at 0x%lx, MSR=%lx\n",
1729 hv ? "Hypervisor " : "", facility, status, regs->nip, regs->msr);
1732 _exception(SIGILL, regs, ILL_ILLOPC, regs->nip);
1736 #ifdef CONFIG_PPC_TRANSACTIONAL_MEM
1738 void fp_unavailable_tm(struct pt_regs *regs)
1740 /* Note: This does not handle any kind of FP laziness. */
1742 TM_DEBUG("FP Unavailable trap whilst transactional at 0x%lx, MSR=%lx\n",
1743 regs->nip, regs->msr);
1745 /* We can only have got here if the task started using FP after
1746 * beginning the transaction. So, the transactional regs are just a
1747 * copy of the checkpointed ones. But, we still need to recheckpoint
1748 * as we're enabling FP for the process; it will return, abort the
1749 * transaction, and probably retry but now with FP enabled. So the
1750 * checkpointed FP registers need to be loaded.
1752 tm_reclaim_current(TM_CAUSE_FAC_UNAV);
1753 /* Reclaim didn't save out any FPRs to transact_fprs. */
1755 /* Enable FP for the task: */
1756 current->thread.load_fp = 1;
1758 /* This loads and recheckpoints the FP registers from
1759 * thread.fpr[]. They will remain in registers after the
1760 * checkpoint so we don't need to reload them after.
1761 * If VMX is in use, the VRs now hold checkpointed values,
1762 * so we don't want to load the VRs from the thread_struct.
1764 tm_recheckpoint(¤t->thread);
1767 void altivec_unavailable_tm(struct pt_regs *regs)
1769 /* See the comments in fp_unavailable_tm(). This function operates
1773 TM_DEBUG("Vector Unavailable trap whilst transactional at 0x%lx,"
1775 regs->nip, regs->msr);
1776 tm_reclaim_current(TM_CAUSE_FAC_UNAV);
1777 current->thread.load_vec = 1;
1778 tm_recheckpoint(¤t->thread);
1779 current->thread.used_vr = 1;
1782 void vsx_unavailable_tm(struct pt_regs *regs)
1784 /* See the comments in fp_unavailable_tm(). This works similarly,
1785 * though we're loading both FP and VEC registers in here.
1787 * If FP isn't in use, load FP regs. If VEC isn't in use, load VEC
1788 * regs. Either way, set MSR_VSX.
1791 TM_DEBUG("VSX Unavailable trap whilst transactional at 0x%lx,"
1793 regs->nip, regs->msr);
1795 current->thread.used_vsr = 1;
1797 /* This reclaims FP and/or VR regs if they're already enabled */
1798 tm_reclaim_current(TM_CAUSE_FAC_UNAV);
1800 current->thread.load_vec = 1;
1801 current->thread.load_fp = 1;
1803 tm_recheckpoint(¤t->thread);
1805 #endif /* CONFIG_PPC_TRANSACTIONAL_MEM */
1807 void performance_monitor_exception(struct pt_regs *regs)
1809 __this_cpu_inc(irq_stat.pmu_irqs);
1814 #ifdef CONFIG_PPC_ADV_DEBUG_REGS
1815 static void handle_debug(struct pt_regs *regs, unsigned long debug_status)
1819 * Determine the cause of the debug event, clear the
1820 * event flags and send a trap to the handler. Torez
1822 if (debug_status & (DBSR_DAC1R | DBSR_DAC1W)) {
1823 dbcr_dac(current) &= ~(DBCR_DAC1R | DBCR_DAC1W);
1824 #ifdef CONFIG_PPC_ADV_DEBUG_DAC_RANGE
1825 current->thread.debug.dbcr2 &= ~DBCR2_DAC12MODE;
1827 do_send_trap(regs, mfspr(SPRN_DAC1), debug_status,
1830 } else if (debug_status & (DBSR_DAC2R | DBSR_DAC2W)) {
1831 dbcr_dac(current) &= ~(DBCR_DAC2R | DBCR_DAC2W);
1832 do_send_trap(regs, mfspr(SPRN_DAC2), debug_status,
1835 } else if (debug_status & DBSR_IAC1) {
1836 current->thread.debug.dbcr0 &= ~DBCR0_IAC1;
1837 dbcr_iac_range(current) &= ~DBCR_IAC12MODE;
1838 do_send_trap(regs, mfspr(SPRN_IAC1), debug_status,
1841 } else if (debug_status & DBSR_IAC2) {
1842 current->thread.debug.dbcr0 &= ~DBCR0_IAC2;
1843 do_send_trap(regs, mfspr(SPRN_IAC2), debug_status,
1846 } else if (debug_status & DBSR_IAC3) {
1847 current->thread.debug.dbcr0 &= ~DBCR0_IAC3;
1848 dbcr_iac_range(current) &= ~DBCR_IAC34MODE;
1849 do_send_trap(regs, mfspr(SPRN_IAC3), debug_status,
1852 } else if (debug_status & DBSR_IAC4) {
1853 current->thread.debug.dbcr0 &= ~DBCR0_IAC4;
1854 do_send_trap(regs, mfspr(SPRN_IAC4), debug_status,
1859 * At the point this routine was called, the MSR(DE) was turned off.
