1 /* 1 /*
2 * Copyright (C) 1991, 1992 Linus Torvalds !! 2 * linux/arch/m68k/kernel/traps.c
3 * Copyright (C) 2000, 2001, 2002 Andi Kleen, <<
4 * 3 *
5 * Pentium III FXSR, SSE support !! 4 * Copyright (C) 1993, 1994 by Hamish Macdonald
6 * Gareth Hughes <gareth@valinux.com>, Ma !! 5 *
>> 6 * 68040 fixes by Michael Rausch
>> 7 * 68040 fixes by Martin Apel
>> 8 * 68040 fixes and writeback by Richard Zidlicky
>> 9 * 68060 fixes by Roman Hodek
>> 10 * 68060 fixes by Jesper Skov
>> 11 *
>> 12 * This file is subject to the terms and conditions of the GNU General Public
>> 13 * License. See the file COPYING in the main directory of this archive
>> 14 * for more details.
7 */ 15 */
8 16
9 /* 17 /*
10 * Handle hardware traps and faults. !! 18 * Sets up all exception vectors
11 */ 19 */
12 20
13 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt !! 21 #include <linux/sched.h>
14 !! 22 #include <linux/sched/debug.h>
15 #include <linux/context_tracking.h> !! 23 #include <linux/signal.h>
16 #include <linux/interrupt.h> <<
17 #include <linux/kallsyms.h> <<
18 #include <linux/kmsan.h> <<
19 #include <linux/spinlock.h> <<
20 #include <linux/kprobes.h> <<
21 #include <linux/uaccess.h> <<
22 #include <linux/kdebug.h> <<
23 #include <linux/kgdb.h> <<
24 #include <linux/kernel.h> 24 #include <linux/kernel.h>
25 #include <linux/export.h> !! 25 #include <linux/mm.h>
26 #include <linux/ptrace.h> !! 26 #include <linux/module.h>
27 #include <linux/uprobes.h> !! 27 #include <linux/user.h>
28 #include <linux/string.h> 28 #include <linux/string.h>
29 #include <linux/delay.h> !! 29 #include <linux/linkage.h>
30 #include <linux/errno.h> <<
31 #include <linux/kexec.h> <<
32 #include <linux/sched.h> <<
33 #include <linux/sched/task_stack.h> <<
34 #include <linux/timer.h> <<
35 #include <linux/init.h> 30 #include <linux/init.h>
36 #include <linux/bug.h> !! 31 #include <linux/ptrace.h>
37 #include <linux/nmi.h> !! 32 #include <linux/kallsyms.h>
38 #include <linux/mm.h> !! 33 #include <linux/extable.h>
39 #include <linux/smp.h> <<
40 #include <linux/cpu.h> <<
41 #include <linux/io.h> <<
42 #include <linux/hardirq.h> <<
43 #include <linux/atomic.h> <<
44 #include <linux/iommu.h> <<
45 #include <linux/ubsan.h> <<
46 34
47 #include <asm/stacktrace.h> !! 35 #include <asm/setup.h>
48 #include <asm/processor.h> !! 36 #include <asm/fpu.h>
49 #include <asm/debugreg.h> !! 37 #include <linux/uaccess.h>
50 #include <asm/realmode.h> <<
51 #include <asm/text-patching.h> <<
52 #include <asm/ftrace.h> <<
53 #include <asm/traps.h> 38 #include <asm/traps.h>
54 #include <asm/desc.h> !! 39 #include <asm/machdep.h>
55 #include <asm/fred.h> !! 40 #include <asm/processor.h>
56 #include <asm/fpu/api.h> !! 41 #include <asm/siginfo.h>
57 #include <asm/cpu.h> !! 42 #include <asm/tlbflush.h>
58 #include <asm/cpu_entry_area.h> <<
59 #include <asm/mce.h> <<
60 #include <asm/fixmap.h> <<
61 #include <asm/mach_traps.h> <<
62 #include <asm/alternative.h> <<
63 #include <asm/fpu/xstate.h> <<
64 #include <asm/vm86.h> <<
65 #include <asm/umip.h> <<
66 #include <asm/insn.h> <<
67 #include <asm/insn-eval.h> <<
68 #include <asm/vdso.h> <<
69 #include <asm/tdx.h> <<
70 #include <asm/cfi.h> <<
71 43
72 #ifdef CONFIG_X86_64 !! 44 #include "traps.h"
73 #include <asm/x86_init.h> !! 45 #include "../mm/fault.h"
>> 46
>> 47 static const char *vec_names[] = {
>> 48 [VEC_RESETSP] = "RESET SP",
>> 49 [VEC_RESETPC] = "RESET PC",
>> 50 [VEC_BUSERR] = "BUS ERROR",
>> 51 [VEC_ADDRERR] = "ADDRESS ERROR",
>> 52 [VEC_ILLEGAL] = "ILLEGAL INSTRUCTION",
>> 53 [VEC_ZERODIV] = "ZERO DIVIDE",
>> 54 [VEC_CHK] = "CHK",
>> 55 [VEC_TRAP] = "TRAPcc",
>> 56 [VEC_PRIV] = "PRIVILEGE VIOLATION",
>> 57 [VEC_TRACE] = "TRACE",
>> 58 [VEC_LINE10] = "LINE 1010",
>> 59 [VEC_LINE11] = "LINE 1111",
>> 60 [VEC_RESV12] = "UNASSIGNED RESERVED 12",
>> 61 [VEC_COPROC] = "COPROCESSOR PROTOCOL VIOLATION",
>> 62 [VEC_FORMAT] = "FORMAT ERROR",
>> 63 [VEC_UNINT] = "UNINITIALIZED INTERRUPT",
>> 64 [VEC_RESV16] = "UNASSIGNED RESERVED 16",
>> 65 [VEC_RESV17] = "UNASSIGNED RESERVED 17",
>> 66 [VEC_RESV18] = "UNASSIGNED RESERVED 18",
>> 67 [VEC_RESV19] = "UNASSIGNED RESERVED 19",
>> 68 [VEC_RESV20] = "UNASSIGNED RESERVED 20",
>> 69 [VEC_RESV21] = "UNASSIGNED RESERVED 21",
>> 70 [VEC_RESV22] = "UNASSIGNED RESERVED 22",
>> 71 [VEC_RESV23] = "UNASSIGNED RESERVED 23",
>> 72 [VEC_SPUR] = "SPURIOUS INTERRUPT",
>> 73 [VEC_INT1] = "LEVEL 1 INT",
>> 74 [VEC_INT2] = "LEVEL 2 INT",
>> 75 [VEC_INT3] = "LEVEL 3 INT",
>> 76 [VEC_INT4] = "LEVEL 4 INT",
>> 77 [VEC_INT5] = "LEVEL 5 INT",
>> 78 [VEC_INT6] = "LEVEL 6 INT",
>> 79 [VEC_INT7] = "LEVEL 7 INT",
>> 80 [VEC_SYS] = "SYSCALL",
>> 81 [VEC_TRAP1] = "TRAP #1",
>> 82 [VEC_TRAP2] = "TRAP #2",
>> 83 [VEC_TRAP3] = "TRAP #3",
>> 84 [VEC_TRAP4] = "TRAP #4",
>> 85 [VEC_TRAP5] = "TRAP #5",
>> 86 [VEC_TRAP6] = "TRAP #6",
>> 87 [VEC_TRAP7] = "TRAP #7",
>> 88 [VEC_TRAP8] = "TRAP #8",
>> 89 [VEC_TRAP9] = "TRAP #9",
>> 90 [VEC_TRAP10] = "TRAP #10",
>> 91 [VEC_TRAP11] = "TRAP #11",
>> 92 [VEC_TRAP12] = "TRAP #12",
>> 93 [VEC_TRAP13] = "TRAP #13",
>> 94 [VEC_TRAP14] = "TRAP #14",
>> 95 [VEC_TRAP15] = "TRAP #15",
>> 96 [VEC_FPBRUC] = "FPCP BSUN",
>> 97 [VEC_FPIR] = "FPCP INEXACT",
>> 98 [VEC_FPDIVZ] = "FPCP DIV BY 0",
>> 99 [VEC_FPUNDER] = "FPCP UNDERFLOW",
>> 100 [VEC_FPOE] = "FPCP OPERAND ERROR",
>> 101 [VEC_FPOVER] = "FPCP OVERFLOW",
>> 102 [VEC_FPNAN] = "FPCP SNAN",
>> 103 [VEC_FPUNSUP] = "FPCP UNSUPPORTED OPERATION",
>> 104 [VEC_MMUCFG] = "MMU CONFIGURATION ERROR",
>> 105 [VEC_MMUILL] = "MMU ILLEGAL OPERATION ERROR",
>> 106 [VEC_MMUACC] = "MMU ACCESS LEVEL VIOLATION ERROR",
>> 107 [VEC_RESV59] = "UNASSIGNED RESERVED 59",
>> 108 [VEC_UNIMPEA] = "UNASSIGNED RESERVED 60",
>> 109 [VEC_UNIMPII] = "UNASSIGNED RESERVED 61",
>> 110 [VEC_RESV62] = "UNASSIGNED RESERVED 62",
>> 111 [VEC_RESV63] = "UNASSIGNED RESERVED 63",
>> 112 };
>> 113
>> 114 static const char *space_names[] = {
>> 115 [0] = "Space 0",
>> 116 [USER_DATA] = "User Data",
>> 117 [USER_PROGRAM] = "User Program",
>> 118 #ifndef CONFIG_SUN3
>> 119 [3] = "Space 3",
74 #else 120 #else
75 #include <asm/processor-flags.h> !! 121 [FC_CONTROL] = "Control",
76 #include <asm/setup.h> <<
77 #endif 122 #endif
>> 123 [4] = "Space 4",
>> 124 [SUPER_DATA] = "Super Data",
>> 125 [SUPER_PROGRAM] = "Super Program",
>> 126 [CPU_SPACE] = "CPU"
>> 127 };
78 128
79 #include <asm/proto.h> !! 129 void die_if_kernel(char *,struct pt_regs *,int);
80 !! 130 asmlinkage void trap_c(struct frame *fp);
81 DECLARE_BITMAP(system_vectors, NR_VECTORS); <<
82 131
83 __always_inline int is_valid_bugaddr(unsigned !! 132 #if defined (CONFIG_M68060)
>> 133 static inline void access_error060 (struct frame *fp)
84 { 134 {
85 if (addr < TASK_SIZE_MAX) !! 135 unsigned long fslw = fp->un.fmt4.pc; /* is really FSLW for access error */
86 return 0; <<
87 136
88 /* !! 137 pr_debug("fslw=%#lx, fa=%#lx\n", fslw, fp->un.fmt4.effaddr);
89 * We got #UD, if the text isn't reada !! 138
90 * a different exception. !! 139 if (fslw & MMU060_BPE) {
91 */ !! 140 /* branch prediction error -> clear branch cache */
92 return *(unsigned short *)addr == INSN !! 141 __asm__ __volatile__ ("movec %/cacr,%/d0\n\t"
>> 142 "orl #0x00400000,%/d0\n\t"
>> 143 "movec %/d0,%/cacr"
>> 144 : : : "d0" );
>> 145 /* return if there's no other error */
>> 146 if (!(fslw & MMU060_ERR_BITS) && !(fslw & MMU060_SEE))
>> 147 return;
>> 148 }
>> 149
>> 150 if (fslw & (MMU060_DESC_ERR | MMU060_WP | MMU060_SP)) {
>> 151 unsigned long errorcode;
>> 152 unsigned long addr = fp->un.fmt4.effaddr;
>> 153
>> 154 if (fslw & MMU060_MA)
>> 155 addr = (addr + PAGE_SIZE - 1) & PAGE_MASK;
>> 156
>> 157 errorcode = 1;
>> 158 if (fslw & MMU060_DESC_ERR) {
>> 159 __flush_tlb040_one(addr);
>> 160 errorcode = 0;
>> 161 }
>> 162 if (fslw & MMU060_W)
>> 163 errorcode |= 2;
>> 164 pr_debug("errorcode = %ld\n", errorcode);
>> 165 do_page_fault(&fp->ptregs, addr, errorcode);
>> 166 } else if (fslw & (MMU060_SEE)){
>> 167 /* Software Emulation Error.
