1 /* 2 * unaligned.c: Unaligned load/store trap handling with special 3 * cases for the kernel to do them more quickly. 4 * 5 * Copyright (C) 1996,2008 David S. Miller (davem@davemloft.net) 6 * Copyright (C) 1996,1997 Jakub Jelinek (jj@sunsite.mff.cuni.cz) 7 */ 8 9 10 #include <linux/jiffies.h> 11 #include <linux/kernel.h> 12 #include <linux/sched.h> 13 #include <linux/mm.h> 14 #include <linux/module.h> 15 #include <asm/asi.h> 16 #include <asm/ptrace.h> 17 #include <asm/pstate.h> 18 #include <asm/processor.h> 19 #include <asm/uaccess.h> 20 #include <linux/smp.h> 21 #include <linux/bitops.h> 22 #include <linux/perf_event.h> 23 #include <linux/ratelimit.h> 24 #include <linux/bitops.h> 25 #include <asm/fpumacro.h> 26 #include <asm/cacheflush.h> 27 28 enum direction { 29 load, /* ld, ldd, ldh, ldsh */ 30 store, /* st, std, sth, stsh */ 31 both, /* Swap, ldstub, cas, ... */ 32 fpld, 33 fpst, 34 invalid, 35 }; 36 37 static inline enum direction decode_direction(unsigned int insn) 38 { 39 unsigned long tmp = (insn >> 21) & 1; 40 41 if (!tmp) 42 return load; 43 else { 44 switch ((insn>>19)&0xf) { 45 case 15: /* swap* */ 46 return both; 47 default: 48 return store; 49 } 50 } 51 } 52 53 /* 16 = double-word, 8 = extra-word, 4 = word, 2 = half-word */ 54 static inline int decode_access_size(struct pt_regs *regs, unsigned int insn) 55 { 56 unsigned int tmp; 57 58 tmp = ((insn >> 19) & 0xf); 59 if (tmp == 11 || tmp == 14) /* ldx/stx */ 60 return 8; 61 tmp &= 3; 62 if (!tmp) 63 return 4; 64 else if (tmp == 3) 65 return 16; /* ldd/std - Although it is actually 8 */ 66 else if (tmp == 2) 67 return 2; 68 else { 69 printk("Impossible unaligned trap. insn=%08x\n", insn); 70 die_if_kernel("Byte sized unaligned access?!?!", regs); 71 72 /* GCC should never warn that control reaches the end 73 * of this function without returning a value because 74 * die_if_kernel() is marked with attribute 'noreturn'. 75 * Alas, some versions do... 76 */ 77 78 return 0; 79 } 80 } 81 82 static inline int decode_asi(unsigned int insn, struct pt_regs *regs) 83 { 84 if (insn & 0x800000) { 85 if (insn & 0x2000) 86 return (unsigned char)(regs->tstate >> 24); /* %asi */ 87 else 88 return (unsigned char)(insn >> 5); /* imm_asi */ 89 } else 90 return ASI_P; 91 } 92 93 /* 0x400000 = signed, 0 = unsigned */ 94 static inline int decode_signedness(unsigned int insn) 95 { 96 return (insn & 0x400000); 97 } 98 99 static inline void maybe_flush_windows(unsigned int rs1, unsigned int rs2, 100 unsigned int rd, int from_kernel) 101 { 102 if (rs2 >= 16 || rs1 >= 16 || rd >= 16) { 103 if (from_kernel != 0) 104 __asm__ __volatile__("flushw"); 105 else 106 flushw_user(); 107 } 108 } 109 110 static inline long sign_extend_imm13(long imm) 111 { 112 return imm << 51 >> 51; 113 } 114 115 static unsigned long fetch_reg(unsigned int reg, struct pt_regs *regs) 116 { 117 unsigned long value; 118 119 if (reg < 16) 120 return (!reg ? 