xref: /openbmc/linux/arch/parisc/kernel/traps.c (revision 0d7aeb68)
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  *  linux/arch/parisc/traps.c
4  *
5  *  Copyright (C) 1991, 1992  Linus Torvalds
6  *  Copyright (C) 1999, 2000  Philipp Rumpf <prumpf@tux.org>
7  */
8 
9 /*
10  * 'Traps.c' handles hardware traps and faults after we have saved some
11  * state in 'asm.s'.
12  */
13 
14 #include <linux/sched.h>
15 #include <linux/sched/debug.h>
16 #include <linux/kernel.h>
17 #include <linux/string.h>
18 #include <linux/errno.h>
19 #include <linux/ptrace.h>
20 #include <linux/timer.h>
21 #include <linux/delay.h>
22 #include <linux/mm.h>
23 #include <linux/module.h>
24 #include <linux/smp.h>
25 #include <linux/spinlock.h>
26 #include <linux/init.h>
27 #include <linux/interrupt.h>
28 #include <linux/console.h>
29 #include <linux/bug.h>
30 #include <linux/ratelimit.h>
31 #include <linux/uaccess.h>
32 #include <linux/kdebug.h>
33 #include <linux/kfence.h>
34 
35 #include <asm/assembly.h>
36 #include <asm/io.h>
37 #include <asm/irq.h>
38 #include <asm/traps.h>
39 #include <asm/unaligned.h>
40 #include <linux/atomic.h>
41 #include <asm/smp.h>
42 #include <asm/pdc.h>
43 #include <asm/pdc_chassis.h>
44 #include <asm/unwind.h>
45 #include <asm/tlbflush.h>
46 #include <asm/cacheflush.h>
47 #include <linux/kgdb.h>
48 #include <linux/kprobes.h>
49 
50 #if defined(CONFIG_LIGHTWEIGHT_SPINLOCK_CHECK)
51 #include <asm/spinlock.h>
52 #endif
53 
54 #include "../math-emu/math-emu.h"	/* for handle_fpe() */
55 
56 static void parisc_show_stack(struct task_struct *task,
57 	struct pt_regs *regs, const char *loglvl);
58 
59 static int printbinary(char *buf, unsigned long x, int nbits)
60 {
61 	unsigned long mask = 1UL << (nbits - 1);
62 	while (mask != 0) {
63 		*buf++ = (mask & x ? '1' : '0');
64 		mask >>= 1;
65 	}
66 	*buf = '\0';
67 
68 	return nbits;
69 }
70 
71 #ifdef CONFIG_64BIT
72 #define RFMT "%016lx"
73 #else
74 #define RFMT "%08lx"
75 #endif
76 #define FFMT "%016llx"	/* fpregs are 64-bit always */
77 
78 #define PRINTREGS(lvl,r,f,fmt,x)	\
79 	printk("%s%s%02d-%02d  " fmt " " fmt " " fmt " " fmt "\n",	\
80 		lvl, f, (x), (x+3), (r)[(x)+0], (r)[(x)+1],		\
81 		(r)[(x)+2], (r)[(x)+3])
82 
83 static void print_gr(const char *level, struct pt_regs *regs)
84 {
85 	int i;
86 	char buf[64];
87 
88 	printk("%s\n", level);
89 	printk("%s     YZrvWESTHLNXBCVMcbcbcbcbOGFRQPDI\n", level);
90 	printbinary(buf, regs->gr[0], 32);
91 	printk("%sPSW: %s %s\n", level, buf, print_tainted());
92 
93 	for (i = 0; i < 32; i += 4)
94 		PRINTREGS(level, regs->gr, "r", RFMT, i);
95 }
96 
97 static void print_fr(const char *level, struct pt_regs *regs)
98 {
99 	int i;
100 	char buf[64];
101 	struct { u32 sw[2]; } s;
102 
103 	/* FR are 64bit everywhere. Need to use asm to get the content
104 	 * of fpsr/fper1, and we assume that we won't have a FP Identify
105 	 * in our way, otherwise we're screwed.
106 	 * The fldd is used to restore the T-bit if there was one, as the
107 	 * store clears it anyway.