1860 * Check all other debug flags and see if that bit needs to be turned
1863 if (DBCR_ACTIVE_EVENTS(current->thread.debug.dbcr0,
1864 current->thread.debug.dbcr1))
1865 regs->msr |= MSR_DE;
1867 /* Make sure the IDM flag is off */
1868 current->thread.debug.dbcr0 &= ~DBCR0_IDM;
1871 mtspr(SPRN_DBCR0, current->thread.debug.dbcr0);
1874 void DebugException(struct pt_regs *regs, unsigned long debug_status)
1876 current->thread.debug.dbsr = debug_status;
1878 /* Hack alert: On BookE, Branch Taken stops on the branch itself, while
1879 * on server, it stops on the target of the branch. In order to simulate
1880 * the server behaviour, we thus restart right away with a single step
1881 * instead of stopping here when hitting a BT
1883 if (debug_status & DBSR_BT) {
1884 regs->msr &= ~MSR_DE;
1887 mtspr(SPRN_DBCR0, mfspr(SPRN_DBCR0) & ~DBCR0_BT);
1888 /* Clear the BT event */
1889 mtspr(SPRN_DBSR, DBSR_BT);
1891 /* Do the single step trick only when coming from userspace */
1892 if (user_mode(regs)) {
1893 current->thread.debug.dbcr0 &= ~DBCR0_BT;
1894 current->thread.debug.dbcr0 |= DBCR0_IDM | DBCR0_IC;
1895 regs->msr |= MSR_DE;
1899 if (kprobe_post_handler(regs))
1902 if (notify_die(DIE_SSTEP, "block_step", regs, 5,
1903 5, SIGTRAP) == NOTIFY_STOP) {
1906 if (debugger_sstep(regs))
1908 } else if (debug_status & DBSR_IC) { /* Instruction complete */
1909 regs->msr &= ~MSR_DE;
1911 /* Disable instruction completion */
1912 mtspr(SPRN_DBCR0, mfspr(SPRN_DBCR0) & ~DBCR0_IC);
1913 /* Clear the instruction completion event */
1914 mtspr(SPRN_DBSR, DBSR_IC);
1916 if (kprobe_post_handler(regs))
1919 if (notify_die(DIE_SSTEP, "single_step", regs, 5,
1920 5, SIGTRAP) == NOTIFY_STOP) {
1924 if (debugger_sstep(regs))
1927 if (user_mode(regs)) {
1928 current->thread.debug.dbcr0 &= ~DBCR0_IC;
1929 if (DBCR_ACTIVE_EVENTS(current->thread.debug.dbcr0,
1930 current->thread.debug.dbcr1))
1931 regs->msr |= MSR_DE;
1933 /* Make sure the IDM bit is off */
1934 current->thread.debug.dbcr0 &= ~DBCR0_IDM;
1937 _exception(SIGTRAP, regs, TRAP_TRACE, regs->nip);
1939 handle_debug(regs, debug_status);
1941 NOKPROBE_SYMBOL(DebugException);
1942 #endif /* CONFIG_PPC_ADV_DEBUG_REGS */
1944 #if !defined(CONFIG_TAU_INT)
1945 void TAUException(struct pt_regs *regs)
1947 printk("TAU trap at PC: %lx, MSR: %lx, vector=%lx %s\n",
1948 regs->nip, regs->msr, regs->trap, print_tainted());
1950 #endif /* CONFIG_INT_TAU */
1952 #ifdef CONFIG_ALTIVEC
1953 void altivec_assist_exception(struct pt_regs *regs)
1957 if (!user_mode(regs)) {
1958 printk(KERN_EMERG "VMX/Altivec assist exception in kernel mode"
1959 " at %lx\n", regs->nip);
1960 die("Kernel VMX/Altivec assist exception", regs, SIGILL);
1963 flush_altivec_to_thread(current);
1965 PPC_WARN_EMULATED(altivec, regs);
1966 err = emulate_altivec(regs);
1968 regs->nip += 4; /* skip emulated instruction */
1969 emulate_single_step(regs);