0 : regs->u_regs[reg]); 121 if (regs->tstate & TSTATE_PRIV) { 122 struct reg_window *win; 123 win = (struct reg_window *)(regs->u_regs[UREG_FP] + STACK_BIAS); 124 value = win->locals[reg - 16]; 125 } else if (test_thread_flag(TIF_32BIT)) { 126 struct reg_window32 __user *win32; 127 win32 = (struct reg_window32 __user *)((unsigned long)((u32)regs->u_regs[UREG_FP])); 128 get_user(value, &win32->locals[reg - 16]); 129 } else { 130 struct reg_window __user *win; 131 win = (struct reg_window __user *)(regs->u_regs[UREG_FP] + STACK_BIAS); 132 get_user(value, &win->locals[reg - 16]); 133 } 134 return value; 135 } 136 137 static unsigned long *fetch_reg_addr(unsigned int reg, struct pt_regs *regs) 138 { 139 if (reg < 16) 140 return ®s->u_regs[reg]; 141 if (regs->tstate & TSTATE_PRIV) { 142 struct reg_window *win; 143 win = (struct reg_window *)(regs->u_regs[UREG_FP] + STACK_BIAS); 144 return &win->locals[reg - 16]; 145 } else if (test_thread_flag(TIF_32BIT)) { 146 struct reg_window32 *win32; 147 win32 = (struct reg_window32 *)((unsigned long)((u32)regs->u_regs[UREG_FP])); 148 return (unsigned long *)&win32->locals[reg - 16]; 149 } else { 150 struct reg_window *win; 151 win = (struct reg_window *)(regs->u_regs[UREG_FP] + STACK_BIAS); 152 return &win->locals[reg - 16]; 153 } 154 } 155 156 unsigned long compute_effective_address(struct pt_regs *regs, 157 unsigned int insn, unsigned int rd) 158 { 159 unsigned int rs1 = (insn >> 14) & 0x1f; 160 unsigned int rs2 = insn & 0x1f; 161 int from_kernel = (regs->tstate & TSTATE_PRIV) != 0; 162 163 if (insn & 0x2000) { 164 maybe_flush_windows(rs1, 0, rd, from_kernel); 165 return (fetch_reg(rs1, regs) + sign_extend_imm13(insn)); 166 } else { 167 maybe_flush_windows(rs1, rs2, rd, from_kernel); 168 return (fetch_reg(rs1, regs) + fetch_reg(rs2, regs)); 169 } 170 } 171 172 /* This is just to make gcc think die_if_kernel does return... */ 173 static void __used unaligned_panic(char *str, struct pt_regs *regs) 174 { 175 die_if_kernel(str, regs); 176 } 177 178 extern int do_int_load(unsigned long *dest_reg, int size, 179 unsigned long *saddr, int is_signed, int asi); 180 181 extern int __do_int_store(unsigned long *dst_addr, int size, 182 unsigned long src_val, int asi); 183 184 static inline int do_int_store(int reg_num, int size, unsigned long *dst_addr, 185 struct pt_regs *regs, int asi, int orig_asi) 186 { 187 unsigned long zero = 0; 188 unsigned long *src_val_p = &zero; 189 unsigned long src_val; 190 191 if (size == 16) { 192 size = 8; 193 zero = (((long)(reg_num ? 194 (unsigned)fetch_reg(reg_num, regs) : 0)) << 32) | 195 (unsigned)fetch_reg(reg_num + 1, regs); 196 } else if (reg_num) { 197 src_val_p = fetch_reg_addr(reg_num, regs); 198 } 199 src_val = *src_val_p; 200 if (unlikely(asi != orig_asi)) { 201 switch (size) { 202 case 2: 203 src_val = swab16(src_val); 204 break; 205 case 4: 206 src_val = swab32(src_val); 207 break; 208 case 8: 209 src_val = swab64(src_val); 210 break; 211 case 16: 212 default: 213 BUG(); 214 break; 215 } 216 } 217 return __do_int_store(dst_addr, size, src_val, asi); 218 } 219 220 static inline void advance(struct pt_regs *regs) 221 { 222 regs->tpc = regs->tnpc; 223 regs->tnpc += 4; 224 if (test_thread_flag(TIF_32BIT)) { 225 regs->tpc &= 0xffffffff; 226 regs->tnpc &= 0xffffffff; 227 } 228 } 229 230 static inline int