1*14cf11afSPaul Mackerras /* 2*14cf11afSPaul Mackerras * arch/ppc/mm/fault.c 3*14cf11afSPaul Mackerras * 4*14cf11afSPaul Mackerras * PowerPC version 5*14cf11afSPaul Mackerras * Copyright (C) 1995-1996 Gary Thomas (gdt@linuxppc.org) 6*14cf11afSPaul Mackerras * 7*14cf11afSPaul Mackerras * Derived from "arch/i386/mm/fault.c" 8*14cf11afSPaul Mackerras * Copyright (C) 1991, 1992, 1993, 1994 Linus Torvalds 9*14cf11afSPaul Mackerras * 10*14cf11afSPaul Mackerras * Modified by Cort Dougan and Paul Mackerras. 11*14cf11afSPaul Mackerras * 12*14cf11afSPaul Mackerras * Modified for PPC64 by Dave Engebretsen (engebret@ibm.com) 13*14cf11afSPaul Mackerras * 14*14cf11afSPaul Mackerras * This program is free software; you can redistribute it and/or 15*14cf11afSPaul Mackerras * modify it under the terms of the GNU General Public License 16*14cf11afSPaul Mackerras * as published by the Free Software Foundation; either version 17*14cf11afSPaul Mackerras * 2 of the License, or (at your option) any later version. 18*14cf11afSPaul Mackerras */ 19*14cf11afSPaul Mackerras 20*14cf11afSPaul Mackerras #include <linux/config.h> 21*14cf11afSPaul Mackerras #include <linux/signal.h> 22*14cf11afSPaul Mackerras #include <linux/sched.h> 23*14cf11afSPaul Mackerras #include <linux/kernel.h> 24*14cf11afSPaul Mackerras #include <linux/errno.h> 25*14cf11afSPaul Mackerras #include <linux/string.h> 26*14cf11afSPaul Mackerras #include <linux/types.h> 27*14cf11afSPaul Mackerras #include <linux/ptrace.h> 28*14cf11afSPaul Mackerras #include <linux/mman.h> 29*14cf11afSPaul Mackerras #include <linux/mm.h> 30*14cf11afSPaul Mackerras #include <linux/interrupt.h> 31*14cf11afSPaul Mackerras #include <linux/highmem.h> 32*14cf11afSPaul Mackerras #include <linux/module.h> 33*14cf11afSPaul Mackerras #include <linux/kprobes.h> 34*14cf11afSPaul Mackerras 35*14cf11afSPaul Mackerras #include <asm/page.h> 36*14cf11afSPaul Mackerras #include <asm/pgtable.h> 37*14cf11afSPaul Mackerras #include <asm/mmu.h> 38*14cf11afSPaul Mackerras #include <asm/mmu_context.h> 39*14cf11afSPaul Mackerras #include <asm/system.h> 40*14cf11afSPaul Mackerras #include <asm/uaccess.h> 41*14cf11afSPaul Mackerras #include <asm/tlbflush.h> 42*14cf11afSPaul Mackerras #include <asm/kdebug.h> 43*14cf11afSPaul Mackerras #include <asm/siginfo.h> 44*14cf11afSPaul Mackerras 45*14cf11afSPaul Mackerras /* 46*14cf11afSPaul Mackerras * Check whether the instruction at regs->nip is a store using 47*14cf11afSPaul Mackerras * an update addressing form which will update r1. 48*14cf11afSPaul Mackerras */ 49*14cf11afSPaul Mackerras static int store_updates_sp(struct pt_regs *regs) 50*14cf11afSPaul Mackerras { 51*14cf11afSPaul Mackerras unsigned int inst; 52*14cf11afSPaul Mackerras 53*14cf11afSPaul Mackerras if (get_user(inst, (unsigned int __user *)regs->nip)) 54*14cf11afSPaul Mackerras return 0; 55*14cf11afSPaul Mackerras /* check for 1 in the rA field */ 56*14cf11afSPaul Mackerras if (((inst >> 16) & 0x1f) != 1) 57*14cf11afSPaul Mackerras