108 	 * PA2.0 book says "thou shall not use fstw on FPSR/FPERs" - T-Bone */
109 	asm volatile ("fstd %%fr0,0(%1)	\n\t"
110 		      "fldd 0(%1),%%fr0	\n\t"
111 		      : "=m" (s) : "r" (&s) : "r0");
112 
113 	printk("%s\n", level);
114 	printk("%s      VZOUICununcqcqcqcqcqcrmunTDVZOUI\n", level);
115 	printbinary(buf, s.sw[0], 32);
116 	printk("%sFPSR: %s\n", level, buf);
117 	printk("%sFPER1: %08x\n", level, s.sw[1]);
118 
119 	/* here we'll print fr0 again, tho it'll be meaningless */
120 	for (i = 0; i < 32; i += 4)
121 		PRINTREGS(level, regs->fr, "fr", FFMT, i);
122 }
123 
124 void show_regs(struct pt_regs *regs)
125 {
126 	int i, user;
127 	const char *level;
128 	unsigned long cr30, cr31;
129 
130 	user = user_mode(regs);
131 	level = user ? KERN_DEBUG : KERN_CRIT;
132 
133 	show_regs_print_info(level);
134 
135 	print_gr(level, regs);
136 
137 	for (i = 0; i < 8; i += 4)
138 		PRINTREGS(level, regs->sr, "sr", RFMT, i);
139 
140 	if (user)
141 		print_fr(level, regs);
142 
143 	cr30 = mfctl(30);
144 	cr31 = mfctl(31);
145 	printk("%s\n", level);
146 	printk("%sIASQ: " RFMT " " RFMT " IAOQ: " RFMT " " RFMT "\n",
147 	       level, regs->iasq[0], regs->iasq[1], regs->iaoq[0], regs->iaoq[1]);
148 	printk("%s IIR: %08lx    ISR: " RFMT "  IOR: " RFMT "\n",
149 	       level, regs->iir, regs->isr, regs->ior);
150 	printk("%s CPU: %8d   CR30: " RFMT " CR31: " RFMT "\n",
151 	       level, task_cpu(current), cr30, cr31);
152 	printk("%s ORIG_R28: " RFMT "\n", level, regs->orig_r28);
153 
154 	if (user) {
155 		printk("%s IAOQ[0]: " RFMT "\n", level, regs->iaoq[0]);
156 		printk("%s IAOQ[1]: " RFMT "\n", level, regs->iaoq[1]);
157 		printk("%s RP(r2): " RFMT "\n", level, regs->gr[2]);
158 	} else {
159 		printk("%s IAOQ[0]: %pS\n", level, (void *) regs->iaoq[0]);
160 		printk("%s IAOQ[1]: %pS\n", level, (void *) regs->iaoq[1]);
161 		printk("%s RP(r2): %pS\n", level, (void *) regs->gr[2]);
162 
163 		parisc_show_stack(current, regs, KERN_DEFAULT);
164 	}
165 }
166 
167 static DEFINE_RATELIMIT_STATE(_hppa_rs,
168 	DEFAULT_RATELIMIT_INTERVAL, DEFAULT_RATELIMIT_BURST);
169 
170 #define parisc_printk_ratelimited(critical, regs, fmt, ...)	{	      \
171 	if ((critical || show_unhandled_signals) && __ratelimit(&_hppa_rs)) { \
172 		printk(fmt, ##__VA_ARGS__);				      \
173 		show_regs(regs);					      \
174 	}								      \
175 }
176 
177 
178 static void do_show_stack(struct unwind_frame_info *info, const char *loglvl)
179 {
180 	int i = 1;
181 
182 	printk("%sBacktrace:\n", loglvl);
183 	while (i <= MAX_UNWIND_ENTRIES) {
184 		if (unwind_once(info) < 0 || info->ip == 0)
185 			break;
186 
187 		if (__kernel_text_address(info->ip)) {
188 			printk("%s [<" RFMT ">] %pS\n",
189 				loglvl, info->ip, (void *) info->ip);
190 			i++;
191 		}
192 	}
193 	printk("%s\n", loglvl);
194 }
195 
196 static void parisc_show_stack(struct task_struct *task,
197 	struct pt_regs *regs, const char *loglvl)
198 {
199 	struct unwind_frame_info info;
200 