1973 if (err == -EFAULT) {
1974 /* got an error reading the instruction */
1975 _exception(SIGSEGV, regs, SEGV_ACCERR, regs->nip);
1977 /* didn't recognize the instruction */
1978 /* XXX quick hack for now: set the non-Java bit in the VSCR */
1979 printk_ratelimited(KERN_ERR "Unrecognized altivec instruction "
1980 "in %s at %lx\n", current->comm, regs->nip);
1981 current->thread.vr_state.vscr.u[3] |= 0x10000;
1984 #endif /* CONFIG_ALTIVEC */
1986 #ifdef CONFIG_FSL_BOOKE
1987 void CacheLockingException(struct pt_regs *regs, unsigned long address,
1988 unsigned long error_code)
1990 /* We treat cache locking instructions from the user
1991 * as priv ops, in the future we could try to do
1994 if (error_code & (ESR_DLK|ESR_ILK))
1995 _exception(SIGILL, regs, ILL_PRVOPC, regs->nip);
1998 #endif /* CONFIG_FSL_BOOKE */
2001 void SPEFloatingPointException(struct pt_regs *regs)
2003 extern int do_spe_mathemu(struct pt_regs *regs);
2004 unsigned long spefscr;
2006 int code = FPE_FLTUNK;
2009 flush_spe_to_thread(current);
2011 spefscr = current->thread.spefscr;
2012 fpexc_mode = current->thread.fpexc_mode;
2014 if ((spefscr & SPEFSCR_FOVF) && (fpexc_mode & PR_FP_EXC_OVF)) {
2017 else if ((spefscr & SPEFSCR_FUNF) && (fpexc_mode & PR_FP_EXC_UND)) {
2020 else if ((spefscr & SPEFSCR_FDBZ) && (fpexc_mode & PR_FP_EXC_DIV))
2022 else if ((spefscr & SPEFSCR_FINV) && (fpexc_mode & PR_FP_EXC_INV)) {
2025 else if ((spefscr & (SPEFSCR_FG | SPEFSCR_FX)) && (fpexc_mode & PR_FP_EXC_RES))
2028 err = do_spe_mathemu(regs);
2030 regs->nip += 4; /* skip emulated instruction */
2031 emulate_single_step(regs);
2035 if (err == -EFAULT) {
2036 /* got an error reading the instruction */
2037 _exception(SIGSEGV, regs, SEGV_ACCERR, regs->nip);
2038 } else if (err == -EINVAL) {
2039 /* didn't recognize the instruction */
2040 printk(KERN_ERR "unrecognized spe instruction "
2041 "in %s at %lx\n", current->comm, regs->nip);
2043 _exception(SIGFPE, regs, code, regs->nip);
2049 void SPEFloatingPointRoundException(struct pt_regs *regs)
2051 extern int speround_handler(struct pt_regs *regs);
2055 if (regs->msr & MSR_SPE)
2056 giveup_spe(current);
2060 err = speround_handler(regs);
2062 regs->nip += 4; /* skip emulated instruction */
2063 emulate_single_step(regs);
2067 if (err == -EFAULT) {
2068 /* got an error reading the instruction */
2069 _exception(SIGSEGV, regs, SEGV_ACCERR, regs->nip);
2070 } else if (err == -EINVAL) {
2071 /* didn't recognize the instruction */
2072 printk(KERN_ERR "unrecognized spe instruction "
2073 "in %s at %lx\n", current->comm, regs->nip);
2075 _exception(SIGFPE, regs, FPE_FLTUNK, regs->nip);
2082 * We enter here if we get an unrecoverable exception, that is, one
2083 * that happened at a point where the RI (recoverable interrupt) bit
2084 * in the MSR is 0. This indicates that SRR0/1 are live, and that
2085 * we therefore lost state by taking this exception.