return 0; 58*14cf11afSPaul Mackerras /* check major opcode */ 59*14cf11afSPaul Mackerras switch (inst >> 26) { 60*14cf11afSPaul Mackerras case 37: /* stwu */ 61*14cf11afSPaul Mackerras case 39: /* stbu */ 62*14cf11afSPaul Mackerras case 45: /* sthu */ 63*14cf11afSPaul Mackerras case 53: /* stfsu */ 64*14cf11afSPaul Mackerras case 55: /* stfdu */ 65*14cf11afSPaul Mackerras return 1; 66*14cf11afSPaul Mackerras case 62: /* std or stdu */ 67*14cf11afSPaul Mackerras return (inst & 3) == 1; 68*14cf11afSPaul Mackerras case 31: 69*14cf11afSPaul Mackerras /* check minor opcode */ 70*14cf11afSPaul Mackerras switch ((inst >> 1) & 0x3ff) { 71*14cf11afSPaul Mackerras case 181: /* stdux */ 72*14cf11afSPaul Mackerras case 183: /* stwux */ 73*14cf11afSPaul Mackerras case 247: /* stbux */ 74*14cf11afSPaul Mackerras case 439: /* sthux */ 75*14cf11afSPaul Mackerras case 695: /* stfsux */ 76*14cf11afSPaul Mackerras case 759: /* stfdux */ 77*14cf11afSPaul Mackerras return 1; 78*14cf11afSPaul Mackerras } 79*14cf11afSPaul Mackerras } 80*14cf11afSPaul Mackerras return 0; 81*14cf11afSPaul Mackerras } 82*14cf11afSPaul Mackerras 83*14cf11afSPaul Mackerras static void do_dabr(struct pt_regs *regs, unsigned long error_code) 84*14cf11afSPaul Mackerras { 85*14cf11afSPaul Mackerras siginfo_t info; 86*14cf11afSPaul Mackerras 87*14cf11afSPaul Mackerras if (notify_die(DIE_DABR_MATCH, "dabr_match", regs, error_code, 88*14cf11afSPaul Mackerras 11, SIGSEGV) == NOTIFY_STOP) 89*14cf11afSPaul Mackerras return; 90*14cf11afSPaul Mackerras 91*14cf11afSPaul Mackerras if (debugger_dabr_match(regs)) 92*14cf11afSPaul Mackerras return; 93*14cf11afSPaul Mackerras 94*14cf11afSPaul Mackerras /* Clear the DABR */ 95*14cf11afSPaul Mackerras set_dabr(0); 96*14cf11afSPaul Mackerras 97*14cf11afSPaul Mackerras /* Deliver the signal to userspace */ 98*14cf11afSPaul Mackerras info.si_signo = SIGTRAP; 99*14cf11afSPaul Mackerras info.si_errno = 0; 100*14cf11afSPaul Mackerras info.si_code = TRAP_HWBKPT; 101*14cf11afSPaul Mackerras info.si_addr = (void __user *)regs->nip; 102*14cf11afSPaul Mackerras force_sig_info(SIGTRAP, &info, current); 103*14cf11afSPaul Mackerras } 104*14cf11afSPaul Mackerras 105*14cf11afSPaul Mackerras /* 106*14cf11afSPaul Mackerras * For 600- and 800-family processors, the error_code parameter is DSISR 107*14cf11afSPaul Mackerras * for a data fault, SRR1 for an instruction fault. For 400-family processors 108*14cf11afSPaul Mackerras * the error_code parameter is ESR for a data fault, 0 for an instruction 109*14cf11afSPaul Mackerras * fault. 110*14cf11afSPaul Mackerras * For 64-bit processors, the error_code parameter is 111*14cf11afSPaul Mackerras * - DSISR for a non-SLB data access fault, 112*14cf11afSPaul Mackerras * - SRR1 & 0x08000000 for a non-SLB instruction access fault 113*14cf11afSPaul Mackerras * - 0 any SLB fault. 