201 	unwind_frame_init_task(&info, task, regs);
202 
203 	do_show_stack(&info, loglvl);
204 }
205 
206 void show_stack(struct task_struct *t, unsigned long *sp, const char *loglvl)
207 {
208 	parisc_show_stack(t, NULL, loglvl);
209 }
210 
211 int is_valid_bugaddr(unsigned long iaoq)
212 {
213 	return 1;
214 }
215 
216 void die_if_kernel(char *str, struct pt_regs *regs, long err)
217 {
218 	if (user_mode(regs)) {
219 		if (err == 0)
220 			return; /* STFU */
221 
222 		parisc_printk_ratelimited(1, regs,
223 			KERN_CRIT "%s (pid %d): %s (code %ld) at " RFMT "\n",
224 			current->comm, task_pid_nr(current), str, err, regs->iaoq[0]);
225 
226 		return;
227 	}
228 
229 	bust_spinlocks(1);
230 
231 	oops_enter();
232 
233 	/* Amuse the user in a SPARC fashion */
234 	if (err) printk(KERN_CRIT
235 			"      _______________________________ \n"
236 			"     < Your System ate a SPARC! Gah! >\n"
237 			"      ------------------------------- \n"
238 			"             \\   ^__^\n"
239 			"                 (__)\\       )\\/\\\n"
240 			"                  U  ||----w |\n"
241 			"                     ||     ||\n");
242 
243 	/* unlock the pdc lock if necessary */
244 	pdc_emergency_unlock();
245 
246 	if (err)
247 		printk(KERN_CRIT "%s (pid %d): %s (code %ld)\n",
248 			current->comm, task_pid_nr(current), str, err);
249 
250 	/* Wot's wrong wif bein' racy? */
251 	if (current->thread.flags & PARISC_KERNEL_DEATH) {
252 		printk(KERN_CRIT "%s() recursion detected.\n", __func__);
253 		local_irq_enable();
254 		while (1);
255 	}
256 	current->thread.flags |= PARISC_KERNEL_DEATH;
257 
258 	show_regs(regs);
259 	dump_stack();
260 	add_taint(TAINT_DIE, LOCKDEP_NOW_UNRELIABLE);
261 
262 	if (in_interrupt())
263 		panic("Fatal exception in interrupt");
264 
265 	if (panic_on_oops)
266 		panic("Fatal exception");
267 
268 	oops_exit();
269 	make_task_dead(SIGSEGV);
270 }
271 
272 /* gdb uses break 4,8 */
273 #define GDB_BREAK_INSN 0x10004
274 static void handle_gdb_break(struct pt_regs *regs, int wot)
275 {
276 	force_sig_fault(SIGTRAP, wot,
277 			(void __user *) (regs->iaoq[0] & ~3));
278 }
279 
280 static void handle_break(struct pt_regs *regs)
281 {
282 	unsigned iir = regs->iir;
283 
284 	if (unlikely(iir == PARISC_BUG_BREAK_INSN && !user_mode(regs))) {
285 		/* check if a BUG() or WARN() trapped here.  */
286 		enum bug_trap_type tt;
287 		tt = report_bug(regs->iaoq[0] & ~3, regs);
288 		if (tt == BUG_TRAP_TYPE_WARN) {
289 			regs->iaoq[0] += 4;
290 			regs->iaoq[1] += 4;
291 			return; /* return to next instruction when WARN_ON().  */
292 		}
293 		die_if_kernel("Unknown kernel breakpoint", regs,
294 			(tt == BUG_TRAP_TYPE_NONE) ? 9 : 0);
295 	}
296 
297 #ifdef CONFIG_KPROBES
298 	if (unlikely(iir == PARISC_KPROBES_BREAK_INSN && !user_mode(regs))) {
299 		parisc_kprobe_break_handler(regs);
300 		return;
301 	}
302 	if (unlikely(iir == PARISC_KPROBES_BREAK_INSN2 && !user_mode(regs))) {
303 		parisc_kprobe_ss_handler(regs);
304 		return;
305 	}
306 #endif