floating_point_load_or_store_p(unsigned int insn) 231 { 232 return (insn >> 24) & 1; 233 } 234 235 static inline int ok_for_kernel(unsigned int insn) 236 { 237 return !floating_point_load_or_store_p(insn); 238 } 239 240 static void kernel_mna_trap_fault(int fixup_tstate_asi) 241 { 242 struct pt_regs *regs = current_thread_info()->kern_una_regs; 243 unsigned int insn = current_thread_info()->kern_una_insn; 244 const struct exception_table_entry *entry; 245 246 entry = search_exception_tables(regs->tpc); 247 if (!entry) { 248 unsigned long address; 249 250 address = compute_effective_address(regs, insn, 251 ((insn >> 25) & 0x1f)); 252 if (address < PAGE_SIZE) { 253 printk(KERN_ALERT "Unable to handle kernel NULL " 254 "pointer dereference in mna handler"); 255 } else 256 printk(KERN_ALERT "Unable to handle kernel paging " 257 "request in mna handler"); 258 printk(KERN_ALERT " at virtual address %016lx\n",address); 259 printk(KERN_ALERT "current->{active_,}mm->context = %016lx\n", 260 (current->mm ? CTX_HWBITS(current->mm->context) : 261 CTX_HWBITS(current->active_mm->context))); 262 printk(KERN_ALERT "current->{active_,}mm->pgd = %016lx\n", 263 (current->mm ? (unsigned long) current->mm->pgd : 264 (unsigned long) current->active_mm->pgd)); 265 die_if_kernel("Oops", regs); 266 /* Not reached */ 267 } 268 regs->tpc = entry->fixup; 269 regs->tnpc = regs->tpc + 4; 270 271 if (fixup_tstate_asi) { 272 regs->tstate &= ~TSTATE_ASI; 273 regs->tstate |= (ASI_AIUS << 24UL); 274 } 275 } 276 277 static void log_unaligned(struct pt_regs *regs) 278 { 279 static DEFINE_RATELIMIT_STATE(ratelimit, 5 * HZ, 5); 280 281 if (__ratelimit(&ratelimit)) { 282 printk("Kernel unaligned access at TPC[%lx] %pS\n", 283 regs->tpc, (void *) regs->tpc); 284 } 285 } 286 287 asmlinkage void kernel_unaligned_trap(struct pt_regs *regs, unsigned int insn) 288 { 289 enum direction dir = decode_direction(insn); 290 int size = decode_access_size(regs, insn); 291 int orig_asi, asi; 292 293 current_thread_info()->kern_una_regs = regs; 294 current_thread_info()->kern_una_insn = insn; 295 296 orig_asi = asi = decode_asi(insn, regs); 297 298 /* If this is a {get,put}_user() on an unaligned userspace pointer, 299 * just signal a fault and do not log the event. 300 */ 301 if (asi == ASI_AIUS) { 302 kernel_mna_trap_fault(0); 303 return; 304 } 305 306 log_unaligned(regs); 307 308 if (!ok_for_kernel(insn) || dir == both) { 309 printk("Unsupported unaligned load/store trap for kernel " 310 "at <%016lx>.\n", regs->tpc); 311 unaligned_panic("Kernel does fpu/atomic " 312 "unaligned load/store.", regs); 313 314 kernel_mna_trap_fault(0); 315 } else { 316 unsigned long addr, *reg_addr; 317 int err; 318 319 addr = compute_effective_address(regs, insn, 320 ((insn >> 25) & 0x1f)); 321 perf_sw_event(PERF_COUNT_SW_ALIGNMENT_FAULTS, 1, regs, addr); 322 switch (asi) { 323 case ASI_NL: 324 case ASI_AIUPL: 325 case ASI_AIUSL: 326 case ASI_PL: 327 case ASI_SL: 328 case ASI_PNFL: 329 case ASI_SNFL: 330 asi &= ~0x08; 331 break; 332 } 333 switch (dir) { 334 case load: 335 reg_addr = fetch_reg_addr(((insn>>25)&0x1f), regs); 336 err = do_int_load(reg_addr, size, 