114*14cf11afSPaul Mackerras * 115*14cf11afSPaul Mackerras * The return value is 0 if the fault was handled, or the signal 116*14cf11afSPaul Mackerras * number if this is a kernel fault that can't be handled here. 117*14cf11afSPaul Mackerras */ 118*14cf11afSPaul Mackerras int __kprobes do_page_fault(struct pt_regs *regs, unsigned long address, 119*14cf11afSPaul Mackerras unsigned long error_code) 120*14cf11afSPaul Mackerras { 121*14cf11afSPaul Mackerras struct vm_area_struct * vma; 122*14cf11afSPaul Mackerras struct mm_struct *mm = current->mm; 123*14cf11afSPaul Mackerras siginfo_t info; 124*14cf11afSPaul Mackerras int code = SEGV_MAPERR; 125*14cf11afSPaul Mackerras int is_write = 0; 126*14cf11afSPaul Mackerras int trap = TRAP(regs); 127*14cf11afSPaul Mackerras int is_exec = trap == 0x400; 128*14cf11afSPaul Mackerras 129*14cf11afSPaul Mackerras #if !(defined(CONFIG_4xx) || defined(CONFIG_BOOKE)) 130*14cf11afSPaul Mackerras /* 131*14cf11afSPaul Mackerras * Fortunately the bit assignments in SRR1 for an instruction 132*14cf11afSPaul Mackerras * fault and DSISR for a data fault are mostly the same for the 133*14cf11afSPaul Mackerras * bits we are interested in. But there are some bits which 134*14cf11afSPaul Mackerras * indicate errors in DSISR but can validly be set in SRR1. 135*14cf11afSPaul Mackerras */ 136*14cf11afSPaul Mackerras if (trap == 0x400) 137*14cf11afSPaul Mackerras error_code &= 0x48200000; 138*14cf11afSPaul Mackerras else 139*14cf11afSPaul Mackerras is_write = error_code & DSISR_ISSTORE; 140*14cf11afSPaul Mackerras #else 141*14cf11afSPaul Mackerras is_write = error_code & ESR_DST; 142*14cf11afSPaul Mackerras #endif /* CONFIG_4xx || CONFIG_BOOKE */ 143*14cf11afSPaul Mackerras 144*14cf11afSPaul Mackerras if (notify_die(DIE_PAGE_FAULT, "page_fault", regs, error_code, 145*14cf11afSPaul Mackerras 11, SIGSEGV) == NOTIFY_STOP) 146*14cf11afSPaul Mackerras return 0; 147*14cf11afSPaul Mackerras 148*14cf11afSPaul Mackerras if (trap == 0x300) { 149*14cf11afSPaul Mackerras if (debugger_fault_handler(regs)) 150*14cf11afSPaul Mackerras return 0; 151*14cf11afSPaul Mackerras } 152*14cf11afSPaul Mackerras 153*14cf11afSPaul Mackerras /* On a kernel SLB miss we can only check for a valid exception entry */ 154*14cf11afSPaul Mackerras if (!user_mode(regs) && (address >= TASK_SIZE)) 155*14cf11afSPaul Mackerras return SIGSEGV; 156*14cf11afSPaul Mackerras 157*14cf11afSPaul Mackerras #if !(defined(CONFIG_4xx) || defined(CONFIG_BOOKE)) 158*14cf11afSPaul Mackerras if (error_code & DSISR_DABRMATCH) { 159*14cf11afSPaul Mackerras /* DABR match */ 160*14cf11afSPaul Mackerras do_dabr(regs, error_code); 161*14cf11afSPaul Mackerras return 0; 162*14cf11afSPaul Mackerras } 163*14cf11afSPaul Mackerras #endif /* !