307 
308 #ifdef CONFIG_KGDB
309 	if (unlikely((iir == PARISC_KGDB_COMPILED_BREAK_INSN ||
310 		iir == PARISC_KGDB_BREAK_INSN)) && !user_mode(regs)) {
311 		kgdb_handle_exception(9, SIGTRAP, 0, regs);
312 		return;
313 	}
314 #endif
315 
316 #ifdef CONFIG_LIGHTWEIGHT_SPINLOCK_CHECK
317         if ((iir == SPINLOCK_BREAK_INSN) && !user_mode(regs)) {
318 		die_if_kernel("Spinlock was trashed", regs, 1);
319 	}
320 #endif
321 
322 	if (unlikely(iir != GDB_BREAK_INSN))
323 		parisc_printk_ratelimited(0, regs,
324 			KERN_DEBUG "break %d,%d: pid=%d command='%s'\n",
325 			iir & 31, (iir>>13) & ((1<<13)-1),
326 			task_pid_nr(current), current->comm);
327 
328 	/* send standard GDB signal */
329 	handle_gdb_break(regs, TRAP_BRKPT);
330 }
331 
332 static void default_trap(int code, struct pt_regs *regs)
333 {
334 	printk(KERN_ERR "Trap %d on CPU %d\n", code, smp_processor_id());
335 	show_regs(regs);
336 }
337 
338 void (*cpu_lpmc) (int code, struct pt_regs *regs) __read_mostly = default_trap;
339 
340 
341 void transfer_pim_to_trap_frame(struct pt_regs *regs)
342 {
343     register int i;
344     extern unsigned int hpmc_pim_data[];
345     struct pdc_hpmc_pim_11 *pim_narrow;
346     struct pdc_hpmc_pim_20 *pim_wide;
347 
348     if (boot_cpu_data.cpu_type >= pcxu) {
349 
350 	pim_wide = (struct pdc_hpmc_pim_20 *)hpmc_pim_data;
351 
352 	/*
353 	 * Note: The following code will probably generate a
354 	 * bunch of truncation error warnings from the compiler.
355 	 * Could be handled with an ifdef, but perhaps there
356 	 * is a better way.
357 	 */
358 
359 	regs->gr[0] = pim_wide->cr[22];
360 
361 	for (i = 1; i < 32; i++)
362 	    regs->gr[i] = pim_wide->gr[i];
363 
364 	for (i = 0; i < 32; i++)
365 	    regs->fr[i] = pim_wide->fr[i];
366 
367 	for (i = 0; i < 8; i++)
368 	    regs->sr[i] = pim_wide->sr[i];
369 
370 	regs->iasq[0] = pim_wide->cr[17];
371 	regs->iasq[1] = pim_wide->iasq_back;
372 	regs->iaoq[0] = pim_wide->cr[18];
373 	regs->iaoq[1] = pim_wide->iaoq_back;
374 
375 	regs->sar  = pim_wide->cr[11];
376 	regs->iir  = pim_wide->cr[19];
377 	regs->isr  = pim_wide->cr[20];
378 	regs->ior  = pim_wide->cr[21];
379     }
380     else {
381 	pim_narrow = (struct pdc_hpmc_pim_11 *)hpmc_pim_data;
382 
383 	regs->gr[0] = pim_narrow->cr[22];
384 
385 	for (i = 1; i < 32; i++)
386 	    regs->gr[i] = pim_narrow->gr[i];
387 
388 	for (i = 0; i < 32; i++)
389 	    regs->fr[i] = pim_narrow->fr[i];
390 
391 	for (i = 0; i < 8; i++)
392 	    regs->sr[i] = pim_narrow->sr[i];
393 
394 	regs->iasq[0] = pim_narrow->cr[17];
395 	regs->iasq[1] = pim_narrow->iasq_back;
396 	regs->iaoq[0] = pim_narrow->cr[18];
397 	regs->iaoq[1] = pim_narrow->iaoq_back;
398 
399 	regs->sar  = pim_narrow->cr[11];
400 	regs->iir  = pim_narrow->cr[19];
401 	regs->isr  = pim_narrow->cr[20];
402 	regs->ior  = pim_narrow->cr[21];
403     }
404 
405     /*
406      * The following fields only have meaning if we came through
407      * another path. So just zero them here.