337 (unsigned long *) addr, 338 decode_signedness(insn), asi); 339 if (likely(!err) && unlikely(asi != orig_asi)) { 340 unsigned long val_in = *reg_addr; 341 switch (size) { 342 case 2: 343 val_in = swab16(val_in); 344 break; 345 case 4: 346 val_in = swab32(val_in); 347 break; 348 case 8: 349 val_in = swab64(val_in); 350 break; 351 case 16: 352 default: 353 BUG(); 354 break; 355 } 356 *reg_addr = val_in; 357 } 358 break; 359 360 case store: 361 err = do_int_store(((insn>>25)&0x1f), size, 362 (unsigned long *) addr, regs, 363 asi, orig_asi); 364 break; 365 366 default: 367 panic("Impossible kernel unaligned trap."); 368 /* Not reached... */ 369 } 370 if (unlikely(err)) 371 kernel_mna_trap_fault(1); 372 else 373 advance(regs); 374 } 375 } 376 377 int handle_popc(u32 insn, struct pt_regs *regs) 378 { 379 int from_kernel = (regs->tstate & TSTATE_PRIV) != 0; 380 int ret, rd = ((insn >> 25) & 0x1f); 381 u64 value; 382 383 perf_sw_event(PERF_COUNT_SW_EMULATION_FAULTS, 1, regs, 0); 384 if (insn & 0x2000) { 385 maybe_flush_windows(0, 0, rd, from_kernel); 386 value = sign_extend_imm13(insn); 387 } else { 388 maybe_flush_windows(0, insn & 0x1f, rd, from_kernel); 389 value = fetch_reg(insn & 0x1f, regs); 390 } 391 ret = hweight64(value); 392 if (rd < 16) { 393 if (rd) 394 regs->u_regs[rd] = ret; 395 } else { 396 if (test_thread_flag(TIF_32BIT)) { 397 struct reg_window32 __user *win32; 398 win32 = (struct reg_window32 __user *)((unsigned long)((u32)regs->u_regs[UREG_FP])); 399 put_user(ret, &win32->locals[rd - 16]); 400 } else { 401 struct reg_window __user *win; 402 win = (struct reg_window __user *)(regs->u_regs[UREG_FP] + STACK_BIAS); 403 put_user(ret, &win->locals[rd - 16]); 404 } 405 } 406 advance(regs); 407 return 1; 408 } 409 410 extern void do_fpother(struct pt_regs *regs); 411 extern void do_privact(struct pt_regs *regs); 412 extern void spitfire_data_access_exception(struct pt_regs *regs, 413 unsigned long sfsr, 414 unsigned long sfar); 415 extern void sun4v_data_access_exception(struct pt_regs *regs, 416 unsigned long addr, 417 unsigned long type_ctx); 418 419 int handle_ldf_stq(u32 insn, struct pt_regs *regs) 420 { 421 unsigned long addr = compute_effective_address(regs, insn, 0); 422 int freg = ((insn >> 25) & 0x1e) | ((insn >> 20) & 0x20); 423 struct fpustate *f = FPUSTATE; 424 int asi = decode_asi(insn, regs); 425 int flag = (freg < 32) ? FPRS_DL : FPRS_DU; 426 427 perf_sw_event(PERF_COUNT_SW_EMULATION_FAULTS, 1, regs, 0); 428 429 save_and_clear_fpu(); 430 current_thread_info()->xfsr[0] &= ~0x1c000; 431 if (freg & 3) { 432 current_thread_info()->xfsr[0] |= (6 << 14) /* invalid_fp_register */; 433 do_fpother(regs); 434 return 0; 435 } 436 if (insn & 0x200000) { 437 /* STQ */ 438 u64 first = 0, second = 0; 439 440 if (current_thread_info()->fpsaved[0] & flag) { 441 first = *(u64 *)&f->regs[freg]; 442 second = *(u64 *)&f->regs[freg+2]; 443 } 444 if (asi < 0x80) { 445 do_privact(regs); 446 return 1; 447 } 448 switch (asi) { 449 case ASI_P: 450 case ASI_S: break; 451 case ASI_PL: 452 case ASI_SL: 453 { 454 /* Need to convert endians */ 455 u64 tmp = __swab64p(&first); 456 