fault.c - OpenGrok cross reference for /openbmc/linux/arch/powerpc/mm/fault.c

Deleted Added

sdiffudifftextold (31d1b771..)new (ffca395b..)

fault.c (31d1b7710262fba12282b24083f20dc76e0efc93)	fault.c (ffca395b11c4a5a6df6d6345f794b0e3d578e2d0)
1/* 2 * PowerPC version 3 * Copyright (C) 1995-1996 Gary Thomas (gdt@linuxppc.org) 4 * 5 * Derived from "arch/i386/mm/fault.c" 6 * Copyright (C) 1991, 1992, 1993, 1994 Linus Torvalds 7 * 8 * Modified by Cort Dougan and Paul Mackerras. --- 212 unchanged lines hidden (view full) --- 221 } 222 return 0; 223} 224 225/* Is this a bad kernel fault ? */ 226static bool bad_kernel_fault(bool is_exec, unsigned long error_code, 227 unsigned long address) 228{	1/* 2 * PowerPC version 3 * Copyright (C) 1995-1996 Gary Thomas (gdt@linuxppc.org) 4 * 5 * Derived from "arch/i386/mm/fault.c" 6 * Copyright (C) 1991, 1992, 1993, 1994 Linus Torvalds 7 * 8 * Modified by Cort Dougan and Paul Mackerras. --- 212 unchanged lines hidden (view full) --- 221 } 222 return 0; 223} 224 225/* Is this a bad kernel fault ? */ 226static bool bad_kernel_fault(bool is_exec, unsigned long error_code, 227 unsigned long address) 228{
229 if (is_exec && (error_code & (DSISR_NOEXEC_OR_G \| DSISR_KEYFAULT))) {	229 /* NX faults set DSISR_PROTFAULT on the 8xx, DSISR_NOEXEC_OR_G on others */ 230 if (is_exec && (error_code & (DSISR_NOEXEC_OR_G \| DSISR_KEYFAULT \| 231 DSISR_PROTFAULT))) {
230 printk_ratelimited(KERN_CRIT "kernel tried to execute" 231 " exec-protected page (%lx) -" 232 "exploit attempt? (uid: %d)\n", 233 address, from_kuid(&init_user_ns, 234 current_uid())); 235 } 236 return is_exec \|\| (address >= TASK_SIZE); 237} --- 98 unchanged lines hidden (view full) --- 336 get_lppaca()->page_ins = cpu_to_be32(page_ins); 337 preempt_enable(); 338 } 339} 340#else 341static inline void cmo_account_page_fault(void) { } 342#endif /* CONFIG_PPC_SMLPAR */ 343	232 printk_ratelimited(KERN_CRIT "kernel tried to execute" 233 " exec-protected page (%lx) -" 234 "exploit attempt? (uid: %d)\n", 235 address, from_kuid(&init_user_ns, 236 current_uid())); 237 } 238 return is_exec \|\| (address >= TASK_SIZE); 239} --- 98 unchanged lines hidden (view full) --- 338 get_lppaca()->page_ins = cpu_to_be32(page_ins); 339 preempt_enable(); 340 } 341} 342#else 343static inline void cmo_account_page_fault(void) { } 344#endif /* CONFIG_PPC_SMLPAR */ 345
344#ifdef CONFIG_PPC_STD_MMU 345static void sanity_check_fault(bool is_write, unsigned long error_code)	346#ifdef CONFIG_PPC_BOOK3S 347static void sanity_check_fault(bool is_write, bool is_user, 348 unsigned long error_code, unsigned long address)
346{ 347 /*	349{ 350 /*
	351 * Userspace trying to access kernel address, we get PROTFAULT for that. 352 / 353 if (is_user && address >= TASK_SIZE) { 354 pr_crit_ratelimited("%s[%d]: User access of kernel address (%lx) - exploit attempt? (uid: %d)\n", 355 current->comm, current->pid, address, 356 from_kuid(&init_user_ns, current_uid())); 357 return; 358 } 359 360 /
348 * For hash translation mode, we should never get a 349 * PROTFAULT. Any update to pte to reduce access will result in us 350 * removing the hash page table entry, thus resulting in a DSISR_NOHPTE 351 * fault instead of DSISR_PROTFAULT. 352 * 353 * A pte update to relax the access will not result in a hash page table 354 * entry invalidate and hence can result in DSISR_PROTFAULT. 355 * ptep_set_access_flags() doesn't do a hpte flush. This is why we have --- 12 unchanged lines hidden (view full) --- 368 * For embedded with per page exec support that doesn't support coherent 369 * icache we do get PROTFAULT and we handle that D/I cache sync in 370 * set_pte_at while taking the noexec/prot fault. Hence this is WARN_ON 371 * is conditional for server MMU. 372 * 373 * For radix, we can get prot fault for autonuma case, because radix 374 * page table will have them marked noaccess for user. 375 */	361 * For hash translation mode, we should never get a 362 * PROTFAULT. Any update to pte to reduce access will result in us 363 * removing the hash page table entry, thus resulting in a DSISR_NOHPTE 364 * fault instead of DSISR_PROTFAULT. 365 * 366 * A pte update to relax the access will not result in a hash page table 367 * entry invalidate and hence can result in DSISR_PROTFAULT. 368 * ptep_set_access_flags() doesn't do a hpte flush. This is why we have --- 12 unchanged lines hidden (view full) --- 381 * For embedded with per page exec support that doesn't support coherent 382 * icache we do get PROTFAULT and we handle that D/I cache sync in 383 * set_pte_at while taking the noexec/prot fault. Hence this is WARN_ON 384 * is conditional for server MMU. 385 * 386 * For radix, we can get prot fault for autonuma case, because radix 387 * page table will have them marked noaccess for user. 388 */
