1 /* 2 * Based on arch/arm/kernel/traps.c 3 * 4 * Copyright (C) 1995-2009 Russell King 5 * Copyright (C) 2012 ARM Ltd. 6 * 7 * This program is free software; you can redistribute it and/or modify 8 * it under the terms of the GNU General Public License version 2 as 9 * published by the Free Software Foundation. 10 * 11 * This program is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 * GNU General Public License for more details. 15 * 16 * You should have received a copy of the GNU General Public License 17 * along with this program. If not, see <http://www.gnu.org/licenses/>. 18 */ 19 20 #include <linux/bug.h> 21 #include <linux/signal.h> 22 #include <linux/personality.h> 23 #include <linux/kallsyms.h> 24 #include <linux/spinlock.h> 25 #include <linux/uaccess.h> 26 #include <linux/hardirq.h> 27 #include <linux/kdebug.h> 28 #include <linux/module.h> 29 #include <linux/kexec.h> 30 #include <linux/delay.h> 31 #include <linux/init.h> 32 #include <linux/sched/signal.h> 33 #include <linux/sched/debug.h> 34 #include <linux/sched/task_stack.h> 35 #include <linux/sizes.h> 36 #include <linux/syscalls.h> 37 #include <linux/mm_types.h> 38 39 #include <asm/atomic.h> 40 #include <asm/bug.h> 41 #include <asm/cpufeature.h> 42 #include <asm/daifflags.h> 43 #include <asm/debug-monitors.h> 44 #include <asm/esr.h> 45 #include <asm/insn.h> 46 #include <asm/traps.h> 47 #include <asm/smp.h> 48 #include <asm/stack_pointer.h> 49 #include <asm/stacktrace.h> 50 #include <asm/exception.h> 51 #include <asm/system_misc.h> 52 #include <asm/sysreg.h> 53 54 static const char *handler[]= { 55 "Synchronous Abort", 56 "IRQ", 57 "FIQ", 58 "Error" 59 }; 60 61 int show_unhandled_signals = 0; 62 63 static void dump_backtrace_entry(unsigned long where) 64 { 65 printk(" %pS\n", (void *)where); 66 } 67 68 static void __dump_instr(const char *lvl, struct pt_regs *regs) 69 { 70 unsigned long addr = instruction_pointer(regs); 71 char str[sizeof("00000000 ") * 5 + 2 + 1], *p = str; 72 int i; 73 74 for (i = -4; i < 1; i++) { 75 unsigned int val, bad; 76 77 bad = get_user(val, &((u32 *)addr)[i]); 78 79 if (!bad) 80 p += sprintf(p, i == 0 ? "(%08x) " : "%08x ", val); 81 else { 82 p += sprintf(p, "bad PC value"); 83 break; 84 } 85 } 86 printk("%sCode: %s\n", lvl, str); 87 } 88 89 static void dump_instr(const char *lvl, struct pt_regs *regs) 90 { 91 if (!user_mode(regs)) { 92 mm_segment_t fs = get_fs(); 93 set_fs(KERNEL_DS); 94 __dump_instr(lvl, regs); 95 set_fs(fs); 96 } else { 97 __dump_instr(lvl, regs); 98 } 99 } 100 101 void dump_backtrace(struct pt_regs *regs, struct task_struct *tsk) 102 { 103 struct stackframe frame; 104 int skip; 105 106 pr_debug("%s(regs = %p tsk = %p)\n", __func__, regs, tsk); 107 108 if (!tsk) 109 tsk = current; 110 111 if (!try_get_task_stack(tsk)) 112 return; 113 114 if (tsk == current) { 115 frame.fp = (unsigned long)__builtin_frame_address(0); 116 frame.pc = (unsigned long)dump_backtrace; 117 } else { 118 /* 119 * task blocked in __switch_to 120 */ 121 frame.fp = thread_saved_fp(tsk); 122 frame.pc = thread_saved_pc(tsk); 123 } 124 #ifdef CONFIG_FUNCTION_GRAPH_TRACER 125 frame.graph = tsk->curr_ret_stack; 126 #endif 127 128 skip = !!regs; 129 printk("Call trace:\n"); 130 do { 131 /* skip until specified stack frame */ 132 if (!skip) { 133 dump_backtrace_entry(frame.pc); 134 } else if (frame.fp == regs->regs[29]) { 135 skip = 0; 136 /* 137 * Mostly, this is the case where this function is 138 * called in panic/abort. As exception handler's 139 * stack frame does not contain the corresponding pc 140 * at which an exception has taken place, use regs->pc 141 * instead. 