(CONFIG_4xx || CONFIG_BOOKE)*/ 164*14cf11afSPaul Mackerras 165*14cf11afSPaul Mackerras if (in_atomic() || mm == NULL) { 166*14cf11afSPaul Mackerras if (!user_mode(regs)) 167*14cf11afSPaul Mackerras return SIGSEGV; 168*14cf11afSPaul Mackerras /* in_atomic() in user mode is really bad, 169*14cf11afSPaul Mackerras as is current->mm == NULL. */ 170*14cf11afSPaul Mackerras printk(KERN_EMERG "Page fault in user mode with" 171*14cf11afSPaul Mackerras "in_atomic() = %d mm = %p\n", in_atomic(), mm); 172*14cf11afSPaul Mackerras printk(KERN_EMERG "NIP = %lx MSR = %lx\n", 173*14cf11afSPaul Mackerras regs->nip, regs->msr); 174*14cf11afSPaul Mackerras die("Weird page fault", regs, SIGSEGV); 175*14cf11afSPaul Mackerras } 176*14cf11afSPaul Mackerras 177*14cf11afSPaul Mackerras /* When running in the kernel we expect faults to occur only to 178*14cf11afSPaul Mackerras * addresses in user space. All other faults represent errors in the 179*14cf11afSPaul Mackerras * kernel and should generate an OOPS. Unfortunatly, in the case of an 180*14cf11afSPaul Mackerras * erroneous fault occuring in a code path which already holds mmap_sem 181*14cf11afSPaul Mackerras * we will deadlock attempting to validate the fault against the 182*14cf11afSPaul Mackerras * address space. Luckily the kernel only validly references user 183*14cf11afSPaul Mackerras * space from well defined areas of code, which are listed in the 184*14cf11afSPaul Mackerras * exceptions table. 185*14cf11afSPaul Mackerras * 186*14cf11afSPaul Mackerras * As the vast majority of faults will be valid we will only perform 187*14cf11afSPaul Mackerras * the source reference check when there is a possibilty of a deadlock. 188*14cf11afSPaul Mackerras * Attempt to lock the address space, if we cannot we then validate the 189*14cf11afSPaul Mackerras * source. If this is invalid we can skip the address space check, 190*14cf11afSPaul Mackerras * thus avoiding the deadlock. 191*14cf11afSPaul Mackerras */ 192*14cf11afSPaul Mackerras if (!down_read_trylock(&mm->mmap_sem)) { 193*14cf11afSPaul Mackerras if (!user_mode(regs) && !search_exception_tables(regs->nip)) 194*14cf11afSPaul Mackerras goto bad_area_nosemaphore; 195*14cf11afSPaul Mackerras 196*14cf11afSPaul Mackerras down_read(&mm->mmap_sem); 197*14cf11afSPaul Mackerras } 198*14cf11afSPaul Mackerras 199*14cf11afSPaul Mackerras vma = find_vma(mm, address); 200*14cf11afSPaul Mackerras if (!vma) 201*14cf11afSPaul Mackerras goto bad_area; 202*14cf11afSPaul Mackerras if (vma->vm_start <= address) 203*14cf11afSPaul Mackerras goto good_area; 204*14cf11afSPaul Mackerras if (!(vma->vm_flags & VM_GROWSDOWN)) 205*14cf11afSPaul Mackerras goto bad_area; 206*14cf11afSPaul Mackerras 207*14cf11afSPaul Mackerras /* 208*14cf11afSPaul Mackerras * N.B. The POWER/Open ABI allows programs to access up to 209*14cf11afSPaul Mackerras * 288 bytes below the stack pointer. 210*14cf11afSPaul Mackerras * The kernel signal delivery code writes up to about 1.5kB 211*14cf11afSPaul Mackerras * below the stack pointer (r1) before decrementing it. 212*14cf11afSPaul Mackerras * The exec code can write slightly over 640kB to the stack 213*14cf11afSPaul Mackerras * before setting the user r1. Thus we allow the stack to 214*14cf11afSPaul Mackerras * expand to 1MB without further checks. 