>> 168 * fault during mem_read/mem_write in ifpsp060/os.S
>> 169 */
>> 170 send_fault_sig(&fp->ptregs);
>> 171 } else if (!(fslw & (MMU060_RE|MMU060_WE)) ||
>> 172 send_fault_sig(&fp->ptregs) > 0) {
>> 173 pr_err("pc=%#lx, fa=%#lx\n", fp->ptregs.pc,
>> 174 fp->un.fmt4.effaddr);
>> 175 pr_err("68060 access error, fslw=%lx\n", fslw);
>> 176 trap_c( fp );
>> 177 }
93 } 178 }
>> 179 #endif /* CONFIG_M68060 */
94 180
95 /* !! 181 #if defined (CONFIG_M68040)
96 * Check for UD1 or UD2, accounting for Addres !! 182 static inline unsigned long probe040(int iswrite, unsigned long addr, int wbs)
97 * If it's a UD1, get the ModRM byte to pass a <<
98 */ <<
99 __always_inline int decode_bug(unsigned long a <<
100 { 183 {
101 u8 v; !! 184 unsigned long mmusr;
102 185
103 if (addr < TASK_SIZE_MAX) !! 186 set_fc(wbs);
104 return BUG_NONE; <<
105 187
106 v = *(u8 *)(addr++); !! 188 if (iswrite)
107 if (v == INSN_ASOP) !! 189 asm volatile (".chip 68040; ptestw (%0); .chip 68k" : : "a" (addr));
108 v = *(u8 *)(addr++); <<
109 if (v != OPCODE_ESCAPE) <<
110 return BUG_NONE; <<
111 <<
112 v = *(u8 *)(addr++); <<
113 if (v == SECOND_BYTE_OPCODE_UD2) <<
114 return BUG_UD2; <<
115 <<
116 if (!IS_ENABLED(CONFIG_UBSAN_TRAP) || <<
117 return BUG_NONE; <<
118 <<
119 /* Retrieve the immediate (type value) <<
120 v = *(u8 *)(addr++); <<
121 if (X86_MODRM_RM(v) == 4) <<
122 addr++; <<
123 <<
124 *imm = 0; <<
125 if (X86_MODRM_MOD(v) == 1) <<
126 *imm = *(u8 *)addr; <<
127 else if (X86_MODRM_MOD(v) == 2) <<
128 *imm = *(u32 *)addr; <<
129 else 190 else
130 WARN_ONCE(1, "Unexpected MODRM !! 191 asm volatile (".chip 68040; ptestr (%0); .chip 68k" : : "a" (addr));
131 <<
132 return BUG_UD1; <<
133 } <<
134 <<
135 <<
136 static nokprobe_inline int <<
137 do_trap_no_signal(struct task_struct *tsk, int <<
138 struct pt_regs *regs, long e <<
139 { <<
140 if (v8086_mode(regs)) { <<
141 /* <<
142 * Traps 0, 1, 3, 4, and 5 sho <<
143 * On nmi (interrupt 2), do_tr <<
144 */ <<
145 if (trapnr < X86_TRAP_UD) { <<
146 if (!handle_vm86_trap( <<
147 <<
148 return 0; <<
149 } <<
150 } else if (!user_mode(regs)) { <<
151 if (fixup_exception(regs, trap <<
152 return 0; <<
153 <<
154 tsk->thread.error_code = error <<
155 tsk->thread.trap_nr = trapnr; <<
156 die(str, regs, error_code); <<
157 } else { <<
158 if (fixup_vdso_exception(regs, <<
159 return 0; <<
160 } <<
161 192
162 /* !! 193 asm volatile (".chip 68040; movec %%mmusr,%0; .chip 68k" : "=r" (mmusr));
163 * We want error_code and trap_nr set <<
164 * kernelspace faults which result in <<
165 * kernelspace faults which are fixed <<
166 * process no chance to handle the sig <<
167 * kernel fault information, so that w <<
168 * the information about previously qu <<
169 * delivered, faults. See also exc_ge <<
170 */ <<
171 tsk->thread.error_code = error_code; <<
172 tsk->thread.trap_nr = trapnr; <<
173 194
174 return -1; !! 195 set_fc(USER_DATA);
175 } <<
176 196
177 static void show_signal(struct task_struct *ts !! 197 return mmusr;
178 const char *type, cons <<
179 struct pt_regs *regs, <<
180 { <<
181 if (show_unhandled_signals && unhandle <<
182 printk_ratelimit()) { <<
183 pr_info("%s[%d] %s%s ip:%lx sp <<
184 tsk->comm, task_pid_nr <<
185 regs->ip, regs->sp, er <<
186 print_vma_addr(KERN_CONT " in <<
187 pr_cont("\n"); <<
188 } <<
189 } 198 }
190 199
191 static void !! 200 static inline int do_040writeback1(unsigned short wbs, unsigned long wba,
192 do_trap(int trapnr, int signr, char *str, stru !! 201 unsigned long wbd)
193 long error_code, int sicode, void __us <<
194 { 202 {
195 struct task_struct *tsk = current; !! 203 int res = 0;
196 204
197 if (!do_trap_no_signal(tsk, trapnr, st !! 205 set_fc(wbs);
198 return; <<
199 206
200 show_signal(tsk, signr, "trap ", str, !! 207 switch (wbs & WBSIZ_040) {
>> 208 case BA_SIZE_BYTE:
>> 209 res = put_user(wbd & 0xff, (char __user *)wba);
>> 210 break;
>> 211 case BA_SIZE_WORD:
>> 212 res = put_user(wbd & 0xffff, (short __user *)wba);
>> 213 break;
>> 214 case BA_SIZE_LONG:
>> 215 res = put_user(wbd, (int __user *)wba);
>> 216 break;
>> 217 }
201 218
202 if (!sicode) !! 219 set_fc(USER_DATA);
203 force_sig(signr); <<
204 else <<
205 force_sig_fault(signr, sicode, <<
206 } <<
207 NOKPROBE_SYMBOL(do_trap); <<
208 220
209 static void do_error_trap(struct pt_regs *regs !! 221 pr_debug("do_040writeback1, res=%d\n", res);
210 unsigned long trapnr, int signr, int s <<
211 { <<
212 RCU_LOCKDEP_WARN(!rcu_is_watching(), " <<
213 222
214 if (notify_die(DIE_TRAP, str, regs, er !! 223 return res;
215 NOTIFY_STOP) { <<
216 cond_local_irq_enable(regs); <<
217 do_trap(trapnr, signr, str, re <<
218 cond_local_irq_disable(regs); <<
219 } <<
220 } 224 }
221 225
222 /* !! 226 /* after an exception in a writeback the stack frame corresponding
223 * Posix requires to provide the address of th !! 227 * to that exception is discarded, set a few bits in the old frame
224 * SIGILL (#UD) and SIGFPE (#DE) in the si_add !! 228 * to simulate what it should look like
225 * <<
226 * This address is usually regs->ip, but when <<
227 * of line then regs->ip points to the XOL cod <<
228 * anything which analyzes the fault address v <<
229 * a trap happened in XOL code then uprobe map <<
230 * original instruction address. <<
231 */ 229 */
232 static __always_inline void __user *error_get_ !! 230 static inline void fix_xframe040(struct frame *fp, unsigned long wba, unsigned short wbs)
233 { 231 {
234 return (void __user *)uprobe_get_trap_ !! 232 fp->un.fmt7.faddr = wba;
>> 233 fp->un.fmt7.ssw = wbs & 0xff;
>> 234 if (wba != current->thread.faddr)
>> 235 fp->un.fmt7.ssw |= MA_040;
235 } 236 }
236 237
237 DEFINE_IDTENTRY(exc_divide_error) !! 238 static inline void do_040writebacks(struct frame *fp)
238 { 239 {
239 do_error_trap(regs, 0, "divide error", !! 240 int res = 0;
240 FPE_INTDIV, error_get_tr !! 241 #if 0
241 } !! 242 if (fp->un.fmt7.wb1s & WBV_040)
242 !! 243 pr_err("access_error040: cannot handle 1st writeback. oops.\n");
243 DEFINE_IDTENTRY(exc_overflow) <<
244 { <<
245 do_error_trap(regs, 0, "overflow", X86 <<
246 } <<
247 <<
248 #ifdef CONFIG_X86_F00F_BUG <<
249 void handle_invalid_op(struct pt_regs *regs) <<
250 #else <<
251 static inline void handle_invalid_op(struct pt <<
252 #endif 244 #endif
253 { <<
254 do_error_trap(regs, 0, "invalid opcode <<
255 ILL_ILLOPN, error_get_tr <<
256 } <<
257 245
258 static noinstr bool handle_bug(struct pt_regs !! 246 if ((fp->un.fmt7.wb2s & WBV_040) &&
259 { !! 247 !(fp->un.fmt7.wb2s & WBTT_040)) {
260 bool handled = false; !! 248 res = do_040writeback1(fp->un.fmt7.wb2s, fp->un.fmt7.wb2a,
261 int ud_type; !! 249 fp->un.fmt7.wb2d);
262 u32 imm; !! 250 if (res)
263 !! 251 fix_xframe040(fp, fp->un.fmt7.wb2a, fp->un.fmt7.wb2s);
264 ud_type = decode_bug(regs->ip, &imm); !! 252 else
265 if (ud_type == BUG_NONE) !! 253 fp->un.fmt7.wb2s = 0;
266 return handled; !! 254 }
267 !! 255
268 /* !! 256 /* do the 2nd wb only if the first one was successful (except for a kernel wb) */
269 * All lies, just get the WARN/BUG out !! 257 if (fp->un.fmt7.wb3s & WBV_040 && (!res || fp->un.fmt7.wb3s & 4)) {
270 */ !! 258 res = do_040writeback1(fp->un.fmt7.wb3s, fp->un.fmt7.wb3a,
271 instrumentation_begin(); !! 259 fp->un.fmt7.wb3d);
272 /* !! 260 if (res)
273 * Normally @regs are unpoisoned by ir !! 261 {
274 * is a rare case that uses @regs with !! 262 fix_xframe040(fp, fp->un.fmt7.wb3a, fp->un.fmt7.wb3s);
275 * irqentry_enter(). !! 263
276 */ !! 264 fp->un.fmt7.wb2s = fp->un.fmt7.wb3s;
277 kmsan_unpoison_entry_regs(regs); !! 265 fp->un.fmt7.wb3s &= (~WBV_040);
278 /* !! 266 fp->un.fmt7.wb2a = fp->un.fmt7.wb3a;
279 * Since we're emulating a CALL with e !! 267 fp->un.fmt7.wb2d = fp->un.fmt7.wb3d;
280 * state to what it was at the excepti !! 268 }
281 */ !! 269 else
282 if (regs->flags & X86_EFLAGS_IF) !! 270 fp->un.fmt7.wb3s = 0;
283 raw_local_irq_enable(); <<
284 if (ud_type == BUG_UD2) { <<
285 if (report_bug(regs->ip, regs) <<
286 handle_cfi_failure(regs) = <<
287 regs->ip += LEN_UD2; <<
288 handled = true; <<
289 } <<
290 } else if (IS_ENABLED(CONFIG_UBSAN_TRA <<
291 pr_crit("%s at %pS\n", report_ <<
292 } 271 }
293 if (regs->flags & X86_EFLAGS_IF) <<
294 raw_local_irq_disable(); <<
295 instrumentation_end(); <<
296 <<
297 return handled; <<
298 } <<
299 <<
300 DEFINE_IDTENTRY_RAW(exc_invalid_op) <<
301 { <<
302 irqentry_state_t state; <<
303 <<
304 /* <<
305 * We use UD2 as a short encoding for <<
306 * handle it before exception entry to <<
307 * in case exception entry is the one <<
308 */ <<
309 if (!user_mode(regs) && handle_bug(reg <<
310 return; <<
311 272
312 state = irqentry_enter(regs); !! 273 if (res)
313 instrumentation_begin(); !! 274 send_fault_sig(&fp->ptregs);
314 handle_invalid_op(regs); <<
315 instrumentation_end(); <<
316 irqentry_exit(regs, state); <<
317 } 275 }
318 276
319 DEFINE_IDTENTRY(exc_coproc_segment_overrun) !! 277 /*
320 { !! 278 * called from sigreturn(), must ensure userspace code didn't
321 do_error_trap(regs, 0, "coprocessor se !! 279 * manipulate exception frame to circumvent protection, then complete
322 X86_TRAP_OLD_MF, SIGFPE, !! 280 * pending writebacks
323 } !! 281 * we just clear TM2 to turn it into a userspace access
324 !! 282 */
325 DEFINE_IDTENTRY_ERRORCODE(exc_invalid_tss) !! 283 asmlinkage void berr_040cleanup(struct frame *fp)
326 { <<
327 do_error_trap(regs, error_code, "inval <<
328 0, NULL); <<
329 } <<
330 <<
331 DEFINE_IDTENTRY_ERRORCODE(exc_segment_not_pres <<
332 { 284 {
333 do_error_trap(regs, error_code, "segme !! 285 fp->un.fmt7.wb2s &= ~4;
334 SIGBUS, 0, NULL); !! 286 fp->un.fmt7.wb3s &= ~4;
335 } <<
336 287
337 DEFINE_IDTENTRY_ERRORCODE(exc_stack_segment) !! 288 do_040writebacks(fp);
338 { <<
339 do_error_trap(regs, error_code, "stack <<
340 0, NULL); <<
341 } 289 }
342 290
343 DEFINE_IDTENTRY_ERRORCODE(exc_alignment_check) !! 291 static inline void access_error040(struct frame *fp)
344 { 292 {
345 char *str = "alignment check"; !! 293 unsigned short ssw = fp->un.fmt7.ssw;
>> 294 unsigned long mmusr;
346 295
347 if (notify_die(DIE_TRAP, str, regs, er !! 296 pr_debug("ssw=%#x, fa=%#lx\n", ssw, fp->un.fmt7.faddr);
348 return; !! 297 pr_debug("wb1s=%#x, wb2s=%#x, wb3s=%#x\n", fp->un.fmt7.wb1s,
>> 298 fp->un.fmt7.wb2s, fp->un.fmt7.wb3s);
>> 299 pr_debug("wb2a=%lx, wb3a=%lx, wb2d=%lx, wb3d=%lx\n",
>> 300 fp->un.fmt7.wb2a, fp->un.fmt7.wb3a,
>> 301 fp->un.fmt7.wb2d, fp->un.fmt7.wb3d);
349 302
350 if (!user_mode(regs)) !! 303 if (ssw & ATC_040) {
351 die("Split lock detected\n", r !! 304 unsigned long addr = fp->un.fmt7.faddr;
>> 305 unsigned long errorcode;
352 306
353 local_irq_enable(); !! 307 /*
>> 308 * The MMU status has to be determined AFTER the address
>> 309 * has been corrected if there was a misaligned access (MA).