142 */ 143 dump_backtrace_entry(regs->pc); 144 } 145 } while (!unwind_frame(tsk, &frame)); 146 147 put_task_stack(tsk); 148 } 149 150 void show_stack(struct task_struct *tsk, unsigned long *sp) 151 { 152 dump_backtrace(NULL, tsk); 153 barrier(); 154 } 155 156 #ifdef CONFIG_PREEMPT 157 #define S_PREEMPT " PREEMPT" 158 #else 159 #define S_PREEMPT "" 160 #endif 161 #define S_SMP " SMP" 162 163 static int __die(const char *str, int err, struct pt_regs *regs) 164 { 165 struct task_struct *tsk = current; 166 static int die_counter; 167 int ret; 168 169 pr_emerg("Internal error: %s: %x [#%d]" S_PREEMPT S_SMP "\n", 170 str, err, ++die_counter); 171 172 /* trap and error numbers are mostly meaningless on ARM */ 173 ret = notify_die(DIE_OOPS, str, regs, err, 0, SIGSEGV); 174 if (ret == NOTIFY_STOP) 175 return ret; 176 177 print_modules(); 178 __show_regs(regs); 179 pr_emerg("Process %.*s (pid: %d, stack limit = 0x%p)\n", 180 TASK_COMM_LEN, tsk->comm, task_pid_nr(tsk), 181 end_of_stack(tsk)); 182 183 if (!user_mode(regs)) { 184 dump_backtrace(regs, tsk); 185 dump_instr(KERN_EMERG, regs); 186 } 187 188 return ret; 189 } 190 191 static DEFINE_RAW_SPINLOCK(die_lock); 192 193 /* 194 * This function is protected against re-entrancy. 195 */ 196 void die(const char *str, struct pt_regs *regs, int err) 197 { 198 int ret; 199 unsigned long flags; 200 201 raw_spin_lock_irqsave(&die_lock, flags); 202 203 oops_enter(); 204 205 console_verbose(); 206 bust_spinlocks(1); 207 ret = __die(str, err, regs); 208 209 if (regs && kexec_should_crash(current)) 210 crash_kexec(regs); 211 212 bust_spinlocks(0); 213 add_taint(TAINT_DIE, LOCKDEP_NOW_UNRELIABLE); 214 oops_exit(); 215 216 if (in_interrupt()) 217 panic("Fatal exception in interrupt"); 218 if (panic_on_oops) 219 panic("Fatal exception"); 220 221 raw_spin_unlock_irqrestore(&die_lock, flags); 222 223 if (ret != NOTIFY_STOP) 224 do_exit(SIGSEGV); 225 } 226 227 static void arm64_show_signal(int signo, const char *str) 228 { 229 static DEFINE_RATELIMIT_STATE(rs, DEFAULT_RATELIMIT_INTERVAL, 230 DEFAULT_RATELIMIT_BURST); 231 struct task_struct *tsk = current; 232 unsigned int esr = tsk->thread.fault_code; 233 struct pt_regs *regs = task_pt_regs(tsk); 234 235 /* Leave if the signal won't be shown */ 236 if (!show_unhandled_signals || 237 !unhandled_signal(tsk, signo) || 238 !__ratelimit(&rs)) 239 return; 240 241 pr_info("%s[%d]: unhandled exception: ", tsk->comm, task_pid_nr(tsk)); 242 if (esr) 243 pr_cont("%s, ESR 0x%08x, ", esr_get_class_string(esr), esr); 244 245 pr_cont("%s", str); 246 print_vma_addr(KERN_CONT " in ", regs->pc); 247 pr_cont("\n"); 248 __show_regs(regs); 249 } 250 251 void arm64_force_sig_fault(int signo, int code, void __user *addr, 252 const char *str) 253 { 254 arm64_show_signal(signo, str); 255 force_sig_fault(signo, code, addr, current); 256 } 257 258 void arm64_force_sig_mceerr(int code, void __user *addr, short lsb, 259 const char *str) 260 { 261 arm64_show_signal(SIGBUS, str); 262 force_sig_mceerr(code, addr, lsb, current); 263 } 264 265 void arm64_force_sig_ptrace_errno_trap(int errno, void __user *addr, 266 const char *str) 267 { 268 arm64_show_signal(SIGTRAP, str); 269 