408      */
409 
410     regs->ksp = 0;
411     regs->kpc = 0;
412     regs->orig_r28 = 0;
413 }
414 
415 
416 /*
417  * This routine is called as a last resort when everything else
418  * has gone clearly wrong. We get called for faults in kernel space,
419  * and HPMC's.
420  */
421 void parisc_terminate(char *msg, struct pt_regs *regs, int code, unsigned long offset)
422 {
423 	static DEFINE_SPINLOCK(terminate_lock);
424 
425 	(void)notify_die(DIE_OOPS, msg, regs, 0, code, SIGTRAP);
426 	bust_spinlocks(1);
427 
428 	set_eiem(0);
429 	local_irq_disable();
430 	spin_lock(&terminate_lock);
431 
432 	/* unlock the pdc lock if necessary */
433 	pdc_emergency_unlock();
434 
435 	/* Not all paths will gutter the processor... */
436 	switch(code){
437 
438 	case 1:
439 		transfer_pim_to_trap_frame(regs);
440 		break;
441 
442 	default:
443 		break;
444 
445 	}
446 
447 	{
448 		/* show_stack(NULL, (unsigned long *)regs->gr[30]); */
449 		struct unwind_frame_info info;
450 		unwind_frame_init(&info, current, regs);
451 		do_show_stack(&info, KERN_CRIT);
452 	}
453 
454 	printk("\n");
455 	pr_crit("%s: Code=%d (%s) at addr " RFMT "\n",
456 		msg, code, trap_name(code), offset);
457 	show_regs(regs);
458 
459 	spin_unlock(&terminate_lock);
460 
461 	/* put soft power button back under hardware control;
462 	 * if the user had pressed it once at any time, the
463 	 * system will shut down immediately right here. */
464 	pdc_soft_power_button(0);
465 
466 	/* Call kernel panic() so reboot timeouts work properly
467 	 * FIXME: This function should be on the list of
468 	 * panic notifiers, and we should call panic
469 	 * directly from the location that we wish.
470 	 * e.g. We should not call panic from
471 	 * parisc_terminate, but rather the other way around.
472 	 * This hack works, prints the panic message twice,
473 	 * and it enables reboot timers!
474 	 */
475 	panic(msg);
476 }
477 
478 void notrace handle_interruption(int code, struct pt_regs *regs)
479 {
480 	unsigned long fault_address = 0;
481 	unsigned long fault_space = 0;
482 	int si_code;
483 
484 	if (!irqs_disabled_flags(regs->gr[0]))
485 	    local_irq_enable();
486 
487 	/* Security check:
488 	 * If the priority level is still user, and the
489 	 * faulting space is not equal to the active space
490 	 * then the user is attempting something in a space
491 	 * that does not belong to them. Kill the process.
492 	 *
493 	 * This is normally the situation when the user
494 	 * attempts to jump into the kernel space at the
495 	 * wrong offset, be it at the gateway page or a
496 	 * random location.
497 	 *
498 	 * We cannot normally signal the process because it
499 	 * could *be* on the gateway page, and processes
500 	 * executing on the gateway page can't have signals
501 	 * delivered.
502 	 *
503 	 * We merely readjust the address into the users
504 	 * space, at a destination address of zero, and
505 	 * allow processing to continue.