>> 310 */
>> 311 if (ssw & MA_040)
>> 312 addr = (addr + 7) & -8;
354 313
355 if (handle_user_split_lock(regs, error !! 314 /* MMU error, get the MMUSR info for this access */
356 goto out; !! 315 mmusr = probe040(!(ssw & RW_040), addr, ssw);
>> 316 pr_debug("mmusr = %lx\n", mmusr);
>> 317 errorcode = 1;
>> 318 if (!(mmusr & MMU_R_040)) {
>> 319 /* clear the invalid atc entry */
>> 320 __flush_tlb040_one(addr);
>> 321 errorcode = 0;
>> 322 }
357 323
358 do_trap(X86_TRAP_AC, SIGBUS, "alignmen !! 324 /* despite what documentation seems to say, RMW
359 error_code, BUS_ADRALN, NULL); !! 325 * accesses have always both the LK and RW bits set */
>> 326 if (!(ssw & RW_040) || (ssw & LK_040))
>> 327 errorcode |= 2;
>> 328
>> 329 if (do_page_fault(&fp->ptregs, addr, errorcode)) {
>> 330 pr_debug("do_page_fault() !=0\n");
>> 331 if (user_mode(&fp->ptregs)){
>> 332 /* delay writebacks after signal delivery */
>> 333 pr_debug(".. was usermode - return\n");
>> 334 return;
>> 335 }
>> 336 /* disable writeback into user space from kernel
>> 337 * (if do_page_fault didn't fix the mapping,
>> 338 * the writeback won't do good)
>> 339 */
>> 340 disable_wb:
>> 341 pr_debug(".. disabling wb2\n");
>> 342 if (fp->un.fmt7.wb2a == fp->un.fmt7.faddr)
>> 343 fp->un.fmt7.wb2s &= ~WBV_040;
>> 344 if (fp->un.fmt7.wb3a == fp->un.fmt7.faddr)
>> 345 fp->un.fmt7.wb3s &= ~WBV_040;
>> 346 }
>> 347 } else {
>> 348 /* In case of a bus error we either kill the process or expect
>> 349 * the kernel to catch the fault, which then is also responsible
>> 350 * for cleaning up the mess.
>> 351 */
>> 352 current->thread.signo = SIGBUS;
>> 353 current->thread.faddr = fp->un.fmt7.faddr;
>> 354 if (send_fault_sig(&fp->ptregs) >= 0)
>> 355 pr_err("68040 bus error (ssw=%x, faddr=%lx)\n", ssw,
>> 356 fp->un.fmt7.faddr);
>> 357 goto disable_wb;
>> 358 }
360 359
361 out: !! 360 do_040writebacks(fp);
362 local_irq_disable(); <<
363 } 361 }
>> 362 #endif /* CONFIG_M68040 */
364 363
365 #ifdef CONFIG_VMAP_STACK !! 364 #if defined(CONFIG_SUN3)
366 __visible void __noreturn handle_stack_overflo !! 365 #include <asm/sun3mmu.h>
367 <<
368 <<
369 { <<
370 const char *name = stack_type_name(inf <<
371 <<
372 printk(KERN_EMERG "BUG: %s stack guard <<
373 name, (void *)fault_address, in <<
374 366
375 die("stack guard page", regs, 0); !! 367 #include "../sun3/sun3.h"
376 368
377 /* Be absolutely certain we don't retu !! 369 /* sun3 version of bus_error030 */
378 panic("%s stack guard hit", name); <<
379 } <<
380 #endif <<
381 370
382 /* !! 371 static inline void bus_error030 (struct frame *fp)
383 * Runs on an IST stack for x86_64 and on a sp <<
384 * <<
385 * On x86_64, this is more or less a normal ke <<
386 * SDM's warnings about double faults being un <<
387 * expected. Presumably what the SDM actually <<
388 * the register state wrong on entry, so retur <<
389 * <<
390 * Various CPU engineers have promised that do <<
391 * while the stack is read-only are, in fact, <<
392 * <<
393 * On x86_32, this is entered through a task g <<
394 * from the TSS. Returning is, in principle, <<
395 * be lost. If, for some reason, we need to r <<
396 * regs, the shim code could be adjusted to sy <<
397 * <<
398 * The 32bit #DF shim provides CR2 already as <<
399 * to be read before doing anything else. <<
400 */ <<
401 DEFINE_IDTENTRY_DF(exc_double_fault) <<
402 { 372 {
403 static const char str[] = "double faul !! 373 unsigned char buserr_type = sun3_get_buserr ();
404 struct task_struct *tsk = current; !! 374 unsigned long addr, errorcode;
>> 375 unsigned short ssw = fp->un.fmtb.ssw;
>> 376 extern unsigned long _sun3_map_test_start, _sun3_map_test_end;
405 377
406 #ifdef CONFIG_VMAP_STACK !! 378 if (ssw & (FC | FB))
407 unsigned long address = read_cr2(); !! 379 pr_debug("Instruction fault at %#010lx\n",
408 struct stack_info info; !! 380 ssw & FC ?
409 #endif !! 381 fp->ptregs.format == 0xa ? fp->ptregs.pc + 2 : fp->un.fmtb.baddr - 2
410 !! 382 :
411 #ifdef CONFIG_X86_ESPFIX64 !! 383 fp->ptregs.format == 0xa ? fp->ptregs.pc + 4 : fp->un.fmtb.baddr);
412 extern unsigned char native_irq_return !! 384 if (ssw & DF)
>> 385 pr_debug("Data %s fault at %#010lx in %s (pc=%#lx)\n",
>> 386 ssw & RW ? "read" : "write",
>> 387 fp->un.fmtb.daddr,
>> 388 space_names[ssw & DFC], fp->ptregs.pc);
413 389
414 /* 390 /*
415 * If IRET takes a non-IST fault on th !! 391 * Check if this page should be demand-mapped. This needs to go before
416 * end up promoting it to a doublefaul !! 392 * the testing for a bad kernel-space access (demand-mapping applies
417 * advantage of the fact that we're no !! 393 * to kernel accesses too).
418 * stack right now. We can write a fa <<
419 * and then modify our own IRET frame <<
420 * we land directly at the #GP(0) vect <<
421 * set up according to its expectation <<
422 * <<
423 * The net result is that our #GP hand <<
424 * entered from usermode with the bad <<
425 * <<
426 * No need for nmi_enter() here becaus <<
427 */ 394 */
428 if (((long)regs->sp >> P4D_SHIFT) == E <<
429 regs->cs == __KERNEL_CS && <<
430 regs->ip == (unsigned long)nat <<
431 { <<
432 struct pt_regs *gpregs = (stru <<
433 unsigned long *p = (unsigned l <<
434 395
435 /* !! 396 if ((ssw & DF)
436 * regs->sp points to the fail !! 397 && (buserr_type & (SUN3_BUSERR_PROTERR | SUN3_BUSERR_INVALID))) {
437 * ESPFIX64 stack. Copy it to !! 398 if (mmu_emu_handle_fault (fp->un.fmtb.daddr, ssw & RW, 0))
438 * in gpregs->ss through gpreg !! 399 return;
439 * !! 400 }
440 */ <<
441 gpregs->ip = p[0]; <<
442 gpregs->cs = p[1]; <<
443 gpregs->flags = p[2]; <<
444 gpregs->sp = p[3]; <<
445 gpregs->ss = p[4]; <<
446 gpregs->orig_ax = 0; /* Missi <<
447 401
448 /* !! 402 /* Check for kernel-space pagefault (BAD). */
449 * Adjust our frame so that we !! 403 if (fp->ptregs.sr & PS_S) {
450 * vector with the expected RS !! 404 /* kernel fault must be a data fault to user space */
451 * we won't enable interrupts !! 405 if (! ((ssw & DF) && ((ssw & DFC) == USER_DATA))) {
452 * general_protection, so noth !! 406 // try checking the kernel mappings before surrender
453 * frame we just set up. !! 407 if (mmu_emu_handle_fault (fp->un.fmtb.daddr, ssw & RW, 1))
454 * !! 408 return;
455 * We will enter general_prote !! 409 /* instruction fault or kernel data fault! */
456 * which is what the stub expe !! 410 if (ssw & (FC | FB))
457 * RIP will be the IRET instru !! 411 pr_err("Instruction fault at %#010lx\n",
458 */ !! 412 fp->ptregs.pc);
459 regs->ip = (unsigned long)asm_ !! 413 if (ssw & DF) {
460 regs->sp = (unsigned long)&gpr !! 414 /* was this fault incurred testing bus mappings? */
>> 415 if((fp->ptregs.pc >= (unsigned long)&_sun3_map_test_start) &&
>> 416 (fp->ptregs.pc <= (unsigned long)&_sun3_map_test_end)) {
>> 417 send_fault_sig(&fp->ptregs);
>> 418 return;
>> 419 }
>> 420
>> 421 pr_err("Data %s fault at %#010lx in %s (pc=%#lx)\n",
>> 422 ssw & RW ? "read" : "write",
>> 423 fp->un.fmtb.daddr,
>> 424 space_names[ssw & DFC], fp->ptregs.pc);
>> 425 }
>> 426 pr_err("BAD KERNEL BUSERR\n");
461 427
462 return; !! 428 die_if_kernel("Oops", &fp->ptregs,0);
>> 429 force_sig(SIGKILL);
>> 430 return;
>> 431 }
>> 432 } else {
>> 433 /* user fault */
>> 434 if (!(ssw & (FC | FB)) && !(ssw & DF))
>> 435 /* not an instruction fault or data fault! BAD */
>> 436 panic ("USER BUSERR w/o instruction or data fault");
463 } 437 }
464 #endif <<
465 438
466 irqentry_nmi_enter(regs); <<
467 instrumentation_begin(); <<
468 notify_die(DIE_TRAP, str, regs, error_ <<
469 439
470 tsk->thread.error_code = error_code; !! 440 /* First handle the data fault, if any. */
471 tsk->thread.trap_nr = X86_TRAP_DF; !! 441 if (ssw & DF) {
>> 442 addr = fp->un.fmtb.daddr;
>> 443
>> 444 // errorcode bit 0: 0 -> no page 1 -> protection fault
>> 445 // errorcode bit 1: 0 -> read fault 1 -> write fault
>> 446
>> 447 // (buserr_type & SUN3_BUSERR_PROTERR) -> protection fault
>> 448 // (buserr_type & SUN3_BUSERR_INVALID) -> invalid page fault
>> 449
>> 450 if (buserr_type & SUN3_BUSERR_PROTERR)
>> 451 errorcode = 0x01;
>> 452 else if (buserr_type & SUN3_BUSERR_INVALID)
>> 453 errorcode = 0x00;
>> 454 else {
>> 455 pr_debug("*** unexpected busfault type=%#04x\n",
>> 456 buserr_type);
>> 457 pr_debug("invalid %s access at %#lx from pc %#lx\n",
>> 458 !(ssw & RW) ? "write" : "read", addr,
>> 459 fp->ptregs.pc);
>> 460 die_if_kernel ("Oops", &fp->ptregs, buserr_type);
>> 461 force_sig (SIGBUS);
>> 462 return;
>> 463 }
472 464
473 #ifdef CONFIG_VMAP_STACK !! 465 //todo: wtf is RM bit? --m
474 /* !! 466 if (!(ssw & RW) || ssw & RM)
475 * If we overflow the stack into a gua !! 467 errorcode |= 0x02;
476 * to deliver #PF and will send #DF in <<
477 * take any non-IST exception while to <<
478 * the stack, the processor will get a <<
479 * delivering the exception and will g <<
480 * <<
481 * According to the SDM (footnote in 6 <<
482 * Page-Fault Exception (#PF): <<
483 * <<
484 * Processors update CR2 whenever a <<
485 * second page fault occurs while an <<
486 * delivered, the faulting linear ad <<