force_sig_ptrace_errno_trap(errno, addr); 270 } 271 272 void arm64_notify_die(const char *str, struct pt_regs *regs, 273 int signo, int sicode, void __user *addr, 274 int err) 275 { 276 if (user_mode(regs)) { 277 WARN_ON(regs != current_pt_regs()); 278 current->thread.fault_address = 0; 279 current->thread.fault_code = err; 280 281 arm64_force_sig_fault(signo, sicode, addr, str); 282 } else { 283 die(str, regs, err); 284 } 285 } 286 287 void arm64_skip_faulting_instruction(struct pt_regs *regs, unsigned long size) 288 { 289 regs->pc += size; 290 291 /* 292 * If we were single stepping, we want to get the step exception after 293 * we return from the trap. 294 */ 295 if (user_mode(regs)) 296 user_fastforward_single_step(current); 297 } 298 299 static LIST_HEAD(undef_hook); 300 static DEFINE_RAW_SPINLOCK(undef_lock); 301 302 void register_undef_hook(struct undef_hook *hook) 303 { 304 unsigned long flags; 305 306 raw_spin_lock_irqsave(&undef_lock, flags); 307 list_add(&hook->node, &undef_hook); 308 raw_spin_unlock_irqrestore(&undef_lock, flags); 309 } 310 311 void unregister_undef_hook(struct undef_hook *hook) 312 { 313 unsigned long flags; 314 315 raw_spin_lock_irqsave(&undef_lock, flags); 316 list_del(&hook->node); 317 raw_spin_unlock_irqrestore(&undef_lock, flags); 318 } 319 320 static int call_undef_hook(struct pt_regs *regs) 321 { 322 struct undef_hook *hook; 323 unsigned long flags; 324 u32 instr; 325 int (*fn)(struct pt_regs *regs, u32 instr) = NULL; 326 void __user *pc = (void __user *)instruction_pointer(regs); 327 328 if (!user_mode(regs)) { 329 __le32 instr_le; 330 if (probe_kernel_address((__force __le32 *)pc, instr_le)) 331 goto exit; 332 instr = le32_to_cpu(instr_le); 333 } else if (compat_thumb_mode(regs)) { 334 /* 16-bit Thumb instruction */ 335 __le16 instr_le; 336 if (get_user(instr_le, (__le16 __user *)pc)) 337 goto exit; 338 instr = le16_to_cpu(instr_le); 339 if (aarch32_insn_is_wide(instr)) { 340 u32 instr2; 341 342 if (get_user(instr_le, (__le16 __user *)(pc + 2))) 343 goto exit; 344 instr2 = le16_to_cpu(instr_le); 345 instr = (instr << 16) | instr2; 346 } 347 } else { 348 /* 32-bit ARM instruction */ 349 __le32 instr_le; 350 if (get_user(instr_le, (__le32 __user *)pc)) 351 goto exit; 352 instr = le32_to_cpu(instr_le); 353 } 354 355 raw_spin_lock_irqsave(&undef_lock, flags); 356 list_for_each_entry(hook, &undef_hook, node) 357 if ((instr & hook->instr_mask) == hook->instr_val && 358 (regs->pstate & hook->pstate_mask) == hook->pstate_val) 359 fn = hook->fn; 360 361 raw_spin_unlock_irqrestore(&undef_lock, flags); 362 exit: 363 return fn ? fn(regs, instr) : 1; 364 } 365 366 void force_signal_inject(int signal, int code, unsigned long address) 367 { 368 const char *desc; 369 struct pt_regs *regs = current_pt_regs(); 370 371 if (WARN_ON(!user_mode(regs))) 372 return; 373 374 switch (signal) { 375 case SIGILL: 376 desc = "undefined instruction"; 377 break; 378 case SIGSEGV: 379 desc = "illegal memory access"; 380 break; 381 default: 382 desc = "unknown or unrecoverable error"; 383 break; 384 } 385 386 /* Force signals we don't understand to SIGKILL */ 387 if (WARN_ON(signal != SIGKILL && 388 siginfo_layout(signal, code) != SIL_FAULT)) { 389 signal = SIGKILL; 390 } 391 392 arm64_notify_die(desc, regs, signal, code, (void __user *)address, 0); 393 } 394 395 /* 396 * Set up process info to signal segmentation fault - called on access error. 