506 	 */
507 	if (((unsigned long)regs->iaoq[0] & 3) &&
508 	    ((unsigned long)regs->iasq[0] != (unsigned long)regs->sr[7])) {
509 		/* Kill the user process later */
510 		regs->iaoq[0] = 0 | 3;
511 		regs->iaoq[1] = regs->iaoq[0] + 4;
512 		regs->iasq[0] = regs->iasq[1] = regs->sr[7];
513 		regs->gr[0] &= ~PSW_B;
514 		return;
515 	}
516 
517 #if 0
518 	printk(KERN_CRIT "Interruption # %d\n", code);
519 #endif
520 
521 	switch(code) {
522 
523 	case  1:
524 		/* High-priority machine check (HPMC) */
525 
526 		/* set up a new led state on systems shipped with a LED State panel */
527 		pdc_chassis_send_status(PDC_CHASSIS_DIRECT_HPMC);
528 
529 		parisc_terminate("High Priority Machine Check (HPMC)",
530 				regs, code, 0);
531 		/* NOT REACHED */
532 
533 	case  2:
534 		/* Power failure interrupt */
535 		printk(KERN_CRIT "Power failure interrupt !\n");
536 		return;
537 
538 	case  3:
539 		/* Recovery counter trap */
540 		regs->gr[0] &= ~PSW_R;
541 
542 #ifdef CONFIG_KGDB
543 		if (kgdb_single_step) {
544 			kgdb_handle_exception(0, SIGTRAP, 0, regs);
545 			return;
546 		}
547 #endif
548 
549 		if (user_space(regs))
550 			handle_gdb_break(regs, TRAP_TRACE);
551 		/* else this must be the start of a syscall - just let it run */
552 		return;
553 
554 	case  5:
555 		/* Low-priority machine check */
556 		pdc_chassis_send_status(PDC_CHASSIS_DIRECT_LPMC);
557 
558 		flush_cache_all();
559 		flush_tlb_all();
560 		cpu_lpmc(5, regs);
561 		return;
562 
563 	case  PARISC_ITLB_TRAP:
564 		/* Instruction TLB miss fault/Instruction page fault */
565 		fault_address = regs->iaoq[0];
566 		fault_space   = regs->iasq[0];
567 		break;
568 
569 	case  8:
570 		/* Illegal instruction trap */
571 		die_if_kernel("Illegal instruction", regs, code);
572 		si_code = ILL_ILLOPC;
573 		goto give_sigill;
574 
575 	case  9:
576 		/* Break instruction trap */
577 		handle_break(regs);
578 		return;
579 
580 	case 10:
581 		/* Privileged operation trap */
582 		die_if_kernel("Privileged operation", regs, code);
583 		si_code = ILL_PRVOPC;
584 		goto give_sigill;
585 
586 	case 11:
587 		/* Privileged register trap */
588 		if ((regs->iir & 0xffdfffe0) == 0x034008a0) {
589 
590 			/* This is a MFCTL cr26/cr27 to gr instruction.
591 			 * PCXS traps on this, so we need to emulate it.
592 			 */
593 
594 			if (regs->iir & 0x00200000)
595 				regs->gr[regs->iir & 0x1f] = mfctl(27);
596 			else
597 				regs->gr[regs->iir & 0x1f] = mfctl(26);
598 
599 			regs->iaoq[0] = regs->iaoq[1];
600 			regs->iaoq[1] += 4;
601 			regs->iasq[0] = regs->iasq[1];
602 			return;
603 		}
604 
605 		die_if_kernel("Privileged register usage", regs, code);
606 		si_code = ILL_PRVREG;
607 	give_sigill:
608 		force_sig_fault(SIGILL, si_code,
609 				(void __user *) regs->iaoq[0]);
610 		return;
611 
612 	case 12:
613 		/* Overflow Trap, let the userland signal handler do the cleanup */
614 		force_sig_fault(SIGFPE, FPE_INTOVF,
615 				(void __user *) regs->iaoq[0]);
616 		return;
617 
618 	case 13:
619 		/* Conditional Trap
620 		   The condition succeeds in an instruction which traps
621 		   on condition  */
622 		if(user_mode(regs)){
623 			/* Let userspace app figure it out from the insn pointed
624 			 * to by si_addr.
625 			 */
626 			force_sig_fault(SIGFPE, FPE_CONDTRAP,
627 					(void __user *) regs->iaoq[0]);
628 			return;
629 		}
630 		/* The kernel doesn't want to handle condition codes */
631 		break;
632 
633 	case 14:
634 		/* Assist Exception Trap, i.e. floating point exception. */
635 		die_if_kernel("Floating point exception", regs, 0); /* quiet */
636 		__inc_irq_stat(irq_fpassist_count);
637 		handle_fpe(regs);
638 		return;
639 
640 	case 15:
641 		/* Data TLB miss fault/Data page fault */
642 		fallthrough;
643 	case 16:
644 		/* Non-access instruction TLB miss fault */
645 		/* The instruction TLB entry needed for the target address of the FIC
646 		   is absent, and hardware can't find it, so we get to cleanup */
647 		fallthrough;
648 	case 17:
649 		/* Non-access data TLB miss fault/Non-access data page fault */
650 		/* FIXME:
651 			 Still need to add slow path emulation code here!
652 			 If the insn used a non-shadow register, then the tlb
653 			 handlers could not have their side-effect (e.g. probe
654 			 writing to a target register) emulated since rfir would
655 			 erase the changes to said register. Instead we have to
656 			 setup everything, call this function we are in, and emulate
657 			 by hand. Technically we need to emulate:
658 			 fdc,fdce,pdc,"fic,4f",prober,probeir,probew, probeiw
659 		*/
660 		if (code == 17 && handle_nadtlb_fault(regs))
661 			return;
662 		fault_address = regs->ior;
663 		fault_space = regs->isr;
664 		break;
665 
666 	case 18:
667 		/* PCXS only -- later cpu's split this into types 26,27 & 28 */
668 		/* Check for unaligned access */
669 		if (check_unaligned(regs)) {
670 			handle_unaligned(regs);
671 			return;
672 		}
673 		fallthrough;
674 	case 26:
675 		/* PCXL: Data memory access rights trap */
676 		fault_address = regs->ior;
677 		fault_space   = regs->isr;
678 		break;
679 
680 	case 19:
681 		/* Data memory break trap */
682 		regs->gr[0] |= PSW_X; /* So we can single-step over the trap */
683 		fallthrough;
684 	case 21:
685 		/* Page reference trap */
686 		handle_gdb_break(regs, TRAP_HWBKPT);
687 		return;
688 
689 	case 25:
690 		/* Taken branch trap */
691 		regs->gr[0] &= ~PSW_T;
692 		if (user_space(regs))
693 			handle_gdb_break(regs, TRAP_BRANCH);
694 		/* else this must be the start of a syscall - just let it
695 		 * run.
696 		 */
697 		return;
698 
699 	case  7:
700 		/* Instruction access rights */
701 		/* PCXL: Instruction memory protection trap */
702 
703 		/*
704 		 * This could be caused by either: 1) a process attempting
705 		 * to execute within a vma that does not have execute
706 		 * permission, or 2) an access rights violation caused by a
707 		 * flush only translation set up by ptep_get_and_clear().
708 		 * So we check the vma permissions to differentiate the two.
709 		 * If the vma indicates we have execute permission, then
710 		 * the cause is the latter one. In this case, we need to
711 		 * call do_page_fault() to fix the problem.
712 		 */
713 
714 		if (user_mode(regs)) {
715 			struct vm_area_struct *vma;
716 
717 			mmap_read_lock(current->mm);
718 			vma = find_vma(current->mm,regs->iaoq[0]);
719 			if (vma && (regs->iaoq[0] >= vma->vm_start)
720 				&& (vma->vm_flags & VM_EXEC)) {
721 
722 				fault_address = regs->iaoq[0];
723 				fault_space = regs->iasq[0];
724 
725 				mmap_read_unlock(current->mm);
726 				break; /* call do_page_fault() */
727 			}
728 			mmap_read_unlock(current->mm);
729 		}
730 		/* CPU could not fetch instruction, so clear stale IIR value. */
731 		regs->iir = 0xbaadf00d;
732 		fallthrough;
733 	case 27:
734 		/* Data memory protection ID trap */
735 		if (code == 27 && !user_mode(regs) &&
736 			fixup_exception(regs))
737 			return;
738 
739 		die_if_kernel("Protection id trap", regs, code);
740 		force_sig_fault(SIGSEGV, SEGV_MAPERR,
741 				(code == 7)?