376 if (!radix_enabled() && !is_write) 377 WARN_ON_ONCE(error_code & DSISR_PROTFAULT);	389 if (radix_enabled() \|\| is_write) 390 return; 391 392 WARN_ON_ONCE(error_code & DSISR_PROTFAULT);
378} 379#else	393} 394#else
380static void sanity_check_fault(bool is_write, unsigned long error_code) { } 381#endif /* CONFIG_PPC_STD_MMU */	395static void sanity_check_fault(bool is_write, bool is_user, 396 unsigned long error_code, unsigned long address) { } 397#endif /* CONFIG_PPC_BOOK3S */
382 383/* 384 * Define the correct "is_write" bit in error_code based 385 * on the processor family 386 / 387#if (defined(CONFIG_4xx) \|\| defined(CONFIG_BOOKE)) 388#define page_fault_is_write(__err) ((__err) & ESR_DST) 389#define page_fault_is_bad(__err) (0) --- 40 unchanged lines hidden* (view full) --- 430 if (is_user) { 431 _exception(SIGBUS, regs, BUS_OBJERR, address); 432 return 0; 433 } 434 return SIGBUS; 435 } 436 437 /* Additional sanity check(s) */	398 399/* 400 * Define the correct "is_write" bit in error_code based 401 * on the processor family 402 / 403#if (defined(CONFIG_4xx) \|\| defined(CONFIG_BOOKE)) 404#define page_fault_is_write(__err) ((__err) & ESR_DST) 405#define page_fault_is_bad(__err) (0) --- 40 unchanged lines hidden* (view full) --- 446 if (is_user) { 447 _exception(SIGBUS, regs, BUS_OBJERR, address); 448 return 0; 449 } 450 return SIGBUS; 451 } 452 453 /* Additional sanity check(s) */
438 sanity_check_fault(is_write, error_code);	454 sanity_check_fault(is_write, is_user, error_code, address);
439 440 /* 441 * The kernel should never take an execute fault nor should it 442 * take a page fault to a kernel address. 443 / 444 if (unlikely(!is_user && bad_kernel_fault(is_exec, error_code, address))) 445 return SIGSEGV; 446 --- 184 unchanged lines hidden* (view full) --- 631 return; 632 } 633 634 /* kernel has accessed a bad area */ 635 636 switch (TRAP(regs)) { 637 case 0x300: 638 case 0x380:	455 456 /* 457 * The kernel should never take an execute fault nor should it 458 * take a page fault to a kernel address. 459 / 460 if (unlikely(!is_user && bad_kernel_fault(is_exec, error_code, address))) 461 return SIGSEGV; 462 --- 184 unchanged lines hidden* (view full) --- 647 return; 648 } 649 650 /* kernel has accessed a bad area */ 651 652 switch (TRAP(regs)) { 653 case 0x300: 654 case 0x380:
639 printk(KERN_ALERT "Unable to handle kernel paging request for " 640 "data at address 0x%08lx\n", regs->dar);	655 pr_alert("BUG: %s at 0x%08lx\n", 656 regs->dar < PAGE_SIZE ? "Kernel NULL pointer dereference" : 657 "Unable to handle kernel data access", regs->dar);
641 break; 642 case 0x400: 643 case 0x480:	658 break; 659 case 0x400: 660 case 0x480:
644 printk(KERN_ALERT "Unable to handle kernel paging request for " 645 "instruction fetch\n");	661 pr_alert("BUG: Unable to handle kernel instruction fetch%s", 662 regs->nip < PAGE_SIZE ? " (NULL pointer?)\n" : "\n");
646 break; 647 case 0x600:	663 break; 664 case 0x600:
648 printk(KERN_ALERT "Unable to handle kernel paging request for " 649 "unaligned access at address 0x%08lx\n", regs->dar);	665 pr_alert("BUG: Unable to handle kernel unaligned access at 0x%08lx\n", 666 regs->dar);
650 break; 651 default:	667 break; 668 default:
652 printk(KERN_ALERT "Unable to handle kernel paging request for " 653 "unknown fault\n");	669 pr_alert("BUG: Unable to handle unknown paging fault at 0x%08lx\n", 670 regs->dar);
654 break; 655 } 656 printk(KERN_ALERT "Faulting instruction address: 0x%08lx\n", 657 regs->nip); 658 659 if (task_stack_end_corrupted(current)) 660 printk(KERN_ALERT "Thread overran stack, or stack corrupted\n"); 661 662 die("Kernel access of bad area", regs, sig); 663}	671 break; 672 } 673 printk(KERN_ALERT "Faulting instruction address: 0x%08lx\n", 674 regs->nip); 675 676 if (task_stack_end_corrupted(current)) 677 printk(KERN_ALERT "Thread overran stack, or stack corrupted\n"); 678 679 die("Kernel access of bad area", regs, sig); 680}