397 */ 398 void arm64_notify_segfault(unsigned long addr) 399 { 400 int code; 401 402 down_read(¤t->mm->mmap_sem); 403 if (find_vma(current->mm, addr) == NULL) 404 code = SEGV_MAPERR; 405 else 406 code = SEGV_ACCERR; 407 up_read(¤t->mm->mmap_sem); 408 409 force_signal_inject(SIGSEGV, code, addr); 410 } 411 412 asmlinkage void __exception do_undefinstr(struct pt_regs *regs) 413 { 414 /* check for AArch32 breakpoint instructions */ 415 if (!aarch32_break_handler(regs)) 416 return; 417 418 if (call_undef_hook(regs) == 0) 419 return; 420 421 BUG_ON(!user_mode(regs)); 422 force_signal_inject(SIGILL, ILL_ILLOPC, regs->pc); 423 } 424 425 #define __user_cache_maint(insn, address, res) \ 426 if (address >= user_addr_max()) { \ 427 res = -EFAULT; \ 428 } else { \ 429 uaccess_ttbr0_enable(); \ 430 asm volatile ( \ 431 "1: " insn ", %1\n" \ 432 " mov %w0, #0\n" \ 433 "2:\n" \ 434 " .pushsection .fixup,\"ax\"\n" \ 435 " .align 2\n" \ 436 "3: mov %w0, %w2\n" \ 437 " b 2b\n" \ 438 " .popsection\n" \ 439 _ASM_EXTABLE(1b, 3b) \ 440 : "=r" (res) \ 441 : "r" (address), "i" (-EFAULT)); \ 442 uaccess_ttbr0_disable(); \ 443 } 444 445 static void user_cache_maint_handler(unsigned int esr, struct pt_regs *regs) 446 { 447 unsigned long address; 448 int rt = ESR_ELx_SYS64_ISS_RT(esr); 449 int crm = (esr & ESR_ELx_SYS64_ISS_CRM_MASK) >> ESR_ELx_SYS64_ISS_CRM_SHIFT; 450 int ret = 0; 451 452 address = untagged_addr(pt_regs_read_reg(regs, rt)); 453 454 switch (crm) { 455 case ESR_ELx_SYS64_ISS_CRM_DC_CVAU: /* DC CVAU, gets promoted */ 456 __user_cache_maint("dc civac", address, ret); 457 break; 458 case ESR_ELx_SYS64_ISS_CRM_DC_CVAC: /* DC CVAC, gets promoted */ 459 __user_cache_maint("dc civac", address, ret); 460 break; 461 case ESR_ELx_SYS64_ISS_CRM_DC_CVAP: /* DC CVAP */ 462 __user_cache_maint("sys 3, c7, c12, 1", address, ret); 463 break; 464 case ESR_ELx_SYS64_ISS_CRM_DC_CIVAC: /* DC CIVAC */ 465 __user_cache_maint("dc civac", address, ret); 466 break; 467 case ESR_ELx_SYS64_ISS_CRM_IC_IVAU: /* IC IVAU */ 468 __user_cache_maint("ic ivau", address, ret); 469 break; 470 default: 471 force_signal_inject(SIGILL, ILL_ILLOPC, regs->pc); 472 return; 473 } 474 475 if (ret) 476 arm64_notify_segfault(address); 477 else 478 arm64_skip_faulting_instruction(regs, AARCH64_INSN_SIZE); 479 } 480 481 static void ctr_read_handler(unsigned int esr, struct pt_regs *regs) 482 { 483 int rt = ESR_ELx_SYS64_ISS_RT(esr); 484 unsigned long val = arm64_ftr_reg_user_value(&arm64_ftr_reg_ctrel0); 485 486 pt_regs_write_reg(regs, rt, val); 487 488 arm64_skip_faulting_instruction(regs, AARCH64_INSN_SIZE); 489 } 490 491 static void cntvct_read_handler(unsigned int esr, struct pt_regs *regs) 492 { 493 int rt = ESR_ELx_SYS64_ISS_RT(esr); 494 495 pt_regs_write_reg(regs, rt, arch_counter_get_cntvct()); 496 arm64_skip_faulting_instruction(regs, AARCH64_INSN_SIZE); 497 } 498 499 static void cntfrq_read_handler(unsigned int esr, struct pt_regs *regs) 500 { 501 int rt = ESR_ELx_SYS64_ISS_RT(esr); 502 503 pt_regs_write_reg(regs, rt, arch_timer_get_rate()); 504 arm64_skip_faulting_instruction(regs, AARCH64_INSN_SIZE); 505 } 506 507 static void mrs_handler(unsigned int esr, struct pt_regs *regs) 508 { 509 u32 sysreg, rt; 510 511 rt = ESR_ELx_SYS64_ISS_RT(esr); 512 sysreg = esr_sys64_to_sysreg(esr); 513 514 if (do_emulate_mrs(regs, sysreg, rt) != 0) 515 force_signal_inject(SIGILL, ILL_ILLOPC, regs->pc); 516 } 517 518 