215*14cf11afSPaul Mackerras */ 216*14cf11afSPaul Mackerras if (address + 0x100000 < vma->vm_end) { 217*14cf11afSPaul Mackerras /* get user regs even if this fault is in kernel mode */ 218*14cf11afSPaul Mackerras struct pt_regs *uregs = current->thread.regs; 219*14cf11afSPaul Mackerras if (uregs == NULL) 220*14cf11afSPaul Mackerras goto bad_area; 221*14cf11afSPaul Mackerras 222*14cf11afSPaul Mackerras /* 223*14cf11afSPaul Mackerras * A user-mode access to an address a long way below 224*14cf11afSPaul Mackerras * the stack pointer is only valid if the instruction 225*14cf11afSPaul Mackerras * is one which would update the stack pointer to the 226*14cf11afSPaul Mackerras * address accessed if the instruction completed, 227*14cf11afSPaul Mackerras * i.e. either stwu rs,n(r1) or stwux rs,r1,rb 228*14cf11afSPaul Mackerras * (or the byte, halfword, float or double forms). 229*14cf11afSPaul Mackerras * 230*14cf11afSPaul Mackerras * If we don't check this then any write to the area 231*14cf11afSPaul Mackerras * between the last mapped region and the stack will 232*14cf11afSPaul Mackerras * expand the stack rather than segfaulting. 233*14cf11afSPaul Mackerras */ 234*14cf11afSPaul Mackerras if (address + 2048 < uregs->gpr[1] 235*14cf11afSPaul Mackerras && (!user_mode(regs) || !store_updates_sp(regs))) 236*14cf11afSPaul Mackerras goto bad_area; 237*14cf11afSPaul Mackerras } 238*14cf11afSPaul Mackerras if (expand_stack(vma, address)) 239*14cf11afSPaul Mackerras goto bad_area; 240*14cf11afSPaul Mackerras 241*14cf11afSPaul Mackerras good_area: 242*14cf11afSPaul Mackerras code = SEGV_ACCERR; 243*14cf11afSPaul Mackerras #if defined(CONFIG_6xx) 244*14cf11afSPaul Mackerras if (error_code & 0x95700000) 245*14cf11afSPaul Mackerras /* an error such as lwarx to I/O controller space, 246*14cf11afSPaul Mackerras address matching DABR, eciwx, etc. */ 247*14cf11afSPaul Mackerras goto bad_area; 248*14cf11afSPaul Mackerras #endif /* CONFIG_6xx */ 249*14cf11afSPaul Mackerras #if defined(CONFIG_8xx) 250*14cf11afSPaul Mackerras /* The MPC8xx seems to always set 0x80000000, which is 251*14cf11afSPaul Mackerras * "undefined". Of those that can be set, this is the only 252*14cf11afSPaul Mackerras * one which seems bad. 253*14cf11afSPaul Mackerras */ 254*14cf11afSPaul Mackerras if (error_code & 0x10000000) 255*14cf11afSPaul Mackerras /* Guarded storage error. */ 256*14cf11afSPaul Mackerras goto bad_area; 257*14cf11afSPaul Mackerras #endif /* CONFIG_8xx */ 258*14cf11afSPaul Mackerras 259*14cf11afSPaul Mackerras if (is_exec) { 260*14cf11afSPaul Mackerras #ifdef CONFIG_PPC64 261*14cf11afSPaul Mackerras /* protection fault */ 262*14cf11afSPaul Mackerras if (error_code & DSISR_PROTFAULT) 263*14cf11afSPaul Mackerras goto bad_area; 264*14cf11afSPaul Mackerras if (!