487 * overwrite the contents of CR2 (re <<
488 * address). These updates to CR2 oc <<
489 * results in a double fault or occu <<
490 * double fault. <<
491 * <<
492 * The logic below has a small possibi <<
493 * some errors as stack overflows. Fo <<
494 * gets corrupted such that #GP delive <<
495 * causing #GP and we hit this conditi <<
496 * points to the stack guard page, we' <<
497 * stack. Given that we're going to p <<
498 * if this happens, this isn't necessa <<
499 * <<
500 * If necessary, we could improve the <<
501 * a stack overflow if the saved RSP p <<
502 * the bottom of the stack: if RSP == <<
503 * take an exception, the stack is alr <<
504 * will be enough room SS, RSP, RFLAGS <<
505 * possible error code, so a stack ove <<
506 * fault. With any less space left, e <<
507 * fail, and, as a practical matter, w <<
508 * stack even if the actual trigger fo <<
509 * something else. <<
510 */ <<
511 if (get_stack_guard_info((void *)addre <<
512 handle_stack_overflow(regs, ad <<
513 #endif <<
514 468
515 pr_emerg("PANIC: double fault, error_c !! 469 /* Handle page fault. */
516 die("double fault", regs, error_code); !! 470 do_page_fault (&fp->ptregs, addr, errorcode);
517 panic("Machine halted."); <<
518 instrumentation_end(); <<
519 } <<
520 471
521 DEFINE_IDTENTRY(exc_bounds) !! 472 /* Retry the data fault now. */
522 { <<
523 if (notify_die(DIE_TRAP, "bounds", reg <<
524 X86_TRAP_BR, SIGSEGV) <<
525 return; 473 return;
526 cond_local_irq_enable(regs); !! 474 }
527 <<
528 if (!user_mode(regs)) <<
529 die("bounds", regs, 0); <<
530 <<
531 do_trap(X86_TRAP_BR, SIGSEGV, "bounds" <<
532 <<
533 cond_local_irq_disable(regs); <<
534 } <<
535 <<
536 enum kernel_gp_hint { <<
537 GP_NO_HINT, <<
538 GP_NON_CANONICAL, <<
539 GP_CANONICAL <<
540 }; <<
541 <<
542 /* <<
543 * When an uncaught #GP occurs, try to determi <<
544 * the instruction and return that address to <<
545 * out whether any part of the access to that <<
546 */ <<
547 static enum kernel_gp_hint get_kernel_gp_addre <<
548 <<
549 { <<
550 u8 insn_buf[MAX_INSN_SIZE]; <<
551 struct insn insn; <<
552 int ret; <<
553 <<
554 if (copy_from_kernel_nofault(insn_buf, <<
555 MAX_INSN_SIZE)) <<
556 return GP_NO_HINT; <<
557 <<
558 ret = insn_decode_kernel(&insn, insn_b <<
559 if (ret < 0) <<
560 return GP_NO_HINT; <<
561 <<
562 *addr = (unsigned long)insn_get_addr_r <<
563 if (*addr == -1UL) <<
564 return GP_NO_HINT; <<
565 <<
566 #ifdef CONFIG_X86_64 <<
567 /* <<
568 * Check that: <<
569 * - the operand is not in the kernel <<
570 * - the last byte of the operand is <<
571 */ <<
572 if (*addr < ~__VIRTUAL_MASK && <<
573 *addr + insn.opnd_bytes - 1 > __VI <<
574 return GP_NON_CANONICAL; <<
575 #endif <<
576 <<
577 return GP_CANONICAL; <<
578 } <<
579 475
580 #define GPFSTR "general protection fault" !! 476 /* Now handle the instruction fault. */
581 477
582 static bool fixup_iopl_exception(struct pt_reg !! 478 /* Get the fault address. */
583 { !! 479 if (fp->ptregs.format == 0xA)
584 struct thread_struct *t = ¤t->th !! 480 addr = fp->ptregs.pc + 4;
585 unsigned char byte; !! 481 else
586 unsigned long ip; !! 482 addr = fp->un.fmtb.baddr;
587 !! 483 if (ssw & FC)
588 if (!IS_ENABLED(CONFIG_X86_IOPL_IOPERM !! 484 addr -= 2;
589 return false; !! 485
590 !! 486 if (buserr_type & SUN3_BUSERR_INVALID) {
591 if (insn_get_effective_ip(regs, &ip)) !! 487 if (!mmu_emu_handle_fault(addr, 1, 0))
592 return false; !! 488 do_page_fault (&fp->ptregs, addr, 0);
593 !! 489 } else {
594 if (get_user(byte, (const char __user !! 490 pr_debug("protection fault on insn access (segv).\n");
595 return false; !! 491 force_sig (SIGSEGV);
596 <<
597 if (byte != 0xfa && byte != 0xfb) <<
598 return false; <<
599 <<
600 if (!t->iopl_warn && printk_ratelimit( <<
601 pr_err("%s[%d] attempts to use <<
602 current->comm, task_pid <<
603 print_vma_addr(KERN_CONT " in <<
604 pr_cont("\n"); <<
605 t->iopl_warn = 1; <<
606 } 492 }
607 <<
608 regs->ip += 1; <<
609 return true; <<
610 } 493 }
611 !! 494 #else
612 /* !! 495 #if defined(CPU_M68020_OR_M68030)
613 * The unprivileged ENQCMD instruction generat !! 496 static inline void bus_error030 (struct frame *fp)
614 * IA32_PASID MSR has not been populated. If <<
615 * the MSR from a PASID previously allocated t <<
616 */ <<
617 static bool try_fixup_enqcmd_gp(void) <<
618 { 497 {
619 #ifdef CONFIG_ARCH_HAS_CPU_PASID !! 498 volatile unsigned short temp;
620 u32 pasid; !! 499 unsigned short mmusr;
621 !! 500 unsigned long addr, errorcode;
622 /* !! 501 unsigned short ssw = fp->un.fmtb.ssw;
623 * MSR_IA32_PASID is managed using XSA !! 502 #ifdef DEBUG
624 * writing to the MSR is only possible !! 503 unsigned long desc;
625 * are valid and the fpstate is not. !! 504 #endif
626 * guaranteed when handling a userspac <<
627 * in *before* interrupts are re-enabl <<
628 */ <<
629 lockdep_assert_irqs_disabled(); <<
630 <<
631 /* <<
632 * Hardware without ENQCMD will not ge <<
633 * #GPs that can be fixed up here. <<
634 */ <<
635 if (!cpu_feature_enabled(X86_FEATURE_E <<
636 return false; <<
637 <<
638 /* <<
639 * If the mm has not been allocated a <<
640 * PASID, the #GP can not be fixed up. <<
641 */ <<
642 if (!mm_valid_pasid(current->mm)) <<
643 return false; <<
644 <<
645 pasid = mm_get_enqcmd_pasid(current->m <<
646 <<
647 /* <<
648 * Did this thread already have its PA <<
649 * If so, the #GP must be from somethi <<
650 */ <<
651 if (current->pasid_activated) <<
652 return false; <<
653 505
654 wrmsrl(MSR_IA32_PASID, pasid | MSR_IA3 !! 506 pr_debug("pid = %x ", current->pid);
655 current->pasid_activated = 1; !! 507 pr_debug("SSW=%#06x ", ssw);
656 508
657 return true; !! 509 if (ssw & (FC | FB))
>> 510 pr_debug("Instruction fault at %#010lx\n",
>> 511 ssw & FC ?
>> 512 fp->ptregs.format == 0xa ? fp->ptregs.pc + 2 : fp->un.fmtb.baddr - 2
>> 513 :
>> 514 fp->ptregs.format == 0xa ? fp->ptregs.pc + 4 : fp->un.fmtb.baddr);
>> 515 if (ssw & DF)
>> 516 pr_debug("Data %s fault at %#010lx in %s (pc=%#lx)\n",
>> 517 ssw & RW ? "read" : "write",
>> 518 fp->un.fmtb.daddr,
>> 519 space_names[ssw & DFC], fp->ptregs.pc);
>> 520
>> 521 /* ++andreas: If a data fault and an instruction fault happen
>> 522 at the same time map in both pages. */
>> 523
>> 524 /* First handle the data fault, if any. */
>> 525 if (ssw & DF) {
>> 526 addr = fp->un.fmtb.daddr;
>> 527
>> 528 #ifdef DEBUG
>> 529 asm volatile ("ptestr %3,%2@,#7,%0\n\t"
>> 530 "pmove %%psr,%1"
>> 531 : "=a&" (desc), "=m" (temp)
>> 532 : "a" (addr), "d" (ssw));
>> 533 pr_debug("mmusr is %#x for addr %#lx in task %p\n",
>> 534 temp, addr, current);
>> 535 pr_debug("descriptor address is 0x%p, contents %#lx\n",
>> 536 __va(desc), *(unsigned long *)__va(desc));
658 #else 537 #else
659 return false; !! 538 asm volatile ("ptestr %2,%1@,#7\n\t"
>> 539 "pmove %%psr,%0"
>> 540 : "=m" (temp) : "a" (addr), "d" (ssw));
>> 541 #endif
>> 542 mmusr = temp;
>> 543 errorcode = (mmusr & MMU_I) ? 0 : 1;
>> 544 if (!(ssw & RW) || (ssw & RM))
>> 545 errorcode |= 2;
>> 546
>> 547 if (mmusr & (MMU_I | MMU_WP)) {
>> 548 /* We might have an exception table for this PC */
>> 549 if (ssw & 4 && !search_exception_tables(fp->ptregs.pc)) {
>> 550 pr_err("Data %s fault at %#010lx in %s (pc=%#lx)\n",
>> 551 ssw & RW ? "read" : "write",
>> 552 fp->un.fmtb.daddr,
>> 553 space_names[ssw & DFC], fp->ptregs.pc);
>> 554 goto buserr;
>> 555 }
>> 556 /* Don't try to do anything further if an exception was
>> 557 handled. */
>> 558 if (do_page_fault (&fp->ptregs, addr, errorcode) < 0)
>> 559 return;
>> 560 } else if (!(mmusr & MMU_I)) {
>> 561 /* probably a 020 cas fault */
>> 562 if (!(ssw & RM) && send_fault_sig(&fp->ptregs) > 0)
>> 563 pr_err("unexpected bus error (%#x,%#x)\n", ssw,
>> 564 mmusr);
>> 565 } else if (mmusr & (MMU_B|MMU_L|MMU_S)) {
>> 566 pr_err("invalid %s access at %#lx from pc %#lx\n",
>> 567 !(ssw & RW) ? "write" : "read", addr,
>> 568 fp->ptregs.pc);
>> 569 die_if_kernel("Oops",&fp->ptregs,mmusr);
>> 570 force_sig(SIGSEGV);
>> 571 return;
>> 572 } else {
>> 573 #if 0
>> 574 static volatile long tlong;
660 #endif 575 #endif
661 } <<
662 <<
663 static bool gp_try_fixup_and_notify(struct pt_ <<
664 unsigned l <<
665 unsigned l <<
666 { <<
667 if (fixup_exception(regs, trapnr, erro <<
668 return true; <<
669 <<
670 current->thread.error_code = error_cod <<
671 current->thread.trap_nr = trapnr; <<
672 <<
673 /* <<
674 * To be potentially processing a kpro <<
675 * from kprobe_running(), we have to b <<
676 */ <<
677 if (!preemptible() && kprobe_running() <<
678 kprobe_fault_handler(regs, trapnr) <<
679 return true; <<
680 576
681 return notify_die(DIE_GPF, str, regs, !! 577 pr_err("weird %s access at %#lx from pc %#lx (ssw is %#x)\n",
682 } !! 578 !(ssw & RW) ? "write" : "read", addr,
>> 579 fp->ptregs.pc, ssw);
>> 580 asm volatile ("ptestr #1,%1@,#0\n\t"
>> 581 "pmove %%psr,%0"
>> 582 : "=m" (temp)
>> 583 : "a" (addr));
>> 584 mmusr = temp;
>> 585
>> 586 pr_err("level 0 mmusr is %#x\n", mmusr);
>> 587 #if 0
>> 588 asm volatile ("pmove %%tt0,%0"
>> 589 : "=m" (tlong));