2087 void unrecoverable_exception(struct pt_regs *regs)
2089 printk(KERN_EMERG "Unrecoverable exception %lx at %lx\n",
2090 regs->trap, regs->nip);
2091 die("Unrecoverable exception", regs, SIGABRT);
2093 NOKPROBE_SYMBOL(unrecoverable_exception);
2095 #if defined(CONFIG_BOOKE_WDT) || defined(CONFIG_40x)
2097 * Default handler for a Watchdog exception,
2098 * spins until a reboot occurs
2100 void __attribute__ ((weak)) WatchdogHandler(struct pt_regs *regs)
2102 /* Generic WatchdogHandler, implement your own */
2103 mtspr(SPRN_TCR, mfspr(SPRN_TCR)&(~TCR_WIE));
2107 void WatchdogException(struct pt_regs *regs)
2109 printk (KERN_EMERG "PowerPC Book-E Watchdog Exception\n");
2110 WatchdogHandler(regs);
2115 * We enter here if we discover during exception entry that we are
2116 * running in supervisor mode with a userspace value in the stack pointer.
2118 void kernel_bad_stack(struct pt_regs *regs)
2120 printk(KERN_EMERG "Bad kernel stack pointer %lx at %lx\n",
2121 regs->gpr[1], regs->nip);
2122 die("Bad kernel stack pointer", regs, SIGABRT);
2124 NOKPROBE_SYMBOL(kernel_bad_stack);
2126 void __init trap_init(void)
2131 #ifdef CONFIG_PPC_EMULATED_STATS
2133 #define WARN_EMULATED_SETUP(type) .type = { .name = #type }
2135 struct ppc_emulated ppc_emulated = {
2136 #ifdef CONFIG_ALTIVEC
2137 WARN_EMULATED_SETUP(altivec),
2139 WARN_EMULATED_SETUP(dcba),
2140 WARN_EMULATED_SETUP(dcbz),
2141 WARN_EMULATED_SETUP(fp_pair),
2142 WARN_EMULATED_SETUP(isel),
2143 WARN_EMULATED_SETUP(mcrxr),
2144 WARN_EMULATED_SETUP(mfpvr),
2145 WARN_EMULATED_SETUP(multiple),
2146 WARN_EMULATED_SETUP(popcntb),
2147 WARN_EMULATED_SETUP(spe),
2148 WARN_EMULATED_SETUP(string),
2149 WARN_EMULATED_SETUP(sync),
2150 WARN_EMULATED_SETUP(unaligned),
2151 #ifdef CONFIG_MATH_EMULATION
2152 WARN_EMULATED_SETUP(math),
2155 WARN_EMULATED_SETUP(vsx),
2158 WARN_EMULATED_SETUP(mfdscr),
2159 WARN_EMULATED_SETUP(mtdscr),
2160 WARN_EMULATED_SETUP(lq_stq),
2161 WARN_EMULATED_SETUP(lxvw4x),
2162 WARN_EMULATED_SETUP(lxvh8x),
2163 WARN_EMULATED_SETUP(lxvd2x),
2164 WARN_EMULATED_SETUP(lxvb16x),
2168 u32 ppc_warn_emulated;
2170 void ppc_warn_emulated_print(const char *type)
2172 pr_warn_ratelimited("%s used emulated %s instruction\n", current->comm,
2176 static int __init ppc_warn_emulated_init(void)
2178 struct dentry *dir, *d;
2180 struct ppc_emulated_entry *entries = (void *)&ppc_emulated;
2182 if (!powerpc_debugfs_root)
2185 dir = debugfs_create_dir("emulated_instructions",
2186 powerpc_debugfs_root);
2190 d = debugfs_create_u32("do_warn", 0644, dir,
2191 &ppc_warn_emulated);
2195 for (i = 0; i < sizeof(ppc_emulated)/sizeof(*entries); i++) {
2196 d = debugfs_create_u32(entries[i].name, 0644, dir,
2197 (u32 *)&entries[i].val.counter);
2205 debugfs_remove_recursive(dir);
2209 device_initcall(ppc_warn_emulated_init);
2211 #endif /* CONFIG_PPC_EMULATED_STATS */
projects / linux / blob