742 				((void __user *) regs->iaoq[0]) :
743 				((void __user *) regs->ior));
744 		return;
745 
746 	case 28:
747 		/* Unaligned data reference trap */
748 		handle_unaligned(regs);
749 		return;
750 
751 	default:
752 		if (user_mode(regs)) {
753 			parisc_printk_ratelimited(0, regs, KERN_DEBUG
754 				"handle_interruption() pid=%d command='%s'\n",
755 				task_pid_nr(current), current->comm);
756 			/* SIGBUS, for lack of a better one. */
757 			force_sig_fault(SIGBUS, BUS_OBJERR,
758 					(void __user *)regs->ior);
759 			return;
760 		}
761 		pdc_chassis_send_status(PDC_CHASSIS_DIRECT_PANIC);
762 
763 		parisc_terminate("Unexpected interruption", regs, code, 0);
764 		/* NOT REACHED */
765 	}
766 
767 	if (user_mode(regs)) {
768 	    if ((fault_space >> SPACEID_SHIFT) != (regs->sr[7] >> SPACEID_SHIFT)) {
769 		parisc_printk_ratelimited(0, regs, KERN_DEBUG
770 				"User fault %d on space 0x%08lx, pid=%d command='%s'\n",
771 				code, fault_space,
772 				task_pid_nr(current), current->comm);
773 		force_sig_fault(SIGSEGV, SEGV_MAPERR,
774 				(void __user *)regs->ior);
775 		return;
776 	    }
777 	}
778 	else {
779 
780 	    /*
781 	     * The kernel should never fault on its own address space,
782 	     * unless pagefault_disable() was called before.
783 	     */
784 
785 	    if (faulthandler_disabled() || fault_space == 0)
786 	    {
787 		/* Clean up and return if in exception table. */
788 		if (fixup_exception(regs))
789 			return;
790 		/* Clean up and return if handled by kfence. */
791 		if (kfence_handle_page_fault(fault_address,
792 			parisc_acctyp(code, regs->iir) == VM_WRITE, regs))
793 			return;
794 		pdc_chassis_send_status(PDC_CHASSIS_DIRECT_PANIC);
795 		parisc_terminate("Kernel Fault", regs, code, fault_address);
796 	    }
797 	}
798 
799 	do_page_fault(regs, code, fault_address);
800 }
801 
802 
803 void __init initialize_ivt(const void *iva)
804 {
805 	extern const u32 os_hpmc[];
806 
807 	int i;
808 	u32 check = 0;
809 	u32 *ivap;
810 	u32 *hpmcp;
811 	u32 instr;
812 
813 	if (strcmp((const char *)iva, "cows can fly"))
814 		panic("IVT invalid");
815 
816 	ivap = (u32 *)iva;
817 
818 	for (i = 0; i < 8; i++)
819 	    *ivap++ = 0;
820 
821 	/*
822 	 * Use PDC_INSTR firmware function to get instruction that invokes
823 	 * PDCE_CHECK in HPMC handler.  See programming note at page 1-31 of
824 	 * the PA 1.1 Firmware Architecture document.
825 	 */
826 	if (pdc_instr(&instr) == PDC_OK)
827 		ivap[0] = instr;
828 
829 	/*
830 	 * Rules for the checksum of the HPMC handler:
831 	 * 1. The IVA does not point to PDC/PDH space (ie: the OS has installed
832 	 *    its own IVA).
833 	 * 2. The word at IVA + 32 is nonzero.
834 	 * 3. If Length (IVA + 60) is not zero, then Length (IVA + 60) and
835 	 *    Address (IVA + 56) are word-aligned.
836 	 * 4. The checksum of the 8 words starting at IVA + 32 plus the sum of
837 	 *    the Length/4 words starting at Address is zero.
838 	 */
839 
840 	/* Setup IVA and compute checksum for HPMC handler */
841 	ivap[6] = (u32)__pa(os_hpmc);
842 
843 	hpmcp = (u32 *)os_hpmc;
844 
845 	for (i=0; i<8; i++)
846 	    check += ivap[i];
847 
848 	ivap[5] = -check;
849 	pr_debug("initialize_ivt: IVA[6] = 0x%08x\n", ivap[6]);
850 }
851 
852 
853 /* early_trap_init() is called before we set up kernel mappings and
854  * write-protect the kernel */
855 void  __init early_trap_init(void)
856 {
857 	extern const void fault_vector_20;
858 
859 #ifndef CONFIG_64BIT
860 	extern const void fault_vector_11;
861 	initialize_ivt(&fault_vector_11);
862 #endif
863 
864 	initialize_ivt(&fault_vector_20);
865 }
866