>> 590 pr_debug("tt0 is %#lx, ", tlong);
>> 591 asm volatile ("pmove %%tt1,%0"
>> 592 : "=m" (tlong));
>> 593 pr_debug("tt1 is %#lx\n", tlong);
>> 594 #endif
>> 595 pr_debug("Unknown SIGSEGV - 1\n");
>> 596 die_if_kernel("Oops",&fp->ptregs,mmusr);
>> 597 force_sig(SIGSEGV);
>> 598 return;
>> 599 }
683 600
684 static void gp_user_force_sig_segv(struct pt_r !! 601 /* setup an ATC entry for the access about to be retried */
685 unsigned lo !! 602 if (!(ssw & RW) || (ssw & RM))
686 { !! 603 asm volatile ("ploadw %1,%0@" : /* no outputs */
687 current->thread.error_code = error_cod !! 604 : "a" (addr), "d" (ssw));
688 current->thread.trap_nr = trapnr; !! 605 else
689 show_signal(current, SIGSEGV, "", str, !! 606 asm volatile ("ploadr %1,%0@" : /* no outputs */
690 force_sig(SIGSEGV); !! 607 : "a" (addr), "d" (ssw));
691 } !! 608 }
692 609
693 DEFINE_IDTENTRY_ERRORCODE(exc_general_protecti !! 610 /* Now handle the instruction fault. */
694 { <<
695 char desc[sizeof(GPFSTR) + 50 + 2*size <<
696 enum kernel_gp_hint hint = GP_NO_HINT; <<
697 unsigned long gp_addr; <<
698 611
699 if (user_mode(regs) && try_fixup_enqcm !! 612 if (!(ssw & (FC|FB)))
700 return; 613 return;
701 614
702 cond_local_irq_enable(regs); !! 615 if (fp->ptregs.sr & PS_S) {
703 !! 616 pr_err("Instruction fault at %#010lx\n", fp->ptregs.pc);
704 if (static_cpu_has(X86_FEATURE_UMIP)) !! 617 buserr:
705 if (user_mode(regs) && fixup_u !! 618 pr_err("BAD KERNEL BUSERR\n");
706 goto exit; !! 619 die_if_kernel("Oops",&fp->ptregs,0);
707 } !! 620 force_sig(SIGKILL);
708 <<
709 if (v8086_mode(regs)) { <<
710 local_irq_enable(); <<
711 handle_vm86_fault((struct kern <<
712 local_irq_disable(); <<
713 return; 621 return;
714 } 622 }
715 623
716 if (user_mode(regs)) { !! 624 /* get the fault address */
717 if (fixup_iopl_exception(regs) !! 625 if (fp->ptregs.format == 10)
718 goto exit; !! 626 addr = fp->ptregs.pc + 4;
719 <<
720 if (fixup_vdso_exception(regs, <<
721 goto exit; <<
722 <<
723 gp_user_force_sig_segv(regs, X <<
724 goto exit; <<
725 } <<
726 <<
727 if (gp_try_fixup_and_notify(regs, X86_ <<
728 goto exit; <<
729 <<
730 if (error_code) <<
731 snprintf(desc, sizeof(desc), " <<
732 else 627 else
733 hint = get_kernel_gp_address(r !! 628 addr = fp->un.fmtb.baddr;
734 !! 629 if (ssw & FC)
735 if (hint != GP_NO_HINT) !! 630 addr -= 2;
736 snprintf(desc, sizeof(desc), G !! 631
737 (hint == GP_NON_CANON !! 632 if ((ssw & DF) && ((addr ^ fp->un.fmtb.daddr) & PAGE_MASK) == 0)
738 !! 633 /* Insn fault on same page as data fault. But we
739 gp_addr); !! 634 should still create the ATC entry. */
740 !! 635 goto create_atc_entry;
741 /* !! 636
742 * KASAN is interested only in the non !! 637 #ifdef DEBUG
743 * otherwise. !! 638 asm volatile ("ptestr #1,%2@,#7,%0\n\t"
744 */ !! 639 "pmove %%psr,%1"
745 if (hint != GP_NON_CANONICAL) !! 640 : "=a&" (desc), "=m" (temp)
746 gp_addr = 0; !! 641 : "a" (addr));
747 !! 642 pr_debug("mmusr is %#x for addr %#lx in task %p\n",
748 die_addr(desc, regs, error_code, gp_ad !! 643 temp, addr, current);
749 !! 644 pr_debug("descriptor address is 0x%p, contents %#lx\n",
750 exit: !! 645 __va(desc), *(unsigned long *)__va(desc));
751 cond_local_irq_disable(regs); !! 646 #else
752 } !! 647 asm volatile ("ptestr #1,%1@,#7\n\t"
753 !! 648 "pmove %%psr,%0"
754 static bool do_int3(struct pt_regs *regs) !! 649 : "=m" (temp) : "a" (addr));
755 { <<
756 int res; <<
757 <<
758 #ifdef CONFIG_KGDB_LOW_LEVEL_TRAP <<
759 if (kgdb_ll_trap(DIE_INT3, "int3", reg <<
760 SIGTRAP) == NOTIFY_ST <<
761 return true; <<
762 #endif /* CONFIG_KGDB_LOW_LEVEL_TRAP */ <<
763 <<
764 #ifdef CONFIG_KPROBES <<
765 if (kprobe_int3_handler(regs)) <<
766 return true; <<
767 #endif 650 #endif
768 res = notify_die(DIE_INT3, "int3", reg !! 651 mmusr = temp;
769 !! 652 if (mmusr & MMU_I)
770 return res == NOTIFY_STOP; !! 653 do_page_fault (&fp->ptregs, addr, 0);
771 } !! 654 else if (mmusr & (MMU_B|MMU_L|MMU_S)) {
772 NOKPROBE_SYMBOL(do_int3); !! 655 pr_err("invalid insn access at %#lx from pc %#lx\n",
773 !! 656 addr, fp->ptregs.pc);
774 static void do_int3_user(struct pt_regs *regs) !! 657 pr_debug("Unknown SIGSEGV - 2\n");
775 { !! 658 die_if_kernel("Oops",&fp->ptregs,mmusr);
776 if (do_int3(regs)) !! 659 force_sig(SIGSEGV);
777 return; 660 return;
>> 661 }
778 662
779 cond_local_irq_enable(regs); !! 663 create_atc_entry:
780 do_trap(X86_TRAP_BP, SIGTRAP, "int3", !! 664 /* setup an ATC entry for the access about to be retried */
781 cond_local_irq_disable(regs); !! 665 asm volatile ("ploadr #2,%0@" : /* no outputs */
>> 666 : "a" (addr));
782 } 667 }
>> 668 #endif /* CPU_M68020_OR_M68030 */
>> 669 #endif /* !CONFIG_SUN3 */
783 670
784 DEFINE_IDTENTRY_RAW(exc_int3) !! 671 #if defined(CONFIG_COLDFIRE) && defined(CONFIG_MMU)
785 { !! 672 #include <asm/mcfmmu.h>
786 /* <<
787 * poke_int3_handler() is completely s <<
788 * must) *NOT* call out to anything, l <<
789 * INT3. <<
790 */ <<
791 if (poke_int3_handler(regs)) <<
792 return; <<
793 <<
794 /* <<
795 * irqentry_enter_from_user_mode() use <<
796 * and therefore can trigger INT3, hen <<
797 * be done before. If the entry came f <<
798 * nmi_enter() because the INT3 could <<
799 * including NMI. <<
800 */ <<
801 if (user_mode(regs)) { <<
802 irqentry_enter_from_user_mode( <<
803 instrumentation_begin(); <<
804 do_int3_user(regs); <<
805 instrumentation_end(); <<
806 irqentry_exit_to_user_mode(reg <<
807 } else { <<
808 irqentry_state_t irq_state = i <<
809 <<
810 instrumentation_begin(); <<
811 if (!do_int3(regs)) <<
812 die("int3", regs, 0); <<
813 instrumentation_end(); <<
814 irqentry_nmi_exit(regs, irq_st <<
815 } <<
816 } <<
817 673
818 #ifdef CONFIG_X86_64 <<
819 /* 674 /*
820 * Help handler running on a per-cpu (IST or e !! 675 * The following table converts the FS encoding of a ColdFire
821 * to switch to the normal thread stack if the !! 676 * exception stack frame into the error_code value needed by
822 * user mode. The actual stack switch is done !! 677 * do_fault.
823 */ !! 678 */
824 asmlinkage __visible noinstr struct pt_regs *s !! 679 static const unsigned char fs_err_code[] = {
825 { !! 680 0, /* 0000 */
826 struct pt_regs *regs = (struct pt_regs !! 681 0, /* 0001 */
827 if (regs != eregs) !! 682 0, /* 0010 */
828 *regs = *eregs; !! 683 0, /* 0011 */
829 return regs; !! 684 1, /* 0100 */
830 } !! 685 0, /* 0101 */
>> 686 0, /* 0110 */
>> 687 0, /* 0111 */
>> 688 2, /* 1000 */
>> 689 3, /* 1001 */
>> 690 2, /* 1010 */
>> 691 0, /* 1011 */
>> 692 1, /* 1100 */
>> 693 1, /* 1101 */
>> 694 0, /* 1110 */
>> 695 0 /* 1111 */
>> 696 };
831 697
832 #ifdef CONFIG_AMD_MEM_ENCRYPT !! 698 static inline void access_errorcf(unsigned int fs, struct frame *fp)
833 asmlinkage __visible noinstr struct pt_regs *v <<
834 { 699 {
835 unsigned long sp, *stack; !! 700 unsigned long mmusr, addr;
836 struct stack_info info; !! 701 unsigned int err_code;
837 struct pt_regs *regs_ret; !! 702 int need_page_fault;
838 <<
839 /* <<
840 * In the SYSCALL entry path the RSP v <<
841 * trust it and switch to the current <<
842 */ <<
843 if (ip_within_syscall_gap(regs)) { <<
844 sp = current_top_of_stack(); <<
845 goto sync; <<
846 } <<
847 703
848 /* !! 704 mmusr = mmu_read(MMUSR);
849 * From here on the RSP value is trust !! 705 addr = mmu_read(MMUAR);
850 * happened from a safe stack. Not saf <<
851 * use the fall-back stack instead in <<
852 */ <<
853 sp = regs->sp; <<
854 stack = (unsigned long *)sp; <<
855 <<
856 if (!get_stack_info_noinstr(stack, cur <<
857 info.type > STACK_TYPE_EXCEPTION_L <<
858 sp = __this_cpu_ist_top_va(VC2 <<
859 706
860 sync: <<
861 /* 707 /*
862 * Found a safe stack - switch to it a !! 708 * error_code:
863 * IST stack. The code below only copi !! 709 * bit 0 == 0 means no page found, 1 means protection fault
864 * in assembly code. !! 710 * bit 1 == 0 means read, 1 means write
865 */ 711 */
866 sp = ALIGN_DOWN(sp, 8) - sizeof(*regs_ !! 712 switch (fs) {
>> 713 case 5: /* 0101 TLB opword X miss */
>> 714 need_page_fault = cf_tlb_miss(&fp->ptregs, 0, 0, 0);
>> 715 addr = fp->ptregs.pc;
>> 716 break;
>> 717 case 6: /* 0110 TLB extension word X miss */
>> 718 need_page_fault = cf_tlb_miss(&fp->ptregs, 0, 0, 1);
>> 719 addr = fp->ptregs.pc + sizeof(long);
>> 720 break;
>> 721 case 10: /* 1010 TLB W miss */
>> 722 need_page_fault = cf_tlb_miss(&fp->ptregs, 1, 1, 0);
>> 723 break;
>> 724 case 14: /* 1110 TLB R miss */
>> 725 need_page_fault = cf_tlb_miss(&fp->ptregs, 0, 1, 0);
>> 726 break;
>> 727 default:
>> 728 /* 0000 Normal */
>> 729 /* 0001 Reserved */
>> 730 /* 0010 Interrupt during debug service routine */
>> 731 /* 0011 Reserved */
>> 732 /* 0100 X Protection */
>> 733 /* 0111 IFP in emulator mode */
>> 734 /* 1000 W Protection*/
>> 735 /* 1001 Write error*/
>> 736 /* 1011 Reserved*/
>> 737 /* 1100 R Protection*/
>> 738 /* 1101 R Protection*/
>> 739 /* 1111 OEP in emulator mode*/
>> 740 need_page_fault = 1;
>> 741 break;
>> 742 }
867 743
868 regs_ret = (struct pt_regs *)sp; !! 744 if (need_page_fault) {