457 first = __swab64p(&second); 458 second = tmp; 459 break; 460 } 461 default: 462 if (tlb_type == hypervisor) 463 sun4v_data_access_exception(regs, addr, 0); 464 else 465 spitfire_data_access_exception(regs, 0, addr); 466 return 1; 467 } 468 if (put_user (first >> 32, (u32 __user *)addr) || 469 __put_user ((u32)first, (u32 __user *)(addr + 4)) || 470 __put_user (second >> 32, (u32 __user *)(addr + 8)) || 471 __put_user ((u32)second, (u32 __user *)(addr + 12))) { 472 if (tlb_type == hypervisor) 473 sun4v_data_access_exception(regs, addr, 0); 474 else 475 spitfire_data_access_exception(regs, 0, addr); 476 return 1; 477 } 478 } else { 479 /* LDF, LDDF, LDQF */ 480 u32 data[4] __attribute__ ((aligned(8))); 481 int size, i; 482 int err; 483 484 if (asi < 0x80) { 485 do_privact(regs); 486 return 1; 487 } else if (asi > ASI_SNFL) { 488 if (tlb_type == hypervisor) 489 sun4v_data_access_exception(regs, addr, 0); 490 else 491 spitfire_data_access_exception(regs, 0, addr); 492 return 1; 493 } 494 switch (insn & 0x180000) { 495 case 0x000000: size = 1; break; 496 case 0x100000: size = 4; break; 497 default: size = 2; break; 498 } 499 for (i = 0; i < size; i++) 500 data[i] = 0; 501 502 err = get_user (data[0], (u32 __user *) addr); 503 if (!err) { 504 for (i = 1; i < size; i++) 505 err |= __get_user (data[i], (u32 __user *)(addr + 4*i)); 506 } 507 if (err && !(asi & 0x2 /* NF */)) { 508 if (tlb_type == hypervisor) 509 sun4v_data_access_exception(regs, addr, 0); 510 else 511 spitfire_data_access_exception(regs, 0, addr); 512 return 1; 513 } 514 if (asi & 0x8) /* Little */ { 515 u64 tmp; 516 517 switch (size) { 518 case 1: data[0] = le32_to_cpup(data + 0); break; 519 default:*(u64 *)(data + 0) = le64_to_cpup((u64 *)(data + 0)); 520 break; 521 case 4: tmp = le64_to_cpup((u64 *)(data + 0)); 522 *(u64 *)(data + 0) = le64_to_cpup((u64 *)(data + 2)); 523 *(u64 *)(data + 2) = tmp; 524 break; 525 } 526 } 527 if (!(current_thread_info()->fpsaved[0] & FPRS_FEF)) { 528 current_thread_info()->fpsaved[0] = FPRS_FEF; 529 current_thread_info()->gsr[0] = 0; 530 } 531 if (!(current_thread_info()->fpsaved[0] & flag)) { 532 if (freg < 32) 533 memset(f->regs, 0, 32*sizeof(u32)); 534 else 535 memset(f->regs+32, 0, 32*sizeof(u32)); 536 } 537 memcpy(f->regs + freg, data, size * 4); 538 current_thread_info()->fpsaved[0] |= flag; 539 } 540 advance(regs); 541 return 1; 542 } 543 544 void handle_ld_nf(u32 insn, struct pt_regs *regs) 545 { 546 int rd = ((insn >> 25) & 0x1f); 547 int from_kernel = (regs->tstate & TSTATE_PRIV) != 0; 548 unsigned long *reg; 549 550 perf_sw_event(PERF_COUNT_SW_EMULATION_FAULTS, 1, regs, 0); 551 552 maybe_flush_windows(0, 0, rd, from_kernel); 553 reg = fetch_reg_addr(rd, regs); 554 if (from_kernel || rd < 16) { 555 reg[0] = 0; 556 if ((insn & 0x780000) == 0x180000) 557 reg[1] = 0; 558 } else if (test_thread_flag(TIF_32BIT)) { 559 put_user(0, (int __user *) reg); 560 if ((insn & 0x780000) == 0x180000) 561 put_user(0, ((int __user *) reg) + 1); 562 } else { 563 put_user(0, (unsigned long __user *) reg); 564 if ((insn & 0x780000) == 0x180000) 565 put_user(0, (unsigned long __user *) reg + 1); 566 } 567 advance(regs); 568 } 569 570 void handle_lddfmna(struct pt_regs *regs, unsigned long sfar, unsigned long sfsr) 571 { 572 unsigned long pc = regs->tpc; 573 unsigned long tstate = regs->tstate; 574 u32 insn; 575 u64 value; 576 u8 freg; 577 int flag; 578 struct fpustate *f = FPUSTATE; 579 580 if (tstate & TSTATE_PRIV) 581 die_if_kernel("lddfmna from kernel", regs); 582 perf_sw_event(PERF_COUNT_SW_ALIGNMENT_FAULTS, 1, regs, sfar); 583 if (test_thread_flag(TIF_32BIT)) 584 pc = (u32)pc; 585 if (get_user(insn, (u32 __user *) pc) != -EFAULT) { 586 int asi = decode_asi(insn, regs); 587 u32 first, second; 588 int err; 589 590 if ((asi > ASI_SNFL) || 591 (asi < ASI_P)) 592 goto daex; 593 first = second = 0; 594 err = get_user(first, (u32 __user *)sfar); 595 if (!err) 596 err = get_user(second, (u32 __user *)(sfar + 4)); 597 if (err) { 598 if (!(asi & 0x2)) 599 goto daex; 600 first = second = 0; 601 } 602 save_and_clear_fpu(); 603 freg = ((insn >> 25) & 0x1e) | ((insn >> 20) & 0x20); 604 value = (((u64)first) << 32) | second; 605 if (asi & 0x8) /* Little */ 606 value = __swab64p(&value); 607 flag = (freg < 32) ? FPRS_DL : FPRS_DU; 608 if (!(current_thread_info()->fpsaved[0] & FPRS_FEF)) { 609 current_thread_info()->fpsaved[0] = FPRS_FEF; 610 current_thread_info()->gsr[0] = 0; 611 } 612 if (!(current_thread_info()->fpsaved[0] & flag)) { 613 if (freg < 32) 614 memset(f->regs, 0, 32*sizeof(u32)); 615 else 616 memset(f->regs+32, 0, 32*sizeof(u32)); 617 } 618 *(u64 *)(f->regs + freg) = value; 619 current_thread_info()->fpsaved[0] |= flag; 620 } else { 621 daex: 622 if (tlb_type == hypervisor) 623 sun4v_data_access_exception(regs, sfar, sfsr); 624 else 625 spitfire_data_access_exception(regs, sfsr, sfar); 626 return; 627 } 628 advance(regs); 629 } 630 631 void handle_stdfmna(struct pt_regs *regs, unsigned long sfar, unsigned long sfsr) 632 { 633 unsigned long pc = regs->tpc; 634 unsigned long tstate = regs->tstate; 635 u32 insn; 636 u64 value; 637 u8 freg; 638 int flag; 639 struct fpustate *f = FPUSTATE; 640 641 if (tstate & TSTATE_PRIV) 642 die_if_kernel("stdfmna from kernel", regs); 643 perf_sw_event(PERF_COUNT_SW_ALIGNMENT_FAULTS, 1, regs, sfar); 644 if (test_thread_flag(TIF_32BIT)) 645 pc = (u32)pc; 646 if (get_user(insn, (u32 __user *) pc) != -EFAULT) { 647 int asi = decode_asi(insn, regs); 648 freg = ((insn >> 25) & 0x1e) | ((insn >> 20) & 0x20); 649 value = 0; 650 flag = (freg < 32) ? FPRS_DL : FPRS_DU; 651 if ((asi > ASI_SNFL) || 652 (asi < ASI_P)) 653 goto daex; 654 save_and_clear_fpu(); 655 if (current_thread_info()->fpsaved[0] & flag) 656 value = *(u64 *)&f->regs[freg]; 657 switch (asi) { 658 case ASI_P: 659 case ASI_S: break; 660 case ASI_PL: 661 case ASI_SL: 662 value = __swab64p(&value); break; 663 default: goto daex; 664 } 665 if (put_user (value >> 32, (u32 __user *) sfar) || 666 __put_user ((u32)value, (u32 __user *)(sfar + 4))) 667 goto daex; 668 } else { 669 daex: 670 if (tlb_type == hypervisor) 671 sun4v_data_access_exception(regs, sfar, sfsr); 672 else 673 spitfire_data_access_exception(regs, sfsr, sfar); 674 return; 675 } 676 advance(regs); 677 } 678