static void wfi_handler(unsigned int esr, struct pt_regs *regs) 519 { 520 arm64_skip_faulting_instruction(regs, AARCH64_INSN_SIZE); 521 } 522 523 struct sys64_hook { 524 unsigned int esr_mask; 525 unsigned int esr_val; 526 void (*handler)(unsigned int esr, struct pt_regs *regs); 527 }; 528 529 static struct sys64_hook sys64_hooks[] = { 530 { 531 .esr_mask = ESR_ELx_SYS64_ISS_EL0_CACHE_OP_MASK, 532 .esr_val = ESR_ELx_SYS64_ISS_EL0_CACHE_OP_VAL, 533 .handler = user_cache_maint_handler, 534 }, 535 { 536 /* Trap read access to CTR_EL0 */ 537 .esr_mask = ESR_ELx_SYS64_ISS_SYS_OP_MASK, 538 .esr_val = ESR_ELx_SYS64_ISS_SYS_CTR_READ, 539 .handler = ctr_read_handler, 540 }, 541 { 542 /* Trap read access to CNTVCT_EL0 */ 543 .esr_mask = ESR_ELx_SYS64_ISS_SYS_OP_MASK, 544 .esr_val = ESR_ELx_SYS64_ISS_SYS_CNTVCT, 545 .handler = cntvct_read_handler, 546 }, 547 { 548 /* Trap read access to CNTFRQ_EL0 */ 549 .esr_mask = ESR_ELx_SYS64_ISS_SYS_OP_MASK, 550 .esr_val = ESR_ELx_SYS64_ISS_SYS_CNTFRQ, 551 .handler = cntfrq_read_handler, 552 }, 553 { 554 /* Trap read access to CPUID registers */ 555 .esr_mask = ESR_ELx_SYS64_ISS_SYS_MRS_OP_MASK, 556 .esr_val = ESR_ELx_SYS64_ISS_SYS_MRS_OP_VAL, 557 .handler = mrs_handler, 558 }, 559 { 560 /* Trap WFI instructions executed in userspace */ 561 .esr_mask = ESR_ELx_WFx_MASK, 562 .esr_val = ESR_ELx_WFx_WFI_VAL, 563 .handler = wfi_handler, 564 }, 565 {}, 566 }; 567 568 569 #ifdef CONFIG_COMPAT 570 #define PSTATE_IT_1_0_SHIFT 25 571 #define PSTATE_IT_1_0_MASK (0x3 << PSTATE_IT_1_0_SHIFT) 572 #define PSTATE_IT_7_2_SHIFT 10 573 #define PSTATE_IT_7_2_MASK (0x3f << PSTATE_IT_7_2_SHIFT) 574 575 static u32 compat_get_it_state(struct pt_regs *regs) 576 { 577 u32 it, pstate = regs->pstate; 578 579 it = (pstate & PSTATE_IT_1_0_MASK) >> PSTATE_IT_1_0_SHIFT; 580 it |= ((pstate & PSTATE_IT_7_2_MASK) >> PSTATE_IT_7_2_SHIFT) << 2; 581 582 return it; 583 } 584 585 static void compat_set_it_state(struct pt_regs *regs, u32 it) 586 { 587 u32 pstate_it; 588 589 pstate_it = (it << PSTATE_IT_1_0_SHIFT) & PSTATE_IT_1_0_MASK; 590 pstate_it |= ((it >> 2) << PSTATE_IT_7_2_SHIFT) & PSTATE_IT_7_2_MASK; 591 592 regs->pstate &= ~PSR_AA32_IT_MASK; 593 regs->pstate |= pstate_it; 594 } 595 596 static bool cp15_cond_valid(unsigned int esr, struct pt_regs *regs) 597 { 598 int cond; 599 600 /* Only a T32 instruction can trap without CV being set */ 601 if (!(esr & ESR_ELx_CV)) { 602 u32 it; 603 604 it = compat_get_it_state(regs); 605 if (!it) 606 return true; 607 608 cond = it >> 4; 609 } else { 610 cond = (esr & ESR_ELx_COND_MASK) >> ESR_ELx_COND_SHIFT; 611 } 612 613 return aarch32_opcode_cond_checks[cond](regs->pstate); 614 } 615 616 static void advance_itstate(struct pt_regs *regs) 617 { 618 u32 it; 619 620 /* ARM mode */ 621 if (!(regs->pstate & PSR_AA32_T_BIT) || 622 !(regs->pstate & PSR_AA32_IT_MASK)) 623 return; 624 625 it = compat_get_it_state(regs); 626 627 /* 628 * If this is the last instruction of the block, wipe the IT 629 * state. Otherwise advance it. 630 */ 631 if (!