869 *regs_ret = *regs; !! 745 err_code = fs_err_code[fs];
>> 746 if ((fs == 13) && (mmusr & MMUSR_WF)) /* rd-mod-wr access */
>> 747 err_code |= 2; /* bit1 - write, bit0 - protection */
>> 748 do_page_fault(&fp->ptregs, addr, err_code);
>> 749 }
>> 750 }
>> 751 #endif /* CONFIG_COLDFIRE CONFIG_MMU */
>> 752
>> 753 asmlinkage void buserr_c(struct frame *fp)
>> 754 {
>> 755 /* Only set esp0 if coming from user mode */
>> 756 if (user_mode(&fp->ptregs))
>> 757 current->thread.esp0 = (unsigned long) fp;
>> 758
>> 759 pr_debug("*** Bus Error *** Format is %x\n", fp->ptregs.format);
>> 760
>> 761 #if defined(CONFIG_COLDFIRE) && defined(CONFIG_MMU)
>> 762 if (CPU_IS_COLDFIRE) {
>> 763 unsigned int fs;
>> 764 fs = (fp->ptregs.vector & 0x3) |
>> 765 ((fp->ptregs.vector & 0xc00) >> 8);
>> 766 switch (fs) {
>> 767 case 0x5:
>> 768 case 0x6:
>> 769 case 0x7:
>> 770 case 0x9:
>> 771 case 0xa:
>> 772 case 0xd:
>> 773 case 0xe:
>> 774 case 0xf:
>> 775 access_errorcf(fs, fp);
>> 776 return;
>> 777 default:
>> 778 break;
>> 779 }
>> 780 }
>> 781 #endif /* CONFIG_COLDFIRE && CONFIG_MMU */
870 782
871 return regs_ret; !! 783 switch (fp->ptregs.format) {
872 } !! 784 #if defined (CONFIG_M68060)
>> 785 case 4: /* 68060 access error */
>> 786 access_error060 (fp);
>> 787 break;
873 #endif 788 #endif
874 !! 789 #if defined (CONFIG_M68040)
875 asmlinkage __visible noinstr struct pt_regs *f !! 790 case 0x7: /* 68040 access error */
876 { !! 791 access_error040 (fp);
877 struct pt_regs tmp, *new_stack; !! 792 break;
878 <<
879 /* <<
880 * This is called from entry_64.S earl <<
881 * caused by a bad iret to user mode. <<
882 * correctly, we want to move our stac <<
883 * be had we entered directly on the e <<
884 * just below the IRET frame) and we w <<
885 * exception came from the IRET target <<
886 */ <<
887 new_stack = (struct pt_regs *)__this_c <<
888 <<
889 /* Copy the IRET target to the tempora <<
890 __memcpy(&tmp.ip, (void *)bad_regs->sp <<
891 <<
892 /* Copy the remainder of the stack fro <<
893 __memcpy(&tmp, bad_regs, offsetof(stru <<
894 <<
895 /* Update the entry stack */ <<
896 __memcpy(new_stack, &tmp, sizeof(tmp)) <<
897 <<
898 BUG_ON(!user_mode(new_stack)); <<
899 return new_stack; <<
900 } <<
901 #endif 793 #endif
902 !! 794 #if defined (CPU_M68020_OR_M68030)
903 static bool is_sysenter_singlestep(struct pt_r !! 795 case 0xa:
904 { !! 796 case 0xb:
905 /* !! 797 bus_error030 (fp);
906 * We don't try for precision here. I !! 798 break;
907 * code that can be single-stepped in <<
908 * assume that this is a useless singl <<
909 * being invoked with TF set. (We don <<
910 * which instructions will be hit beca <<
911 * be set.) <<
912 */ <<
913 #ifdef CONFIG_X86_32 <<
914 return (regs->ip - (unsigned long)__be <<
915 (unsigned long)__end_SYSENTER_ <<
916 (unsigned long)__begin_SYSENTE <<
917 #elif defined(CONFIG_IA32_EMULATION) <<
918 return (regs->ip - (unsigned long)entr <<
919 (unsigned long)__end_entry_SYS <<
920 (unsigned long)entry_SYSENTER_ <<
921 #else <<
922 return false; <<
923 #endif 799 #endif
>> 800 default:
>> 801 die_if_kernel("bad frame format",&fp->ptregs,0);
>> 802 pr_debug("Unknown SIGSEGV - 4\n");
>> 803 force_sig(SIGSEGV);
>> 804 }
924 } 805 }
925 806
926 static __always_inline unsigned long debug_rea <<
927 { <<
928 unsigned long dr6; <<
929 <<
930 /* <<
931 * The Intel SDM says: <<
932 * <<
933 * Certain debug exceptions may clea <<
934 * contents of the DR6 register are <<
935 * processor. To avoid confusion in <<
936 * exceptions, debug handlers should <<
937 * returning to the interrupted task <<
938 * <<
939 * Keep it simple: clear DR6 immediate <<
940 */ <<
941 get_debugreg(dr6, 6); <<
942 set_debugreg(DR6_RESERVED, 6); <<
943 dr6 ^= DR6_RESERVED; /* Flip to positi <<
944 <<
945 return dr6; <<
946 } <<
947 <<
948 /* <<
949 * Our handling of the processor debug registe <<
950 * We do not clear them on entry and exit from <<
951 * it is possible to get a watchpoint trap her <<
952 * However, the code in ./ptrace.c has ensured <<
953 * only set watchpoints on userspace addresses <<
954 * watchpoint trap can only occur in code whic <<
955 * from user space. Such code must not hold ke <<
956 * can equally take a page fault), therefore i <<
957 * force_sig_info even though that claims and <<
958 * <<
959 * Code in ./signal.c ensures that the debug c <<
960 * is restored before we deliver any signal, a <<
961 * user code runs with the correct debug contr <<
962 * we clear it here. <<
963 * <<
964 * Being careful here means that we don't have <<
965 * lot of more complicated places (task switch <<
966 * about restoring all the debug state, and pt <<
967 * find every occurrence of the TF bit that co <<
968 * by user code) <<
969 * <<
970 * May run on IST stack. <<
971 */ <<
972 <<
973 static bool notify_debug(struct pt_regs *regs, <<
974 { <<
975 /* <<
976 * Notifiers will clear bits in @dr6 t <<
977 * consumed - hw_breakpoint_handler(), <<
978 * <<
979 * Notifiers will set bits in @virtual <<
980 * for signals - ptrace_triggered(), k <<
981 */ <<
982 if (notify_die(DIE_DEBUG, "debug", reg <<
983 return true; <<
984 807
985 return false; !! 808 static int kstack_depth_to_print = 48;
986 } <<
987 809
988 static noinstr void exc_debug_kernel(struct pt !! 810 static void show_trace(unsigned long *stack, const char *loglvl)
989 { 811 {
990 /* !! 812 unsigned long *endstack;
991 * Disable breakpoints during exceptio !! 813 unsigned long addr;
992 * are exceedingly 'fun'. !! 814 int i;
993 * <<
994 * Since this function is NOKPROBE, an <<
995 * HW_BREAKPOINT_X, we can't hit a bre <<
996 * HW_BREAKPOINT_W on our stack) <<
997 * <<
998 * Entry text is excluded for HW_BP_X <<
999 * includes the entry stack is exclude <<
1000 * <<
1001 * For FRED, nested #DB should just w <<
1002 * breakpoint is set in the code path <<
1003 * it results in an endless recursion <<
1004 * with the IDT approach, i.e., save <<
1005 */ <<
1006 unsigned long dr7 = local_db_save(); <<
1007 irqentry_state_t irq_state = irqentry <<
1008 instrumentation_begin(); <<
1009 815
1010 /* !! 816 printk("%sCall Trace:", loglvl);
1011 * If something gets miswired and we !! 817 addr = (unsigned long)stack + THREAD_SIZE - 1;
1012 * #DB, we will malfunction. !! 818 endstack = (unsigned long *)(addr & -THREAD_SIZE);
1013 */ !! 819 i = 0;
1014 WARN_ON_ONCE(user_mode(regs)); !! 820 while (stack + 1 <= endstack) {
1015 !! 821 addr = *stack++;
1016 if (test_thread_flag(TIF_BLOCKSTEP)) <<
1017 /* 822 /*
1018 * The SDM says "The processo !! 823 * If the address is either in the text segment of the
1019 * generates a debug exceptio !! 824 * kernel, or in the region which contains vmalloc'ed
1020 * it for userspace, but we j !! 825 * memory, it *may* be the address of a calling
1021 * BTF. !! 826 * routine; if so, print it so that someone tracing
>> 827 * down the cause of the crash will be able to figure
>> 828 * out the call path that was taken.
1022 */ 829 */
1023 unsigned long debugctl; !! 830 if (__kernel_text_address(addr)) {
1024 !! 831 #ifndef CONFIG_KALLSYMS
1025 rdmsrl(MSR_IA32_DEBUGCTLMSR, !! 832 if (i % 5 == 0)
1026 debugctl |= DEBUGCTLMSR_BTF; !! 833 pr_cont("\n ");
1027 wrmsrl(MSR_IA32_DEBUGCTLMSR, !! 834 #endif
>> 835 pr_cont(" [<%08lx>] %pS\n", addr, (void *)addr);
>> 836 i++;
>> 837 }
1028 } 838 }
1029 !! 839 pr_cont("\n");
1030 /* <<
1031 * Catch SYSENTER with TF set and cle <<
1032 * watchpoint at the same time then t <<
1033 */ <<
1034 if (!cpu_feature_enabled(X86_FEATURE_ <<
1035 (dr6 & DR_STEP) && is_sysenter_si <<
1036 dr6 &= ~DR_STEP; <<
1037 <<
1038 /* <<
1039 * The kernel doesn't use INT1 <<
1040 */ <<
1041 if (!dr6) <<
1042 goto out; <<
1043 <<
1044 if (notify_debug(regs, &dr6)) <<
1045 goto out; <<
1046 <<
1047 /* <<
1048 * The kernel doesn't use TF single-s <<
1049 * <<
1050 * - Kprobes, consumed through kprob <<
1051 * - KGDB, consumed through notify_d <<
1052 * <<
1053 * So if we get here with DR_STEP set <<
1054 * <<
1055 * A known way to trigger this is thr <<
1056 * which leaks #DB into the guest and <<
1057 */ <<
1058 if (WARN_ON_ONCE(dr6 & DR_STEP)) <<
1059 regs->flags &= ~X86_EFLAGS_TF <<
1060 out: <<
1061 instrumentation_end(); <<
1062 irqentry_nmi_exit(regs, irq_state); <<
1063 <<
1064 local_db_restore(dr7); <<
1065 } 840 }
1066 841
1067 static noinstr void exc_debug_user(struct pt_ !! 842 void show_registers(struct pt_regs *regs)
1068 { 843 {
1069 bool icebp; !! 844 struct frame *fp = (struct frame *)regs;
1070 !! 845 u16 c, *cp;
1071 /* !! 846 unsigned long addr;
1072 * If something gets miswired and we !! 847 int i;
1073 * #DB, we will malfunction. !! 848
1074 */ !! 849 print_modules();
1075 WARN_ON_ONCE(!user_mode(regs)); !! 850 pr_info("PC: [<%08lx>] %pS\n", regs->pc, (void *)regs->pc);
1076 !! 851 pr_info("SR: %04x SP: %p a2: %08lx\n", regs->sr, regs, regs->a2);
1077 /* !! 852 pr_info("d0: %08lx d1: %08lx d2: %08lx d3: %08lx\n",
1078 * NB: We can't easily clear DR7 here !! 853 regs->d0, regs->d1, regs->d2, regs->d3);
1079 * irqentry_exit_to_usermode() can in !! 854 pr_info("d4: %08lx d5: %08lx a0: %08lx a1: %08lx\n",