(vma->vm_flags & VM_EXEC)) 265*14cf11afSPaul Mackerras goto bad_area; 266*14cf11afSPaul Mackerras #endif 267*14cf11afSPaul Mackerras #if defined(CONFIG_4xx) || defined(CONFIG_BOOKE) 268*14cf11afSPaul Mackerras pte_t *ptep; 269*14cf11afSPaul Mackerras 270*14cf11afSPaul Mackerras /* Since 4xx/Book-E supports per-page execute permission, 271*14cf11afSPaul Mackerras * we lazily flush dcache to icache. */ 272*14cf11afSPaul Mackerras ptep = NULL; 273*14cf11afSPaul Mackerras if (get_pteptr(mm, address, &ptep) && pte_present(*ptep)) { 274*14cf11afSPaul Mackerras struct page *page = pte_page(*ptep); 275*14cf11afSPaul Mackerras 276*14cf11afSPaul Mackerras if (! test_bit(PG_arch_1, &page->flags)) { 277*14cf11afSPaul Mackerras flush_dcache_icache_page(page); 278*14cf11afSPaul Mackerras set_bit(PG_arch_1, &page->flags); 279*14cf11afSPaul Mackerras } 280*14cf11afSPaul Mackerras pte_update(ptep, 0, _PAGE_HWEXEC); 281*14cf11afSPaul Mackerras _tlbie(address); 282*14cf11afSPaul Mackerras pte_unmap(ptep); 283*14cf11afSPaul Mackerras up_read(&mm->mmap_sem); 284*14cf11afSPaul Mackerras return 0; 285*14cf11afSPaul Mackerras } 286*14cf11afSPaul Mackerras if (ptep != NULL) 287*14cf11afSPaul Mackerras pte_unmap(ptep); 288*14cf11afSPaul Mackerras #endif 289*14cf11afSPaul Mackerras /* a write */ 290*14cf11afSPaul Mackerras } else if (is_write) { 291*14cf11afSPaul Mackerras if (!(vma->vm_flags & VM_WRITE)) 292*14cf11afSPaul Mackerras goto bad_area; 293*14cf11afSPaul Mackerras /* a read */ 294*14cf11afSPaul Mackerras } else { 295*14cf11afSPaul Mackerras /* protection fault */ 296*14cf11afSPaul Mackerras if (error_code & 0x08000000) 297*14cf11afSPaul Mackerras goto bad_area; 298*14cf11afSPaul Mackerras if (!(vma->vm_flags & (VM_READ | VM_EXEC))) 299*14cf11afSPaul Mackerras goto bad_area; 300*14cf11afSPaul Mackerras } 301*14cf11afSPaul Mackerras 302*14cf11afSPaul Mackerras /* 303*14cf11afSPaul Mackerras * If for any reason at all we couldn't handle the fault, 304*14cf11afSPaul Mackerras * make sure we exit gracefully rather than endlessly redo 305*14cf11afSPaul Mackerras * the fault. 306*14cf11afSPaul Mackerras */ 307*14cf11afSPaul Mackerras survive: 308*14cf11afSPaul Mackerras switch (handle_mm_fault(mm, vma, address, is_write)) { 309*14cf11afSPaul Mackerras 310*14cf11afSPaul Mackerras case VM_FAULT_MINOR: 311*14cf11afSPaul Mackerras current->min_flt++; 312*14cf11afSPaul Mackerras break; 313*14cf11afSPaul Mackerras case VM_FAULT_MAJOR: 314*14cf11afSPaul Mackerras current->maj_flt++; 315*14cf11afSPaul Mackerras break; 316*14cf11afSPaul Mackerras case VM_FAULT_SIGBUS: 317*14cf11afSPaul Mackerras goto do_sigbus; 318*14cf11afSPaul Mackerras case VM_FAULT_OOM: 319*14cf11afSPaul Mackerras goto out_of_memory; 320*14cf11afSPaul Mackerras default: 321*14cf11afSPaul Mackerras BUG(); 322*14cf11afSPaul Mackerras } 323*14cf11afSPaul Mackerras 324*14cf11afSPaul Mackerras up_read(&mm->mmap_sem); 325*14cf11afSPaul Mackerras return 0; 326*14cf11afSPaul Mackerras 327*14cf11afSPaul Mackerras bad_area: 328*14cf11afSPaul Mackerras up_read(&mm->mmap_sem); 329*14cf11afSPaul Mackerras 330*14cf11afSPaul Mackerras bad_area_nosemaphore: 331*14cf11afSPaul Mackerras /* User mode accesses cause a SIGSEGV */ 332*14cf11afSPaul Mackerras if (user_mode(regs)) { 333*14cf11afSPaul Mackerras _exception(SIGSEGV, regs, code, address); 334*14cf11afSPaul Mackerras return 0; 335*14cf11afSPaul Mackerras } 336*14cf11afSPaul Mackerras 337*14cf11afSPaul Mackerras if (is_exec && (error_code & DSISR_PROTFAULT) 338*14cf11afSPaul Mackerras && printk_ratelimit()) 339*14cf11afSPaul Mackerras printk(KERN_CRIT "kernel tried to execute NX-protected" 340*14cf11afSPaul Mackerras " page (%lx) - exploit attempt? (uid: %d)\n", 341*14cf11afSPaul Mackerras address, current->uid); 342*14cf11afSPaul Mackerras 343*14cf11afSPaul Mackerras return SIGSEGV; 344*14cf11afSPaul Mackerras 345*14cf11afSPaul Mackerras /* 346*14cf11afSPaul Mackerras * We ran out of memory, or some other thing happened to us that made 347*14cf11afSPaul Mackerras * us unable to handle the page fault gracefully. 348*14cf11afSPaul Mackerras */ 349*14cf11afSPaul Mackerras out_of_memory: 350*14cf11afSPaul Mackerras up_read(&mm->mmap_sem); 351*14cf11afSPaul Mackerras if (current->pid == 1) { 352*14cf11afSPaul Mackerras yield(); 353*14cf11afSPaul Mackerras down_read(&mm->mmap_sem); 354*14cf11afSPaul Mackerras goto survive; 355*14cf11afSPaul Mackerras } 356*14cf11afSPaul Mackerras printk("VM: killing process %s\n", current->comm); 357*14cf11afSPaul Mackerras if (user_mode(regs)) 358*14cf11afSPaul Mackerras do_exit(SIGKILL); 359*14cf11afSPaul Mackerras return SIGKILL; 360*14cf11afSPaul Mackerras 361*14cf11afSPaul Mackerras do_sigbus: 362*14cf11afSPaul Mackerras up_read(&mm->mmap_sem); 363*14cf11afSPaul Mackerras if (user_mode(regs)) { 364*14cf11afSPaul Mackerras info.si_signo = SIGBUS; 365*14cf11afSPaul Mackerras info.si_errno = 0; 366*14cf11afSPaul Mackerras info.si_code = BUS_ADRERR; 367*14cf11afSPaul Mackerras info.si_addr = (void __user *)address; 368*14cf11afSPaul Mackerras force_sig_info(SIGBUS, &info, current); 369*14cf11afSPaul Mackerras return 0; 370*14cf11afSPaul Mackerras } 371*14cf11afSPaul Mackerras return SIGBUS; 372*14cf11afSPaul Mackerras } 373*14cf11afSPaul Mackerras 374*14cf11afSPaul Mackerras /* 375*14cf11afSPaul Mackerras * bad_page_fault is called when we have a bad access from the kernel. 376*14cf11afSPaul Mackerras * It is called from the DSI and ISI handlers in head.S and from some 377*14cf11afSPaul Mackerras * of the procedures in traps.c. 378*14cf11afSPaul Mackerras */ 379*14cf11afSPaul Mackerras void bad_page_fault(struct pt_regs *regs, unsigned long address, int sig) 380*14cf11afSPaul Mackerras { 381*14cf11afSPaul Mackerras const struct exception_table_entry *entry; 382*14cf11afSPaul Mackerras 383*14cf11afSPaul Mackerras /* Are we prepared to handle this fault? */ 384*14cf11afSPaul Mackerras if ((entry = search_exception_tables(regs->nip)) != NULL) { 385*14cf11afSPaul Mackerras regs->nip = entry->fixup; 386*14cf11afSPaul Mackerras return; 387*14cf11afSPaul Mackerras } 388*14cf11afSPaul Mackerras 389*14cf11afSPaul Mackerras /* kernel has accessed a bad area */ 390*14cf11afSPaul Mackerras die("Kernel access of bad area", regs, sig); 391*14cf11afSPaul Mackerras } 392