(it & 7)) 632 it = 0; 633 else 634 it = (it & 0xe0) | ((it << 1) & 0x1f); 635 636 compat_set_it_state(regs, it); 637 } 638 639 static void arm64_compat_skip_faulting_instruction(struct pt_regs *regs, 640 unsigned int sz) 641 { 642 advance_itstate(regs); 643 arm64_skip_faulting_instruction(regs, sz); 644 } 645 646 static void compat_cntfrq_read_handler(unsigned int esr, struct pt_regs *regs) 647 { 648 int reg = (esr & ESR_ELx_CP15_32_ISS_RT_MASK) >> ESR_ELx_CP15_32_ISS_RT_SHIFT; 649 650 pt_regs_write_reg(regs, reg, arch_timer_get_rate()); 651 arm64_compat_skip_faulting_instruction(regs, 4); 652 } 653 654 static struct sys64_hook cp15_32_hooks[] = { 655 { 656 .esr_mask = ESR_ELx_CP15_32_ISS_SYS_MASK, 657 .esr_val = ESR_ELx_CP15_32_ISS_SYS_CNTFRQ, 658 .handler = compat_cntfrq_read_handler, 659 }, 660 {}, 661 }; 662 663 static void compat_cntvct_read_handler(unsigned int esr, struct pt_regs *regs) 664 { 665 int rt = (esr & ESR_ELx_CP15_64_ISS_RT_MASK) >> ESR_ELx_CP15_64_ISS_RT_SHIFT; 666 int rt2 = (esr & ESR_ELx_CP15_64_ISS_RT2_MASK) >> ESR_ELx_CP15_64_ISS_RT2_SHIFT; 667 u64 val = arch_counter_get_cntvct(); 668 669 pt_regs_write_reg(regs, rt, lower_32_bits(val)); 670 pt_regs_write_reg(regs, rt2, upper_32_bits(val)); 671 arm64_compat_skip_faulting_instruction(regs, 4); 672 } 673 674 static struct sys64_hook cp15_64_hooks[] = { 675 { 676 .esr_mask = ESR_ELx_CP15_64_ISS_SYS_MASK, 677 .esr_val = ESR_ELx_CP15_64_ISS_SYS_CNTVCT, 678 .handler = compat_cntvct_read_handler, 679 }, 680 {}, 681 }; 682 683 asmlinkage void __exception do_cp15instr(unsigned int esr, struct pt_regs *regs) 684 { 685 struct sys64_hook *hook, *hook_base; 686 687 if (!cp15_cond_valid(esr, regs)) { 688 /* 689 * There is no T16 variant of a CP access, so we 690 * always advance PC by 4 bytes. 691 */ 692 arm64_compat_skip_faulting_instruction(regs, 4); 693 return; 694 } 695 696 switch (ESR_ELx_EC(esr)) { 697 case ESR_ELx_EC_CP15_32: 698 hook_base = cp15_32_hooks; 699 break; 700 case ESR_ELx_EC_CP15_64: 701 hook_base = cp15_64_hooks; 702 break; 703 default: 704 do_undefinstr(regs); 705 return; 706 } 707 708 for (hook = hook_base; hook->handler; hook++) 709 if ((hook->esr_mask & esr) == hook->esr_val) { 710 hook->handler(esr, regs); 711 return; 712 } 713 714 /* 715 * New cp15 instructions may previously have been undefined at 716 * EL0. Fall back to our usual undefined instruction handler 717 * so that we handle these consistently. 718 */ 719 do_undefinstr(regs); 720 } 721 #endif 722 723 asmlinkage void __exception do_sysinstr(unsigned int esr, struct pt_regs *regs) 724 { 725 struct sys64_hook *hook; 726 727 for (hook = sys64_hooks; hook->handler; hook++) 728 if ((hook->esr_mask & esr) == hook->esr_val) { 729 hook->handler(esr, regs); 730 return; 731 } 732 733 /* 734 * New SYS instructions may previously have been undefined at EL0. Fall 735 * back to our usual undefined instruction handler so that we handle 736 * these consistently. 737 */ 738 do_undefinstr(regs); 739 } 740 741 static const char *esr_class_str[] = { 742 [0 ... ESR_ELx_EC_MAX] = "UNRECOGNIZED EC", 743 [ESR_ELx_EC_UNKNOWN] = "Unknown/Uncategorized", 744 [ESR_ELx_EC_WFx] = "WFI/WFE", 745 [ESR_ELx_EC_CP15_32] = "CP15 MCR/MRC", 746 [ESR_ELx_EC_CP15_64] = "CP15 MCRR/MRRC", 747 [ESR_ELx_EC_CP14_MR] = "CP14 MCR/MRC", 748 [ESR_ELx_EC_CP14_LS] = "CP14 LDC/STC", 749 [ESR_ELx_EC_FP_ASIMD] = "ASIMD", 750 [ESR_ELx_EC_CP10_ID] = "CP10 MRC/VMRS", 751 [ESR_ELx_EC_CP14_64] = "CP14 MCRR/MRRC", 752 [ESR_ELx_EC_ILL] = "PSTATE.IL", 753 [ESR_ELx_EC_SVC32] = "SVC (AArch32)", 754 [ESR_ELx_EC_HVC32] = "HVC (AArch32)", 755 [ESR_ELx_EC_SMC32] = "SMC (AArch32)", 756 [ESR_ELx_EC_SVC64] = "SVC (AArch64)", 757 [ESR_ELx_EC_HVC64] = "HVC (AArch64)", 758 [ESR_ELx_EC_SMC64] = "SMC (AArch64)", 759 [ESR_ELx_EC_SYS64] = "MSR/MRS (AArch64)", 760 [ESR_ELx_EC_SVE] = "SVE", 761 [ESR_ELx_EC_IMP_DEF] = "EL3 IMP DEF", 762 [ESR_ELx_EC_IABT_LOW] = "IABT (lower EL)", 763 [ESR_ELx_EC_IABT_CUR] = "IABT (current EL)", 764 [ESR_ELx_EC_PC_ALIGN] = "PC Alignment", 765 [ESR_ELx_EC_DABT_LOW] = "DABT (lower EL)", 766 [ESR_ELx_EC_DABT_CUR] = "DABT (current EL)", 767 [ESR_ELx_EC_SP_ALIGN] = "SP Alignment", 768 [ESR_ELx_EC_FP_EXC32] = "FP (AArch32)", 769 [ESR_ELx_EC_FP_EXC64] = "FP (AArch64)", 770 [ESR_ELx_EC_SERROR] = "SError", 771 [ESR_ELx_EC_BREAKPT_LOW] = "Breakpoint (lower EL)", 772 [ESR_ELx_EC_BREAKPT_CUR] = "Breakpoint (current EL)", 773 [ESR_ELx_EC_SOFTSTP_LOW] = "Software Step (lower EL)", 774 [ESR_ELx_EC_SOFTSTP_CUR] = "Software Step (current EL)", 775 [ESR_ELx_EC_WATCHPT_LOW] = "Watchpoint (lower EL)", 776 [ESR_ELx_EC_WATCHPT_CUR] = "Watchpoint (current EL)", 777 [ESR_ELx_EC_BKPT32] = "BKPT (AArch32)", 778 [ESR_ELx_EC_VECTOR32] = "Vector catch (AArch32)", 779 [ESR_ELx_EC_BRK64] = "BRK (AArch64)", 780 }; 781 782 const char *esr_get_class_string(u32 esr) 783 { 784 return esr_class_str[ESR_ELx_EC(esr)]; 785 } 786 787 /* 788 * bad_mode handles the impossible case in the exception vector. This is always 789 * fatal. 790 */ 791 asmlinkage void bad_mode(struct pt_regs *regs, int reason, unsigned int esr) 792 { 793 console_verbose(); 794 795 pr_crit("Bad mode in %s handler detected on CPU%d, code 0x%08x -- %s\n", 796 handler[reason], smp_processor_id(), esr, 797 esr_get_class_string(esr)); 798 799 local_daif_mask(); 800 panic("bad mode"); 801 } 802 803 /* 804 * bad_el0_sync handles unexpected, but potentially recoverable synchronous 805 * exceptions taken from EL0. Unlike bad_mode, this returns. 806 */ 807 asmlinkage void bad_el0_sync(struct pt_regs *regs, int reason, unsigned int esr) 808 { 809 void __user *pc = (void __user *)instruction_pointer(regs); 810 811 current->thread.fault_address = 0; 812 current->thread.fault_code = esr; 813 814 arm64_force_sig_fault(SIGILL, ILL_ILLOPC, pc, 815 "Bad EL0 synchronous exception"); 816 } 817 818 #ifdef CONFIG_VMAP_STACK 819 820 DEFINE_PER_CPU(unsigned long [OVERFLOW_STACK_SIZE/sizeof(long)], overflow_stack) 821 __aligned(16); 822 823 asmlinkage void handle_bad_stack(struct pt_regs *regs) 824 { 825 unsigned long tsk_stk = (unsigned long)current->stack; 826 unsigned long irq_stk = (unsigned long)this_cpu_read(irq_stack_ptr); 827 unsigned long ovf_stk = (unsigned long)this_cpu_ptr(overflow_stack); 828 unsigned int esr = read_sysreg(esr_el1); 829 unsigned long far = read_sysreg(far_el1); 830 831 console_verbose(); 832 pr_emerg("Insufficient stack space to handle exception!"); 833 834 pr_emerg("ESR: 0x%08x -- %s\n", esr, esr_get_class_string(esr)); 835 pr_emerg("FAR: 0x%016lx\n", far); 836 837 pr_emerg("Task stack: [0x%016lx..0x%016lx]\n", 838 tsk_stk, tsk_stk + THREAD_SIZE); 839 pr_emerg("IRQ stack: [0x%016lx..0x%016lx]\n", 840 irq_stk, irq_stk + THREAD_SIZE); 841 pr_emerg("Overflow stack: [0x%016lx..0x%016lx]\n", 842 ovf_stk, ovf_stk + OVERFLOW_STACK_SIZE); 843 844 __show_regs(regs); 845 846 /* 847 * We use nmi_panic to limit the potential for recusive overflows, and 848 * to get a better stack trace. 