1080 * user memory, etc. This means that !! 855 regs->d4, regs->d5, regs->a0, regs->a1);
1081 * this happens, that #DB will hit ex !! 856
1082 * Since we're not on the IST stack r !! 857 pr_info("Process %s (pid: %d, task=%p)\n",
1083 * fine. !! 858 current->comm, task_pid_nr(current), current);
1084 */ !! 859 addr = (unsigned long)&fp->un;
1085 !! 860 pr_info("Frame format=%X ", regs->format);
1086 irqentry_enter_from_user_mode(regs); !! 861 switch (regs->format) {
1087 instrumentation_begin(); !! 862 case 0x2:
1088 !! 863 pr_cont("instr addr=%08lx\n", fp->un.fmt2.iaddr);
1089 /* !! 864 addr += sizeof(fp->un.fmt2);
1090 * Start the virtual/ptrace DR6 value !! 865 break;
1091 * of the real DR6. ptrace_triggered( !! 866 case 0x3:
1092 * !! 867 pr_cont("eff addr=%08lx\n", fp->un.fmt3.effaddr);
1093 * Userspace expects DR_STEP to be vi !! 868 addr += sizeof(fp->un.fmt3);
1094 * even if it is not the result of PT !! 869 break;
1095 */ !! 870 case 0x4:
1096 current->thread.virtual_dr6 = (dr6 & !! 871 if (CPU_IS_060)
1097 !! 872 pr_cont("fault addr=%08lx fslw=%08lx\n",
1098 /* !! 873 fp->un.fmt4.effaddr, fp->un.fmt4.pc);
1099 * The SDM says "The processor clears !! 874 else
1100 * generates a debug exception." Cle !! 875 pr_cont("eff addr=%08lx pc=%08lx\n",
1101 * TIF_BLOCKSTEP in sync with the har !! 876 fp->un.fmt4.effaddr, fp->un.fmt4.pc);
1102 */ !! 877 addr += sizeof(fp->un.fmt4);
1103 clear_thread_flag(TIF_BLOCKSTEP); !! 878 break;
1104 !! 879 case 0x7:
1105 /* !! 880 pr_cont("eff addr=%08lx ssw=%04x faddr=%08lx\n",
1106 * If dr6 has no reason to give us ab !! 881 fp->un.fmt7.effaddr, fp->un.fmt7.ssw, fp->un.fmt7.faddr);
1107 * then it's very likely the result o !! 882 pr_info("wb 1 stat/addr/data: %04x %08lx %08lx\n",
1108 * User wants a sigtrap for that. !! 883 fp->un.fmt7.wb1s, fp->un.fmt7.wb1a, fp->un.fmt7.wb1dpd0);
1109 */ !! 884 pr_info("wb 2 stat/addr/data: %04x %08lx %08lx\n",
1110 icebp = !dr6; !! 885 fp->un.fmt7.wb2s, fp->un.fmt7.wb2a, fp->un.fmt7.wb2d);
1111 !! 886 pr_info("wb 3 stat/addr/data: %04x %08lx %08lx\n",
1112 if (notify_debug(regs, &dr6)) !! 887 fp->un.fmt7.wb3s, fp->un.fmt7.wb3a, fp->un.fmt7.wb3d);
1113 goto out; !! 888 pr_info("push data: %08lx %08lx %08lx %08lx\n",
1114 !! 889 fp->un.fmt7.wb1dpd0, fp->un.fmt7.pd1, fp->un.fmt7.pd2,
1115 /* It's safe to allow irq's after DR6 !! 890 fp->un.fmt7.pd3);
1116 local_irq_enable(); !! 891 addr += sizeof(fp->un.fmt7);
1117 !! 892 break;
1118 if (v8086_mode(regs)) { !! 893 case 0x9:
1119 handle_vm86_trap((struct kern !! 894 pr_cont("instr addr=%08lx\n", fp->un.fmt9.iaddr);
1120 goto out_irq; !! 895 addr += sizeof(fp->un.fmt9);
>> 896 break;
>> 897 case 0xa:
>> 898 pr_cont("ssw=%04x isc=%04x isb=%04x daddr=%08lx dobuf=%08lx\n",
>> 899 fp->un.fmta.ssw, fp->un.fmta.isc, fp->un.fmta.isb,
>> 900 fp->un.fmta.daddr, fp->un.fmta.dobuf);
>> 901 addr += sizeof(fp->un.fmta);
>> 902 break;
>> 903 case 0xb:
>> 904 pr_cont("ssw=%04x isc=%04x isb=%04x daddr=%08lx dobuf=%08lx\n",
>> 905 fp->un.fmtb.ssw, fp->un.fmtb.isc, fp->un.fmtb.isb,
>> 906 fp->un.fmtb.daddr, fp->un.fmtb.dobuf);
>> 907 pr_info("baddr=%08lx dibuf=%08lx ver=%x\n",
>> 908 fp->un.fmtb.baddr, fp->un.fmtb.dibuf, fp->un.fmtb.ver);
>> 909 addr += sizeof(fp->un.fmtb);
>> 910 break;
>> 911 default:
>> 912 pr_cont("\n");
1121 } 913 }
>> 914 show_stack(NULL, (unsigned long *)addr, KERN_INFO);
1122 915
1123 /* #DB for bus lock can only be trigg !! 916 pr_info("Code:");
1124 if (dr6 & DR_BUS_LOCK) !! 917 cp = (u16 *)regs->pc;
1125 handle_bus_lock(regs); !! 918 for (i = -8; i < 16; i++) {
1126 !! 919 if (get_kernel_nofault(c, cp + i) && i >= 0) {
1127 /* Add the virtual_dr6 bits for signa !! 920 pr_cont(" Bad PC value.");
1128 dr6 |= current->thread.virtual_dr6; !! 921 break;
1129 if (dr6 & (DR_STEP | DR_TRAP_BITS) || !! 922 }
1130 send_sigtrap(regs, 0, get_si_ !! 923 if (i)
1131 !! 924 pr_cont(" %04x", c);
1132 out_irq: !! 925 else
1133 local_irq_disable(); !! 926 pr_cont(" <%04x>", c);
1134 out: !! 927 }
1135 instrumentation_end(); !! 928 pr_cont("\n");
1136 irqentry_exit_to_user_mode(regs); !! 929 }
1137 } !! 930
1138 !! 931 void show_stack(struct task_struct *task, unsigned long *stack,
1139 #ifdef CONFIG_X86_64 !! 932 const char *loglvl)
1140 /* IST stack entry */ !! 933 {
1141 DEFINE_IDTENTRY_DEBUG(exc_debug) !! 934 unsigned long *p;
1142 { !! 935 unsigned long *endstack;
1143 exc_debug_kernel(regs, debug_read_cle !! 936 int i;
1144 } !! 937
1145 !! 938 if (!stack) {
1146 /* User entry, runs on regular task stack */ !! 939 if (task)
1147 DEFINE_IDTENTRY_DEBUG_USER(exc_debug) !! 940 stack = (unsigned long *)task->thread.esp0;
1148 { !! 941 else
1149 exc_debug_user(regs, debug_read_clear !! 942 stack = (unsigned long *)&stack;
>> 943 }
>> 944 endstack = (unsigned long *)(((unsigned long)stack + THREAD_SIZE - 1) & -THREAD_SIZE);
>> 945
>> 946 printk("%sStack from %08lx:", loglvl, (unsigned long)stack);
>> 947 p = stack;
>> 948 for (i = 0; i < kstack_depth_to_print; i++) {
>> 949 if (p + 1 > endstack)
>> 950 break;
>> 951 if (i % 8 == 0)
>> 952 pr_cont("\n ");
>> 953 pr_cont(" %08lx", *p++);
>> 954 }
>> 955 pr_cont("\n");
>> 956 show_trace(stack, loglvl);
1150 } 957 }
1151 958
1152 #ifdef CONFIG_X86_FRED <<
1153 /* 959 /*
1154 * When occurred on different ring level, i.e !! 960 * The vector number returned in the frame pointer may also contain
1155 * context, #DB needs to be handled on differ !! 961 * the "fs" (Fault Status) bits on ColdFire. These are in the bottom
1156 * current task stack, while kernel #DB on a !! 962 * 2 bits, and upper 2 bits. So we need to mask out the real vector
1157 * !! 963 * number before using it in comparisons. You don't need to do this on
1158 * This is exactly how FRED event delivery in !! 964 * real 68k parts, but it won't hurt either.
1159 * handler: ring 3 event on level 0 stack, i. <<
1160 * ring 0 event on the #DB dedicated stack sp <<
1161 * IA32_FRED_STKLVLS MSR. So unlike IDT, the <<
1162 * entry stub doesn't do stack switch. <<
1163 */ 965 */
1164 DEFINE_FREDENTRY_DEBUG(exc_debug) <<
1165 { <<
1166 /* <<
1167 * FRED #DB stores DR6 on the stack i <<
1168 * debug_read_clear_dr6() returns for <<
1169 */ <<
1170 unsigned long dr6 = fred_event_data(r <<
1171 <<
1172 if (user_mode(regs)) <<
1173 exc_debug_user(regs, dr6); <<
1174 else <<
1175 exc_debug_kernel(regs, dr6); <<
1176 } <<
1177 #endif /* CONFIG_X86_FRED */ <<
1178 966
1179 #else !! 967 static void bad_super_trap(struct frame *fp)
1180 /* 32 bit does not have separate entry points <<
1181 DEFINE_IDTENTRY_RAW(exc_debug) <<
1182 { 968 {
1183 unsigned long dr6 = debug_read_clear_ !! 969 int vector = (fp->ptregs.vector >> 2) & 0xff;
1184 970
1185 if (user_mode(regs)) !! 971 console_verbose();
1186 exc_debug_user(regs, dr6); !! 972 if (vector < ARRAY_SIZE(vec_names))
>> 973 pr_err("*** %s *** FORMAT=%X\n",
>> 974 vec_names[vector],
>> 975 fp->ptregs.format);
1187 else 976 else
1188 exc_debug_kernel(regs, dr6); !! 977 pr_err("*** Exception %d *** FORMAT=%X\n",
1189 } !! 978 vector, fp->ptregs.format);
1190 #endif !! 979 if (vector == VEC_ADDRERR && CPU_IS_020_OR_030) {
1191 !! 980 unsigned short ssw = fp->un.fmtb.ssw;
1192 /* !! 981
1193 * Note that we play around with the 'TS' bit !! 982 pr_err("SSW=%#06x ", ssw);
1194 * the correct behaviour even in the presence !! 983
1195 * IRQ13 behaviour !! 984 if (ssw & RC)
1196 */ !! 985 pr_err("Pipe stage C instruction fault at %#010lx\n",
1197 static void math_error(struct pt_regs *regs, !! 986 (fp->ptregs.format) == 0xA ?
1198 { !! 987 fp->ptregs.pc + 2 : fp->un.fmtb.baddr - 2);
1199 struct task_struct *task = current; !! 988 if (ssw & RB)
1200 struct fpu *fpu = &task->thread.fpu; !! 989 pr_err("Pipe stage B instruction fault at %#010lx\n",
1201 int si_code; !! 990 (fp->ptregs.format) == 0xA ?
1202 char *str = (trapnr == X86_TRAP_MF) ? !! 991 fp->ptregs.pc + 4 : fp->un.fmtb.baddr);
1203 !! 992 if (ssw & DF)
1204 !! 993 pr_err("Data %s fault at %#010lx in %s (pc=%#lx)\n",
1205 cond_local_irq_enable(regs); !! 994 ssw & RW ? "read" : "write",
1206 !! 995 fp->un.fmtb.daddr, space_names[ssw & DFC],
1207 if (!user_mode(regs)) { !! 996 fp->ptregs.pc);
1208 if (fixup_exception(regs, tra !! 997 }
1209 goto exit; !! 998 pr_err("Current process id is %d\n", task_pid_nr(current));
1210 !! 999 die_if_kernel("BAD KERNEL TRAP", &fp->ptregs, 0);
1211 task->thread.error_code = 0; !! 1000 }
1212 task->thread.trap_nr = trapnr !! 1001
1213 !! 1002 asmlinkage void trap_c(struct frame *fp)
1214 if (notify_die(DIE_TRAP, str, !! 1003 {
1215 SIGFPE) != NOT !! 1004 int sig, si_code;
1216 die(str, regs, 0); !! 1005 void __user *addr;
1217 goto exit; !! 1006 int vector = (fp->ptregs.vector >> 2) & 0xff;
1218 } !! 1007
1219 !! 1008 if (fp->ptregs.sr & PS_S) {
1220 /* !! 1009 if (vector == VEC_TRACE) {
1221 * Synchronize the FPU register state !! 1010 /* traced a trapping instruction on a 68020/30,
1222 * if necessary. This allows the exce !! 1011 * real exception will be executed afterwards.
1223 */ !! 1012 */
1224 fpu_sync_fpstate(fpu); <<
1225 <<
1226 task->thread.trap_nr = trapnr; <<
1227 task->thread.error_code = 0; <<
1228 <<
1229 si_code = fpu__exception_code(fpu, tr <<
1230 /* Retry when we get spurious excepti <<
1231 if (!si_code) <<
1232 goto exit; <<
1233 <<
1234 if (fixup_vdso_exception(regs, trapnr <<
1235 goto exit; <<
1236 <<
1237 force_sig_fault(SIGFPE, si_code, <<
1238 (void __user *)uprobe <<
1239 exit: <<
1240 cond_local_irq_disable(regs); <<
1241 } <<
1242 <<
1243 DEFINE_IDTENTRY(exc_coprocessor_error) <<
1244 { <<
1245 math_error(regs, X86_TRAP_MF); <<
1246 } <<
1247 <<
1248 DEFINE_IDTENTRY(exc_simd_coprocessor_error) <<
1249 { <<
1250 if (IS_ENABLED(CONFIG_X86_INVD_BUG)) <<
1251 /* AMD 486 bug: INVD in CPL 0 <<
1252 if (!static_cpu_has(X86_FEATU <<
1253 __exc_general_protect <<
1254 return; 1013 return;
1255 } 1014 }
>> 1015 #ifdef CONFIG_MMU
>> 1016 if (fixup_exception(&fp->ptregs))
>> 1017 return;
>> 1018 #endif
>> 1019 bad_super_trap(fp);
>> 1020 return;
1256 } 1021 }
1257 math_error(regs, X86_TRAP_XF); <<
1258 } <<
1259 <<
1260 DEFINE_IDTENTRY(exc_spurious_interrupt_bug) <<
1261 { <<
1262 /* <<
1263 * This addresses a Pentium Pro Errat <<
1264 * <<
1265 * PROBLEM: If the APIC subsystem is <<
1266 * Virtual Wire mode implemented thro <<
1267 * interrupt vector of 0Fh (Intel res <<
1268 * generated by the local APIC (Int 1 <<
1269 * generated upon receipt of a spurio <<
1270 * which is removed before the system <<
1271 * instead of the programmed 8259 spu <<
1272 * <<
1273 * IMPLICATION: The spurious interrup <<
1274 * 8259 is normally handled by an ope <<
1275 * interrupt handler. However, a vect <<
1276 * operating systems, which would cra <<
1277 * <<
1278 * In theory this could be limited to <<
1279 * hurting and who knows which other <<
1280 */ <<
1281 } <<
1282 <<
1283 static bool handle_xfd_event(struct pt_regs * <<
1284 { <<
1285 u64 xfd_err; <<
1286 int err; <<
1287 <<
1288 if (!IS_ENABLED(CONFIG_X86_64) || !cp <<
1289 return false; <<
1290 <<
1291 rdmsrl(MSR_IA32_XFD_ERR, xfd_err); <<
1292 if (!xfd_err) <<
1293 return false; <<
1294 <<
1295 wrmsrl(MSR_IA32_XFD_ERR, 0); <<
1296 <<
1297 /* Die if that happens in kernel spac <<
1298 if (WARN_ON(!user_mode(regs))) <<
1299 return false; <<
1300 <<
1301 local_irq_enable(); <<
1302 1022
1303 err = xfd_enable_feature(xfd_err); !! 1023 /* send the appropriate signal to the user program */
1304 !! 1024 switch (vector) {
1305 switch (err) { !! 1025 case VEC_ADDRERR:
1306 case -EPERM: !! 1026 si_code = BUS_ADRALN;
1307 force_sig_fault(SIGILL, ILL_I !! 1027 sig = SIGBUS;
1308 break; 1028 break;
1309 case -EFAULT: !! 1029 case VEC_ILLEGAL:
1310 force_sig(SIGSEGV); !! 1030 case VEC_LINE10:
>> 1031 case VEC_LINE11:
>> 1032 si_code = ILL_ILLOPC;
>> 1033 sig = SIGILL;
>> 1034 break;
>> 1035 case VEC_PRIV:
>> 1036 si_code = ILL_PRVOPC;
>> 1037 sig = SIGILL;
>> 1038 break;
>> 1039 case VEC_COPROC:
>> 1040 si_code = ILL_COPROC;
>> 1041 sig = SIGILL;
>> 1042 break;
>> 1043 case VEC_TRAP1:
>> 1044 case VEC_TRAP2:
>> 1045 case VEC_TRAP3:
>> 1046 case VEC_TRAP4:
>> 1047 case VEC_TRAP5:
>> 1048 case VEC_TRAP6:
>> 1049 case VEC_TRAP7:
>> 1050 case VEC_TRAP8:
>> 1051 case VEC_TRAP9:
>> 1052 case VEC_TRAP10:
>> 1053 case VEC_TRAP11:
>> 1054 case VEC_TRAP12:
>> 1055 case VEC_TRAP13:
>> 1056 case VEC_TRAP14:
>> 1057 si_code = ILL_ILLTRP;
>> 1058 sig = SIGILL;
>> 1059 break;
>> 1060 case VEC_FPBRUC:
>> 1061 case VEC_FPOE:
>> 1062 case VEC_FPNAN:
>> 1063 si_code = FPE_FLTINV;
>> 1064 sig = SIGFPE;
>> 1065 break;
>> 1066 case VEC_FPIR:
>> 1067 si_code = FPE_FLTRES;
>> 1068 sig = SIGFPE;
>> 1069 break;
>> 1070 case VEC_FPDIVZ:
>> 1071 si_code = FPE_FLTDIV;
>> 1072 sig = SIGFPE;
>> 1073 break;
>> 1074 case VEC_FPUNDER:
>> 1075 si_code = FPE_FLTUND;
>> 1076 sig = SIGFPE;
>> 1077 break;
>> 1078 case VEC_FPOVER:
>> 1079 si_code = FPE_FLTOVF;
>> 1080 sig = SIGFPE;
>> 1081 break;
>> 1082 case VEC_ZERODIV:
>> 1083 si_code = FPE_INTDIV;
>> 1084 sig = SIGFPE;
>> 1085 break;
>> 1086 case VEC_CHK:
>> 1087 case VEC_TRAP:
>> 1088 si_code = FPE_INTOVF;
>> 1089 sig = SIGFPE;
>> 1090 break;
>> 1091 case VEC_TRACE: /* ptrace single step */
>> 1092 si_code = TRAP_TRACE;
>> 1093 sig = SIGTRAP;
>> 1094 break;
>> 1095 case VEC_TRAP15: /* breakpoint */
>> 1096 si_code = TRAP_BRKPT;
>> 1097 sig = SIGTRAP;
>> 1098 break;
>> 1099 default:
>> 1100 si_code = ILL_ILLOPC;
>> 1101 sig = SIGILL;
1311 break; 1102 break;
1312 } 1103 }
1313 !! 1104 switch (fp->ptregs.format) {
1314 local_irq_disable(); !! 1105 default:
1315 return true; !! 1106 addr = (void __user *) fp->ptregs.pc;
>> 1107 break;
>> 1108 case 2:
>> 1109 addr = (void __user *) fp->un.fmt2.iaddr;
>> 1110 break;
>> 1111 case 7:
>> 1112 addr = (void __user *) fp->un.fmt7.effaddr;
>> 1113 break;
>> 1114 case 9:
>> 1115 addr = (void __user *) fp->un.fmt9.iaddr;
>> 1116 break;
>> 1117 case 10:
>> 1118 addr = (void __user *) fp->un.fmta.daddr;
>> 1119 break;
>> 1120 case 11:
>> 1121 addr = (void __user*) fp->un.fmtb.daddr;
>> 1122 break;
>> 1123 }
>> 1124 force_sig_fault(sig, si_code, addr);
1316 } 1125 }
1317 1126
1318 DEFINE_IDTENTRY(exc_device_not_available) !! 1127 void die_if_kernel (char *str, struct pt_regs *fp, int nr)
1319 { 1128 {
1320 unsigned long cr0 = read_cr0(); !! 1129 if (!(fp->sr & PS_S))
1321 <<
1322 if (handle_xfd_event(regs)) <<
1323 return; <<
1324 <<
1325 #ifdef CONFIG_MATH_EMULATION <<
1326 if (!boot_cpu_has(X86_FEATURE_FPU) && <<
1327 struct math_emu_info info = { <<
1328 <<
1329 cond_local_irq_enable(regs); <<
1330 <<
1331 info.regs = regs; <<
1332 math_emulate(&info); <<
1333 <<
1334 cond_local_irq_disable(regs); <<
1335 return; 1130 return;
1336 } <<
1337 #endif <<
1338 1131
1339 /* This should not happen. */ !! 1132 console_verbose();
1340 if (WARN(cr0 & X86_CR0_TS, "CR0.TS wa !! 1133 pr_crit("%s: %08x\n", str, nr);
1341 /* Try to fix it up and carry !! 1134 show_registers(fp);
1342 write_cr0(cr0 & ~X86_CR0_TS); !! 1135 add_taint(TAINT_DIE, LOCKDEP_NOW_UNRELIABLE);
1343 } else { !! 1136 make_task_dead(SIGSEGV);
1344 /* <<
1345 * Something terrible happene <<
1346 * to kill the task than gett <<
1347 * loop of #NM faults. <<
1348 */ <<
1349 die("unexpected #NM exception <<
1350 } <<
1351 } 1137 }
1352 1138
1353 #ifdef CONFIG_INTEL_TDX_GUEST !! 1139 asmlinkage void set_esp0(unsigned long ssp)
1354 <<
1355 #define VE_FAULT_STR "VE fault" <<
1356 <<
1357 static void ve_raise_fault(struct pt_regs *re <<
1358 unsigned long addr <<
1359 { 1140 {
1360 if (user_mode(regs)) { !! 1141 current->thread.esp0 = ssp;
1361 gp_user_force_sig_segv(regs, <<
1362 return; <<
1363 } <<
1364 <<
1365 if (gp_try_fixup_and_notify(regs, X86 <<
1366 VE_FAULT_ <<
1367 return; <<
1368 } <<
1369 <<
1370 die_addr(VE_FAULT_STR, regs, error_co <<
1371 } 1142 }
1372 1143
1373 /* 1144 /*
1374 * Virtualization Exceptions (#VE) are delive !! 1145 * This function is called if an error occur while accessing
1375 * specific guest actions which may happen in !! 1146 * user-space from the fpsp040 code.
1376 * kernel: <<
1377 * <<
1378 * * Specific instructions (WBINVD, for exam <<
1379 * * Specific MSR accesses <<
1380 * * Specific CPUID leaf accesses <<
1381 * * Access to specific guest physical addre <<
1382 * <<
1383 * In the settings that Linux will run in, vi <<
1384 * never generated on accesses to normal, TD- <<
1385 * accepted (by BIOS or with tdx_enc_status_c <<
1386 * <<
1387 * Syscall entry code has a critical window w <<
1388 * yet set up. Any exception in this window l <<
1389 * and can be exploited for privilege escalat <<
1390 * entry code also cause issues. Returning fr <<
1391 * IRET will re-enable NMIs and nested NMI wi <<
1392 * <<
1393 * For these reasons, the kernel avoids #VEs <<
1394 * the NMI entry code. Entry code paths do no <<
1395 * MMIO regions, use #VE triggering MSRs, ins <<
1396 * that might generate #VE. VMM can remove me <<
1397 * but access to unaccepted (or missing) priv <<
1398 * termination, not to #VE. <<
1399 * <<
1400 * Similarly to page faults and breakpoints, <<
1401 * handlers once the kernel is ready to deal <<
1402 * <<
1403 * During #VE delivery, all interrupts, inclu <<
1404 * TDGETVEINFO is called. It prevents #VE nes <<
1405 * the VE info. <<
1406 * <<
1407 * If a guest kernel action which would norma <<
1408 * the interrupt-disabled region before TDGET <<
1409 * exception) is delivered to the guest which <<
1410 * <<
1411 * The entry code has been audited carefully <<
1412 * Changes in the entry code have to be audit <<
1413 * aspect. Similarly to #PF, #VE in these pla <<
1414 * privilege escalation or may lead to random <<
1415 */ 1147 */
1416 DEFINE_IDTENTRY(exc_virtualization_exception) !! 1148 asmlinkage void fpsp040_die(void)
1417 { 1149 {
1418 struct ve_info ve; !! 1150 force_exit_sig(SIGSEGV);
1419 <<
1420 /* <<
1421 * NMIs/Machine-checks/Interrupts wil <<
1422 * till TDGETVEINFO TDCALL is execute <<
1423 * info cannot be overwritten by a ne <<
1424 */ <<
1425 tdx_get_ve_info(&ve); <<
1426 <<
1427 cond_local_irq_enable(regs); <<
1428 <<
1429 /* <<
1430 * If tdx_handle_virt_exception() cou <<
1431 * it successfully, treat it as #GP(0 <<
1432 */ <<
1433 if (!tdx_handle_virt_exception(regs, <<
1434 ve_raise_fault(regs, 0, ve.gl <<
1435 <<
1436 cond_local_irq_disable(regs); <<
1437 } 1151 }
1438 1152
1439 #endif !! 1153 #ifdef CONFIG_M68KFPU_EMU
1440 !! 1154 asmlinkage void fpemu_signal(int signal, int code, void *addr)
1441 #ifdef CONFIG_X86_32 <<
1442 DEFINE_IDTENTRY_SW(iret_error) <<
1443 { 1155 {
1444 local_irq_enable(); !! 1156 force_sig_fault(signal, code, addr);
1445 if (notify_die(DIE_TRAP, "iret except <<
1446 X86_TRAP_IRET, SIGILL <<
1447 do_trap(X86_TRAP_IRET, SIGILL <<
1448 ILL_BADSTK, (void __u <<
1449 } <<
1450 local_irq_disable(); <<
1451 } 1157 }
1452 #endif 1158 #endif
1453 <<
1454 void __init trap_init(void) <<
1455 { <<
1456 /* Init cpu_entry_area before IST ent <<
1457 setup_cpu_entry_areas(); <<
1458 <<
1459 /* Init GHCB memory pages when runnin <<
1460 sev_es_init_vc_handling(); <<
1461 <<
1462 /* Initialize TSS before setting up t <<
1463 cpu_init_exception_handling(true); <<
1464 <<
1465 /* Setup traps as cpu_init() might #G <<
1466 if (!cpu_feature_enabled(X86_FEATURE_ <<
1467 idt_setup_traps(); <<
1468 <<
1469 cpu_init(); <<
1470 } <<
1471 1159
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.