849 */ 850 nmi_panic(NULL, "kernel stack overflow"); 851 cpu_park_loop(); 852 } 853 #endif 854 855 void __noreturn arm64_serror_panic(struct pt_regs *regs, u32 esr) 856 { 857 console_verbose(); 858 859 pr_crit("SError Interrupt on CPU%d, code 0x%08x -- %s\n", 860 smp_processor_id(), esr, esr_get_class_string(esr)); 861 if (regs) 862 __show_regs(regs); 863 864 nmi_panic(regs, "Asynchronous SError Interrupt"); 865 866 cpu_park_loop(); 867 unreachable(); 868 } 869 870 bool arm64_is_fatal_ras_serror(struct pt_regs *regs, unsigned int esr) 871 { 872 u32 aet = arm64_ras_serror_get_severity(esr); 873 874 switch (aet) { 875 case ESR_ELx_AET_CE: /* corrected error */ 876 case ESR_ELx_AET_UEO: /* restartable, not yet consumed */ 877 /* 878 * The CPU can make progress. We may take UEO again as 879 * a more severe error. 880 */ 881 return false; 882 883 case ESR_ELx_AET_UEU: /* Uncorrected Unrecoverable */ 884 case ESR_ELx_AET_UER: /* Uncorrected Recoverable */ 885 /* 886 * The CPU can't make progress. The exception may have 887 * been imprecise. 888 */ 889 return true; 890 891 case ESR_ELx_AET_UC: /* Uncontainable or Uncategorized error */ 892 default: 893 /* Error has been silently propagated */ 894 arm64_serror_panic(regs, esr); 895 } 896 } 897 898 asmlinkage void do_serror(struct pt_regs *regs, unsigned int esr) 899 { 900 nmi_enter(); 901 902 /* non-RAS errors are not containable */ 903 if (!arm64_is_ras_serror(esr) || arm64_is_fatal_ras_serror(regs, esr)) 904 arm64_serror_panic(regs, esr); 905 906 nmi_exit(); 907 } 908 909 void __pte_error(const char *file, int line, unsigned long val) 910 { 911 pr_err("%s:%d: bad pte %016lx.\n", file, line, val); 912 } 913 914 void __pmd_error(const char *file, int line, unsigned long val) 915 { 916 pr_err("%s:%d: bad pmd %016lx.\n", file, line, val); 917 } 918 919 void __pud_error(const char *file, int line, unsigned long val) 920 { 921 pr_err("%s:%d: bad pud %016lx.\n", file, line, val); 922 } 923 924 void __pgd_error(const char *file, int line, unsigned long val) 925 { 926 pr_err("%s:%d: bad pgd %016lx.\n", file, line, val); 927 } 928 929 /* GENERIC_BUG traps */ 930 931 int is_valid_bugaddr(unsigned long addr) 932 { 933 /* 934 * bug_handler() only called for BRK #BUG_BRK_IMM. 935 * So the answer is trivial -- any spurious instances with no 936 * bug table entry will be rejected by report_bug() and passed 937 * back to the debug-monitors code and handled as a fatal 938 * unexpected debug exception. 939 */ 940 return 1; 941 } 942 943 static int bug_handler(struct pt_regs *regs, unsigned int esr) 944 { 945 if (user_mode(regs)) 946 return DBG_HOOK_ERROR; 947 948 switch (report_bug(regs->pc, regs)) { 949 case BUG_TRAP_TYPE_BUG: 950 die("Oops - BUG", regs, 0); 951 break; 952 953 case BUG_TRAP_TYPE_WARN: 954 break; 955 956 default: 957 /* unknown/unrecognised bug trap type */ 958 return DBG_HOOK_ERROR; 959 } 960 961 /* If thread survives, skip over the BUG instruction and continue: */ 962 arm64_skip_faulting_instruction(regs, AARCH64_INSN_SIZE); 963 return DBG_HOOK_HANDLED; 964 } 965 966 static struct break_hook bug_break_hook = { 967 .esr_val = 0xf2000000 | BUG_BRK_IMM, 968 .esr_mask = 0xffffffff, 969 .fn = bug_handler, 970 }; 971 972 /* 973 * Initial handler for AArch64 BRK exceptions 974 * This handler only used until debug_traps_init(). 975 */ 976 int __init early_brk64(unsigned long addr, unsigned int esr, 977 struct pt_regs *regs) 978 { 979 return bug_handler(regs, esr) != DBG_HOOK_HANDLED; 980 } 981 982 /* This registration must happen early, before debug_traps_init(). */ 983 void __init trap_init(void) 984 { 985 register_break_hook(&bug_break_hook); 986 } 987